Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.SilentInstallBuilder

PUP.SilentInstallBuilder

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.SilentInstallBuilder
Signature status: Hash Mismatch

Known Samples

MD5: a32fc03a4961a6265a8580f88b030e7e
SHA1: 89d93842a0102fba860fbf9ccb6523d2bbb93ede
SHA256: F6ACC9C3B5D72E3DD9C8C3C1E2BC946F5235DD249718C3D53661517B21B03605
File Size: 1.97 MB, 1966088 bytes
MD5: fd1fbd0254ebf49926ba6e276836d89f
SHA1: 94326a55988033de6ced221bc9f3fa0f1388a103
SHA256: 4152C034517F052815CF68791785AAAF76936774C44AADCB20E5EADFBDCD6E59
File Size: 417.82 KB, 417818 bytes
MD5: 53e234e810a6ff3c3f30454a59cfc9ed
SHA1: 82f2c47c001d66e98f7d9ed65964a1827899efc8
SHA256: 388FF97DB8C8FF40915FE069FB83746DF7EF03871117F0088BFEBD3DA045C128
File Size: 816.07 KB, 816071 bytes
MD5: c021c05985c2085a64d0a21b3707382e
SHA1: d7f20ebed9f2d7cc66bb5c9f5d0e798e9b0ce24e
SHA256: 21ABB55BEE181A2775BA20F21DED526BE47FFD871FDC124D1E273833ED08E0F2
File Size: 3.86 MB, 3856384 bytes
MD5: 33db850591c72328cf7806f6e0492e00
SHA1: 8d9287c1550f81707e0e357d6ea757ac4ee8860a
SHA256: 439647625B3A4946F018755524A14A441F90F1947340EA9004836A27B35C4544
File Size: 940.66 KB, 940657 bytes
Show More
MD5: a49b9592c3c23c9c026238ad4991028c
SHA1: 350f7247f99c67fc701cc22ff1cc46e734a19f77
SHA256: F8736C5AE62E36DC555B7AA8096413B54851076D26D2CC0C88E169B8D8D92F43
File Size: 271.04 KB, 271040 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • AprelTech, llc
  • TODO: <Company name>
File Description
  • Sibl
  • TODO: <File description>
File Version
  • 6.4.0.0
  • 1.0.0.1
  • 1.0.0
  • 0.0.0.0
Internal Name
  • Sibl.exe
  • stub.exe
Legal Copyright
  • Copyright (C) 2018
  • Copyright © 2025 AprelTech, llc
Original Filename
  • Sibl.exe
  • stub.exe
Product Name
  • Silent Install Builder
  • TODO: <Product name>
  • xfpsp2023
Product Version
  • 6.4.0.0
  • 1.0.0.1
  • 1.0.0
  • 0.0.0.0

Digital Signatures

Signer Root Status
APREL Tehnologija d.o.o. Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • Installer Version
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 595
Potentially Malicious Blocks: 6
Whitelisted Blocks: 589
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 1 0 0 x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 1 1 0 0 1 1 0 0 1 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.134169797421801444.208.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\sibl\sib.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_4q44xbke.1jc.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ljgr2oxe.5ud.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc70.tmp\sibuia.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshaf65.tmp\sibuia.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbdb8.tmp\sibuia.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c7.tmp\modern-wizard.bmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nszb8c7.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c7.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\psa862.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\psa862.tmp.ps1 Synchronize,Write Data
c:\users\user\appdata\local\temp\rgic2bc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgic2bc.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgic33a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgic33a.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgic389.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgic389.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgic3f7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgic3f7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgic475.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgic475.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibafc3.tmp\0\c204.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibafc3.tmp\0\c204.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibafc3.tmp\sibca.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibafc3.tmp\sibca.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibafc3.tmp\sibclr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibafc3.tmp\sibclr.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\0\sorv7.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\0\sorv7.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\0\xfpsp2023.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\0\xfpsp2023.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\2\ccleaner.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\sibbccf.tmp\ionic.zip.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\ionic.zip.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\sibca.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\sibca.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\sibclr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\sibclr.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\zip.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbccf.tmp\zip.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbe17.tmp\0\patch.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbe17.tmp\0\patch.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbe17.tmp\sibca.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbe17.tmp\sibca.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sibbe17.tmp\sibclr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sibbe17.tmp\sibclr.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp Generic Write,Read Attributes,Delete
c:\users\user\downloads\82f2c47c001d66e98f7d9ed65964a1827899efc8_0000816071 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\82f2c47c001d66e98f7d9ed65964a1827899efc8_0000816071 Generic Write,Read Attributes
c:\users\user\downloads\82f2c47c001d66e98f7d9ed65964a1827899efc8_0000816071 Synchronize,Write Attributes
c:\users\user\downloads\plagins.dat Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes
c:\windows\svchost.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\schedulingagent::taskkey 譙┝ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\schedulingagent::checsib 2025-11-19 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᒠﯢꙺǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ル䫷ꪸǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Keyboard Access
  • GetKeyState
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReadData
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess
Process Terminate
  • TerminateProcess
Service Control
  • StartServiceCtrlDispatcher
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
Show More
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 1300
C:\Users\Cibosnjx\AppData\Local\Temp\sibAFC3.tmp\0\C204.exe
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\82f2c47c001d66e98f7d9ed65964a1827899efc8_0000816071"
"c:\users\user\downloads\82f2c47c001d66e98f7d9ed65964a1827899efc8_0000816071"
C:\Users\Esmnxvrb\AppData\Local\Temp\sibBE17.tmp\0\Patch.exe
Show More
"sorv7.cmd" /s
C:\Users\Ssdxcbia\AppData\Local\Temp\sibBCCF.tmp\0\xfpsp2023.exe xfpsp2023.exe
"C:\Users\Ssdxcbia\AppData\Local\Temp\sibBCCF.tmp\2\ccleaner.exe" /s
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -file "C:\Users\Hnvwintr\AppData\Local\Temp\psA862.tmp.ps1"

Trending

Most Viewed

Loading...