Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Perinet

PUP.Perinet

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Perinet
Signature status: Modified signature

Known Samples

MD5: 61ada39dbcc867158d5ec55ec7121132
SHA1: 54da50d9f359c90ff8b1971afa08514da93e4672
File Size: 491.78 KB, 491784 bytes
MD5: 7be3c5eb30120a66c76d9d4d732c767c
SHA1: 033c9ddb26b90d26c784999e6ce4459d4e52060d
File Size: 491.78 KB, 491784 bytes
MD5: 6921ae925b2765c41779327062c592ec
SHA1: dba7186861a788ab26c70810eb0bb63a6ec6d1b6
SHA256: 1AD59C38AF6E4FE2C7B4FE2183A91E507B22822C8D4FE1DEA2E3E45BEB5EEE02
File Size: 491.78 KB, 491784 bytes
MD5: 030c8fad6ce2dceb5dd5a0895b2b3fb2
SHA1: 1ea23d670afbd97c0ba51e705af2968a69cd8676
SHA256: A083C767D328DF48C0E664E70FC29B430256B14CC5B19C215ED896AAAA8B1699
File Size: 489.29 KB, 489288 bytes
MD5: 985a8744fb86cd7b8481e9db1d8e7138
SHA1: a0a33ec73cb26b3e8f0deef6218fe46d576fb487
SHA256: 93C875A7EBE65F4A6FB1A7773F948262EF6104A2378ECB2D92FD3EA6E455AFC3
File Size: 491.78 KB, 491784 bytes
Show More
MD5: 0468d17881fcbb17ae1c4bb6a8e42427
SHA1: 7229f0b155244eaa436004e5441fab76174fb0b6
SHA256: D06760F950336171FFE3DC5016F560EE04C27DFED346A87CFDE3EDDEB1F44D5A
File Size: 491.78 KB, 491784 bytes
MD5: a75a949c097ae4e5133472c2430b9d57
SHA1: 7bc847795bcbf3ea686724443ab0eed9a01ca292
SHA256: 153B42780A87EA76769EAF682A1CC13CEDEA490CBB1B41FE943BE9C86F02F4BD
File Size: 491.78 KB, 491784 bytes
MD5: d7e6366be9650b5246ebd9224a739868
SHA1: d90a9aeaac29e95503176f52a7cbf719f3025e7f
SHA256: 20428052B5654AA32492BBBC010E72138762FCCA8F6116A03BC1AA02D71A889B
File Size: 491.78 KB, 491784 bytes
MD5: 97762f675e9f3dc0229028a666022d09
SHA1: dd8e3dabb70d46c9d13c7693226ffffe48d6e802
SHA256: 718509DE9B159C58CABEE48E72FC4C4FE39179550353ACCD56B7BB1327D100C1
File Size: 80.30 KB, 80296 bytes
MD5: 33552296da4805e7162b15eb2c5c32bf
SHA1: 2a675e278d6c9b09f88acfb585f8899a6a519879
SHA256: F6D6C02D5CDB15CAF93707DC59390123141380ED367BF721B6E8563700233F46
File Size: 491.78 KB, 491784 bytes
MD5: 51fbf114af7b65abf44ce8988da0813a
SHA1: 191c62826eabac2e353a22cd223605dd28c72704
SHA256: D73BFEC5D092095DE1F7258A10DC0C9741F748F756F341FCFFC0B4BA3AE7CA4C
File Size: 491.78 KB, 491784 bytes
MD5: 3aee11957ed709949e9d0b99b992e80b
SHA1: 3b17ec73c171113555cc4028f4838dc3d493ce17
SHA256: B53494E8EE24F7C844F451C5F402893DFAB996DC42EB8A76B183BAF04D67FFC4
File Size: 638.96 KB, 638960 bytes
MD5: 0d8b6ef84415719544f1818e968b2398
SHA1: bb334b505b951794c658bd6ca0fc7f49a4734080
SHA256: CFFE3AA8779CDE221EED65CE4CF87C28041E88F32CC34957ABC81FA400EFB6EA
File Size: 489.29 KB, 489288 bytes
MD5: 8ad212cb2dd028c2d0b8eebff4453368
SHA1: 4ecc3760331e5ee0f8d3271cbf8de49c18331348
SHA256: 76BDE8136955A37A23D87AC6D5AD1F852B29D254B72B59321F18A30C856C3DD9
File Size: 491.78 KB, 491784 bytes
MD5: ca370ec69b7a94ba6f3ad88709c80d22
SHA1: 58262394505f3860a45112884dd9ccce3d0b98c8
SHA256: 60B2D4A86EEA1041E841369841DEC5CA34DFB29E664EAA2647829CE7D55FF478
File Size: 491.78 KB, 491784 bytes
MD5: 4e948675f5a026f81deff1db4c02f6bc
SHA1: 9588a0cf3bdfcb152c55e853b541e16ea0d02b8e
SHA256: E8B1B33E204F3A3903436DD2206E6C3990802F8FD91F4D078B42D4AA6953EFA0
File Size: 59.82 KB, 59816 bytes
MD5: edbfa9c4605778d335b0379e3a6a1cb9
SHA1: 85a0266d90f3de55acc9cc96b21b7f5d478a6507
SHA256: 6C6B9F0CA4AE11A60BECC9E6B1A52242085A0DA22A35EDC7160378AB97221846
File Size: 7.61 MB, 7609344 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments Innovative utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation. Innovative utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation. adile_5352 Innovative utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation.
Company Name
  • IncrediMail, Ltd.
  • Innovative utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation.
  • © 2014 ClientConnect Ltd.
File Description
  • cigu_4392
  • IncrediAppRes DLL
  • IncrediImportRes DLL
  • IncrediMail Installer
  • Setup.exe
File Version
  • 8, 0, 0, 1368
  • 8, 0, 0, 1367
  • 8, 0, 0, 1360
  • 8, 0, 0, 1354
  • 6, 6, 0, 5273
  • 6, 6, 0, 5259
  • 1.0.0.0
Internal Name
  • adile_5352.exe
  • IncrediAppRes
  • IncrediImportRes
  • IncrediMail Installer
Legal Copyright
  • Copyright (C) 2003
  • Copyright (C) 2010
  • Copyright © 2002 IncrediMail, Ltd.
  • Copyright © 2025
  • © 2014 ClientConnect Ltd.
Original Filename
  • adile_5352.exe
  • IMIMPRTR.DLL
  • IncrediAppRes.DLL
  • IncrediMail_Install.exe
  • SweetPlayer.exe
Product Name
  • cigu_4392
  • IncrediAppRes Dynamic Link Library
  • IncrediImportRes Dynamic Link Library
  • IncrediMail Installer
  • Setup.exe
Product Version
  • 8, 0, 0, 1368
  • 8, 0, 0, 1367
  • 8, 0, 0, 1360
  • 8, 0, 0, 1354
  • 6, 6, 0, 5273
  • 6, 6, 0, 5259
  • 1.4.0.1.140910.01
  • 1.0.0.0

Digital Signatures

Signer Root Status
Perion Network Ltd. VeriSign Class 3 Code Signing 2010 CA Self Signed

Block Information

Total Blocks: 125
Potentially Malicious Blocks: 48
Whitelisted Blocks: 49
Unknown Blocks: 28

Visual Map

x x x x ? x x x 0 0 x 0 x 0 0 0 x ? ? 0 0 ? x 0 x ? ? ? 0 ? x 0 x ? ? ? 0 x x 0 x x 0 0 ? 0 x 0 0 0 ? ? 0 0 0 x 0 0 0 x x x 0 0 x 0 x 0 0 0 x ? ? 0 x x ? 0 x x ? 0 x x 0 0 x ? x ? ? x ? ? 0 x 0 0 x x x x ? 0 x ? x x 0 ? x 0 0 ? 0 0 x x 0 x 0 0 x ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1702112\actionengine.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\ars.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\arscookies.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\autoupdateengine.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicparameters.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicproductparams.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicproductutils.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicscript.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicscript.xml Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\1702112\gui\api.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\api.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\jquery-1.3.2.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\jquery.localisation.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-ar.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-da.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-de.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-el.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-en.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-es.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-fi.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-fr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-he.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-hu.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-it.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-nb.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-nl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-pl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-pt.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-ru.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-sv.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-tr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_center.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_left.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_right.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\splash.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\splash.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\splash.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\translation.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\instlangs.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\settings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\settings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\settings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-da.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-de.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-el.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-es.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-fi.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-fr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-hu.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-it.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-nb.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-nl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-pl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-pt.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-ru.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-sv.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-tr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\productscorrelations.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\statistics.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\terms.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\uninstallsearchguard.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\utilities.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\actionengine.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\ars.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\arscookies.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\autoupdateengine.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicparameters.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicproductparams.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicproductutils.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicscript.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicscript.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\api.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\api.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\jquery-1.3.2.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\jquery.localisation.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-ar.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-da.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-de.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-el.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-en.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-es.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-fi.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-fr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-he.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-hu.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-it.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-nb.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-nl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-pl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-pt.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-ru.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-sv.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-tr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_center.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_left.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_right.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\splash.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\splash.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\splash.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\translation.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\instlangs.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\settings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\settings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\settings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-da.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-de.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-el.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-es.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-fi.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-fr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-hu.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-it.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-nb.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-nl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-pl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-pt.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-ru.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-sv.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-tr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\productscorrelations.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\statistics.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\terms.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\uninstallsearchguard.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\utilities.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\iminstaller\incredimail\injectparams.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsc71f.tmp\dm_loader.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\failed.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\fdmclient.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\nonesilentsuccess.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\proxy.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\success.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\webapphost.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm70e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\~df504d9a329dc19b56.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\local settings\temp\iminstaller\bb334b505b951794c658bd6ca0fc7f49a4734080_0000489288.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid 225117eb-aaa2-48a9-ada0-a1a1f751ec59 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 艹樝䏁ǜ RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid a65274ff-fdc9-441d-9481-5402235e9146 RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::injectsuccesspage RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid b46b5d7a-0361-4daf-869d-9735ce7fa592 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䱞낢惷ǜ RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_browser_emulation::3b17ec73c171113555cc4028f4838dc3d493ce17_0000638960 RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.5794"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid e76736cc-d76c-4399-8a10-239b7295d77a RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid a95c8717-479e-4427-88b8-efd54e9d7d68 RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid b6e96760-34bc-46a5-8e12-859a5408f990 RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Winsock
  • gethostbyname
  • socket
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetSetOption
Other Suspicious
  • SetWindowsHookEx
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

(NULL) icacls C:\Users\Yuvdnqrc\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dd8e3dabb70d46c9d13c7693226ffffe48d6e802_0000080296.,LiQMAxHB
(NULL) icacls C:\Users\Bzntulrh\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9588a0cf3bdfcb152c55e853b541e16ea0d02b8e_0000059816.,LiQMAxHB

Trending

Most Viewed

Loading...