PUP.Patcher.H
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Patcher.H |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
c1191dd5f05e642f4e6e92e1b0062056
SHA1:
c18358d3b0f0a1b6a8e80f2ef6038b2949221914
SHA256:
E46E57B2E1AE666918518531357587DBB5D5AB087D2FD437A82C505857C9C56D
File Size:
1.05 MB, 1047552 bytes
|
|
MD5:
6c1232beda8bd1ba4f45b3e6b9c3704b
SHA1:
99146d3fce5a62dad35a5579bc8246e058c43c68
SHA256:
D1D8A560D40016A533E457A0B1DB2659F8580D211D1A75131245098CC9790BD9
File Size:
31.23 KB, 31232 bytes
|
|
MD5:
a34120de844123fa44a8ecb4a56d4462
SHA1:
30ccbdcdbc0f3dcbec558b07d36a0a3b516cc113
SHA256:
9D90F600A9850AEFA5A4AB011B524B69D137780BF4B179806F5310F789AB80BB
File Size:
31.23 KB, 31232 bytes
|
|
MD5:
96bd25e7eecf1b6c68888bbe35acb750
SHA1:
21e3632061004d65ccead2790b3b4260e0b24185
SHA256:
E28614F1DC176D2538C04E156AB7CDC4E17F186835473F28EDF381926463251C
File Size:
31.23 KB, 31232 bytes
|
|
MD5:
2430afef6c9514445f9efec760d5c6df
SHA1:
2c5615c8ca12e984b8da88bc5308fe8b3b418c31
SHA256:
3365E8B9AF6652E81BD6C69D5EEB02D6279886355734C1C307C1E33AFFAD9573
File Size:
588.77 KB, 588774 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 19 |
|---|---|
| Potentially Malicious Blocks: | 18 |
| Whitelisted Blocks: | 1 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Patcher.H
