Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.YouTube Downloader

PUP.YouTube Downloader

By CagedTech in Potentially Unwanted Programs

SpyHunter Detects & Remove PUP.YouTube Downloader

Analysis Report

General information

Family Name: PUP.YouTube Downloader
Signature status: Self Signed

Known Samples

MD5: b6ff7772b9d662e05604917317908ab3
SHA1: 7dc321c2ffca62ed8e14f23e43e0e1dca220ad15
SHA256: 3C5440230B7579BCB28AB8AD634335479C061AE596F66C98F9940A9465B685E3
File Size: 900.59 KB, 900592 bytes
MD5: a5df895abb54fc660992e492f2ee6a2c
SHA1: aae38fc466a7b7d3cbbdcdd09c802bb30997cc3f
SHA256: 5F979C32EBB798C140261F581BBD02EDE1EB284726D130297B00A584585A69D7
File Size: 900.62 KB, 900624 bytes
MD5: 4512f082cb40c34067428f377189d654
SHA1: fc240082270e8a46f639d51c0a4e6ed27b39f29c
SHA256: 241B05B21F6809A32B5F7FC6E2F608BE323B54DF10E13B033870A7303E9B2D2C
File Size: 273.90 KB, 273904 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name LTQ DIGITAL LIMITED COMPANY
File Description Televzr Desktop
File Version
  • 1.19.1
  • 1.17.13
Legal Copyright Copyright © 2025 LTQ DIGITAL LIMITED COMPANY
Product Name Televzr
Product Version
  • 1.19.1
  • 1.17.13

Digital Signatures

Signer Root Status
LTQ DIGITAL LIMITED COMPANY GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed
LTQ DIGITAL LIMITED COMPANY GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed

File Traits

  • CryptUnprotectData
  • dll
  • HighEntropy
  • Installer Manifest
  • Nullsoft Installer
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse17b4.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse17b4.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse17b4.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse17b4.tmp\winshell.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsle21b.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsle21b.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsle21b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3333.tmp\nsexec.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsr3333.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3333.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\software\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Lnuhxrva\AppData\Local\televzr RegNtPreCreateKey
HKCU\software\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Lnuhxrva\AppData\Local\televzr RegNtPreCreateKey
HKLM\software\wow6432node\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Lnuhxrva\AppData\Local\televzr RegNtPreCreateKey
HKCU\software\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Lnuhxrva\AppData\Local\televzr RegNtPreCreateKey
HKLM\software\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Rxtkfdug\AppData\Local\televzr RegNtPreCreateKey
HKCU\software\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Rxtkfdug\AppData\Local\televzr RegNtPreCreateKey
HKLM\software\wow6432node\c6ba130a-455e-5073-9dbd-f9d1f65c1562::installlocation C:\Users\Rxtkfdug\AppData\Local\televzr RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 険賝ᖘǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Uoxxsrrj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Uoxxsrrj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Uoxxsrrj\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
Show More
HKCU\.televzr:: RegNtPreCreateKey
HKCU\.mkv:: RegNtPreCreateKey
HKCU\.mp4:: RegNtPreCreateKey
HKCU\.avi:: RegNtPreCreateKey
HKCU\.m4v:: RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal

61 additional items are not displayed above.

Process Terminate
  • TerminateProcess
Keyboard Access
  • GetKeyState

Shell Command Execution

"C:\WINDOWS\system32\cmd.exe" /C more < "c:\Users\user\downloads\7dc321c2ffca62ed8e14f23e43e0e1dca220ad15_0000900592:Zone.Identifier"
"C:\WINDOWS\system32\cmd.exe" /C more < "c:\Users\user\downloads\aae38fc466a7b7d3cbbdcdd09c802bb30997cc3f_0000900624:Zone.Identifier"
"C:\Users\Uoxxsrrj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
"C:\WINDOWS\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Televzr.exe" /FO csv | "C:\WINDOWS\system32\find.exe" "Televzr.exe"
C:\WINDOWS\system32\tasklist.exe tasklist /FI "USERNAME eq Uoxxsrrj" /FI "IMAGENAME eq Televzr.exe" /FO csv
Show More
C:\WINDOWS\system32\find.exe "C:\WINDOWS\system32\find.exe" "Televzr.exe"

Related Posts

Trending

Most Viewed

Loading...