PUP.MailRu.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MailRu.A
Signature status:	No Signature

Known Samples

MD5: d7a28031f2ba6b32b34459b8db4963eb

SHA1: 7ad86b6799b4218ad06d3010f69e5e1be8cdfbb5

SHA256: D7FB7AF069C19F2C1ECD67F8DA1285BC5BD20C715C8961CEB18964F7DE8B03C0

File Size: 428.03 KB, 428032 bytes

MD5: 28e074ffd1cfae43f698f942fcfc29a1

SHA1: 13c2096f93e2cd61a5586c31a4f65e4d9a50dfd0

SHA256: 635DBF0DB2E3CD96441CFCA02A1F7EA60FF6554A43FDF6279E3DC4C2AFECCD60

File Size: 428.03 KB, 428032 bytes

MD5: f1ed3aa775eb089e9a031b2f22861613

SHA1: 77cef38cf622ab754cafdda1c0793284c307c953

SHA256: A9D315779FD2E2EFD70AFED8E8C4C003E836AA0A8EDDBB903F2CF87DEE880D74

File Size: 397.31 KB, 397312 bytes

MD5: 67574b44e4d325987c871fff8a0c09f8

SHA1: 6b7d76367fc8a1dbe3c0f3f2d1cc405d0e2d4b3e

SHA256: 6F342E6969F4AD64193041F26C916291C9B2ABE7AAD7744D24F843DED6ABA321

File Size: 428.03 KB, 428032 bytes

MD5: 79a52ca43d3eddf2952fbe38e09fad80

SHA1: 2d97c30030f8e9b4e9776601acae68c1bae961fd

SHA256: EEE03C781CE31D9BCAA515707339218835D53E52B68124C1037DA9E0F566ED5D

File Size: 428.03 KB, 428032 bytes

MD5: f22ffe4796b817e13364a85b94830542

SHA1: 00e330997c450307a874f5d92c5e032a5aac7745

SHA256: 1D47635D1BF684C6ED25F08721752158402B2130F373765A12F0E2D2D223BB66

File Size: 428.03 KB, 428032 bytes

MD5: f45c21915c6af358d7b809081c93c9ba

SHA1: c2169ccda91fafcaa094c1bd436c209608e4118c

SHA256: 5727968B55760FE7C5A876E9A8BE642C8116DBF82A9B832827F5607E4C6EA703

File Size: 159.74 KB, 159744 bytes

MD5: 34b495cda41399aca795d3ef5ae23ad9

SHA1: cf5fc4d2d33f933d9e667f440533f8877dd8f0c9

SHA256: D21141CDBDC0BD787C79015F28EC77510D8B0E20D56C8261FF3DE831699E4E21

File Size: 428.03 KB, 428032 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	3.0.0.607
Company Name	Corel Corp. Zitu Informatika S.L.
File Description	Actualizador Kudeaketa TextArt 8 executable TextArt 10 executable
File Version	10.0.0.943 8.0.0.223 3.0.0.607
Internal Name	TEXTART3D Update.exe
Legal Copyright	Copyright (c) 1996-99 Corel Corp. All Rights Reserved. Copyright (c) 1996/97 Corel Corp. All Rights Reserved. Copyright © - 2008
Original Filename	textart.exe Update.exe
Product Name	Kudeaketa_act TextArt
Product Version	10.0.0.943 8.0.0.223 3.0.0.607

File Traits

.NET
.sdata
NewLateBinding
x86

Block Information

Total Blocks:	865
Potentially Malicious Blocks:	2
Whitelisted Blocks:	201
Unknown Blocks:	662

Visual Map

0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 1 ? ? ? ? 0 ? 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? 0 ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 0 ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? 1 ? 1 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 0 0 ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve	Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	鐄ȴ 鲱壤隞̃耀꧌Õ7	RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetUserObjectInformation
Anti Debug	IsDebuggerPresent
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 848

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.MailRu.A

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Downloader.Waledac.C

Managedevelopedhighlyinfo-product.info

Email Deliverability Alert Email Scam

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen