Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Keeper.A

PUP.Keeper.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Keeper.A
Signature status: Modified signature

Known Samples

MD5: efb880df66a6d430ab2c8c0698a812a6
SHA1: 291e28bd97a530fd841b32ec11c58acc757e559e
File Size: 1.01 MB, 1005952 bytes
MD5: b473472bd5928463f4e3274090e63212
SHA1: a5c751acb7d61c5104cb8beb635301e3bc130332
File Size: 1.71 MB, 1708384 bytes
MD5: c01fc0fed9d1e1a278d0454e9d82ad09
SHA1: b7cca6940a2405c4d7ea2f08c31d0863aa825dea
SHA256: FA6CEFD2138B897C4EADE864413701FC94C6FDBA66E04D85DCB24B6FDA848084
File Size: 1.43 MB, 1427832 bytes
MD5: 952be8e8f7800cc1ee78bc88b8705c87
SHA1: 3665b7ed2405f74e6f6166b0cd49240b0bda91bf
SHA256: 7EECBCDD5C5545B3E03D385E406676304B873D30F1227A0A057AB87495C106F3
File Size: 1.43 MB, 1427672 bytes
MD5: 966f50426432a4e7be841714d7478365
SHA1: 945fd57017ce046fc2d7ea35f0206a092aab7c46
SHA256: 157DD79F856FBFF952472E76EBF9991C34C9A9895F6858FBBFD4B603FA14A329
File Size: 1.43 MB, 1426408 bytes
Show More
MD5: 891efc0119c009d0d30da283d645f768
SHA1: 1d0f92924b283b0bce4a80d224668a95c0550ca1
SHA256: 11B324063A0FA3F7A6E2D7470E83237DF7A507780FE7AB03D06D6A722C548746
File Size: 1.61 MB, 1606440 bytes
MD5: 02f9d96b558a46d69f5cfdee738e0cf3
SHA1: 048fcfd865e59ee3f6236a15155dccaa7ad8be14
SHA256: DB682ED1028313AB4481362F23CD572039C4374C8DA5F7429277C63EB0B2F8F8
File Size: 1.43 MB, 1430736 bytes
MD5: d8dae69f072ed91846faa0b0b154363b
SHA1: a066ffe617d03ff30a4026cae23c7d2126a2ad5c
SHA256: 03EE1FB57A0F91DDD5DADD8BA31FF0917A815F8538969E535DA9BEAD20B25ADD
File Size: 1.40 MB, 1395120 bytes
MD5: 52d679f60c82be8b86b32223329796e8
SHA1: c0ee064e0f440dcb259540a0062c7749da978088
SHA256: BD2101A3AB17BA8A1C8FEFDA52F6D67A04535DB2BEA98D5366703F8E6EF004A0
File Size: 1.43 MB, 1427696 bytes
MD5: 43200d3e77ada623e57c2f52a738ed8a
SHA1: bcb591210a22fe525cdf01d2829dc5fabcacbdf4
SHA256: E487BAF6F4FAAB67A2A92DA55BF0ADF0FBABA81A8FF42A9C94C054FE2D6F4923
File Size: 1.31 MB, 1311568 bytes
MD5: f63e108aff4dfbac6b1833fb5934f3b6
SHA1: 218275c7c18949d1e1beb3f94ff8707f313244ee
SHA256: 2760774C00CA528022D4992791F0840C964862162185145E034493A61B07340D
File Size: 1.71 MB, 1708496 bytes
MD5: 5ebbcc7ea0da323b29e2c692fcc138f9
SHA1: d9df1aff31b0e4e4be76476905d3a4c5c448e5c9
SHA256: 3F577F9282E306D2EF4512182391AA8768E3F21EBB97AF595A6ECFC8FC1ED12D
File Size: 1.61 MB, 1611144 bytes
MD5: bc11ddad5193998c40f32cb0eb37516d
SHA1: 36b2d2f41674cff75ed6a84268d95169829ca57f
SHA256: 449F5312150DB25AC92722F5AB357D7D21F8574763DD1F46B2E26F56B03EA8B2
File Size: 1.71 MB, 1708392 bytes
MD5: 6c9e25a11b355ec654aa85ce777591a1
SHA1: 721faff1980c1dbaea1387fc0e4c5586261c5955
SHA256: EE5DF88736D49AE6FA3CDBE0F20F11F9CB532B5DE0C1A962B55187598DFFACDC
File Size: 1.43 MB, 1430736 bytes
MD5: 17063ffc844cd71a889c664919955adb
SHA1: 97ebdeb4e5b08797f71ff9d8b12e6f697e94c107
SHA256: 8B673FFC22C58D46D5397943319A4CC8DC3E4A797E570E35652051628AAA465D
File Size: 1.71 MB, 1708384 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Essentware
  • Kromtech
File Description
  • PCKeeper 2.2 Internet Installer
  • PCKeeper Internet Installer
  • Pckeeper Internet Installer
File Version
  • 1.1.1149.8
  • 1.1.1110.8
  • 1.1.1043.8
  • 1.1.1019.8
  • 1.1.1018.8
  • 1.1.844.8
  • 1.1.598.8
  • 1.1.29.8
Internal Name
  • Installer.exe
  • installer.exe
Legal Copyright
  • (c) ESSENTWARE S.A. All rights reserved.
  • (c) Kromtech Alliance Corp. All rights reserved.
Original Filename
  • Installer.exe
  • installer.exe
Product Name
  • PCKeeper
  • PCKeeper 2.2 Installer
  • Pckeeper Installer
  • PCKeeper Installer
Product Version
  • 1.1.1149.8
  • 1.1.1110.8
  • 1.1.1043.8
  • 1.1.1019.8
  • 1.1.1018.8
  • 1.1.844.8
  • 1.1.598.8
  • 1.1.29.8

File Traits

  • Installer Version
  • x86

Block Information

Total Blocks: 2,390
Potentially Malicious Blocks: 665
Whitelisted Blocks: 1,725
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 x x x x x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x 0 x x x x 0 0 x 0 x x 0 x x x 0 x x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x 0 x 0 0 0 0 x 0 0 0 0 x 0 x x x x 0 0 x 0 0 0 0 0 0 0 0 x x x x x 0 0 x x x 0 0 0 x x x x x x x x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 0 x x x x x x x x x x 0 0 0 x 0 x x x 0 x 0 x 0 x x x x x x x x x x x 0 x x 0 x x x 0 0 0 0 0 x 0 x 0 0 0 0 0 x x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x x x x x x 0 x x x 0 0 x x x x x x x 0 0 x 0 0 0 x x x x x x x 0 0 x x 0 x x x 0 x x x x x x x x x 0 x x 0 x x x x 0 x x x x 0 x x x x x x x 0 0 0 0 0 x x x x x 0 x 0 0 0 0 x x 0 x x 0 x x x x x x x x x x x 0 0 x x x x x x x x x x x x 0 x x x x x x x 0 x x x x x 0 0 x 0 0 0 0 0 0 0 x 0 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x x 0 0 x x x 0 0 0 0 x 0 x x 0 x x x 0 x 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x 0 x 0 x 0 x 0 0 x x x x x x x x x x x x x x x x x x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x x x x 0 x x x x x x x x x x 0 0 x x 0 x x 0 0 0 0 x x x x x x x x x x x x x x 0 x x x 1 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 x 0 x 0 0 x x x 0 x x x 0 x 0 x x x x x x x x x x x x 0 x x x x x x x x x 0 x x x 0 x 0 0 x x x 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 x x x 0 0 0 x x x x x x 0 x 0 x x 0 0 x 0 x x x x x x x x x x x x x x x x 0 x x x x x 0 x x x 0 x 0 x 0 0 x x 0 0 0 0 x x x x x x x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x x x x x x x x x 0 x x x 0 x x 0 x x 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 3 1 1 1 1 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Keeper.A

Files Modified

File Attributes
c:\programdata\essentware\installer\048fcfd865e59ee3f6236a15155dccaa7ad8be14_00014307360.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\1d0f92924b283b0bce4a80d224668a95c0550ca1_00016064400.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\3665b7ed2405f74e6f6166b0cd49240b0bda91bf_00014276720.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\721faff1980c1dbaea1387fc0e4c5586261c5955_00014307360.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\945fd57017ce046fc2d7ea35f0206a092aab7c46_00014264080.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\a066ffe617d03ff30a4026cae23c7d2126a2ad5c_00013951200.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\a5c751acb7d61c5104cb8beb635301e3bc130332_00017083840.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\b7cca6940a2405c4d7ea2f08c31d0863aa825dea_00014278320.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\c0ee064e0f440dcb259540a0062c7749da978088_00014276960.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\essentware\installer\d9df1aff31b0e4e4be76476905d3a4c5c448e5c9_00016111440.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\programdata\kromtech\installer\291e28bd97a530fd841b32ec11c58acc757e559e_0001005952.exe0.llog Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\kromtech\installer\bcb591210a22fe525cdf01d2829dc5fabcacbdf4_00013115680.llog Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\essentware\accountservice::zi_cid 硫ﮟﶝᅮİ̲Դܶथ଺഼༾ᄠጿᔤᜦᤨᬪᴱἫℐ⌓╂✖⤘⬚ⴜ⼞㄀㌂㔄㜌㥞㬍㴏㼌䄥䍰䕼䜥䥿䬫䴮伫儱匱唶坡奨嬻嵮弼愅捐敐束楜歘洍漏煇猐畂眓祂笟絅罈膳莱薲蟣覹诬跪辸醥鎣閭鞣馯鮨鷺龩ꇁꎐꖐꟃꦛꯌ궞꿍놆돖떅럗릉뮺 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • OutputDebugString

Trending

Most Viewed

Loading...