Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Installcore.BB

PUP.Installcore.BB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Installcore.BB
Signature status: No Signature

Known Samples

MD5: 941255b5bc460f682ccff70da0ab1c4b
SHA1: ddef4998992228be821104b0829646a86ce71723
File Size: 98.04 KB, 98036 bytes
MD5: 43b1a294e5e8e98db8481eeb4023b597
SHA1: 71ccfe8d845b96543cd4278fb91f08d9079a467c
File Size: 56.83 KB, 56832 bytes
MD5: 3b44186c9c2b275975d0d6243f575317
SHA1: 08020dc334adf80e48025e9d1c635e5e38da6290
SHA256: 6206EE762566EEAA3A8A0D5360E8AF799D4E1746C9E7E95912501559C40BB5E3
File Size: 92.67 KB, 92672 bytes
MD5: a817173042f571aa88722ab8393616d8
SHA1: 0b3d282406378156f798a3f05bf34cbeda0fdebf
SHA256: 92244EE40D1D79E33948FD3CF39E3EAD095BFD79D44BCA82BEF49318ACECE091
File Size: 78.34 KB, 78336 bytes
MD5: 886c81fbea9581f9d8fb80729b3ab9bc
SHA1: 9baae74dc73a0dff0e58ad00e0467e18fe0351bc
SHA256: E1C19BEAB63D8B6C329A0910FD605B0731FA639B6BC037CC2AFD0F0F9E746A57
File Size: 62.98 KB, 62976 bytes
Show More
MD5: 495712ffa65a67ab983f1100f12f8589
SHA1: b86eaf5020c0ac5337464c5020b2fb78599f2a61
SHA256: 517F985B1E6330C45425ACEB2007DABF7DFDA69F69E3EBA83F6671D5411FA0D0
File Size: 1.43 MB, 1434293 bytes
MD5: d6f76f69ed1b281085d61a4ffabe20b5
SHA1: ec5a4f589fd7ab3b193fe429b151ee79b47d9b27
SHA256: D498E6C916AAF1985999FF5E74432A3A5D650C8AC7D168D009AC4CDA519E1329
File Size: 63.49 KB, 63488 bytes
MD5: 098276f73f186633e5e2d462f7928dc3
SHA1: 68886406547a440d929b041efa37146a62887f51
SHA256: 2F6D5714DB3BAF91CACAD85EFBEAF3C4DCE5803087DD847FC940A585CA058410
File Size: 56.83 KB, 56832 bytes
MD5: 25a102062808b5aa0a519e1abdb7b522
SHA1: 9ac222a73f393e1e6f369229d951b0e2838bb41f
SHA256: FD1C7150E6739A524C72A15EC6F45A47E6D831EDC9DCC66D8099DD35594DFE3D
File Size: 56.83 KB, 56832 bytes
MD5: e994a093323b74a5d227dea73a031e9e
SHA1: 0d647a585328f78e7a80fdd5ea8e6532b577a310
SHA256: 842A46245238A6E67C4407D29565C74BAFA173E34B32ECE1D33D358569666D0B
File Size: 56.83 KB, 56832 bytes
MD5: 68cd971feeff62ba8b2b3d28a50d53e1
SHA1: 545c31c0854ebc5d5f37d410f5ecb0a804a5f5f8
SHA256: 46B2F194815F45BD53EFFD3E564E6303671DCA0B54DA7793FD6E50BB49B75D59
File Size: 56.83 KB, 56832 bytes
MD5: f068d6acc0e03c0452759ee180657586
SHA1: f7ef2fec30427ad8ded4c06d29e071b9ce920134
SHA256: CF8D2734FBDA792B3DFB7A17902CC01433DDCE1C22306DA46B0BC932ECEB0FFD
File Size: 52.74 KB, 52736 bytes
MD5: 4154e7100e20f0644a990a2a350f2d9d
SHA1: 061db131ca646fe89c0dee0d72506dbf0d7abe6f
SHA256: 26F345A80A90223C7DE8E5D78C2740A2163F99F4FFFE2F789D77B026AA63526A
File Size: 56.83 KB, 56832 bytes
MD5: f9298956d079848be2f1c1b449477ca7
SHA1: cb8c6e490f442f4b939296102e4f9f31d06197db
SHA256: 65F6BF099324417C9AB9F75222601B7018E80BED735C1F30A4B6017A0A0ED3DD
File Size: 76.16 KB, 76160 bytes
MD5: 8dc380c6f1739577715d921f31216ccb
SHA1: bc3e7ddfd745619b5c38b9ad45441b0b8236e703
SHA256: 569D872C7A336F322AC93B1171D2439A836A2C54F2CC9BF7629FB4944BC3B15B
File Size: 56.83 KB, 56832 bytes
MD5: 28bdb053d9fe7fbc0e942a87e23b4af8
SHA1: a412beb2aa9e965f3484ad11f56f5195fb538004
SHA256: F8CE143499B0C1A0F8492D0C6D779CAA1DDEF8413E02B6FBF58E1709ADF452A4
File Size: 56.83 KB, 56832 bytes
MD5: c2609c9996754e5761bbf47c93eb556d
SHA1: c59e6fd8295957f4a66d679471753a7e630a4532
SHA256: 6FD96F1B5CF845E5FA8DC7754B2DD8B5CBEF485F7BF980424D3E85AA05331283
File Size: 56.83 KB, 56832 bytes
MD5: bf216aaf0ab74bbbceb544afcc2eb38d
SHA1: 986073b4ab802162576c10f4a553487525be069f
SHA256: CBA5D9413DA4960863DBC0285A1BB0A49173BAA38A8EA0AF1A3E46F5E6BC4577
File Size: 56.83 KB, 56832 bytes
MD5: 10542868da2d4a26a7a6c8e3ea36aa16
SHA1: ab0839cf33ee8e4dd5e6d51d8594eae5225398a9
SHA256: ACB0FA8030E4789975B9211446B4572A14808E7A37892D07FD6DFE90B2A005E1
File Size: 89.44 KB, 89440 bytes
MD5: 0f5eede4f39fba2d30cd68399ed8758b
SHA1: f9e2be6cee27a2d5e052ab2175177c2db067ef57
SHA256: 3936D90AB8FB01FDEF951872C769773BF9F75457A7BD0141142D709EDE23D230
File Size: 56.83 KB, 56832 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Abelssoft
  • Act-3D B.V.
  • Collectorz.com
  • Colusitida
  • eSupport.com, Inc
  • FinalWire Ltd.
  • GAINSCHA
  • GAS Tecnologia
  • MSI Co., LTD
  • pdfforge
Show More
  • Secullum Softwares
  • SENAI-RS / GDE / Núcleo de Educação a Distância
  • Smok
File Description
  • AIDA64 Extreme
  • Cl@veDefensa del Banco de Venezuela
  • FolderVisualizer 7.2
  • GAINSCHA 80mm Series Printer Driver V14 Setup
  • Hedi Setup
  • Hen Setup
  • hMailServer Setup
  • Lumion
  • Magic Dash CAN -XCAN Setup
  • MSI Kombustor Setup
Show More
  • Music Collector Setup
  • PDFCreator is the easy way of creating PDFs.
  • RegistryWizard Setup
  • Warsaw Online Installer
File Version
  • 5.75.3900.0
  • 5.4.1.2
  • 3.2.14.523
  • 3.2.0.2
  • 2.5.9.0
  • 2.3
  • 2.0.2.751
  • 1.1.2
  • 1.0.0.0
Legal Copyright
  • (c) 2010-2015
  • Copyright (c) 1995-2016 FinalWire Ltd.
  • Copyright by Abelssoft
  • Copyright © 2008
  • Copyright ©2010-2014 MSI Co., LTD
  • Copyright © 2011 eSupport.com, Inc · All Rights Reserved
  • � pdfforge
Product Name
  • AIDA64 Extreme
  • Cl@veDefensa del Banco de Venezuela
  • FolderVisualizer
  • GAINSCHA 80mm Series Printer Driver V14
  • Hedi
  • Hen
  • hMailServer
  • Lumion 6.0
  • Magic Dash CAN -XCAN
  • MSI Kombustor
Show More
  • Music Collector
  • PDFCreator
  • RegistryWizard
  • SiudiDriverOffice
  • Warsaw Online Installer
Product Version
  • v3.99
  • 6.0
  • 5.75
  • 3.7
  • 3.3
  • 3.2.14.523
  • 3.2.0.2
  • 2.5.9.0
  • 2.3
  • 2.0.2.751
Show More
  • 1.33.2
  • 1.1.2
  • 1.0.0.0

File Traits

  • 2+ executable sections
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • No Version Info
  • x86

Block Information

Total Blocks: 246
Potentially Malicious Blocks: 0
Whitelisted Blocks: 246
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autorun.X
  • Delf.E
  • Delf.EA
  • Parite.F
  • Parite.P

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nsn440b.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn440b.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsn440b.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn440b.tmp\modern-wizard.bmp Generic Write,Read Attributes

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...