Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Techsnab

PUP.Techsnab

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Techsnab
Signature status: Modified signature

Known Samples

MD5: 08fcb9de348ee70e339187a6d11793aa
SHA1: b9a773f7d4f70b8e10dad211fb654e9490cc619d
File Size: 2.44 MB, 2437472 bytes
MD5: 9cfa47cccfdd928949c43ebbf491d22b
SHA1: 3e19b994d8c0ebf588ddcf57541c083b37f016cb
SHA256: 3C4391A8836971F83D83820DF9C5A4391F6D125D9D6B1A301B6AA06355B7658A
File Size: 2.45 MB, 2449248 bytes
MD5: 4c02c698edc5e77154319b84aad3f092
SHA1: 5f2dd16a22d3768552d914e14e84d94783dda6d5
SHA256: A187567CAF43685FE4D80601CA37D7D754CEA0B89B61C44EB61203A647D67643
File Size: 825.88 KB, 825880 bytes
MD5: 58ed7a2d7b8c90797b8347091eafc615
SHA1: dcd359544d62873296bab965b4a51da5c8c75110
SHA256: 1E29FA49F4A11492A9143F006FBCC448AD2776C75F1661AD91DE94F76DC64970
File Size: 2.17 MB, 2170472 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
File Description SmartInstaller
File Version 1.0.0.0
Internal Name SmartInstaller.exe
Legal Copyright Copyright © 2014
Original Filename SmartInstaller.exe
Product Name SmartInstaller
Product Version 1.0.0.0

Digital Signatures

Signer Root Status
Closed Joint-Stock Company "V.X. Technocom COMODO Code Signing CA 2 Self Signed
RBMF Technologies LLC Go Daddy Secure Certification Authority Hash Mismatch

Block Information

Similar Families

  • Downloader.Agent.CC
  • MSIL.Wise.A

Files Modified

File Attributes
c:\program files (x86)\driver lm\icon.ico Generic Write,Read Attributes
c:\program files (x86)\driver lm\libeay32.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\lmservice.exe Generic Write,Read Attributes
c:\program files (x86)\driver lm\msvcp100.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\msvcr100.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nfapi.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nfregdrv.exe Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\certutil.exe Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\mozcrt19.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\nspr4.dll Generic Write,Read Attributes
Show More
c:\program files (x86)\driver lm\nss\nss3.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\plc4.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\plds4.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\smime3.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\nss\softokn3.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\protocolfilters.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\ssleay32.dll Generic Write,Read Attributes
c:\program files (x86)\driver lm\tdi Synchronize,Write Attributes
c:\program files (x86)\driver lm\tdi\amd64 Synchronize,Write Attributes
c:\program files (x86)\driver lm\tdi\amd64\lmservicedrv.sys Generic Write,Read Attributes
c:\program files (x86)\driver lm\tdi\amd64\lmservicedrv.sys Synchronize,Write Attributes
c:\program files (x86)\driver lm\tdi\i386 Synchronize,Write Attributes
c:\program files (x86)\driver lm\tdi\i386\lmservicedrv.sys Generic Write,Read Attributes
c:\program files (x86)\driver lm\tdi\i386\lmservicedrv.sys Synchronize,Write Attributes
c:\program files (x86)\driver lm\wfp Synchronize,Write Attributes
c:\program files (x86)\driver lm\wfp\amd64 Synchronize,Write Attributes
c:\program files (x86)\driver lm\wfp\amd64\lmservicedrv.sys Generic Write,Read Attributes
c:\program files (x86)\driver lm\wfp\i386 Synchronize,Write Attributes
c:\program files (x86)\driver lm\wfp\i386\lmservicedrv.sys Generic Write,Read Attributes
c:\program files (x86)\driver lm\wfp\i386\lmservicedrv.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsabbd4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsabbd5.tmp\simplesc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\1f356f4d07fe8c483e769e4586569404 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\3b6e683a7a45cc59bf035c9ba8c7ab9d Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\5457a8ce4b2a7499f8299a013b6e1c7c_d734ec3dd00546f46d368325396086b0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\6f0e55df8a480361a1a27f82daa1abb7 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b90b117906b8a74c79d1bc450c2b94b1_a54f26a8a41de52c237d54d67f12793f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\f4d9c889b7aebcf4e1a2daabc5c3628a_4c1ffa588df4c1f009b4e254ad263015 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\1f356f4d07fe8c483e769e4586569404 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\3b6e683a7a45cc59bf035c9ba8c7ab9d Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\5457a8ce4b2a7499f8299a013b6e1c7c_d734ec3dd00546f46d368325396086b0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\6f0e55df8a480361a1a27f82daa1abb7 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b90b117906b8a74c79d1bc450c2b94b1_a54f26a8a41de52c237d54d67f12793f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\f4d9c889b7aebcf4e1a2daabc5c3628a_4c1ffa588df4c1f009b4e254ad263015 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes
c:\windows\system32\drivers\lmservicedrv.sys Synchronize,Write Data

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\systemcertificates\authroot\certificates\02faf3e291435468607857694df5e45b68851868::blob 㔝є碅㾰䉂뽍猠㼊뤉尐멛㐤Ꜽ䇳Ⓠ菡᭼ T到ࠆثԁ܅ȃࠆثԁ܅̃ਆثЁ舁਷Ѓࠆثԁ܅Ѓࠆثԁ܅؃ࠆثԁ܅܃ࠆثԁ܅ăࠆثԁ܅ࠃSC䄰∰ఆثЁ눁ıĂąሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́ீĀ☀匀攀挀琀椀 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\02faf3e291435468607857694df5e45b68851868::blob \ࠀ벛䍞맓훬ؼ뜍岎拓䎑桔硠楗寤蕨栘h䀀ₑ㗐Ǚ~⚉Ǘ句㱘꜀쉣뤿无㚣啭붭窘됴쓺否ϯ쬤ᩔb 罨冤∸ク죰ᾱ䎍盕ᱧ뉮Ꮄ菻旙淐 &Sectigo (Add RegNtPreCreateKey
HKCU\software\microsoft\systemcertificates\ca\certificates\8ad5c9987e6f190bd6f5416e2de44ccd641d8cda::blob RegNtPreCreateKey
HKLM\software\wow6432node\lm service::partnerid 0 RegNtPreCreateKey
HKLM\software\wow6432node\lm service::guid {6656FEB0-D550-4D89-ABCE-6AA89ADA8351} RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\control\grouporderlist::pnp_tdi  RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Network Winsock2
  • WSAConnect
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • freeaddrinfo
  • getaddrinfo
  • getpeername
  • getsockname
  • setsockopt
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Service Control
  • OpenSCManager
  • OpenService

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 2008
runas C:\Program Files (x86)\Driver LM\nfregdrv.exe lmservicedrv

Trending

Most Viewed

Loading...