File name:

AnonymPSUpdater_Setup_EN.exe

Full analysis: https://app.any.run/tasks/55f491fb-76b2-406f-b908-4aab40f90a8c
Verdict: Malicious activity
Analysis date: September 30, 2023, 16:44:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

74F8464E61053EFF68CAF78D535BD3A0

SHA1:

80A35711308EFA21B53565445E5924A021433C84

SHA256:

0872B06154E03C4BA5BDDBFC153A99BD9B7A337742881B7A22DD7CAF3D95D75F

SSDEEP:

98304:iM0/KXUMDgHOWBGjTgusLmG6q2GhUopuPsS6egfhfhYNSLs+7kyR3CpC052JWNiA:Y/wyp9e

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 2880)
      • Updater.exe (PID: 3788)

    • Drops the executable file immediately after the start

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)

    • Loads dropped or rewritten executable

      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 3788)

  • SUSPICIOUS

    • Reads the Internet Settings

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)

    • Reads the Windows owner or organization settings

      • irsetup.exe (PID: 2764)

  • INFO

    • Checks supported languages

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 3788)

    • Reads the computer name

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 3788)

    • Create files in a temporary directory

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)

    • Creates files in the program directory

      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 3788)

    • Manual execution by a user

      • Updater.exe (PID: 2880)
      • Updater.exe (PID: 3788)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 2764)

    • Reads the machine GUID from the registry

      • Updater.exe (PID: 3788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:07:31 15:30:07+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 23552
InitializedDataSize: 48640
UninitializedDataSize: -
EntryPoint: 0x2ce1
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 9.5.2.0
ProductVersionNumber: 9.5.2.0
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.5.2.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2018 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFileName: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.5.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start anonympsupdater_setup_en.exe irsetup.exe no specs updater.exe no specs updater.exe anonympsupdater_setup_en.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2764"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1798690 "__IRAFN:C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exeAnonymPSUpdater_Setup_EN.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
9.5.2.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2880"C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe" C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
QS.PortableStation.Updater
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\program files\anonym\portable radio update tools\v1.1.12\updater.exe
c:\windows\system32\ntdll.dll
2916"C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe" C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
9.5.2.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\anonympsupdater_setup_en.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
3056"C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe" C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Application
Exit code:
3221226540
Version:
9.5.2.0
Modules
Images
c:\users\admin\appdata\local\temp\anonympsupdater_setup_en.exe
c:\windows\system32\ntdll.dll
3788"C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe" C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
QS.PortableStation.Updater
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\anonym\portable radio update tools\v1.1.12\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
Total events
1 154
Read events
1 146
Write events
8
Delete events
0

Modification events

(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
6
Suspicious files
6
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
2764irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.datbinary
MD5:2F911712BED6E890EF4953D1E382241C
SHA256:9660EF2A4F4C91C0E63B4996DE924275D7E3958F6C8F7AB0E4C88F4725E83F1A
2764irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPGimage
MD5:3220A6AEFB4FC719CC8849F060859169
SHA256:988CF422CBF400D41C48FBE491B425A827A1B70691F483679C1DF02FB9352765
2764irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPGimage
MD5:AC40DED6736E08664F2D86A65C47EF60
SHA256:F35985FE1E46A767BE7DCEA35F8614E1EDD60C523442E6C2C2397D1E23DBD3EA
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Uninstall\uniBFCC.tmpbinary
MD5:C60A41654E4F6C592E258256939CE9A4
SHA256:1C2635C438C1A198C04EADFD66DED1CCFC21FD66563DCA3A6B42569E1743209F
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Uninstall\uninstall.datbinary
MD5:482E7EB25FDC4D7D503752914CBADAD6
SHA256:DA353CB6BE97A21A969612DED5FB1590984D949B549C6468DF3EEEF928AE6C9E
2764irsetup.exeC:\Users\admin\AppData\Local\Temp\Portable Radio Update Tools Setup Log.txttext
MD5:C191410E8E97EBEF6FEDF5C9915614DC
SHA256:59D7EA7A8E5E9A8EE4C0A8E835EED3C242CB3A3ED92D0E295911CD03C99B6E43
2764irsetup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Radio Update Tools\Uninstall Portable Radio Update Tools.lnkbinary
MD5:65ACD9C01401222F7E0CC3D2E280B917
SHA256:F267006FBE9FE6E87FBD544165F0D8E7E18F69DA50515CCC48484659437BB441
2764irsetup.exeC:\Users\admin\Desktop\Portable Radio Updater.lnkbinary
MD5:5F36F987E5E3E034C1AF965197BF857C
SHA256:78C70C0783DE663557F0F223D471B1ED0E27960A1EDAFF797196E3858C1490BA
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\lua5.1.dllexecutable
MD5:E7A789232EF503DCB4929791673009A3
SHA256:89DAA79B558055F6F893ABF38A0F17D3E1E0193D59DAFBDF98D72D4E5961C2A1
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe.configxml
MD5:071B39DE7DE645EDE9123671E8C87E3F
SHA256:17A8FDF0CDE1D97582575AEE7D21A6E392D6F722D3318B9BC869B8DC2AC909D2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AnonymPSUpdater_Setup_EN.exe