File name:	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe
Full analysis:	https://app.any.run/tasks/6f9fc841-f866-49df-9340-12f146cab987
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	May 18, 2025, 11:12:34
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	loader arch-exec auto-reg
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:	C1FE2147288DF9F805ADD851B0A250FB
SHA1:	BBD4CF561810B2A5F6B57FBC4878CA27B11620B6
SHA256:	02E032F5112CC1AAAB727F99B059736F0B4C30B4895C66D93CA29B2ACBDAADAF
SSDEEP:	98304:wyRr3UJ1IqsdPDMJoPvpyUwyFgS8S7ce/Unba+O+CB3jD9hl:y

.exe	\|	Win64 Executable (generic) (18)
.exe	\|	Win32 Executable (generic) (2.9)
.exe	\|	Generic Win/DOS Executable (1.3)
.exe	\|	DOS Executable Generic (1.3)

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:10:14 12:00:04+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.39
CodeSize:	2145792
InitializedDataSize:	2305536
UninitializedDataSize:	-
EntryPoint:	0x1c2253
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	3.0.9.1
ProductVersionNumber:	3.0.9.1
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Softonic
FileDescription:	Softonic
FileVersion:	3.0.9.1
LegalCopyright:	(c) Softonic. All rights reserved.
ProductName:	Softonic
ProductVersion:	3.0.9.1


(PID) Process:	(7788) bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:	write	Name:	{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value: 01000000000000001166ABD0E5C7DB01
(PID) Process:	(8064) saBSI.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:	write	Name:	UUID
Value: {BB2D6590-FA36-4AA0-81BB-6D739D4B0739}
(PID) Process:	(8064) saBSI.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:	write	Name:	InstallerFlags
Value: 1
(PID) Process:	(7788) bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:	write	Name:	Implementing
Value: 1C00000001000000E9070500000012000B000C003B00CD03010000001E768127E028094199FEB9D127C57AFE
(PID) Process:	(8180) bat-to-exe-converter-x64-3.2-installer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:	write	Name:	GlobalAssocChangedCounter
Value: 114
(PID) Process:	(8064) saBSI.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:	delete value	Name:	4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:	(8064) saBSI.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:	write	Name:	Blob
Value: 040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:	(8064) saBSI.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:	write	Name:	Blob
Value: 5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:	(2320) avast_free_antivirus_setup_online_x64.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:	write	Name:	SfxInstProgress
Value: 42
(PID) Process:	(2320) avast_free_antivirus_setup_online_x64.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:	write	Name:	SfxInstProgress
Value: 50

PID	Process	Filename		Type
8064	saBSI.exe	C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00000057003F001D0006.txt		text
		MD5:17DFF64D4589B513F45EC5FC86936399	SHA256:3A94A2E7B11BAE7C475923617D6954978F24DABD6397B59A9BF94859C8019F3F
8180	bat-to-exe-converter-x64-3.2-installer.exe	C:\Users\admin\AppData\Local\Temp\11C0.tmp\829494743.cmd		binary
		MD5:93B885ADFE0DA089CDF634904FD59F71	SHA256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
8180	bat-to-exe-converter-x64-3.2-installer.exe	C:\Users\admin\AppData\Local\Temp\11C0.tmp\810042485.bat		binary
		MD5:93B885ADFE0DA089CDF634904FD59F71	SHA256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
8180	bat-to-exe-converter-x64-3.2-installer.exe	C:\Users\admin\AppData\Local\Temp\11C0.tmp\GoRC.exe		executable
		MD5:F69B0E5F35B5DAE1B11B950CFF157FB3	SHA256:ED010C50A7CEB43B9666E7FBCA13D8377D30B79203207BAD77004A890ADEEA17
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	C:\Users\admin\AppData\Local\Temp\ISVC277.tmp\cookie_mmm_irs_ppi_005_888_a.zip		compressed
		MD5:C0526C31262A1C5BCC1F0DE4838A65E8	SHA256:4248B397B4ADEE48F749F004B8233FD41ECCEF3A0417CB7655070A875EA0CF74
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	C:\Users\admin\AppData\Local\Temp\ISVC277.tmp\cookie_mmm_irs_ppi_005_888_a.exe		executable
		MD5:31208B48ACFE1C6E1D5CD1BCB63CCB4D	SHA256:2F4085CDABD5066BEA81DC18AC026F71D3BF61765D174229DFF39203516E2BF3
8180	bat-to-exe-converter-x64-3.2-installer.exe	C:\Users\admin\AppData\Local\Temp\11C0.tmp\lng\Русский (Russian).lng		text
		MD5:E85F3E236272739458070F2AD0FD8AEA	SHA256:EFA8B1029530AA46FF21F704F6EFE59A69FE59D6B96E2370EDC32FAB62A2FD29
8076	cookie_mmm_irs_ppi_005_888_a.exe	C:\Windows\Temp\asw.a8565e2d132e865c\ecoo.edat		text
		MD5:C1C3F32398130DFB38F9847F02F6786E	SHA256:25EC04BCE97A15D7ABF948FEFAEEAD48E95ABC5F945361759D8BCC05BB20638F
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	C:\Users\admin\AppData\Local\Temp\ISVC277.tmp\saBSI.zip		compressed
		MD5:F68008B70822BD28C82D13A289DEB418	SHA256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	C:\Users\admin\Downloads\bat-to-exe-converter-x64-3.2-installer.exe		executable
		MD5:5C7FBA823E609D82B5EE1A484DA1F239	SHA256:1399EDE8F024E70025E55321D25BEAB7104A32E79512B11B4FFC779C82542CC6

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	23.216.77.39:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
8076	cookie_mmm_irs_ppi_005_888_a.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	whitelisted
8076	cookie_mmm_irs_ppi_005_888_a.exe	POST	200	142.250.186.174:80	http://www.google-analytics.com/collect	unknown	—	—	whitelisted
8076	cookie_mmm_irs_ppi_005_888_a.exe	POST	200	142.250.186.174:80	http://www.google-analytics.com/collect	unknown	—	—	whitelisted
8076	cookie_mmm_irs_ppi_005_888_a.exe	GET	200	23.50.131.91:80	http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online_x64.exe	unknown	—	—	whitelisted
8076	cookie_mmm_irs_ppi_005_888_a.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	whitelisted
6656	cookie_mmm_irs_ppi_005_888_a.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	whitelisted
1452	Instup.exe	GET	200	23.50.131.91:80	http://r4427608.iavs9x.u.avast.com/iavs9x/servers.def.vpx	unknown	—	—	whitelisted
6656	cookie_mmm_irs_ppi_005_888_a.exe	POST	200	142.250.186.174:80	http://www.google-analytics.com/collect	unknown	—	—	whitelisted

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	192.168.100.255:137	—	—	—	whitelisted
—	—	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	23.216.77.39:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
—	—	184.30.21.171:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	3.160.40.146:443	di7e1j5f1plfo.cloudfront.net	—	US	whitelisted
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	151.101.129.91:443	images.sftcdn.net	FASTLY	US	whitelisted
2104	svchost.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
7788	bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe	151.101.65.91:443	images.sftcdn.net	FASTLY	US	whitelisted

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 51.104.136.2 4.231.128.59	whitelisted
google.com	172.217.16.142	whitelisted
crl.microsoft.com	23.216.77.39 23.216.77.27 23.216.77.29 23.216.77.33 23.216.77.31 23.216.77.21 23.216.77.30 23.216.77.37 23.216.77.25	whitelisted
www.microsoft.com	184.30.21.171	whitelisted
di7e1j5f1plfo.cloudfront.net	3.160.40.146 3.160.40.20 3.160.40.5 3.160.40.203	whitelisted
images.sftcdn.net	151.101.129.91 151.101.65.91 151.101.193.91 151.101.1.91	whitelisted
gsf-fl.softonic.com	151.101.65.91 151.101.129.91 151.101.193.91 151.101.1.91	whitelisted
v7event.stats.avast.com	34.117.223.223	whitelisted
iavs9x.u.avast.com	23.50.131.91 23.50.131.71	whitelisted
www.google-analytics.com	142.250.186.174	whitelisted

PID	Process	Class	Message
—	—	Generic Protocol Command Decode	SURICATA HTTP Request unrecognized authorization method
—	—	Potential Corporate Privacy Violation	ET INFO PE EXE or DLL Windows file download HTTP
—	—	Misc activity	ET INFO EXE - Served Attached HTTP
—	—	Potentially Bad Traffic	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
—	—	Generic Protocol Command Decode	SURICATA HTTP Request unrecognized authorization method
—	—	Generic Protocol Command Decode	SURICATA HTTP Request unrecognized authorization method
—	—	Generic Protocol Command Decode	SURICATA HTTP Request unrecognized authorization method
8076	cookie_mmm_irs_ppi_005_888_a.exe	Potential Corporate Privacy Violation	ET INFO PE EXE or DLL Windows file download HTTP
—	—	Potential Corporate Privacy Violation	ET INFO PE EXE or DLL Windows file download HTTP
—	—	Potentially Bad Traffic	ET INFO Executable served from Amazon S3

General Info

bat-to-exe-converter-x64-3.2-installer_vG5-as1.exe

C1FE2147288DF9F805ADD851B0A250FB

BBD4CF561810B2A5F6B57FBC4878CA27B11620B6

02E032F5112CC1AAAB727F99B059736F0B4C30B4895C66D93CA29B2ACBDAADAF

98304:wyRr3UJ1IqsdPDMJoPvpyUwyFgS8S7ce/Unba+O+CB3jD9hl:y

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Changes the autorun value in the registry

SUSPICIOUS

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

Process requests binary or script from the Internet

Potential Corporate Privacy Violation

Adds/modifies Windows certificates

The process verifies whether the antivirus software is installed

Starts itself from another location

Creates/Modifies COM task schedule object

The process creates files with name similar to system file names

Process checks presence of unattended files

Creates a software uninstall entry

Reads Mozilla Firefox installation path

Process drops legitimate windows executable

Executes as Windows Service

Starts CMD.EXE for commands execution

The process drops C-runtime libraries

INFO

Reads the machine GUID from the registry

Checks supported languages

Reads the software policy settings

Checks proxy server information

The sample compiled with english language support

Create files in a temporary directory

Reads the computer name

Creates files in the program directory

Manual execution by a user

Reads CPU info

The sample compiled with german language support

Reads Environment values

Auto-launch of the file from Registry key

Process checks computer location settings

The sample compiled with czech language support

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files