File name: | LOSTARKsystemchecker_setup_v6.exe |
Full analysis: | https://app.any.run/tasks/7c0d79c1-3bf8-40b5-ae6b-81deb24c5977 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 02:30:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | D564F5BD2699F34609AA93721F83BC7A |
SHA1: | 420A637AE0A702924CB55BE01942EF31E86E8F17 |
SHA256: | 073E867AD20C07817EFC4C3FFF61280EB97D7D3638858B2575D0B0F5F947FE72 |
SSDEEP: | 98304:HLZKKcYajXAzDahAAEvBPi2qZHDsGnusQCgjleRKToEsA6orNMA1Wid0AMX:4KXa7+AU62qZjsGKCeewM8uLYt4 |
.exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (14.2) |
.exe | | | Win32 Executable (generic) (9.7) |
.exe | | | Generic Win/DOS Executable (4.3) |
.exe | | | DOS Executable Generic (4.3) |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 2018-Jan-30 03:57:48 |
Detected languages: |
|
e_magic: | MZ |
---|---|
e_cblp: | 144 |
e_cp: | 3 |
e_crlc: | - |
e_cparhdr: | 4 |
e_minalloc: | - |
e_maxalloc: | 65535 |
e_ss: | - |
e_sp: | 184 |
e_csum: | - |
e_ip: | - |
e_cs: | - |
e_ovno: | - |
e_oemid: | - |
e_oeminfo: | - |
e_lfanew: | 216 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
NumberofSections: | 5 |
TimeDateStamp: | 2018-Jan-30 03:57:48 |
PointerToSymbolTable: | - |
NumberOfSymbols: | - |
SizeOfOptionalHeader: | 224 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 4096 | 26151 | 26624 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.45224 |
.rdata | 32768 | 5274 | 5632 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.00708 |
.data | 40960 | 176120 | 1536 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.03532 |
.ndata | 217088 | 155648 | 0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | |
.rsrc | 372736 | 323168 | 323584 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.56873 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.06385 | 152104 | UNKNOWN | English - United States | RT_ICON |
2 | 5.05007 | 67624 | UNKNOWN | English - United States | RT_ICON |
3 | 5.11012 | 38056 | UNKNOWN | English - United States | RT_ICON |
4 | 7.96736 | 27478 | UNKNOWN | English - United States | RT_ICON |
5 | 5.11105 | 16936 | UNKNOWN | English - United States | RT_ICON |
6 | 5.14782 | 9640 | UNKNOWN | English - United States | RT_ICON |
7 | 5.23004 | 4264 | UNKNOWN | English - United States | RT_ICON |
8 | 5.18382 | 2440 | UNKNOWN | English - United States | RT_ICON |
9 | 5.13588 | 1128 | UNKNOWN | English - United States | RT_ICON |
103 | 2.47661 | 276 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3248 | "C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe" | C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
1640 | "C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe" | C:\Users\admin\AppData\Local\Temp\LOSTARKsystemchecker_setup_v6.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\LOSTARKsystemchecker_auto.exe | executable | |
MD5:EC96FE7FDAC7B79F84A8F5506AE2540F | SHA256:19268ED239425EB5043EE0087537D8146EED43538C4797F1FE7BAA5CDB6C5194 | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-handle-l1-1-0.dll | executable | |
MD5:FC68978ABB44E572DFE637B7DD3D615F | SHA256:DF6BED7BCCCAF7298133DF99E497FA70DA761BE99C2A5B2742CFC835BF62D356 | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-processthreads-l1-1-0.dll | executable | |
MD5:39047E168FFBDD19185504633D6ECA29 | SHA256:611B3E36AD3E0045AB4170A5D4E2D05FD2A26DDE2F7B09EA51F4264E263A544B | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-file-l1-1-0.dll | executable | |
MD5:779A8B14C22E463EA535CBCA9EA84D49 | SHA256:FC0551DE11B310DFD8F3FC924F309D5E754B547FFC475CF6C3D007BB5366F148 | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\LibAUDfs.dll | executable | |
MD5:06AE26A4396FB6D235B40BB58E8BF3FB | SHA256:D05251507E59E356D20D60CDCA6ADC01B51C3DC6EBB00EA1D16F4472968EC029 | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\LOSTARKsystemchecker.exe | executable | |
MD5:22D6FB3471920DEE97321CBC9824D9E2 | SHA256:706D4042B41FB3BDB7191C77EAE309FBC750D1F67C65B08ABF3C1D2DFCD93F2B | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-file-l1-2-0.dll | executable | |
MD5:F6D1216E974FB76585FD350EBDC30648 | SHA256:348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271 | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-errorhandling-l1-1-0.dll | executable | |
MD5:906CB0C8ABA8342D552B0F37DDFD475F | SHA256:582E87ADE6DAC258844154B068C291FF8D8F6D7AB6EE029FCD3CF1391874C74B | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Program Files\Smilegate\LOSTARKsystemchecker\api-ms-win-core-datetime-l1-1-0.dll | executable | |
MD5:3B3BD0AD4FEA16AB58FCAEAE4629879C | SHA256:DCB9CF7E31D6772434C683353A1514F10D87D39FEAA9B3EDF3FA983B2988294C | |||
1640 | LOSTARKsystemchecker_setup_v6.exe | C:\Users\admin\AppData\Local\Temp\nsuA365.tmp\modern-wizard.bmp | image | |
MD5:CBE40FD2B1EC96DAEDC65DA172D90022 | SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2 |