Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.MSIL.Bulz.KA

PUP.MSIL.Bulz.KA

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.MSIL.Bulz.KA
Signature status: No Signature

Known Samples

MD5: 7ec93c3272e615fffa87b13795e57a7b
SHA1: a1047f6fc815e17a69e0721b09ab5799a3b069dc
SHA256: F39A12E8FB9D76AC7D931DB4C6B4F29059A3612CC867A115EA2D859F6AD5A455
File Size: 182.27 KB, 182272 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
File Description Handler
File Version 1.0.0.0
Internal Name Handler.exe
Legal Copyright Copyright @ 2025
Original Filename Handler.exe
Product Name Handler
Product Version 1.0.0.0

File Traits

  • .NET
  • GenKrypt
  • HighEntropy
  • Reactor
  • RijndaelManaged
  • x86

Block Information

Total Blocks: 57
Potentially Malicious Blocks: 2
Whitelisted Blocks: 49
Unknown Blocks: 6

Visual Map

0 ? 0 ? ? ? x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.AgentTesla.DH
  • MSIL.AgentTesla.LQ
  • MSIL.AgentTesla.PH
  • MSIL.Krypt.GJLD
  • MSIL.Mardom.AJ
Show More
  • MSIL.Mardom.TJA

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Terminate
  • TerminateProcess

Trending

Most Viewed

Loading...