PUP.ProcessHacker

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.ProcessHacker
Signature status:	No Signature

Known Samples

MD5: d3ff67603d13b9c1f957ff5a097d0821

SHA1: c42ff0e1aa805eeb9b8e1e01d00b0fe66c717106

File Size: 9.03 MB, 9028096 bytes

MD5: 2689be732e6dbb077b3d2292886d4cfa

SHA1: 8903b5c73902f8a8486f2de55f257c2b7e2e53ab

File Size: 2.61 MB, 2614272 bytes

MD5: 8c524f964caefdf4d7422604c32ba610

SHA1: 545c4d5e5aa42cc84262e181389bc927ed0e4759

SHA256: C60DFE039A03DF84FA83AC7CD2133DD0BA38FDE0B4481CB63593BC61EF59A224

File Size: 865.79 KB, 865792 bytes

MD5: 1d0dbd284013c28725484850b1cf2616

SHA1: 19cf429d2a8c2b6a0e3b0671fa8238916ef6dfe4

SHA256: 897FD3CE8431BC062A5E4D36692CF09A3AD64B7E8E0D37493C69447AF504D4C3

File Size: 369.43 KB, 369429 bytes

MD5: 20f0721d3ddfad8ffd6b6937e91eb9f4

SHA1: e88c7f5f71ed623556cc738523ef929bbf8f6967

SHA256: D2D3A15D8BFFE2FF7F0374D41212CFA1B5327DC681A62A2F04D5197F07BCF739

File Size: 154.62 KB, 154624 bytes

MD5: 4ec2797c85ce9da86c8fbddcdbb8ad0a

SHA1: 4b7c953f2682b496bff582c9fbb4316fee77aca8

SHA256: 077E17BA55765A135649C22E049F031E7D5C20AA8B57A33A81E578D3C80E5CE0

File Size: 77.82 KB, 77824 bytes

MD5: 852671989d5968d7746a12aa8c36f46b

SHA1: a66447b3088993d27167b3a4f05ff019b8756adf

SHA256: 5E06233F332F29E91D87C9B7D2EDE4A37D7848058230AD08B1090C15A472CE26

File Size: 200.70 KB, 200704 bytes

MD5: 4de05750d219d29e7665fd1913338217

SHA1: 4eabf2c63eb58b01ebbc258eb51335e6c6911997

SHA256: D7847A1280098B7F0F8BB13EE966FF8AC0AFAC7F6306E26245E13992C74C45C3

File Size: 2.48 MB, 2479669 bytes

MD5: db1680e4ba86a1ab121e56af1dc4b30e

SHA1: b4a1b480b74f6d7d2be4a6fe4a37d84f626cd4fc

SHA256: 487D4F743B9845FAF4B2A37C992D21B17094AD2F301421441827907BC53E197A

File Size: 2.41 MB, 2406157 bytes

MD5: bbc2f92c20aeedfc3d10c4ce42fc312a

SHA1: d2fff127e605f1fda465a0e44505a2ea4c58b46f

SHA256: 02A0584D31D841F8CA341142AA04697D3CAF4F47E32EFB300226645909B1BA86

File Size: 393.21 KB, 393207 bytes

MD5: 469cbb94b809f4e15bcfebe1a8f2b10c

SHA1: 666d262d914616839746d7c81c6278ed87344b5b

SHA256: 20908C91466FD02B6907FE29A6D6A8B102228E830B957F4629258021E7B64C9A

File Size: 9.02 MB, 9020416 bytes

MD5: b8ca7ca99731137bf60a52a59c45e22e

SHA1: 0de86837ab5dd60d30cc65b846a7140651e10470

SHA256: B7DB05F2171444AD2ACF0EC2A352485EA110C2B16CCC1EE753CF7C9EB26C7B96

File Size: 3.24 MB, 3235840 bytes

MD5: bfd8b8822b0d37b0ef790d18df4cf3ae

SHA1: c8053c878e4bcea7bd67a8712b109a9824e19500

SHA256: F67E564F6B824D30A08641EA468C1245ECD53EF59B660C9C2C943171B46E6C03

File Size: 540.42 KB, 540425 bytes

MD5: eb3dbff6f41dc119b5c3eb7abc72fffb

SHA1: f853e38cb95bfe820a44c75226ca6172eca76347

SHA256: E80128C898D6E320A16B013FA4760E38BA21D380C372016E588478A94BE206DE

File Size: 3.88 MB, 3883008 bytes

MD5: 9430400e1617d462da705c64dcc12a83

SHA1: c21e425f66b84f38f655e69867f081a9282199fc

SHA256: 5AC7E344893A0E659F8DE76899845055CA1F5EC5F2B2B3813E969DCC69FE4DAC

File Size: 3.18 MB, 3177984 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	3.2.25113.1114
Comments	8961e261 24247173 System Informer This installation was built with Inno Setup.
Company Name	Microsoft Process Hacker Synaptics Winsider Seminars & Solutions Winsider Seminars & Solutions, Inc. wj32 wj32
File Description	PE Viewer Process Hacker Process Hacker - Setup Process Hacker Setup Synaptics Pointing Device Driver System Informer System Informer - Chocolatey Shim
File Version	4.0.26074.335 3.2.25319.2238 3.2.25289.2438 3.2.25113.1114 3.0.8899.4372 3.0.8761.4234 3.0.8576.4049 2.39 (r124) 2.24.0.4900 2.4 Show More 1.00 1.0.0.4
Internal Name	peview Process Hacker processhacker-setup.exe ProcessHacker.exe System Informer SystemInformer.exe TJprojMain Win
Legal Copyright	Copyright (c) Winsider Seminars & Solutions, Inc. All rights reserved. Copyright (c) Winsider Seminars & Solutions, Inc. All rights reserved., Copyright © 2017 - Present Chocolatey Software, Inc ("Chocolatey") Copyright © 2010-2016, Process Hacker Team. Licensed under the GNU GPL, v3. Licensed under the GNU GPL, v3. Licensed under the GNU GPL, v3. Copyright (C) 2017 Licensed under the GNU GPL, v3. Copyright (C) 2021
Original Filename	DotNetTools.dll peview.exe processhacker-setup.exe ProcessHacker.exe SystemInformer.exe System Informer.exe TJprojMain.exe Win.exe
Product Name	Process Hacker Process Hacker Project1 Synaptics Pointing Device Driver System Informer System Informer - Chocolatey Shim Win
Product Version	4.0.26074.335 3.2.25319.2238 3.2.25289.2438 3.2.25113.1114 - Chocolatey Shim: 1.0.0 3.0.8899.4372 3.0.8761.4234 3.0.8576.4049 2.39 (r124) 2.24.0.4900 2.4 Show More 1.00 1.0.0.0

File Traits

.NET
2+ executable sections
Badsig nsis
dll
fptable
GetConsoleWindow
HighEntropy
Inno
InnoSetup Installer
Installer Manifest

Installer Version
ntdll
Nullsoft Installer
WriteProcessMemory
x64
x86

Block Information

Similar Families

Farfli.DH
GameHack.GF
SteamStealer.C
Trojan.Agent.Gen.JC
Trojan.Kryptik.Gen.NU

Trojan.Kryptik.Gen.RL
Trojan.Kryptik.Gen.UG
Trojan.ShellcodeRunner.Gen.DZ

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserDefaultLocaleName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateDirectoryObject Show More ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateKeyedEvent ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateThreadEx ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryDirectoryObject ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryMutant ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateDIBSection win32u.dll!NtGdiCreatePatternBrushInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal 17 additional items are not displayed above.
Service Control	OpenSCManager OpenService
Keyboard Access	GetKeyState
Other Suspicious	SetWindowsHookEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.ProcessHacker

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Submit Comment

Trending

HTTP Error 401 Invalid Security Token Email Scam

Giant Coupons Official Extension

Chainbridgeworks.co.in

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen