Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Keygen.TD

PUP.Keygen.TD

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Keygen.TD
Signature status: No Signature

Known Samples

MD5: 4ffdc7b49546a6ef1960218f7c7b476b
SHA1: 065ac7d7a04b7b7219853aa39f0d85607929e52d
SHA256: 52755F97629EABFF8DD395B69D0A16B3E1667C488468D2F3CFA6137CDD8DF871
File Size: 6.81 MB, 6811376 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Igor Pavlov
File Description 7z Setup SFX
File Version 4.42
Internal Name 7zS.sfx
Legal Copyright Copyright (c) 1999-2006 Igor Pavlov
Original Filename 7zS.sfx.exe
Product Name 7-Zip
Product Version 4.42

File Traits

  • big overlay
  • No Version Info
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1 Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1 Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\7zr.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\7zr.exe Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\extract.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\extract.exe Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\setup.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\setup.exe Write Attributes
Show More
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\usertool Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\usertool Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\usertool\usertool.msi Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\usertool\usertool.msi Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\woodward toolkit 3.6.6 Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\woodward toolkit 3.6.6 Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\woodward toolkit 3.6.6\tklicconversionutil.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\woodward toolkit 3.6.6\tklicconversionutil.exe Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\woodward toolkit 3.6.6\toolkitsetup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\7zsa7f3.tmp1\woodward toolkit 3.6.6\toolkitsetup.msi Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\7zr.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\7zr.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\extract.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\extract.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\usertool Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\usertool\usertool.msi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\usertool\usertool.msi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\woodward toolkit 3.6.6 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\woodward toolkit 3.6.6\tklicconversionutil.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\woodward toolkit 3.6.6\tklicconversionutil.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\woodward toolkit 3.6.6\toolkitsetup.msi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsa7f3.tmp\woodward toolkit 3.6.6\toolkitsetup.msi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rgib5af.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgib5af.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgib60e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgib60e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgib64e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgib64e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgib66e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgib66e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgib69e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgib69e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\vsdb35d.tmp\install.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vsdb35d.tmp\woodward toolkit 3.6.6\fileversioninfo.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 漀抈籄ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

.\extract.exe REBOOT=ReallySuppress
C:\WINDOWS\system32\xcopy.exe xcopy "C:\Users\Vtdaxaxc\AppData\Local\Temp\7zSA7F3.tmp" "C:\Users\Vtdaxaxc\AppData\Local\Temp\7zSA7F3.tmp1" /I/Q/Y/S
WriteConsole: 6 File(s) copied
C:\Users\Vtdaxaxc\AppData\Local\Temp\7zSA7F3.tmp1\setup.exe C:\Users\Vtdaxaxc\AppData\Local\Temp\7zSA7F3.tmp1\setup.exe"

Trending

Most Viewed

Loading...