Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Widdit

PUP.Widdit

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Widdit
Signature status: Modified signature

Known Samples

MD5: 30a56e3f0085d1d092e1fd7030fc16cb
SHA1: 1319265614c8291a78a998c5a8c717ed65715634
File Size: 921.90 KB, 921904 bytes
MD5: dd5eed9659f215120e5da8b73a181aad
SHA1: 682d4e242152fbe0cc227b1af6fad5548e34ec80
File Size: 921.55 KB, 921552 bytes
MD5: 213d24f4cc1ae1590c43e2d00b02e770
SHA1: f9a10403ac4c728eff0cf597f3e6d215e999a5b0
SHA256: A1F0AA9B39B3393A1E38B4CD627D9D0150B5CC29BD88A8C9AEA308D08A185A71
File Size: 920.07 KB, 920072 bytes
MD5: 9073d11edad326d024f684e3784117c0
SHA1: 6d3d9988d4a01a334f1934d3ce272508ba8f9f0f
SHA256: 6FBE12F243F0FDE667F8800DB245185C370ECCC95949A87ED75F3CDBBE8980EB
File Size: 116.74 KB, 116736 bytes
MD5: a3a9787bff029f77f6e335d8abb71a58
SHA1: 97525f8f85dee3b75159cd3230e96be612936815
SHA256: 065B6A3D82FA1B6113C870E957E22258445F8428D89B27118005FFC65CD478CA
File Size: 921.90 KB, 921904 bytes
Show More
MD5: bc63ce34c6138a77f2242baf09f218e5
SHA1: 18264cc7c7326367675011fd773c2c3bd2477ac6
SHA256: 2A952FF5F264B0A411C9532090EA98B12027B7030928B9D651FF491B98219361
File Size: 922.06 KB, 922064 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name OneFloorApp Ltd.
File Description
  • 1 Media Player 2.2.0-git
  • Installer Setup
File Version
  • 13.1
  • 12.5
  • 12.0
  • 2.2.0-git
Legal Copyright
  • Copyright (c) 2012, www.simplytech.com
  • Copyright © OneFloorApp Ltd.
Legal Trademarks OneFloorApp, OFA, 1FA
Product Name
  • 1 Media Player
  • Installer
Product Version
  • 13.1
  • 12.5
  • 12.0
  • 2,2,0,0

File Traits

  • dll
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1c0f6.tmp\1319265614c8291a78a998c5a8c717ed65715634_0000921904.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-3fjg1.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3fjg1.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3fjg1.tmp\appimageorign.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-3fjg1.tmp\cinshlpr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-3fjg1.tmp\innocallback.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-3fjg1.tmp\innosetuphelper.dll Synchronize,Write Data
c:\users\user\appdata\local\temp\is-3fjg1.tmp\innosetuphelpernet4.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-3fjg1.tmp\isxdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-3fjg1.tmp\webbrowser.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-40ss7.tmp\18264cc7c7326367675011fd773c2c3bd2477ac6_0000922064.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6nakf.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6nakf.tmp\appimageorign.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\appimageorign.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\appimageorign2.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\appimageorign2.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\cinshlpr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\innocallback.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\innosetuphelper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\isxdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-6nakf.tmp\webbrowser.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-aikvj.tmp\f9a10403ac4c728eff0cf597f3e6d215e999a5b0_0000920072.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-c1c6k.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-c1c6k.tmp\appimageorign.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\appimageorign.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\appimageorign2.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\appimageorign2.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\cinshlpr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\innocallback.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\innosetuphelper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\isxdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c1c6k.tmp\webbrowser.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qmmkl.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-qmmkl.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-qmmkl.tmp\appimageorign.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qmmkl.tmp\cinshlpr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qmmkl.tmp\innocallback.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qmmkl.tmp\innosetuphelper.dll Synchronize,Write Data
c:\users\user\appdata\local\temp\is-qmmkl.tmp\innosetuphelpernet4.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qmmkl.tmp\isxdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qmmkl.tmp\webbrowser.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-saipl.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-saipl.tmp\appimageorign.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\appimageorign.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\appimageorign2.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\appimageorign2.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\cinshlpr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\innocallback.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\innosetuphelper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\isxdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-saipl.tmp\webbrowser.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ubt2b.tmp\97525f8f85dee3b75159cd3230e96be612936815_0000921904.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vk0j0.tmp\682d4e242152fbe0cc227b1af6fad5548e34ec80_0000921552.tmp Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\1f356f4d07fe8c483e769e4586569404 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\3b6e683a7a45cc59bf035c9ba8c7ab9d Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\5457a8ce4b2a7499f8299a013b6e1c7c_d734ec3dd00546f46d368325396086b0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b90b117906b8a74c79d1bc450c2b94b1_a54f26a8a41de52c237d54d67f12793f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\f4d9c889b7aebcf4e1a2daabc5c3628a_68d0f016ba3f0b9282b68842de23427f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\1f356f4d07fe8c483e769e4586569404 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\3b6e683a7a45cc59bf035c9ba8c7ab9d Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\5457a8ce4b2a7499f8299a013b6e1c7c_d734ec3dd00546f46d368325396086b0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b90b117906b8a74c79d1bc450c2b94b1_a54f26a8a41de52c237d54d67f12793f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\f4d9c889b7aebcf4e1a2daabc5c3628a_68d0f016ba3f0b9282b68842de23427f Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKCU\software\microsoft\ctf\msutb::left RegNtPreCreateKey
HKCU\software\microsoft\ctf\msutb::top RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider
User Data Access
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWriteFile
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

"C:\Users\Deqwfxap\AppData\Local\Temp\is-1C0F6.tmp\1319265614c8291a78a998c5a8c717ed65715634_0000921904.tmp" /SL5="$10242,500774,146432,c:\users\user\downloads\1319265614c8291a78a998c5a8c717ed65715634_0000921904.exe"
"C:\Users\Ekbyofye\AppData\Local\Temp\is-VK0J0.tmp\682d4e242152fbe0cc227b1af6fad5548e34ec80_0000921552.tmp" /SL5="$1025E,500148,146432,c:\users\user\downloads\682d4e242152fbe0cc227b1af6fad5548e34ec80_0000921552.exe"
"C:\Users\Gfmidnjx\AppData\Local\Temp\is-AIKVJ.tmp\f9a10403ac4c728eff0cf597f3e6d215e999a5b0_0000920072.tmp" /SL5="$2013E,498315,146432,c:\users\user\downloads\f9a10403ac4c728eff0cf597f3e6d215e999a5b0_0000920072"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6d3d9988d4a01a334f1934d3ce272508ba8f9f0f_0000116736.,LiQMAxHB
"C:\Users\Qzfhjbkm\AppData\Local\Temp\is-UBT2B.tmp\97525f8f85dee3b75159cd3230e96be612936815_0000921904.tmp" /SL5="$16029C,500774,146432,c:\users\user\downloads\97525f8f85dee3b75159cd3230e96be612936815_0000921904"
Show More
"C:\Users\Fvtmiple\AppData\Local\Temp\is-40SS7.tmp\18264cc7c7326367675011fd773c2c3bd2477ac6_0000922064.tmp" /SL5="$190220,500148,146432,c:\users\user\downloads\18264cc7c7326367675011fd773c2c3bd2477ac6_0000922064"

Trending

Most Viewed

Loading...