PUP.ScrambleWrapper.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.ScrambleWrapper.A
Signature status:	No Signature

Known Samples

MD5: 8d5107e8a0d2f83ca8e39ae982adeb2e

SHA1: f6d94a9d1b40d9953125858acdd74a2b60a93762

SHA256: B6F3405FD43D94F0AE243363E2D056A78C56281F719A4F62D5F2F7DB3AF9B4CE

File Size: 6.72 MB, 6720305 bytes

MD5: 009008be792cec589a4bc4e6c74a7ee9

SHA1: 68604f72680d876928aa0c550bc3e9770b9973a2

SHA256: D98BAE4F4491831CB2F8D3FDBF3AA7D15C963EDE62E6E6A1B0938188BB344E95

File Size: 6.19 MB, 6190193 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Nywtlfq Szfwutrlgqksek
File Description	Nnuqovhvemaed Qrlxeekmclzc
File Version	22.17.2.23 1.0.0.0
Legal Copyright	Pexdiwlijy Vzxeyy
Product Name	Fmltjyjenpcwi Gzwxlubriwtgf

File Traits

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\feven proinstaller_1766134327.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\feven proinstaller_1766134327.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjb869.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsjcbc.tmp\installerutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjcbc.tmp\installerutils2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjcbc.tmp\md5dll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjcbc.tmp\nsislog.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjcbc.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjcbc.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjcbc.tmp\system.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsjcbc.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm624.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsm625.tmp\cctqt.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm625.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm625.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm625.tmp\wrapperutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm625.tmp\yxnjwcz.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstcab.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswbe26.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswbe27.tmp\installerutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe27.tmp\installerutils2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe27.tmp\md5dll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe27.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe27.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe27.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe27.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\khpzbwaagbwe.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\khpzbwaagbwe.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\stdutils.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\wrapperutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\wrapperutils.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\wyeripmu.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb87a.tmp\wyeripmu.exe	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen

Shell Command Execution


							"C:\Users\Ceepdeml\AppData\Local\Temp\nsm625.tmp\Yxnjwcz.exe"


							"C:\Users\Mhikeduf\AppData\Local\Temp\nszB87A.tmp\Wyeripmu.exe"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.ScrambleWrapper.A

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

PUP.Super Driver Updater

Trojanized RedAlert Application

iScans Fake Crypto Tracker Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen