PUP.TorchBrowser.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.TorchBrowser.A
Signature status:	No Signature

Known Samples

MD5: f74f70d35e8ec734a43c1df855235931

SHA1: 8e9861ab3f3f285382fbe5e550f035f8175dcc9f

SHA256: CB6693276018525F4EA21A1EBD25BDD35C781B9BA683BBA8803A8039D37CC2D1

File Size: 1.42 MB, 1416704 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

dll
HighEntropy
x86

Block Information

Total Blocks:	3,807
Potentially Malicious Blocks:	761
Whitelisted Blocks:	3,045
Unknown Blocks:	1

Visual Map

0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x 0 1 1 1 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x x 0 x x x x 0 x 0 x x 0 x x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 x 0 x 0 x 0 0 0 x 0 x 0 0 0 x 0 0 x 0 x 0 x 0 0 x x x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 x 0 0 x 0 0 0 0 0 x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 x 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 x x x x x 0 0 2 x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 x x 1 0 0 0 0 x x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x x 0 0 0 x 0 0 x x 0 x 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 1 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 1 x x 0 x 0 1 x 0 0 0 x 0 x x x x x 0 0 0 x 0 0 0 0 0 0 x x 0 x x x x x x x x 0 x 0 x 0 x x x x x x 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x x 0 x 0 0 x x x x x x 0 0 0 0 x 0 0 0 0 0 x 0 x 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 x 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x 0 x x x 0 0 0 0 0 0 0 0 x 0 x 0 0 x x x x 0 x x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x 0 x x x 0 0 x x 0 0 0 0 0 x x 0 x x x 0 0 x 0 0 0 0 x x x x 0 x x x x x x x x x 0 x x x x x x 0 x x x 0 x x x x x x x x 0 0 x x 0 0 0 0 0 0 0 x 0 1 0 0 x 0 0 x x x 0 0 0 0 0 0 0 x 0 x x x x 0 x x x x x x 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x 0 x 0 x x x x x x x x x 0 0 x x 0 0 x 0 0 0 0 0 x 0 0 x 0 0 x x 1 0 0 0 x 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 x 0 0 x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x x 0 0 0 x 0 x x x x x 0 x x x x 0 x 0 x 0 0 0 x 0 0 x x x 0 x x x x 0 x 0 x 0 0 x 0 0 x x x x 0 0 x 0 x x x x x x x 0 x x 0 x 0 x 0 x x 0 x x 0 0 0 0 1 x 1 0 0 x x x 0 x x 0 0 0 x 0 x 0 x x x x x x 0 x 0 x x 0 x x x x 0 x x 0 x x x x x x x 0 0 0 0 x 0 0 0 x 0 x 0 x x x x x x x x x x x 0 0 0 x x 1 x x x 0 1 x 1 x x x x x 0 0 x 0 x x x x x x x x x x x x x 0 0 0 0 0 0 0 x x x x x x x 0 0 0 0 x x x x x x x x x x x x 0 x x x x x x x x x x x 0 0 0 x 0 0 x x x x x x 1 1 0 0 0 0 0 0 0 0 0 0 0 0 x 1 x x x x x x x x x 0 x x x x 0 0 x x 0 x x x 0 x x 0 1 1 x 1 0 0 0 0 0 0 0 x x 0 0 x x x x x x x 0 x 0 0 0 x 0 0 x 0 x 0 0 0 x 0 x 0 0 0 0 0 x x x x 0 x 0 x x 0 x x 0 0 0 x x x x x 0 x 0 0 0 x x x x 0 x 0 0 0 x x x 0 x 0 x 0 x x x x x x x x x x x 0 x x 0 x x x x x x x x x x x x x x 0 x x 0 0 x 0 x x 0 x 0 x x 0 0 0 x 0 x 0 0 0 x x x x x x x x x x x 0 x 0 x x x x 0 x x x x x x x 0 x x 0 x x x x x 0 0 x 0 x 0 x x 0 x 0 x x 0 x 0 x x x 0 x 0 0 0 0 0 x 0 0 x x x x x x 0 x x x x x 0 x x 0 x 0 x x x x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 x x x x x 0 x 0 x 0 0 x 0 x 0 0 0 0 x 0 x x x 0 0 x 0 0 x x 0 x x x x 0 0 0 0 x x x x 0 0 x x 0 x x x x x x x x x x x x x 0 x 0 x 0 x x x x 0 x 0 x 0 x x 0 0 x x 0 x 0 0 0 0 x x 0 x 0 x x x 0 0 0 x x x x 0 x x x x x x 0 x x 0 0 x 0 x x x x 0 x x 0 0 x 0 x x x 0 x x 0 x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 0 x x 0 x 0 x x 0 x x x x 0 x x 0 x 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtQueryAttributesFile Show More ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation
Other Suspicious	AdjustTokenPrivileges

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8e9861ab3f3f285382fbe5e550f035f8175dcc9f_0001416704.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.TorchBrowser.A

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

TrojanDownloader.ConHook.l

Thewebtimes.net

Safestsearches.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen