Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Keygen.FFB

PUP.Keygen.FFB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Keygen.FFB
Signature status: No Signature

Known Samples

MD5: baedba0d53a8353ce582b90f01beb6e0
SHA1: 2204c1129578b9ffa39bedac12432170fbbf22e8
SHA256: 54D4B53128545135795C6BDB5E546B0E3D17EA0D79A1E9F65E98135A880D5068
File Size: 1.31 MB, 1309696 bytes
MD5: a14257f2958a25460765c130f237474b
SHA1: 52cb919d12aa08a7d0441a549f6e5c005d4dbd08
SHA256: CF4BE4B4AC21B1E5A66B22F01699FC280E9EF2A7C3BA3AB3456C9D2B10630E58
File Size: 608.65 KB, 608646 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Microsoft
  • Synaptics
File Description Synaptics Pointing Device Driver
File Version
  • 1.00
  • 1.0.0.4
Internal Name Win
Original Filename Win.exe
Product Name
  • Synaptics Pointing Device Driver
  • Win
Product Version
  • 1.00
  • 1.0.0.0

File Traits

  • dll
  • x86

Block Information

Similar Families

  • Kraddare.OC
  • Kryptik.LFT
  • RemoteAdmin.M
  • Trojan.Downloader.Gen.JA
  • Wabot.D
Show More
  • Webalta.A

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxc113.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\j7znqte.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l4\7\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_2204c1129578b9ffa39bedac12432170fbbf22e8_0001309696 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\._cache_2204c1129578b9ffa39bedac12432170fbbf22e8_0001309696 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
User Data Access
  • GetUserObjectInformation
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

runas c:\users\user\downloads\._cache_2204c1129578b9ffa39bedac12432170fbbf22e8_0001309696
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...