Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.MSIL.Bulz.SD

PUP.MSIL.Bulz.SD

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.MSIL.Bulz.SD
Signature status: Modified signature

Known Samples

MD5: ea5e363857fa62a9253242488be6c76f
SHA1: b5ce8b3ef76ea8c29224d2d30438304aa8497d8a
SHA256: E565F82D31ADAC3D45A5B6187EA83A448388B2DA78291B6C016DB8411EA077DF
File Size: 3.19 MB, 3191848 bytes
MD5: 39a8c1d1c186b9a9e34070ed8ee26bb0
SHA1: bcb89e52a7626cf31bee0bfadfe7ce7d1e2b03d6
SHA256: 6AB2AEA37F5F1E305312C59D95349E6E5FBF331EC8F23F76DE389CF1F6FACC1E
File Size: 3.19 MB, 3191832 bytes
MD5: 688af2e463ce2477a5f5784ed2a6fb7b
SHA1: 64ecf5de0050bc7f3470a9ad6a6d72d0dd46ceef
SHA256: ACD5973D9F9AAE37230015278F9936FFAC2EDACBA3DB9408E334CF98EC451460
File Size: 3.19 MB, 3191848 bytes
MD5: fcb22954acee70f1ece752ec326e00f7
SHA1: 19d1658c82b1bcda8404595742117a3038cd8def
SHA256: 079826C1334C787A0E5371E4BFEECF9DAB70B631D22BC4E82AC27F2EB2A3D1F4
File Size: 3.19 MB, 3191848 bytes
MD5: adeec240dca88e2d7072dacaad02d899
SHA1: 6bad26e1096d597bb21d796800ad5d646b9aa504
SHA256: 8CA463DC0105CA662267A735F3F767EA51DFB3A60FEAE50B60F441D1B3D2EBE2
File Size: 3.19 MB, 3191848 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Adaware
File Description Adaware Privacy
File Version 2.906.1.39088
Internal Name Adaware Privacy
Legal Copyright Adaware Software Canada. All Rights Reserved.
Original Filename Adaware Privacy
Product Name Adaware Privacy
Product Version 2.906.1.39088

File Traits

  • .NET
  • HighEntropy
  • x86

Block Information

Total Blocks: 731
Potentially Malicious Blocks: 344
Whitelisted Blocks: 387
Unknown Blocks: 0

Visual Map

0 0 0 0 0 x x x x x 0 x x 0 x x x 0 x x x x x x 0 0 x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x 0 0 0 0 0 0 x 0 x 0 0 x x x x x x x x x x 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x x x x x x x x x x x 0 x x 0 0 0 x 0 x x x 0 x 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 0 x 0 x x 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x x x x 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 x 0 x x x x x x 0 0 x x 0 x x 0 x x x x 0 0 x x x x x x x x x x x x x x x x x 0 x 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x 0 0 x x x x x x 0 0 x x x 0 x 0 x 0 x 0 0 x 0 0 x 0 x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x x 0 x x x x x 0 x x x x x x x 0 0 0 0 0 0 x 0 0 x 0 x x 0 x x x x x 0 x x 0 0 0 x x x 0 0 0 0 0 x x x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 x x x x x x 0 x x x x x x x 0 0 0 x 0 0 0 0 x x x x 0 0 x 0 0 x 0 0 0 0 x x x 0 0 0 x x x x 0 0 0 0 x x 0 0 0 0 0 0 x x x x 0 0 0 x x 0 x 0 0 0 x x x x 0 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Bulz.SC
  • MSIL.Bulz.SD

Files Modified

File Attributes
c:\programdata\adaware\adaware privacy\options\statistics.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\apinstaller.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\apresources\app.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b089c3c0573a4c2c968879a02d140a72\sqlite.interop.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b089c3c0573a4c2c968879a02d140a72\sqlite.interop.dll.lock Generic Write,Read Attributes,Delete

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kfqzzshp\AppData\Local\Temp\b089c3c0573a4c2c968879a02d140a72\SQLite.Interop.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kfqzzshp\AppData\Local\Temp\b089c3c0573a4c2c968879a02d140a72\SQLite.Interop.dll\??\C:\Users\Kfqzzshp\AppData\Loca RegNtPreCreateKey
HKLM\software\wow6432node\adaware\adaware privacy::machineid 268ddfeb-393b-01ab-2937-4e66db5d0964 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Aujbxdhv\AppData\Local\Temp\b089c3c0573a4c2c968879a02d140a72\SQLite.Interop.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Aujbxdhv\AppData\Local\Temp\b089c3c0573a4c2c968879a02d140a72\SQLite.Interop.dll\??\C:\Users\Aujbxdhv\AppData\Loca RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rynskshd\AppData\Local\Temp\b089c3c0573a4c2c968879a02d140a72\SQLite.Interop.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rynskshd\AppData\Local\Temp\b089c3c0573a4c2c968879a02d140a72\SQLite.Interop.dll\??\C:\Users\Rynskshd\AppData\Loca RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沆É RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沇鶝’É RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Other Suspicious
  • AdjustTokenPrivileges
Network Winhttp
  • WinHttpOpen
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams

Trending

Most Viewed

Loading...