Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.PCSpeedCat

PUP.PCSpeedCat

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.PCSpeedCat
Signature status: Modified signature

Known Samples

MD5: 6c1b1d55549484d45f37794966f0da41
SHA1: aa53ad76ef508e4965a858ee760c911696e3c27e
SHA256: 64600DFEA62D1C744B8E91AAD9B32469B1F2442E5A660AD6A309EC6D553D3644
File Size: 2.73 MB, 2734712 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
File Description IT Stub Installer -SETUPIT-V2
File Version 11.2.1
Product Name IT-Setup
Product Version 11.2.1

File Traits

  • 2+ executable sections
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-es3og.tmp\aa53ad76ef508e4965a858ee760c911696e3c27e_0002734712.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h3em4.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h3em4.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\itspllite.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\parscon.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\parsdwn.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\parsfrms.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\parsin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h3em4.tmp\presplashni.dll Generic Write,Read Attributes

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserObjectInformation

Shell Command Execution

"C:\Users\Ekuqnmha\AppData\Local\Temp\is-ES3OG.tmp\aa53ad76ef508e4965a858ee760c911696e3c27e_0002734712.tmp" /SL5="$30334,2147093,214528,c:\users\user\downloads\aa53ad76ef508e4965a858ee760c911696e3c27e_0002734712"

Trending

Most Viewed

Loading...