PUP.Keyfinder

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Keyfinder
Signature status:	No Signature

Known Samples

MD5: 7744f9b71b6a14be4e6383aaec7d5f57

SHA1: 974dbf949c5947c680a826eded2e1b7c1f129243

SHA256: 5941309D9E06C06DF410DE58F35C342A5CC900FC8D0ECE1AA85D591DB05D182A

File Size: 418.83 KB, 418835 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have relocations information
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

Installer Manifest
No Version Info
RAR (In Overlay)
RARinO
WinRAR SFX
WRARSFX
x86

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\apps	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\__tmp_rar_sfx_access_check_2925562	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\faq.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\faq.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\history.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\history.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\icon.ico	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\icon.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\keyfinder.cfg	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\keyfinder.cfg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\keyfinder.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\keyfinder.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\magicaljellybeankeyfinder\readme.txt	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75

RegNtPreCreateKey

Windows API Usage

Category	API
Keyboard Access	GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx
User Data Access	GetComputerName GetUserObjectInformation

Shell Command Execution


							(NULL) C:\Users\Dmtmfyeu\AppData\Local\Temp\Apps\MagicalJellyBeanKeyfinder\keyfinder.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Keyfinder

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Demotrix.org

UNC4899 Cloud Compromise Campaign

Chargeback Invoice Email Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen