PUP.Maombi.Store Download Manager

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	12,801
Threat Level:	10 % (Normal)
Infected Computers:	497

First Seen:	October 25, 2023
Last Seen:	March 29, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove PUP.Maombi.Store Download Manager

File System Details

PUP.Maombi.Store Download Manager may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	ABViewer.exe	ab3bd1fa34817eee23d637aa5e816e0e	0
Name: ABViewer.exe MD5: ab3bd1fa34817eee23d637aa5e816e0e Size: 55.83 MB (55838832 bytes) Detections: 0 Type: Executable File Path: . Group: Malware file
2.	Ad_Muncher.exe	d9c8dc6a68624235d040f8b4130f0dc7	0
Name: Ad_Muncher.exe MD5: d9c8dc6a68624235d040f8b4130f0dc7 Size: 13.61 MB (13619216 bytes) Detections: 0 Type: Executable File Path: . Group: Malware file
3.	AppRemover.exe	cf0059fe0dc933373f468f9d8855f162	0
Name: AppRemover.exe MD5: cf0059fe0dc933373f468f9d8855f162 Size: 17.07 MB (17070160 bytes) Detections: 0 Type: Executable File Path: . Group: Malware file
4.	EasyRecovery_Professional_11.5.0.3.exe	5ef4a33f62fea68ba1ff961933caabca	0
Name: EasyRecovery_Professional_11.5.0.3.exe MD5: 5ef4a33f62fea68ba1ff961933caabca Size: 21.9 MB (21907224 bytes) Detections: 0 Type: Executable File Path: . Group: Malware file

Analysis Report

General information

Family Name:	PUP.Maombi.Store Download Manager
Signature status:	Self Signed

Known Samples

MD5: 328c4e4240ee68d08339a50e7349664d

SHA1: 97af4baf91db75bff82f4bd759ba61045a433444

SHA256: 049A796F385ADCF51B042A316497588232290C5BCC24299087541AE2AC0A3CB0

File Size: 3.70 MB, 3698536 bytes

MD5: 5721d758ee6e8aeb07ca37a51199e885

SHA1: c037cb70a71d2b72d0195fff3669ac4a48f383b6

SHA256: 9CE819DF3CCDBE65EE622C6CE5FCBA2EF06590A1B8AB22E65848117EAA269C25

File Size: 8.77 MB, 8774000 bytes

MD5: 4b3fa1c725865b59bf4ebdb7159413b5

SHA1: 01694ccfbd2a4ae0d94379d4b7418e3a7b34d71a

SHA256: 20ABD3690D60A76BB3CD0E618BC7A71BC1F6D23AEE40140D8E299A5CC56617B7

File Size: 7.82 MB, 7820776 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have relocations information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup.
File Description	Terraria Setup Веселая ферма 3 Setup ГТА Сан Андреас Setup
Product Name	Terraria Веселая ферма 3 ГТА Сан Андреас
Product Version	0.0.0.1

Digital Signatures

Signer	Root	Status
LLC Maombi Ru	GlobalSign GCC R45 EV CodeSigning CA 2020	Self Signed

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\0	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\0\offer0.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\1	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\1\1.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\7	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\7\7.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\8	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\8\8.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\1aba9905-b951-a2dd-8b02-45944ae87aa9\install\info.xml	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\is-1tf99.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1tf99.tmp\eykv6jk92.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\innocallback.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\jquery.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\klrav15fu.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\main.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\main.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\unzip.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1tf99.tmp\webview.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-5bnje.tmp\97af4baf91db75bff82f4bd759ba61045a433444_0003698536.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-c8gug.tmp\innocallback.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\jquery.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\main.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\main.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\unzip.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\wa3s73y13.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c8gug.tmp\webview.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ihb9r.tmp\01694ccfbd2a4ae0d94379d4b7418e3a7b34d71a_0007820776.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\8ab1bb8e-2de9-a342-718c-c63666af9c55\install	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\8ab1bb8e-2de9-a342-718c-c63666af9c55\install\0	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\8ab1bb8e-2de9-a342-718c-c63666af9c55\install\0\offer0.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\8ab1bb8e-2de9-a342-718c-c63666af9c55\install\6	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\8ab1bb8e-2de9-a342-718c-c63666af9c55\install\6\6.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\8ab1bb8e-2de9-a342-718c-c63666af9c55\install\info.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-mo6im.tmp\innocallback.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\jquery.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\main.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\main.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\ncwnwvi6l.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\unzip.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\webview.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mo6im.tmp\zp6xi0eym.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-rknj7.tmp\c037cb70a71d2b72d0195fff3669ac4a48f383b6_0008774000.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setup log 2026-02-06 #001.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\setup log 2026-02-21 #001.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\setup log 2026-03-30 #001.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	勍ჵ韋ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	뾴쀳ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	婖삣쀳ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant Show More ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Anti Debug	IsDebuggerPresent
Process Terminate	TerminateProcess

Shell Command Execution


							"C:\Users\Nieblzlr\AppData\Local\Temp\is-5BNJE.tmp\97af4baf91db75bff82f4bd759ba61045a433444_0003698536.tmp" /SL5="$402E4,2854007,1089536,c:\users\user\downloads\97af4baf91db75bff82f4bd759ba61045a433444_0003698536"


							"C:\Users\Nieblzlr\AppData\Local\Temp\is-MO6IM.tmp\unzip.exe"  -P qwerty0987 -d C:\Users\Nieblzlr\AppData\Local\Temp\is-MO6IM.tmp\8AB1BB8E-2DE9-A342-718C-C63666AF9C55 C:\Users\Nieblzlr\AppData\Local\Temp\is-MO6IM.tmp\NCWNWVI6L.zip


							"C:\Users\Lthhvuyd\AppData\Local\Temp\is-RKNJ7.tmp\c037cb70a71d2b72d0195fff3669ac4a48f383b6_0008774000.tmp" /SL5="$402EC,7865631,1148416,c:\users\user\downloads\c037cb70a71d2b72d0195fff3669ac4a48f383b6_0008774000"


							"C:\Users\Xxnrdsqp\AppData\Local\Temp\is-IHB9R.tmp\01694ccfbd2a4ae0d94379d4b7418e3a7b34d71a_0007820776.tmp" /SL5="$4036C,7061147,1089536,c:\users\user\downloads\01694ccfbd2a4ae0d94379d4b7418e3a7b34d71a_0007820776"


							"C:\Users\Xxnrdsqp\AppData\Local\Temp\is-1TF99.tmp\unzip.exe"  -P qwerty0987 -d C:\Users\Xxnrdsqp\AppData\Local\Temp\is-1TF99.tmp\1ABA9905-B951-A2DD-8B02-45944AE87AA9 C:\Users\Xxnrdsqp\AppData\Local\Temp\is-1TF99.tmp\EYKV6JK92.zip


									"C:\Users\Xxnrdsqp\AppData\Local\Temp\is-1TF99.tmp\unzip.exe"  -P qwerty0987 -d C:\Users\Xxnrdsqp\AppData\Local\Temp\is-1TF99.tmp\1ABA9905-B951-A2DD-8B02-45944AE87AA9 C:\Users\Xxnrdsqp\AppData\Local\Temp\is-1TF99.tmp\KLRAV15FU.zip

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Maombi.Store Download Manager

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove PUP.Maombi.Store Download Manager

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Mr Beast Discord Scam

Giant Coupons Official Extension

Chainbridgeworks.co.in

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen