Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.WinTweak

PUP.WinTweak

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.WinTweak
Signature status: No Signature

Known Samples

MD5: 8a508b7d83dd832d517d5a1b7380bc04
SHA1: b8262287be1c5d1a2e84216941f7078558f6da71
SHA256: E4A3FE530F1F1E1B5B33E652F0AC8461E7CD27DBC8BE1E72C630448914627EA0
File Size: 1.87 MB, 1865728 bytes
MD5: 431e2c04d72c4875ea262000604cf9c1
SHA1: 9646569b176ddc1ee34321c01126833c9cc33f03
SHA256: 1A1BE3936A4AA9C1F7D6F72A8F86281DDD5F2365474D3832B5E76877040C7999
File Size: 1.85 MB, 1851392 bytes
MD5: 39933d0971ce36c5e6cc5a53f4bd12ff
SHA1: 39b3cdf01d3e025f96d4c93e4ba3ba0fc3455070
SHA256: AC933A2A22B2F508A47E282E164DD34155814A7FCB70123022CA60A5B6A4A5A4
File Size: 555.31 KB, 555308 bytes
MD5: 111e0185ac9a8dca1d6a917d2e3cf596
SHA1: a3e68ebb8127fc5a3197841e8fffaa27c92ba50c
SHA256: 02167772B58E9EF15CDE7BFEE0595F054ACDED37318CAD79BAD0952302FA717C
File Size: 82.51 KB, 82506 bytes
MD5: cabae35fe4c7cdc79f779076d960cf9c
SHA1: c0dc3650d91d9a7da5560b3d6406e46a42ce08f9
SHA256: EBC9A10E8F121999B395C9495112C50528736B24897569DECE337C88F37354FF
File Size: 1.41 MB, 1411143 bytes
Show More
MD5: 0baf1ee5ef6b430ffd8fdadcbd6ddd6c
SHA1: 1e5b577a1d62f5a0ed1a29732a1e10041cb6cb91
SHA256: B732E09BD5F1BADD0F23E69F860DEAF3D65F7C43E3D9449C707CFD82C897493F
File Size: 3.17 MB, 3166592 bytes
MD5: 8160adba015afa1eef0082049442c162
SHA1: db1f8c10f748625f90eb8b037dcab3d0792eb0a4
SHA256: ABA31DC7547E505703A4046EFB3C38B783681BD37FBEA3888C7DA04A5CD2EC8B
File Size: 1.31 MB, 1312768 bytes
MD5: 8ce63ffe901236d744768a4aeb528a0e
SHA1: 1197099dd7b1a0c9ba1b6bbdec8a316b4c648fa7
SHA256: 578552D45F2A1442F0F4707B89082F656B5D222DF99D4616C27DDD1DEA77454B
File Size: 1.85 MB, 1851392 bytes
MD5: 86ba171fb0cada8f04b211c303c556ea
SHA1: 75308e14e2ca2389f3b3cb4d5de4979e68f00dd3
SHA256: 4FDAAB5B50009289EAB455F24EC1195B685EA06ED5EB3AF4820FC6ACD0614679
File Size: 3.17 MB, 3166592 bytes
MD5: 7a1f1a3cd4479a15a4f5e042965cfe15
SHA1: 76b14cea09bee9d7008d716b820e754a9eed3073
SHA256: 91FCD04E2F17FACFBF5E5EF930CFB6F7DD0421D464B856A8D51551715E3EDC91
File Size: 1.27 MB, 1272320 bytes
MD5: 79c64599b7a67cbae56754bf06924fa6
SHA1: 561996069813eae5cef726bb78b2f3978e3502f8
SHA256: 9304E624B7E2303F10F05DE1BE047B79FE02B0DC03D748EFEB6984262F7FD2C2
File Size: 854.93 KB, 854935 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Acronis True Image
  • AdobeGenP
Company Name
  • Acronis
  • AdobeGenP
  • rsload.net
File Description
  • Acronis True Image
  • AdobeGenP
  • Win 10 Tweaker
  • Записать ISO на флешку
File Version
  • 19.4
  • 9,7,0,8398
  • 3.3.16.1
  • 1.00
  • 1.0.2.3
Internal Name
  • ISORUN
  • TJprojMain
  • TrueImage
Legal Copyright
  • @Eagle123, 2024
  • AdobeGenP
  • Copyright (C) Acronis, 2000-2009.
  • © 2024 Игорь
Legal Trade Marks AdobeGenP
Legal Trademarks Acronis
Original Filename
  • ISORUN
  • TJprojMain.exe
  • TrueImage.exe
Product Name
  • Acronis True Image
  • AdobeGenP
  • Project1
  • Win 10 Tweaker
  • Записать ISO на флешку
Product Version
  • 9,7,0,8398
  • 3.3.16.1
  • 1.00
  • 1.0.0.0
Program I D com.embarcadero.ISORUN

Digital Signatures

Signer Root Status
Eagle123 Soft Eagle123 Soft Hash Mismatch

File Traits

  • Installer Manifest
  • nosig nsis
  • Nullsoft Installer
  • x86

Block Information

Similar Families

  • Agent.LA
  • Agent.LKC
  • Chapak.HBX
  • CobaltStrike.GI
  • CobaltStrike.GIA
Show More
  • Injector.AK
  • Kryptik.DEK
  • Lokorrito.C
  • MSILZilla.TC
  • Rozena.XC
  • Sheloader.A
  • Sheloader.C

Files Modified

File Attributes
c:\users\user\appdata\local\temp\2k10\adrivers Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e64 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e64\snapman.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e64\snapman.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e64\zdrvinst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e64\zdrvinst.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e86 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e86\snapman.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\e86\snapman.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\fltsrv.sys Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\2k10\adrivers\fltsrv.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\snapman.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\snapman.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\snapman.wcs Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\snapman.wcs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\volume_tracker.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\volume_tracker.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\fltsrv.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\fltsrv.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\snapman.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\snapman.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\volume_tracker.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\volume_tracker.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\zdrvinst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\x64\zdrvinst.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\zdrvinst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\adrivers\zdrvinst.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\aut43a6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autb74f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6e5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_4472937 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\adobegenp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\adobegenp.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\config.ini Generic Write,Read Attributes
c:\users\user\downloads\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\config.ini Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtLockFile
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
Show More
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnlockFile
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserName
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Jejvyfar\AppData\Local\Temp\RarSFX0\AdobeGenP.exe

Trending

Most Viewed

Loading...