Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.RegServe

PUP.RegServe

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 58
First Seen: February 21, 2020
Last Seen: March 15, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.RegServe

File System Details

PUP.RegServe may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. regserve-setup.exe d41b65841198422271c2e75556e518f2 10

Analysis Report

General information

Family Name: PUP.RegServe
Signature status: Self Signed

Known Samples

MD5: 2f65327bf2376f74cc15df3eeb9aa2c1
SHA1: 57c41f9ad4ac5aeab80b6d61a25708774e0a8a3a
SHA256: 554C6C4B929E166120B1843D542C0C2BE630298AC84156A85B8147B8C263A6DC
File Size: 1.24 MB, 1244152 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
Xionix Thawte Code Signing CA - G2 Self Signed

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsabd0d.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsabd0d.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0d.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0d.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0d.tmp\newadvsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0d.tmp\spltmp.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df4b41747bfc7e016f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • ReadProcessMemory
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState

Trending

Most Viewed

Loading...