Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.UniDL

PUP.UniDL

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.UniDL
Signature status: No Signature

Known Samples

MD5: 585cd3eef3480c262fdbd2e632ade8db
SHA1: 8f9a20253c4c6a48668b3a6a909f258b372a0c36
File Size: 2.10 MB, 2103684 bytes
MD5: c0d8659c1a9402c50e602c9e42e9d168
SHA1: 68a3f4ecfbfd4eb3500b3c6e05027e1fde76226a
SHA256: 9F1B2224948E26DD6AAE0603327EA788253EC02C207B4ED521280885D855C655
File Size: 2.21 MB, 2205599 bytes
MD5: be58b71d2f29fbd282a5a7b4cc4373c3
SHA1: 1b4c22cb7cdba8b531fd62c76c0b2893e2146630
SHA256: 8248DB5E80A0B2EDDBAEDABF781196282DC90AC459ED3981C79F438BDCFFC055
File Size: 2.14 MB, 2137547 bytes
MD5: 5af890ee0a599edd9ca3f633edc699d3
SHA1: 2c3e738c2666d3828bd6b8160eca1f9f3e4e1e12
SHA256: 0264AE3CC90EC8FAA56A5153B7801F9E5F86E2EABDCC5568F64FB68633043888
File Size: 1.96 MB, 1957006 bytes
MD5: 0b460fc44273a535ec823f1f613e5c6c
SHA1: 1caba232f66d1ea0f39867952fdd713c239ec89c
SHA256: D9EAA4EB78CE4567DBBCC31AD9C950377DA0112CC2FA40E8BC15FBA85A714763
File Size: 1.90 MB, 1896568 bytes
Show More
MD5: c607a4e212f02ef70ca4b287a9d9da43
SHA1: 98d886bb5752ee52f42015ff20cbecf1b3bff98b
SHA256: A4D137E7191F761640B7E2CF1DE23B557719F7B29E20B8F73D575B9CF45CD4A5
File Size: 6.06 MB, 6064812 bytes
MD5: b10601dbdf62923031a9adac864bca5d
SHA1: 56cabd671ef85ee642df7368714da18551eb6e10
SHA256: CD339F8FAA868A027846A2A57CAA79B282B69556FACEF64A2715831FAEF4928A
File Size: 2.41 MB, 2414423 bytes
MD5: 061c29e194653c8e0dcf5ac7fcf50f7a
SHA1: 96777095054b6b067c74e46320bfdd9db8cc1896
SHA256: 6410199F7C4DC4022501508E77AD9ED3AEC6E2423F03122ABCA6426489344ABC
File Size: 2.01 MB, 2010538 bytes
MD5: f0471b3ec752fbbe2f442df775bc17ca
SHA1: 8a3f56fe159c9513b63d2358510a6612519123dd
SHA256: 7EA5DCFA15991822F08AD23FA68AF47B60EA86C78986340FB99EDEED4B3E283C
File Size: 1.86 MB, 1855020 bytes
MD5: d7fde511fc4ff4359106020426d90653
SHA1: 64bd6b1bf237a6f18fe410fee0fec24ce0c2db34
SHA256: 672A0C7EDD66D11208FD23FD48FFEA87CF888966B4EFE7C1FC0467BD92663F6A
File Size: 2.33 MB, 2329853 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • tuttop.com
  • tuttop.Com
File Description
  • Cursed Fables White as Snow CE Setup
  • Escape the Backrooms Setup
  • Estate-Agent-Simulator-v0.19 Setup
  • Kingdoms-Reborn-v0.228 Setup
  • Mafia 2 Setup
  • Manor-Lords-v0.7.955s Setup
  • Paint the Town Red Setup
  • Portal-Revolution-v1.0.6-Rus Setup
  • Silica Setup
  • Trials of Fire Setup
File Version 1.0.0.0
Legal Copyright Copyright
Product Name
  • Cursed Fables White as Snow CE
  • Escape the Backrooms
  • Estate-Agent-Simulator-v0.19
  • Kingdoms-Reborn-v0.228
  • Mafia 2
  • Manor-Lords-v0.7.955s
  • Paint the Town Red
  • Portal-Revolution-v1.0.6-Rus
  • Silica
  • Trials of Fire
Product Version
  • Build 10311707
  • 18.12.2022
  • 1.056
  • 1.0u1
  • 1.0.0.0
  • 0.8.0

Block Information

Total Blocks: 2,300
Potentially Malicious Blocks: 0
Whitelisted Blocks: 2,300
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Farfli.BZ
  • Gamehack.QAB
  • Kryptik.BBL
  • Remcos.AM

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-40v5e.tmp\8a3f56fe159c9513b63d2358510a6612519123dd_0001855020.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-69c6v.tmp\1b4c22cb7cdba8b531fd62c76c0b2893e2146630_0002137547.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-906s3.tmp\96777095054b6b067c74e46320bfdd9db8cc1896_0002010538.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-j1cu1.tmp\8f9a20253c4c6a48668b3a6a909f258b372a0c36_0002103684.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nq069.tmp\2c3e738c2666d3828bd6b8160eca1f9f3e4e1e12_0001957006.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qcpo1.tmp\98d886bb5752ee52f42015ff20cbecf1b3bff98b_0006064812.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-rg6a8.tmp\1caba232f66d1ea0f39867952fdd713c239ec89c_0001896568.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ubull.tmp\64bd6b1bf237a6f18fe410fee0fec24ce0c2db34_0002329853.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-useam.tmp\56cabd671ef85ee642df7368714da18551eb6e10_0002414423.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vvqd5.tmp\68a3f4ecfbfd4eb3500b3c6e05027e1fde76226a_0002205599.tmp Generic Write,Read Attributes

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Kmptfqsk\AppData\Local\Temp\is-J1CU1.tmp\8f9a20253c4c6a48668b3a6a909f258b372a0c36_0002103684.tmp" /SL5="$20238,1047040,0,c:\users\user\downloads\8f9a20253c4c6a48668b3a6a909f258b372a0c36_0002103684.exe"
"C:\Users\Cpsnawua\AppData\Local\Temp\is-VVQD5.tmp\68a3f4ecfbfd4eb3500b3c6e05027e1fde76226a_0002205599.tmp" /SL5="$40224,876032,0,c:\users\user\downloads\68a3f4ecfbfd4eb3500b3c6e05027e1fde76226a_0002205599"
"C:\Users\Kulragln\AppData\Local\Temp\is-69C6V.tmp\1b4c22cb7cdba8b531fd62c76c0b2893e2146630_0002137547.tmp" /SL5="$70044,1046016,0,c:\users\user\downloads\1b4c22cb7cdba8b531fd62c76c0b2893e2146630_0002137547"
"C:\Users\Chegvwzr\AppData\Local\Temp\is-NQ069.tmp\2c3e738c2666d3828bd6b8160eca1f9f3e4e1e12_0001957006.tmp" /SL5="$90366,904704,0,c:\users\user\downloads\2c3e738c2666d3828bd6b8160eca1f9f3e4e1e12_0001957006"
"C:\Users\Nzybypjb\AppData\Local\Temp\is-QCPO1.tmp\98d886bb5752ee52f42015ff20cbecf1b3bff98b_0006064812.tmp" /SL5="$11052A,5302744,721408,c:\users\user\downloads\98d886bb5752ee52f42015ff20cbecf1b3bff98b_0006064812"
Show More
"C:\Users\Bdzbdnse\AppData\Local\Temp\is-USEAM.tmp\56cabd671ef85ee642df7368714da18551eb6e10_0002414423.tmp" /SL5="$60276,1046016,0,c:\users\user\downloads\56cabd671ef85ee642df7368714da18551eb6e10_0002414423"
"C:\Users\Dtrjjnfl\AppData\Local\Temp\is-906S3.tmp\96777095054b6b067c74e46320bfdd9db8cc1896_0002010538.tmp" /SL5="$5033E,945664,0,c:\users\user\downloads\96777095054b6b067c74e46320bfdd9db8cc1896_0002010538"
"C:\Users\Ukfazixt\AppData\Local\Temp\is-40V5E.tmp\8a3f56fe159c9513b63d2358510a6612519123dd_0001855020.tmp" /SL5="$5027C,864768,0,c:\users\user\downloads\8a3f56fe159c9513b63d2358510a6612519123dd_0001855020"
"C:\Users\Vqijhpci\AppData\Local\Temp\is-UBULL.tmp\64bd6b1bf237a6f18fe410fee0fec24ce0c2db34_0002329853.tmp" /SL5="$30366,1339392,0,c:\users\user\downloads\64bd6b1bf237a6f18fe410fee0fec24ce0c2db34_0002329853"

Trending

Most Viewed

Loading...