PUP.Perinet
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Perinet |
|---|---|
| Signature status: | Modified signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
61ada39dbcc867158d5ec55ec7121132
SHA1:
54da50d9f359c90ff8b1971afa08514da93e4672
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
7be3c5eb30120a66c76d9d4d732c767c
SHA1:
033c9ddb26b90d26c784999e6ce4459d4e52060d
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
6921ae925b2765c41779327062c592ec
SHA1:
dba7186861a788ab26c70810eb0bb63a6ec6d1b6
SHA256:
1AD59C38AF6E4FE2C7B4FE2183A91E507B22822C8D4FE1DEA2E3E45BEB5EEE02
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
030c8fad6ce2dceb5dd5a0895b2b3fb2
SHA1:
1ea23d670afbd97c0ba51e705af2968a69cd8676
SHA256:
A083C767D328DF48C0E664E70FC29B430256B14CC5B19C215ED896AAAA8B1699
File Size:
489.29 KB, 489288 bytes
|
|
MD5:
985a8744fb86cd7b8481e9db1d8e7138
SHA1:
a0a33ec73cb26b3e8f0deef6218fe46d576fb487
SHA256:
93C875A7EBE65F4A6FB1A7773F948262EF6104A2378ECB2D92FD3EA6E455AFC3
File Size:
491.78 KB, 491784 bytes
|
Show More
|
MD5:
0468d17881fcbb17ae1c4bb6a8e42427
SHA1:
7229f0b155244eaa436004e5441fab76174fb0b6
SHA256:
D06760F950336171FFE3DC5016F560EE04C27DFED346A87CFDE3EDDEB1F44D5A
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
a75a949c097ae4e5133472c2430b9d57
SHA1:
7bc847795bcbf3ea686724443ab0eed9a01ca292
SHA256:
153B42780A87EA76769EAF682A1CC13CEDEA490CBB1B41FE943BE9C86F02F4BD
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
d7e6366be9650b5246ebd9224a739868
SHA1:
d90a9aeaac29e95503176f52a7cbf719f3025e7f
SHA256:
20428052B5654AA32492BBBC010E72138762FCCA8F6116A03BC1AA02D71A889B
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
97762f675e9f3dc0229028a666022d09
SHA1:
dd8e3dabb70d46c9d13c7693226ffffe48d6e802
SHA256:
718509DE9B159C58CABEE48E72FC4C4FE39179550353ACCD56B7BB1327D100C1
File Size:
80.30 KB, 80296 bytes
|
|
MD5:
33552296da4805e7162b15eb2c5c32bf
SHA1:
2a675e278d6c9b09f88acfb585f8899a6a519879
SHA256:
F6D6C02D5CDB15CAF93707DC59390123141380ED367BF721B6E8563700233F46
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
51fbf114af7b65abf44ce8988da0813a
SHA1:
191c62826eabac2e353a22cd223605dd28c72704
SHA256:
D73BFEC5D092095DE1F7258A10DC0C9741F748F756F341FCFFC0B4BA3AE7CA4C
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
3aee11957ed709949e9d0b99b992e80b
SHA1:
3b17ec73c171113555cc4028f4838dc3d493ce17
SHA256:
B53494E8EE24F7C844F451C5F402893DFAB996DC42EB8A76B183BAF04D67FFC4
File Size:
638.96 KB, 638960 bytes
|
|
MD5:
0d8b6ef84415719544f1818e968b2398
SHA1:
bb334b505b951794c658bd6ca0fc7f49a4734080
SHA256:
CFFE3AA8779CDE221EED65CE4CF87C28041E88F32CC34957ABC81FA400EFB6EA
File Size:
489.29 KB, 489288 bytes
|
|
MD5:
8ad212cb2dd028c2d0b8eebff4453368
SHA1:
4ecc3760331e5ee0f8d3271cbf8de49c18331348
SHA256:
76BDE8136955A37A23D87AC6D5AD1F852B29D254B72B59321F18A30C856C3DD9
File Size:
491.78 KB, 491784 bytes
|
|
MD5:
ca370ec69b7a94ba6f3ad88709c80d22
SHA1:
58262394505f3860a45112884dd9ccce3d0b98c8
SHA256:
60B2D4A86EEA1041E841369841DEC5CA34DFB29E664EAA2647829CE7D55FF478
File Size:
491.78 KB, 491784 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | © 2014 ClientConnect Ltd. |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Perion Network Ltd. | VeriSign Class 3 Code Signing 2010 CA | Self Signed |
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 140 |
|---|---|
| Potentially Malicious Blocks: | 4 |
| Whitelisted Blocks: | 55 |
| Unknown Blocks: | 81 |
Visual Map
?
?
0
?
?
?
?
0
?
?
0
?
?
?
0
0
0
0
0
0
x
0
0
?
0
?
?
?
?
0
?
?
?
x
?
?
0
?
?
?
?
0
0
0
?
?
?
0
?
0
0
0
?
0
0
0
?
?
0
0
?
?
0
0
?
0
0
0
0
0
0
0
?
0
?
x
?
0
0
0
0
1
1
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
1
?
?
x
0
0
?
?
?
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
0
?
?
?
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\1702112\actionengine.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\ars.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\arscookies.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\autoupdateengine.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\basicparameters.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\basicproductparams.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\basicproductutils.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\basicscript.7z | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\basicscript.xml | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\1702112\gui\api.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\api.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\jquery-1.3.2.min.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\jquery.localisation.min.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-ar.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-da.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-de.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-el.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-en.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-es.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-fi.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-fr.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-he.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-hu.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-it.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-nb.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-nl.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-pl.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-pt.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-ru.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-sv.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-tr.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\loading_center.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\loading_icon.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\loading_left.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\loading_right.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\splash.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\splash.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\splash.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\gui\translation.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\instlangs.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\settings-ar.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\settings-en.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\settings-he.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-ar.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-da.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-de.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-el.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-en.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-es.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-fi.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-fr.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-he.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-hu.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-it.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-nb.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-nl.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-pl.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-pt.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-ru.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-sv.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\language\strings-tr.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\productscorrelations.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\statistics.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\terms.7z | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\uninstallsearchguard.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702112\utilities.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\actionengine.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\ars.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\arscookies.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\autoupdateengine.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\basicparameters.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\basicproductparams.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\basicproductutils.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\basicscript.7z | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\basicscript.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\api.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\api.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\jquery-1.3.2.min.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\jquery.localisation.min.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-ar.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-da.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-de.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-el.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-en.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-es.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-fi.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-fr.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-he.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-hu.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-it.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-nb.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-nl.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-pl.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-pt.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-ru.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-sv.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-tr.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\loading_center.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\loading_icon.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\loading_left.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\loading_right.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\splash.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\splash.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\splash.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\gui\translation.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\instlangs.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\settings-ar.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\settings-en.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\settings-he.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-ar.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-da.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-de.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-el.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-en.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-es.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-fi.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-fr.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-he.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-hu.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-it.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-nb.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-nl.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-pl.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-pt.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-ru.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-sv.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\language\strings-tr.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\productscorrelations.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\statistics.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\terms.7z | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\uninstallsearchguard.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\1702116\utilities.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\iminstaller\incredimail\injectparams.xml | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsc71f.tmp\dm_loader.gif | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\failed.htm | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\fdmclient.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\icon.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\nonesilentsuccess.htm | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\proxy.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\success.htm | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc71f.tmp\webapphost.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsm70e.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\~df504d9a329dc19b56.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\local settings\temp\iminstaller\bb334b505b951794c658bd6ca0fc7f49a4734080_0000489288.log | Generic Write,Read Attributes |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKCU\software\iminstaller\incredimail::sessionguid | 225117eb-aaa2-48a9-ada0-a1a1f751ec59 | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 艹樝䏁ǜ | RegNtPreCreateKey |
| HKCU\software\iminstaller\incredimail::sessionguid | a65274ff-fdc9-441d-9481-5402235e9146 | RegNtPreCreateKey |
| HKCU\software\iminstaller\incredimail::injectsuccesspage | RegNtPreCreateKey | |
| HKCU\software\iminstaller\incredimail::sessionguid | b46b5d7a-0361-4daf-869d-9735ce7fa592 | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 䱞낢惷ǜ | RegNtPreCreateKey |
| HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_browser_emulation::3b17ec73c171113555cc4028f4838dc3d493ce17_0000638960 | ⫸ | RegNtPreCreateKey |
Show More
| HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix | Cookie: | RegNtPreCreateKey |
| HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix | Visited: | RegNtPreCreateKey |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect | RegNtPreCreateKey | |
| HKCU\software\microsoft\internet explorer\gpu::adapterinfo | vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.5794"hypervisor="Hypervisor detected (Micros | RegNtPreCreateKey |
| HKCU\software\iminstaller\incredimail::sessionguid | e76736cc-d76c-4399-8a10-239b7295d77a | RegNtPreCreateKey |
| HKCU\software\iminstaller\incredimail::sessionguid | a95c8717-479e-4427-88b8-efd54e9d7d68 | RegNtPreCreateKey |
| HKCU\software\iminstaller\incredimail::sessionguid | b6e96760-34bc-46a5-8e12-859a5408f990 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Network Winsock2 |
|
| Network Winsock |
|
| Process Shell Execute |
|
| Syscall Use |
Show More
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
| User Data Access |
|
| Network Wininet |
|
| Other Suspicious |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
(NULL) icacls C:\Users\Yuvdnqrc\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dd8e3dabb70d46c9d13c7693226ffffe48d6e802_0000080296.,LiQMAxHB
|
(NULL) icacls C:\Users\Bzntulrh\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low
|