analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://update.iobit.com/dl/unlocker-setup.exe

Full analysis: https://app.any.run/tasks/17676783-9536-40a8-9b9a-93361cdf408f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 11, 2019, 22:26:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

717B37D1F01D2117829BCCBE1CE5CA8D

SHA1:

9962C1AED85192EC8F12783D54FD9729A2D9E2A2

SHA256:

082AFA0582558ACD99A20CCB7E135779DFFEDBC7CAF51898A4EA98F71CAB3EE2

SSDEEP:

3:N1KLQRAMzP/vwWVkA:CUnzwSkA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • unlocker-setup.exe (PID: 2736)
      • unlocker-setup.exe (PID: 1420)
      • IObitUnlocker.exe (PID: 2996)

    • Downloads executable files from the Internet

      • chrome.exe (PID: 2616)

    • Loads dropped or rewritten executable

      • regsvr32.exe (PID: 2232)
      • IObitUnlocker.exe (PID: 2996)

    • Registers / Runs the DLL via REGSVR32.EXE

      • unlocker-setup.tmp (PID: 3852)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2616)
      • unlocker-setup.exe (PID: 2736)
      • unlocker-setup.exe (PID: 1420)
      • chrome.exe (PID: 3160)
      • unlocker-setup.tmp (PID: 3852)

    • Reads Windows owner or organization settings

      • unlocker-setup.tmp (PID: 3852)

    • Reads the Windows organization settings

      • unlocker-setup.tmp (PID: 3852)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 2232)

    • Creates files in the user directory

      • TaskHelper.exe (PID: 3300)

    • Creates files in the program directory

      • IObitUnlocker.exe (PID: 2996)

  • INFO

    • Application was dropped or rewritten from another process

      • unlocker-setup.tmp (PID: 3852)
      • unlocker-setup.tmp (PID: 3824)
      • TaskHelper.exe (PID: 3300)

    • Application launched itself

      • chrome.exe (PID: 3160)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3160)

    • Loads dropped or rewritten executable

      • unlocker-setup.tmp (PID: 3852)
      • TaskHelper.exe (PID: 3300)

    • Creates a software uninstall entry

      • unlocker-setup.tmp (PID: 3852)

    • Creates files in the program directory

      • unlocker-setup.tmp (PID: 3852)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
16
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs unlocker-setup.exe unlocker-setup.tmp no specs chrome.exe no specs unlocker-setup.exe unlocker-setup.tmp taskhelper.exe regsvr32.exe no specs iobitunlocker.exe

Process information

PID
CMD
Path
Indicators
Parent process
3160"C:\Program Files\Google\Chrome\Application\chrome.exe" http://update.iobit.com/dl/unlocker-setup.exeC:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
3624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fb9a9d0,0x6fb9a9e0,0x6fb9a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2972"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3156 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2304"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3718515875133592707 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2616"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=13735322898280864272 --mojo-platform-channel-handle=1532 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2544"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2395842297772471973 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3224"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8210403046723264674 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1926465275748651392 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
1420"C:\Users\admin\Downloads\unlocker-setup.exe" C:\Users\admin\Downloads\unlocker-setup.exe
chrome.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
IObit Unlocker
Exit code:
0
Version:
1.1.2.1
3824"C:\Users\admin\AppData\Local\Temp\is-81NH1.tmp\unlocker-setup.tmp" /SL5="$60138,1967081,139776,C:\Users\admin\Downloads\unlocker-setup.exe" C:\Users\admin\AppData\Local\Temp\is-81NH1.tmp\unlocker-setup.tmpunlocker-setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Total events
1 322
Read events
1 216
Write events
0
Delete events
0

Modification events

No data
Executable files
16
Suspicious files
20
Text files
107
Unknown types
9

Dropped files

PID
Process
Filename
Type
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RFcdb81.TMP
MD5:
SHA256:
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\049f5d12-11a4-465e-aeb9-af872e580e45.tmp
MD5:
SHA256:
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFcdb42.TMPtext
MD5:DC32343F45B01764B6267AD36548102A
SHA256:A250F5AD57D4BD58AAE92810D50278E3BE2DBF869F126A3A3519691BCDFC2075
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFcdb52.TMPtext
MD5:C4D6CBB269C626168A5D6D0D8CCE6C30
SHA256:B62CDBB758278A0C2E50593357390119441D8DE09428EB29027F3DFD1332E348
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:213AE3DA120D7862D60B5763B6C9D466
SHA256:5736534D6EE654C1BF1A8E79E73330AF58F622E8657285330D2C7189A55604F4
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:DC32343F45B01764B6267AD36548102A
SHA256:A250F5AD57D4BD58AAE92810D50278E3BE2DBF869F126A3A3519691BCDFC2075
3160chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldtext
MD5:3D551B6E929CF62F7AA66091E718704B
SHA256:1698A1B1BC3E86676392FB8BD4C712438302A5A2220503C08F290ED4B1790404
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
9
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2616
chrome.exe
GET
200
93.184.221.133:80
http://update.iobit.com/dl/unlocker-setup.exe
US
executable
2.41 Mb
whitelisted
2996
IObitUnlocker.exe
POST
200
93.184.221.133:80
http://update.iobit.com/infofiles/iobitunlocker.upt
US
text
141 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2616
chrome.exe
172.217.16.196:443
www.google.com
Google Inc.
US
whitelisted
2616
chrome.exe
216.58.208.35:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2616
chrome.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2616
chrome.exe
172.217.18.109:443
accounts.google.com
Google Inc.
US
suspicious
2996
IObitUnlocker.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2616
chrome.exe
172.217.16.142:443
sb-ssl.google.com
Google Inc.
US
whitelisted
2616
chrome.exe
216.58.207.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 216.58.207.35
whitelisted
update.iobit.com
  • 93.184.221.133
whitelisted
accounts.google.com
  • 172.217.18.109
shared
sb-ssl.google.com
  • 172.217.16.142
whitelisted
www.google.com
  • 172.217.16.196
whitelisted
ssl.gstatic.com
  • 216.58.208.35
whitelisted

Threats

PID
Process
Class
Message
2616
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
TaskHelper.exe
GetChromePath: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\
IObitUnlocker.exe
C:\ProgramData\IObit\IObit Unlocker\temp.cds
IObitUnlocker.exe
ParamStr(1):
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://update.iobit.com/dl/unlocker-setup.exe