Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.MSIL.Bundler.B

PUP.MSIL.Bundler.B

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.MSIL.Bundler.B
Signature status: Hash Mismatch

Known Samples

MD5: 046ad574583cbc7567dc59ed177601fd
SHA1: 8460fa3ca90174a7beaba96d64dffdd1918d5cdc
SHA256: BD2D9B47F4DE34DB0447BC1EA3240C4A6FDED002BBF37607370B8B431ADB822F
File Size: 792.65 KB, 792653 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Disc Soft Ltd.
File Description DAEMON Tools Lite Installer
File Version 1.4.24
Internal Name DAEMON Tools Lite Installer1.4.24.exe
Legal Copyright Copyright (C) 2000-2017
Original Filename DTLiteInstaller1.4.24.exe
Product Name DAEMON Tools Lite Installer
Product Version 1.4.24

Digital Signatures

Signer Root Status
Disc Soft Ltd COMODO RSA Code Signing CA Hash Mismatch

File Traits

  • .NET
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\appinstaller.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqb176.tmp\system.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider
Network Winsock2
  • WSASocket
  • WSAStartup
Network Winsock
  • closesocket
  • setsockopt
Network Winhttp
  • WinHttpOpen

Shell Command Execution

C:\Users\Vgruwnus\AppData\Local\Temp\AppInstaller.exe

Trending

Most Viewed

Loading...