Threat Database Potentially Unwanted Programs PUP.MSIL.Bundler.D

PUP.MSIL.Bundler.D

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.Bundler.D
Signature status:	Modified signature

Known Samples

MD5: a0613ed47fca0bd49329eb9264c7df89

SHA1: 68aa52e0c1042cb7aa4244cd24f4ac6b36b337ff

SHA256: 696DC2272E1790B02E5EA6E048D23E7CABD952A0DF593F5F3D173335D8E69178

File Size: 4.66 MB, 4660000 bytes

MD5: 26a8b3188d86875aec5349cb9e800aa8

SHA1: 9365e83008603a2f92eefec605ba0dd723f07fd3

SHA256: 7D6EB1460DDF8A2ACE844A9D80FCAD6FDEA6E11AAF470A4DA75DD70EA1E4D6D9

File Size: 4.66 MB, 4660000 bytes

MD5: e936434e8ee1c9ad43b531888f5f2801

SHA1: 0f24cd12b346555969d81e0e43aa665b34c1a659

SHA256: 832B0EE61B6EC789E615478F45AF992202EEBC771A6A503303B6580AC2BC533B

File Size: 4.66 MB, 4660000 bytes

MD5: 71c81ae2254814c8032b82e6088a3418

SHA1: 206a658b36a537ed489abb7f12e8f97d4f9681bd

SHA256: 63717E771892478F2DEFDD5C1E284C985A60DB9551307B84FDE2AA01A92DB585

File Size: 4.66 MB, 4660000 bytes

MD5: 132689df0a3d8f0e0c4a976a80ae15e3

SHA1: ce164f1588cd9edd9820431bab934bfc9bae2a15

SHA256: 4D86A0B8CC87E311CD18C97A91C4F946FC25B4272E555F3B9FF133B3110C857F

File Size: 4.66 MB, 4660000 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.2.6578
Company Name	FR001
File Description	Software Installation
File Version	1.0.2.6578
Internal Name	FR001.exe
Legal Copyright	Copyright © Adaware 2023
Original Filename	GenericSetup.exe
Product Name	FreeRoms Installer
Product Version	7.14.2.0

File Traits

.NET
HighEntropy
Installer Version
x86

Block Information

Total Blocks:	82
Potentially Malicious Blocks:	6
Whitelisted Blocks:	76
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Bundler.D

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2odal.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2odal.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2omodels.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2omodels.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2oservices.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2oservices.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2outilities.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2outilities.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2oviewmodels.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\h2oviewmodels.dll.lock	Generic Write,Read Attributes,Delete

Show More

c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\htmlagilitypack.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\htmlagilitypack.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\msvcp140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\msvcp140.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\ninject.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\ninject.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\offersdk.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\offersdk.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\sciterwrapper.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\sciterwrapper.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\servicehide.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\servicehide.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\servicehide.net.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\servicehide.net.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3354215998cc498efdf76f123473fe62\vcruntime140.dll.lock	Generic Write,Read Attributes,Delete

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey

Show More

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cheymrhk\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Cheymrhk\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Bynjzpyd\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Bynjzpyd\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Bynjzpyd\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ugutgimx\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ugutgimx\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll\??\C:\Users\Ugutgimx\AppData\Local\T	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	NtQuerySystemInformation
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges

Trending

HTTP Error 401 Invalid Security Token Email Scam

March 16, 2026

Unexpected emails that demand immediate action are a common tactic used by cybercriminals to manipulate unsuspecting recipients. Messages that claim urgent technical issues or account problems often attempt to create panic so users react without verifying the information. For this reason, it is essential to remain vigilant when dealing with unfamiliar or alarming emails. One such threat is the...

Giant Coupons Official Extension

Potentially Unwanted Programs, Adware

March 13, 2026

At first glance, Giant Coupons Official Extension appears to be a convenient browser add-on designed to help users locate coupons and promotional deals while shopping online. Tools promising...

Chainbridgeworks.co.in

Rogue Websites, Adware, Browser Hijackers

March 13, 2026

Maintaining caution while navigating the internet is essential for protecting personal data, financial information, and device security. Rogue websites frequently rely on deceptive tactics to...

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

June 29, 2021 35,769

Printers are notorious for refusing to do their job whenever the user needs it the most. Luckily, if your printer is displaying the Printer Driver is Unavailable' error, then there are a couple of...

Pornktube.porn

December 28, 2023 32,245

Analysis Report General information Family Name: PUP.MSIL.Bundler.D Signature status: Modified signature Known Samples i Known Samples This section lists other file samples believed to be...

Discord Shows Black Screen when Sharing Screen screenshot

Discord Shows Black Screen when Sharing Screen

June 21, 2021 29,771

When it first launched, Discord was a VoIP platform geared toward the gaming community. However, in the following years, it expanded its scope, added numerous new features, and became one of the...

Loading...