Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Unwrapper.A

PUP.Unwrapper.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Unwrapper.A
Packers: UPX
Signature status: No Signature

Known Samples

MD5: b3ac9f84515552e0a3e4f0a81ab2ef77
SHA1: 5c007fe33aa5945386b1f35b7a72d8244de0bd11
SHA256: FC856BF764D2171D71777E4F3687BB98E7ED9DA85940A2C994B7247446F3EF6D
File Size: 5.71 KB, 5708 bytes
MD5: 3f182cc90a46282c1236f87bdee6549e
SHA1: cee330212dd01adbb642953d2f692d0bb3c5c852
SHA256: 56A45C1CD34E679CB497F163FB872F9387A63A4F2D2894CD13E05574629755E0
File Size: 26.62 KB, 26624 bytes
MD5: 9a7b290ce3014773269f697451f205a6
SHA1: 456735c7f05737764f2f3a18ec49a4a2541629ac
SHA256: 3C70484BE4B8DF1FAC957F404F2AB0D96A9E35D5BFCC11A75C8226FAD425AF7C
File Size: 5.69 KB, 5691 bytes
MD5: 48e96f9d3a072c97987917a38bbdd6f4
SHA1: 7375be690da4a8938ecb6a28dcfb492fa371d55d
SHA256: 157AD8FD9276A64136E872387C2F784022CBF8EBF49EEFA61038608DE0A2F3C4
File Size: 15.87 KB, 15872 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • 2+ executable sections
  • No Version Info
  • packed
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 159
Potentially Malicious Blocks: 12
Whitelisted Blocks: 39
Unknown Blocks: 108

Visual Map

x ? 0 x x x x 0 ? ? ? ? ? ? ? x ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? x ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 0 0 ? 0 ? ? ? 0 ? x 0 ? ? ? 0 ? ? ? ? 0 0 0 0 ? x ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 x x 0 x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1捘潴摣杷B 뻯.Xctocdwg RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯嬄窵.䖯샒documents RegNtPreCreateKey
Show More
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot ± RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\177\shell::sniffedfoldertype Documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1湌穴敭畯B 뻯.Lntzmeou RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯夸匹.퉀샒documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot … RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\133\shell::sniffedfoldertype Documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1癍獩湭汥B 뻯.Mvismnel RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯存暙.侘샒documents RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState

Trending

Most Viewed

Loading...