Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.ProW

PUP.ProW

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 103
Threat Level: 10 % (Normal)
Infected Computers: 4,812
First Seen: July 24, 2025
Last Seen: December 6, 2025
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.ProW

Registry Details

PUP.ProW may create the following registry entry or registry entries:
File name without path
ProW File Compressor.lnk

Directories

PUP.ProW may create the following directory or directories:

%localappdata%\ProW File Compressor
%programfiles%\pwac

Analysis Report

General information

Family Name: PUP.ProW
Signature status: Self Signed

Known Samples

MD5: 8e046b2d89208d57b2c23933bfa2e1f4
SHA1: 9a980119fbfb4e62024eed8026d7741194679461
SHA256: 14FB07941492C7F014435633A02BF14761D91D1DF3023FA0DD4C3210E80554B7
File Size: 348.34 KB, 348344 bytes
MD5: 3cf0745d29695e3433def47e417d6af8
SHA1: e3f0b979c50c1e2e4a72b31b541268ce04c8ff20
SHA256: 7E0D909C934620140DB7D53E2CAEFDD58866484CB049F876F8A8428E6334618A
File Size: 118.29 KB, 118288 bytes
MD5: 7449861dd4559ff319102a5d315ff020
SHA1: cb7f19d708e75c3877ee57d487a9d2c366a97030
SHA256: 50EC755FDBA9110C1D1138F415DBDD8CAD36DC0FB4D82C96F0D860E52F5595EF
File Size: 118.29 KB, 118288 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Tool for elevating applications on the command line
Company Name
  • AppSuite
  • Johannes Passing
File Description
  • Elevate
  • PDF EDITOR BY APPSUITE
File Version
  • 1.0.29
  • 1, 0, 0, 2894
Internal Name Elevate
Legal Copyright
  • Copyright (C) 2007
  • Copyright © 2025 AppSuite
Original Filename Elevate.exe
Product Name
  • Elevate Application
  • PDF Editor
Product Version
  • 1.0.29
  • 1, 0, 0, 2894

Digital Signatures

Signer Root Status
Echo Infini Sdn. Bhd. GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed

Block Information

Total Blocks: 506
Potentially Malicious Blocks: 0
Whitelisted Blocks: 506
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 1 0 1 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.LA
  • Agent.RTN
  • Chapak.HBX
  • CobaltStrike.GI
  • CobaltStrike.GIA
Show More
  • MSILZilla.TC
  • Rozena.H
  • TcpScan.B

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\stdutils.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsud4e2.tmp\winshell.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsud4e2.tmp\winshell.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xeghqukh\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xeghqukh\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Xeghqukh\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 憎ㄪቦǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xeghqukh\AppData\Local\Temp\nsuD4E2.tmp\ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal
  • win32u.dll!NtUserBeginPaint

60 additional items are not displayed above.

Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\Users\Xeghqukh\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
%SYSTEMROOT%\System32\cmd.exe /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq PDF Editor.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "PDF Editor.exe"
TaskKill /IM "PDF Editor.exe" /F
"C:\Users\Xeghqukh\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --cm=--cleanup

Trending

Most Viewed

Loading...