Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.InstallPack

PUP.InstallPack

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.InstallPack
Signature status: Self Signed

Known Samples

MD5: b2ba202717f0d5cffac3dfca20142490
SHA1: 5f2e1e722c7526b3be8f723098e249b4c104b490
SHA256: 68A099226C28C1BCE56E1A41C37202DA953A6D60DF99F6BB1C164514D4D9E266
File Size: 1.19 MB, 1194984 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
СЕРГЕЙ КУЦЕРЕЙ СЕРГЕЙ КУЦЕРЕЙ Self Signed

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nsgbe65.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe65.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe65.tmp\nsjson.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbde7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\stats.txt Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b3513d73a177a2707d910183759b389b_4ac9334da2c3f2c91ab177b081e36760 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b3513d73a177a2707d910183759b389b_4ac9334da2c3f2c91ab177b081e36760 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\installpack::launchescounter_v0.2 1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...