Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.iWin.A

PUP.iWin.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.iWin.A
Signature status: Root Not Trusted

Known Samples

MD5: f117395295752ec82ee4c03f30a6c2cd
SHA1: efd4eb4e9568e5f7abfd1853fd0b6892c367bb54
SHA256: 95306DB4A4B71F6D19389FA36351EEC13460DF2DBE21F13E6B8B37908D860B2D
File Size: 2.09 MB, 2087360 bytes
MD5: 257877d3d366af1d2029329aae48c089
SHA1: 9ae0ba8e22f61dc78e1876a470908242ec133bbd
SHA256: 0D6CA16D6EB21B2E42930123B733FCAE7A0490296151CF73F7681FD6AFEF45E4
File Size: 1.31 MB, 1307512 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name iWin Inc.
File Description iWin Games Manager V4
File Version 4.2.2.141
Legal Copyright (c)2019 iWin Inc.
Product Name iWin Games Manager V4
Product Version 4.2.2.141

Digital Signatures

Signer Root Status
iWin, Inc. Microsoft ID Verified Code Signing PCA 2021 Root Not Trusted

File Traits

  • x86

Files Modified

File Attributes
\device\namedpipe\fgmtotrayapppipe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\iwin games manager v4\fgm.exe Generic Write,Read Attributes
c:\program files (x86)\iwin games manager v4\fgmtray.exe Generic Write,Read Attributes
c:\program files (x86)\iwin games manager v4\lnahelper.exe Generic Write,Read Attributes
c:\program files (x86)\iwin games manager v4\usslauncher.exe Generic Write,Read Attributes
c:\program files (x86)\iwin games manager v4\usswatcher.exe Generic Write,Read Attributes
c:\programdata\iwin streaming service\global\config\channels.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\config\channels.dat-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\config\games.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\config\games.dat-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\programdata\iwin streaming service\global\config\global.cfg Generic Write,Read Attributes
c:\programdata\iwin streaming service\global\config\modules.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\config\modules.dat-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\config\shortcuts.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\config\shortcuts.dat-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\logs\gm.database.log-[2025-12-27].log Generic Write,Read Attributes
c:\programdata\iwin streaming service\global\logs\gm.database.log-[2025-12-28].log Generic Write,Read Attributes
c:\programdata\iwin streaming service\global\logs\gm.main.log-[2025-12-27].log Generic Write,Read Attributes
c:\programdata\iwin streaming service\global\logs\gm.main.log-[2025-12-28].log Generic Write,Read Attributes
c:\programdata\iwin streaming service\global\logs\startup.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\logs\startup.dat-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iwin streaming service\global\logs\upgrader.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsaa351.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaa351.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfa2d3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslbe35.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nslbe35.tmp\nsprocess.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbe35.tmp\nsprocess.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::displayversion 4.2.2.141 RegNtPreCreateKey
HKLM\software\policies\google\chrome\localnetworkaccessallowedforurls::1 [*.]iwin.com RegNtPreCreateKey
HKLM\software\policies\google\chrome\localnetworkaccessallowedforurls::1 [*.]iplay.com RegNtPreCreateKey
HKLM\software\policies\google\chrome\localnetworkaccessallowedforurls::1 msnprod.oberon-media.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\iwin games manager v4::streamingservicepath C:\ProgramData\iWin Streaming Service RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Service Control
  • OpenSCManager
  • OpenService
Network Winsock2
  • WSAStartup
Network Winhttp
  • WinHttpOpen
Keyboard Access
  • GetKeyState

Shell Command Execution

"C:\Program Files (x86)\iWin Games Manager V4\LnaHelper.exe"
"C:\Program Files (x86)\iWin Games Manager V4\FGM.exe" -service.ensuresettings=true
open C:\Program Files (x86)\iWin Games Manager V4\UssWatcher.exe -service.start=true
"C:\Program Files (x86)\iWin Games Manager V4\FGM.exe" -service.run=true
open C:\Program Files (x86)\iWin Games Manager V4\UssWatcher.exe -service.start=true

Trending

Most Viewed

Loading...