PUP.MSIL.DllInject.TJ

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.DllInject.TJ
Signature status:	No Signature

Known Samples

MD5: 567434d0208fca4f74475ecc6c4c1489

SHA1: 0ac771d706633ca1859ade22de5e5251481290ed

SHA256: 1BF4856ED88520A3F04142BD283D1CB343EF9E5A665AD4FD61E59E8FE3526E41

File Size: 355.84 KB, 355840 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.3.0.0
Company Name	SysTools Software
File Description	SysTools StartUp
File Version	1.3.0.0
Internal Name	Startup.exe
Legal Copyright	Copyright © 2014
Legal Trademarks	SysTools Software
Original Filename	Startup.exe
Product Name	SysTools
Product Version	1.3.0.0

File Traits

.NET
RijndaelManaged
x86

Block Information

Total Blocks:	360
Potentially Malicious Blocks:	22
Whitelisted Blocks:	72
Unknown Blocks:	266

Visual Map

x ? x 0 x ? 0 ? 0 0 x 0 0 0 0 0 0 0 0 x 0 0 x 0 x x ? x ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 ? ? ? ? ? ? ? 0 x ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? x x 0 0 0 0 0 0 0 x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve	Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	隞̃耀꧌ũ'	RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetUserObjectInformation
Anti Debug	IsDebuggerPresent
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 824

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.MSIL.DllInject.TJ

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

W32.StuxnetQKY.Trojan

'.google File Extension' Ransomware

Cruiseocean1.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen