File name:

LOSTARKsystemchecker_setup_v6.exe

Full analysis: https://app.any.run/tasks/7c0d79c1-3bf8-40b5-ae6b-81deb24c5977
Verdict: Malicious activity
Analysis date: October 05, 2022, 02:30:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

D564F5BD2699F34609AA93721F83BC7A

SHA1:

420A637AE0A702924CB55BE01942EF31E86E8F17

SHA256:

073E867AD20C07817EFC4C3FFF61280EB97D7D3638858B2575D0B0F5F947FE72

SSDEEP:

98304:HLZKKcYajXAzDahAAEvBPi2qZHDsGnusQCgjleRKToEsA6orNMA1Wid0AMX:4KXa7+AU62qZjsGKCeewM8uLYt4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Loads dropped or rewritten executable

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

  • SUSPICIOUS

    • Checks supported languages

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Reads the computer name

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Creates a software uninstall entry

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Creates a directory in Program Files

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Drops a file with a compile date too recent

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Changes default file association

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Executable content was dropped or overwritten

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

    • Creates files in the program directory

      • LOSTARKsystemchecker_setup_v6.exe (PID: 1640)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2018-Jan-30 03:57:48
Detected languages:
  • English - United States

DOS Header

e_magic: MZ
e_cblp: 144
e_cp: 3
e_crlc: -
e_cparhdr: 4
e_minalloc: -
e_maxalloc: 65535
e_ss: -
e_sp: 184
e_csum: -
e_ip: -
e_cs: -
e_ovno: -
e_oemid: -
e_oeminfo: -
e_lfanew: 216

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 5
TimeDateStamp: 2018-Jan-30 03:57:48
PointerToSymbolTable: -
NumberOfSymbols: -
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
4096
26151
26624
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.45224
.rdata
32768
5274
5632
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.00708
.data
40960
176120
1536
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.03532
.ndata
217088
155648
0
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc
372736
323168
323584
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.56873

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.06385
152104
UNKNOWN
English - United States
RT_ICON
2
5.05007
67624
UNKNOWN
English - United States
RT_ICON
3
5.11012
38056
UNKNOWN
English - United States
RT_ICON
4
7.96736
27478
UNKNOWN
English - United States
RT_ICON
5
5.11105
16936
UNKNOWN
English - United States
RT_ICON
6
5.14782
9640
UNKNOWN
English - United States
RT_ICON
7
5.23004
4264
UNKNOWN
English - United States
RT_ICON
8
5.18382
2440
UNKNOWN
English - United States
RT_ICON
9
5.13588
1128
UNKNOWN
English - United States
RT_ICON
103
2.47661
276
UNKNOWN
English - United States
RT_DIALOG

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start lostarksystemchecker_setup_v6.exe lostarksystemchecker_setup_v6.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1640"C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe" C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\lostarksystemchecker_setup_v6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3248"C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe" C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\lostarksystemchecker_setup_v6.exe
c:\windows\system32\ntdll.dll
Total events
730
Read events
719
Write events
11
Delete events
0

Modification events

(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_CURRENT_USER\Software\Smilegate\LOSTARKsystemchecker
Operation:writeName:exeName
Value:
LOSTARKsystemchecker.exe
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_CURRENT_USER\Software\Smilegate\LOSTARKsystemchecker
Operation:writeName:INSTDIR
Value:
C:\Program Files\Smilegate\LOSTARKsystemchecker
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_CURRENT_USER\Software\Smilegate\LOSTARKsystemchecker
Operation:writeName:main_version
Value:
6
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LOSTARKsystemchecker
Operation:writeName:DisplayName
Value:
LOSTARKsystemchecker
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LOSTARKsystemchecker
Operation:writeName:UninstallString
Value:
C:\Program Files\Smilegate\LOSTARKsystemchecker\Uninstall.exe
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LOSTARKsystemchecker
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Smilegate\LOSTARKsystemchecker\LOSTARKsystemchecker.exe
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LOSTARKsystemchecker
Operation:writeName:Publisher
Value:
Smilegate Stove Inc.
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sgup-sc
Operation:writeName:(default)
Value:
URL:sgup-sc protocol
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sgup-sc
Operation:writeName:URL Protocol
Value:
(PID) Process:(1640) LOSTARKsystemchecker_setup_v6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sgup-sc\DefaultIcon
Operation:writeName:(default)
Value:
C:\Program Files\Smilegate\LOSTARKsystemchecker\LOSTARKsystemchecker.exe,0
Executable files
54
Suspicious files
0
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
1640LOSTARKsystemchecker_setup_v6.exeC:\Users\admin\AppData\Local\Temp\nsuA365.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\LOSTARKsystemchecker_auto.exeexecutable
MD5:
SHA256:
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\LOSTARKsystemchecker.exeexecutable
MD5:
SHA256:
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-errorhandling-l1-1-0.dllexecutable
MD5:906CB0C8ABA8342D552B0F37DDFD475F
SHA256:582E87ADE6DAC258844154B068C291FF8D8F6D7AB6EE029FCD3CF1391874C74B
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-memory-l1-1-0.dllexecutable
MD5:FC13F11A2458879B23C87B29C2BAD934
SHA256:624841916513409C3CFCF45589EB96548C77B829E5D56A5783249D3AB7DC8998
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:F6D1216E974FB76585FD350EBDC30648
SHA256:348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-file-l2-1-0.dllexecutable
MD5:BFB08FB09E8D68673F2F0213C59E2B97
SHA256:6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-heap-l1-1-0.dllexecutable
MD5:1CD8672D8C08B39560A9D5518836493E
SHA256:4A5F33A0837A9D9F22D49EE6D062BAE671A4C5C5522DB6FFE03C1AA2C0BD008E
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-libraryloader-l1-1-0.dllexecutable
MD5:44CA070DC5C09FF8588CF6CDCB64E7A2
SHA256:EDEB5B3003DB4EE3767FA012E812323FADEF67663C1B45FED3FCA96CAD5AECC8
1640LOSTARKsystemchecker_setup_v6.exeC:\Program Files\Smilegate\LOSTARKsystemchecker\LibAUDfs.dllexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
LOSTARKsystemchecker_setup_v6.exe