Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Shutdowner

PUP.Shutdowner

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Shutdowner
Signature status: No Signature

Known Samples

MD5: a125d5060e6b9da9af6eae6cdaf61048
SHA1: a9c4b7aeb2ba1dcb861339962df90610084e801c
File Size: 473.60 KB, 473600 bytes
MD5: 0c7387c24e95117cd22c309861caed2b
SHA1: 4b4e0bd9c37f29587402ee7065a9aaa35fcfe6a9
SHA256: A8813FBD369D9A91C0DB1D7F284127A662DA0D5D25AABA76DA4DF08436BAFF03
File Size: 262.14 KB, 262144 bytes
MD5: c763c5574f47938269cdeae1bea3d11d
SHA1: 8960a25ce93bf53aa0558d1f008a72477524261a
SHA256: 28D5DBAF7A21C0038BFC53513666C96432C38FB42B9DB2DD8EE2B49230D79EF9
File Size: 1.01 MB, 1006975 bytes
MD5: 98deffb8e41a1e43c40ba3420ffe13c1
SHA1: 40edcffccd95dc6f8f7e49e379fa73db59cb2467
SHA256: 9A7BDC5F6673E7D9CB6417424CB1AFFDE1268EF3258FA09B545637A30370E820
File Size: 2.36 MB, 2364760 bytes
MD5: 87a7699514b0fda8c306017850e24129
SHA1: 16753227297a9b8c5f2d3c46d15e9078962d5898
SHA256: 4D5EABE85314668A06AD890A09576602B2D0FE18E81AB6240B5E551EC244ECA1
File Size: 1.67 MB, 1671168 bytes
Show More
MD5: 44ec596e6e114a4261dc964e94065afc
SHA1: 13b2558024c8200de3173bc7daaac21b672d32b6
SHA256: 0A697E6E3660D59DDD861B3C589C6651AF8E1D8CFBF7AA6D8446F681633C108F
File Size: 1.65 MB, 1650181 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • D-Software
  • WareSoft Software
  • WareSoft Software
File Description
  • RefreshPC
  • Repairs TCP/IP and Winsock Errors
File Version
  • RefreshPC
  • 2.01
  • 1.73.0003
Internal Name
  • DShutdown
  • netrepair
Legal Copyright
  • Dimio Corporation
  • © Copyright 2003 - 2011 WareSoft Software
  • © Copyright 2011 - 2013 WareSoft Software
Original Filename
  • DShutdown.exe
  • netrepair.exe
Product Name
  • DShutdown
  • RefreshPC
  • XP TCP/IP Repair
Product Version
  • 2.01
  • 2.0
  • 1.73.0003

File Traits

  • HighEntropy
  • packed
  • vb6
  • x86

Block Information

Similar Families

  • Agent.EDA
  • IEHelper.B
  • Lamer.CF
  • Stealer.BBA
  • Wapomi.F

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\program files (x86)\bruteremoval Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\__tmp_rar_sfx_access_check_2926890 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\allow.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\allow.ini Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\autoruns.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\autoruns.chm Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\autoruns.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\autoruns.exe Synchronize,Write Attributes
Show More
c:\program files (x86)\bruteremoval\autorunsc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\autorunsc.exe Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\bruteremoval.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\bruteremoval.exe Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\fix.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\fix.cmd Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\fixproblems.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\fixproblems.reg Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\mscomctl.ocx Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\mscomctl.ocx Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\mscomctl32.ocx Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\mscomctl32.ocx Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\msvbvm60.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\msvbvm60.dll Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\nircmd.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\nircmd.exe Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\removeknown.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\removeknown.bat Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\repairs.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\repairs.vbs Synchronize,Write Attributes
c:\program files (x86)\bruteremoval\restart.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\bruteremoval\restart.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~dffa6bbf7858d8e3b1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix Generic Write,Read Attributes
c:\users\user\downloads\smitfraudfix Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\dumphive.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\dumphive.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\exit.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\exit.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\genericrenosfix.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\genericrenosfix.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\getpaths.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\getpaths.vbs Generic Write,Read Attributes
c:\users\user\downloads\smitfraudfix\hostschk.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\hostschk.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\process.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\process.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\reboot.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\reboot.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\restart.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\restart.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\smitfraudfix.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\smitfraudfix.cmd Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\smiupdate.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\smiupdate.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\srchsts.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\srchsts.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\swreg.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\swreg.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\swsc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\swsc.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\swxcacls.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\swxcacls.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\unzip.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\unzip.exe Synchronize,Write Attributes
c:\users\user\downloads\smitfraudfix\vcclsid.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\smitfraudfix\vcclsid.exe Synchronize,Write Attributes
c:\windows\syswow64\dumphive.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dumphive.exe Synchronize,Write Attributes
c:\windows\syswow64\process.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\process.exe Synchronize,Write Attributes
c:\windows\syswow64\srchsts.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\srchsts.exe Synchronize,Write Attributes
c:\windows\syswow64\swreg.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\swreg.exe Synchronize,Write Attributes
c:\windows\syswow64\swsc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\swsc.exe Synchronize,Write Attributes
c:\windows\syswow64\swxcacls.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\swxcacls.exe Synchronize,Write Attributes
c:\windows\syswow64\vcclsid.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\vcclsid.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 桨熪ೂǜ RegNtPreCreateKey
HKCU\software\winrar sfx::c%%program files (x86)%bruteremoval C:\Program Files (x86)\BruteRemoval RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW

99 additional items are not displayed above.

Process Terminate
  • TerminateProcess

Shell Command Execution

(NULL) C:\WINDOWS\system32\cmd.exe /c cd SmitfraudFix && SmitfraudFix.cmd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /S /D /c" VER"
C:\WINDOWS\system32\find.exe find "Windows 95"
C:\WINDOWS\system32\find.exe find "Windows 98"
C:\WINDOWS\system32\find.exe find "Windows Millennium"
Show More
C:\WINDOWS\system32\find.exe find "Windows XP"
C:\WINDOWS\system32\find.exe find "Windows 2000"
C:\WINDOWS\system32\find.exe find "Version 5.2.3790"
C:\WINDOWS\system32\find.exe find "Version 6.0"
C:\WINDOWS\system32\find.exe find "version 6.0"
C:\WINDOWS\system32\cscript.exe cscript //I //nologo GetPaths.vbs
WriteConsole: CScript Error: C
WriteConsole: 'SetPaths.bat' i
WriteConsole: Could Not Find c
WriteConsole: 'chkntfs' is not

Trending

Most Viewed

Loading...