Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Installcore.E

PUP.Installcore.E

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Installcore.E
Signature status: No Signature

Known Samples

MD5: e56daf0b1bd5cf70888c71f194b34784
SHA1: 6c816f02576d14c8e8ea3aacafa49e94275adddb
File Size: 2.45 MB, 2445198 bytes
MD5: a19de1a813efbf19b3b023edb9d59a7e
SHA1: e7a6818bc387dfc87cea7a6928919e8eacaa3e29
SHA256: EA73D41D9D9ED3C83D96A23324C0C90FD4ADDBFAEF23E1AAA196631B4E514203
File Size: 2.45 MB, 2445184 bytes
MD5: 67af8b4312890ca7c381030c1b23faa2
SHA1: 7ba0fafaf644dc6b9dfd0e59fbfbd292b3fa600b
SHA256: A79932A4F7C689EBA76FB05ECC05501F3156A0EE9E8E8859386BE65BD4ED07F8
File Size: 2.71 MB, 2714883 bytes
MD5: 761044962bcb518b8b52a8a29e87c0b0
SHA1: c39e8f6aaece4dae83c11468675b7b22bf2382ea
SHA256: 7CECAAFDB90E3A9C04921A686879FDF49EB9E176DD3F7C1DF8E9C6D14B78AB5F
File Size: 3.33 MB, 3332151 bytes
MD5: 5db5983c74567c6bb8df35f6cafc5f54
SHA1: 91fe9ecfdd9691d4ba905d2f10b3715ec0d09bd2
SHA256: AE8FD8BDA5A0863724E1BB3F05788458DD85DC059CB00D1045DC8B767FF5C9B7
File Size: 2.45 MB, 2445184 bytes
Show More
MD5: dc352d42eb395753b980268cca88ec1c
SHA1: 3e1257be15a4f4060b33ba1b7998b05beb5fd8ef
SHA256: 4FFCEBC96EA4D9ED3592B81B88DDD9CE6F0FAB8EE9A97EE379F3AD03DAAE269F
File Size: 3.34 MB, 3341351 bytes
MD5: e482b569780b483d6f59755fc6e4ee2d
SHA1: 8f41b82420cdb1e7827d03ebc0091de0aac7ff1c
SHA256: BF19DEA27CED9E10CEDD6A2D4058EF109951CFF76726DC4B404168F471395258
File Size: 2.52 MB, 2519880 bytes
MD5: c5dbc79086d9e94f6984e0f7c7966907
SHA1: acaa00b3aaf145815a8df6c3067637139bc37583
SHA256: 0A08A1F6DC3FB1E300621A4C4E74E060BCED6D82DE13007CEFD35D1E281E3BA8
File Size: 2.45 MB, 2445184 bytes
MD5: f893c774bf1e7b61553719100843fcf5
SHA1: b4a06f75f0ded9455060dd590fce8c28315e3706
SHA256: 538891957092BADFC156E6E2155AE937AB590C16EB7C889B78ACE2A6041D229E
File Size: 2.45 MB, 2445132 bytes
MD5: 5f0416c16f73af13b88beaf25a51dc0a
SHA1: 8630ccf663faa126f3dae36feaa200343eb416c6
SHA256: 9294FE4A164BAAD9471416FB6765DC3F940B4680446732129A4CFBE015CDEE1C
File Size: 2.58 MB, 2576368 bytes
MD5: cac7d5e54b8b8f98a79b47e65f65f7db
SHA1: 123e238d6cd20986570bd58a8263ecbe574beb62
SHA256: 7612C6FFB652134894DC979AEBD11A19D140300B2300FC687AF0A35ABDFE0F41
File Size: 2.45 MB, 2445198 bytes
MD5: 589db2d4fc327a0af0f346d6ddd3595d
SHA1: 0d0d68d30d0149aed55e1a994ffb6fea4d80127c
SHA256: 87B49BD13C05A0660BE799107F07121C38EC91290714EF2E7DE020E1402B7974
File Size: 2.45 MB, 2445194 bytes
MD5: cf4e52e327eb06921b946e0d69b0c8b6
SHA1: afd2c5b6033fa8ba7c1405c441c458ba6505039b
SHA256: 861A8E5DCC6D86C99062F3209B074B4276F414D93FA42AFAC35909D2CB7D957D
File Size: 2.67 MB, 2668534 bytes
MD5: 8baff56088dfcf4d2da204e2d97d6280
SHA1: 7b68945902278f8ea659c3936bb6b0f64e5a033d
SHA256: 425471E523AD68F8D5E8FB05AE2569B7E64BC312989E338A5F794AA7420B3FA3
File Size: 2.28 MB, 2279894 bytes
MD5: dbd29f3c25afb8ede2b01933fdf50b60
SHA1: 4d79266ad89957fb0dfeb2288cf6099dee5cc13f
SHA256: E0A7B08E21AE5D51B53370EA9678FCD19200C4E027CA2129B3F4D0AB3CBC633F
File Size: 2.45 MB, 2445185 bytes
MD5: c0ea4883b608c7682bc8ef916d4d2f64
SHA1: 62a7168c6796d7757e9d31cc14d3af5df736eebe
SHA256: 77B2BF9BD18699FB70C5B79447F5A315CE168166A41AB05133F295E24B47AC25
File Size: 2.45 MB, 2445197 bytes
MD5: 7be9afc66778e7c98e86f6900a2f143b
SHA1: 17a3791eefb8888cf2865eaa5f9c41494009f335
SHA256: 85C37400106A1FA579DE70AB26135900212D976AF4C8DFB82B9DA0DB040BD630
File Size: 2.45 MB, 2445132 bytes
MD5: 63e36bee6ef67af76839ef177e482dfe
SHA1: 042b23d4da4573d1560b71c031b75256cc3aba2f
SHA256: 65A95857CE75736AC3D3D3FDED43717C1D23CD5139C5AD763B306D215164C835
File Size: 2.45 MB, 2445198 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
File Description
  • BitComet Installer
  • EngineGame Installer
  • House Of Life Installer
File Version
  • 7.4.0
  • 2.2.174.2916
  • 2.0.8.7
  • 1.85.0
  • 1.22.0
  • 1.1.1
  • 1.00
Internal Name TJprojMain
Legal Copyright © BitComet
Original Filename TJprojMain.exe
Product Name
  • BitComet
  • EngineGame
  • House Of Life
  • Project1
Product Version
  • 7.4.0
  • 2.2.174.2916
  • 2.0.8.7
  • 1.85.0
  • 1.22.0
  • 1.1.1
  • 1.00

Digital Signatures

Signer Root Status
Xing Wang Certum Code Signing CA SHA2 Self Signed
Xing Wang Certum Trusted Network CA 2 Root Not Trusted

File Traits

  • dll
  • imgui
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-2lccc.tmp\4d79266ad89957fb0dfeb2288cf6099dee5cc13f_0002445185.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4en46.tmp\123e238d6cd20986570bd58a8263ecbe574beb62_0002445198.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-55njr.tmp\acaa00b3aaf145815a8df6c3067637139bc37583_0002445184.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7fv4b.tmp\17a3791eefb8888cf2865eaa5f9c41494009f335_0002445132.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-boivj.tmp\8f41b82420cdb1e7827d03ebc0091de0aac7ff1c_0002519880.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-e7jth.tmp\0d0d68d30d0149aed55e1a994ffb6fea4d80127c_0002445194.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fdqs0.tmp\91fe9ecfdd9691d4ba905d2f10b3715ec0d09bd2_0002445184.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-hgo00.tmp\afd2c5b6033fa8ba7c1405c441c458ba6505039b_0002668534.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-i69cp.tmp\042b23d4da4573d1560b71c031b75256cc3aba2f_0002445198.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lq48g.tmp\8630ccf663faa126f3dae36feaa200343eb416c6_0002576368.tmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-nk427.tmp\b4a06f75f0ded9455060dd590fce8c28315e3706_0002445132.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-sv1b1.tmp\e7a6818bc387dfc87cea7a6928919e8eacaa3e29_0002445184.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ueu0h.tmp\62a7168c6796d7757e9d31cc14d3af5df736eebe_0002445197.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vg7so.tmp\6c816f02576d14c8e8ea3aacafa49e94275adddb_0002445198.tmp Generic Write,Read Attributes

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Hoxitacs\AppData\Local\Temp\is-VG7SO.tmp\6c816f02576d14c8e8ea3aacafa49e94275adddb_0002445198.tmp" /SL5="$9006C,1559708,780800,c:\users\user\downloads\6c816f02576d14c8e8ea3aacafa49e94275adddb_0002445198"
"C:\Users\Ztjjyxtw\AppData\Local\Temp\is-SV1B1.tmp\e7a6818bc387dfc87cea7a6928919e8eacaa3e29_0002445184.tmp" /SL5="$3014C,1559708,780800,c:\users\user\downloads\e7a6818bc387dfc87cea7a6928919e8eacaa3e29_0002445184"
"C:\Users\Hmimtohd\AppData\Local\Temp\is-FDQS0.tmp\91fe9ecfdd9691d4ba905d2f10b3715ec0d09bd2_0002445184.tmp" /SL5="$3006A,1559708,780800,c:\users\user\downloads\91fe9ecfdd9691d4ba905d2f10b3715ec0d09bd2_0002445184"
"C:\Users\Xtarzjgd\AppData\Local\Temp\is-BOIVJ.tmp\8f41b82420cdb1e7827d03ebc0091de0aac7ff1c_0002519880.tmp" /SL5="$402A6,1607771,804352,c:\users\user\downloads\8f41b82420cdb1e7827d03ebc0091de0aac7ff1c_0002519880"
"C:\Users\Vuhfonrg\AppData\Local\Temp\is-55NJR.tmp\acaa00b3aaf145815a8df6c3067637139bc37583_0002445184.tmp" /SL5="$A0226,1559708,780800,c:\users\user\downloads\acaa00b3aaf145815a8df6c3067637139bc37583_0002445184"
Show More
"C:\Users\Auldwaxe\AppData\Local\Temp\is-NK427.tmp\b4a06f75f0ded9455060dd590fce8c28315e3706_0002445132.tmp" /SL5="$5009A8,1559708,780800,c:\users\user\downloads\b4a06f75f0ded9455060dd590fce8c28315e3706_0002445132"
"C:\Users\Rygezpuk\AppData\Local\Temp\is-LQ48G.tmp\8630ccf663faa126f3dae36feaa200343eb416c6_0002576368.tmp" /SL5="$60050,1635601,878080,c:\users\user\downloads\8630ccf663faa126f3dae36feaa200343eb416c6_0002576368"
"C:\Users\Qkpvkcrq\AppData\Local\Temp\is-4EN46.tmp\123e238d6cd20986570bd58a8263ecbe574beb62_0002445198.tmp" /SL5="$602A4,1559708,780800,c:\users\user\downloads\123e238d6cd20986570bd58a8263ecbe574beb62_0002445198"
"C:\Users\Yssttwhr\AppData\Local\Temp\is-E7JTH.tmp\0d0d68d30d0149aed55e1a994ffb6fea4d80127c_0002445194.tmp" /SL5="$9026E,1559708,780800,c:\users\user\downloads\0d0d68d30d0149aed55e1a994ffb6fea4d80127c_0002445194"
"C:\Users\Syyknpvx\AppData\Local\Temp\is-HGO00.tmp\afd2c5b6033fa8ba7c1405c441c458ba6505039b_0002668534.tmp" /SL5="$6004C,1749784,882688,c:\users\user\downloads\afd2c5b6033fa8ba7c1405c441c458ba6505039b_0002668534"
"C:\Users\Zqsgzcoo\AppData\Local\Temp\is-2LCCC.tmp\4d79266ad89957fb0dfeb2288cf6099dee5cc13f_0002445185.tmp" /SL5="$502E8,1559708,780800,c:\users\user\downloads\4d79266ad89957fb0dfeb2288cf6099dee5cc13f_0002445185"
"C:\Users\Xaqkvasg\AppData\Local\Temp\is-UEU0H.tmp\62a7168c6796d7757e9d31cc14d3af5df736eebe_0002445197.tmp" /SL5="$30324,1559708,780800,c:\users\user\downloads\62a7168c6796d7757e9d31cc14d3af5df736eebe_0002445197"
"C:\Users\Uawqnquf\AppData\Local\Temp\is-7FV4B.tmp\17a3791eefb8888cf2865eaa5f9c41494009f335_0002445132.tmp" /SL5="$80112,1559708,780800,c:\users\user\downloads\17a3791eefb8888cf2865eaa5f9c41494009f335_0002445132"
"C:\Users\Zmvdjyej\AppData\Local\Temp\is-I69CP.tmp\042b23d4da4573d1560b71c031b75256cc3aba2f_0002445198.tmp" /SL5="$1E0028,1559708,780800,c:\users\user\downloads\042b23d4da4573d1560b71c031b75256cc3aba2f_0002445198"

Trending

Most Viewed

Loading...