PUP.Softomate.E

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Softomate.E
Signature status:	No Signature

Known Samples

MD5: b32fb898ee875d11a2f7aac2756ad87b

SHA1: 393cad7bb2c639478afdde86ebfe7f7114eb4ed2

SHA256: 932C0906262EA4B771426511304E81DDBCB7B1C52E6A13A72ADA4DB0D48DF673

File Size: 992.13 KB, 992131 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Oleg N. Scherbakov
File Description	7z Setup SFX
File Version	1, 3, 0, 1501
Internal Name	7ZSfxNew
Legal Copyright	Copyright © 2005-2009 Oleg N. Scherbakov
Original Filename	7ZSfxNew.exe
Private Build	September 7, 2009
Product Name	7ZSfxNew
Product Version	1, 3, 0, 1501

File Traits

HighEntropy
x86

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\crashrpt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\crashrpt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\regworkshop.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\regworkshop.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\regworkshop.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\regworkshop.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\regworkshopx64.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\regworkshopx64.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\rwreg.txt	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\2k10\regworkshop\rwreg.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\rwresrus.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\regworkshop\rwresrus.dll	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\reg::	URL:Reg Protocol	RegNtPreCreateKey
HKLM\software\classes\reg::url protocol	(NULL)	RegNtPreCreateKey

HKLM\software\classes\reg\shell\open\command::	"C:\Users\Fpljliwa\appdata\local\temp\2k10\regworkshop\regworkshopx64.exe" /g "%1"	RegNtPreCreateKey
HKLM\software\classes\regfile\shell::editflags	虄椖	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx
Syscall Use	ntdll.dll!NtAddAtomEx ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore Show More ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN
User Data Access	GetComputerName GetUserObjectInformation
Other Suspicious	SetWindowsHookEx
Keyboard Access	GetKeyState

Shell Command Execution


							(NULL) RegWorkshopX64.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Softomate.E

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Scrutchother.club

LODEINFO

Horizon Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen