PUP.NetCut

Analysis Report

General information

Family Name: PUP.NetCut
Signature status: No Signature

Known Samples

MD5: 95414e7f74e87e75efefa21f64fc43d4
SHA1: e4a6359cf344af93771295d97f89d5f869467fba
SHA256: FDC8CEBD1B5FDC528A787FB155DD5EA60C26FC5CA01F9BECA99E5538BD76796B
File Size: 3.12 MB, 3116020 bytes
MD5: ae08b6ec1de951e3ddac539424507dbe
SHA1: ae18e1ca303b65db410088e2a47c2ba5d2268a7c
SHA256: 8454E78A3C4DFFE533CA89930F07DB449494829772E966BC2DB8BF60BD7FFAD4
File Size: 3.43 MB, 3427704 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name arcai.com
File Description
  • NetCut Setup
  • Setup/Uninstall
File Version 51.1052.0.0
Product Name NetCut
Product Version 3.0.276

File Traits

  • 2+ executable sections
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • VirtualQueryEx
  • x86

Block Information

Total Blocks: 276
Potentially Malicious Blocks: 114
Whitelisted Blocks: 162
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x 0 x x x x 0 x 0 x x 0 x x x 0 0 0 0 x 0 x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 x 0 0 x 0 x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x x x 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Jeefo.A
  • Parite.F
  • Parite.FA
  • Parite.W

Files Modified

File Attributes
c:\users\user\downloads\ae18e1ca303b65db410088e2a47c2ba5d2268a7c_0003427704 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ae18e1ca303b65db410088e2a47c2ba5d2268a7c_0003427704 Generic Write,Read Attributes
c:\users\user\downloads\ae18e1ca303b65db410088e2a47c2ba5d2268a7c_0003427704 Synchronize,Write Attributes
c:\windows\svchost.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Service Control
  • StartServiceCtrlDispatcher
User Data Access
  • GetUserObjectInformation

Shell Command Execution

"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ae18e1ca303b65db410088e2a47c2ba5d2268a7c_0003427704"
"c:\users\user\downloads\ae18e1ca303b65db410088e2a47c2ba5d2268a7c_0003427704"

Trending

Most Viewed

Loading...