Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Passview.BC

PUP.Passview.BC

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Passview.BC
Signature status: No Signature

Known Samples

MD5: c30190fe322e579cb383dce4a1af3496
SHA1: 153c7e2d5363bb45d91453479cbb22e29d55eced
SHA256: 32E8D13AEE9BAABD1CDB7C981232420D5E3F2A8A06DBBCBAEBE883F0DAF3A702
File Size: 153.70 KB, 153696 bytes
MD5: 7c696ab72885ae480e2ce68a31102bd1
SHA1: 9af8b13400d7c32be48cdd76395f7901e9b2283a
SHA256: 268CB1722BE26F8B671743FD5C940A8B857F71EC8159D6A022BDA73D7D040E49
File Size: 67.07 KB, 67072 bytes
MD5: d0f63ca49c777a178dfab65063048940
SHA1: c8b0734a1a3f2b73779f1a24851cb3a543a2a1b6
SHA256: 3A2173858B65AA6C20E903794A6DF5C92E5EE73DA6375AF4624788C6205CCF9D
File Size: 131.88 KB, 131879 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name NirSoft
File Description
  • BulletsPassView
  • WebCamImageSave
File Version
  • 1.32
  • 1.11
Internal Name
  • BulletsPassView
  • WebCamImageSave
Legal Copyright
  • Copyright © 2010 - 2015 Nir Sofer
  • Copyright © 2011 - 2012 Nir Sofer
Original Filename
  • BulletsPassView.exe
  • WebCamImageSave.exe
Product Name
  • BulletsPassView
  • WebCamImageSave
Product Version
  • 1.32
  • 1.11

File Traits

  • 2+ executable sections
  • HighEntropy
  • packed
  • SusSec
  • WriteProcessMemory
  • x86

Block Information

Similar Families

  • Passview.BC

Files Modified

File Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\diskcountersview Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\diskcountersview\__tmp_rar_sfx_access_check_2926546 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\diskcountersview\diskcountersview.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\diskcountersview\diskcountersview.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\diskcountersview\diskcountersview.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\diskcountersview\diskcountersview.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\diskcountersview\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\apps\diskcountersview\icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apps\diskcountersview\readme.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apps\diskcountersview\readme.txt Synchronize,Write Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 ˆ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ċ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://althawry.org/images/xs.jpghttp://www.careerdesk.org/im RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 ᅕ쒧 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\microsoft\multimedia\drawdib:: 1920x1200x32(bgr 0) 31,31,31,31 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Shell Command Execution

(NULL) C:\Users\Rsbyvbkn\AppData\Local\Temp\Apps\DiskCountersView\DiskCountersView.exe

Trending

Most Viewed

Loading...