File name:

AnonymPSUpdater_Setup_EN.exe

Full analysis: https://app.any.run/tasks/55f491fb-76b2-406f-b908-4aab40f90a8c
Verdict: Malicious activity
Analysis date: September 30, 2023, 16:44:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

74F8464E61053EFF68CAF78D535BD3A0

SHA1:

80A35711308EFA21B53565445E5924A021433C84

SHA256:

0872B06154E03C4BA5BDDBFC153A99BD9B7A337742881B7A22DD7CAF3D95D75F

SSDEEP:

98304:iM0/KXUMDgHOWBGjTgusLmG6q2GhUopuPsS6egfhfhYNSLs+7kyR3CpC052JWNiA:Y/wyp9e

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)

    • Application was dropped or rewritten from another process

      • Updater.exe (PID: 3788)
      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 2880)

    • Loads dropped or rewritten executable

      • Updater.exe (PID: 3788)
      • irsetup.exe (PID: 2764)

  • SUSPICIOUS

    • Reads the Internet Settings

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)

    • Reads the Windows owner or organization settings

      • irsetup.exe (PID: 2764)

  • INFO

    • Checks supported languages

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 3788)

    • Reads the computer name

      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)
      • irsetup.exe (PID: 2764)
      • Updater.exe (PID: 3788)

    • Create files in a temporary directory

      • irsetup.exe (PID: 2764)
      • AnonymPSUpdater_Setup_EN.exe (PID: 2916)

    • Manual execution by a user

      • Updater.exe (PID: 2880)
      • Updater.exe (PID: 3788)

    • Creates files in the program directory

      • Updater.exe (PID: 3788)
      • irsetup.exe (PID: 2764)

    • Reads the machine GUID from the registry

      • Updater.exe (PID: 3788)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 2764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:07:31 15:30:07+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 23552
InitializedDataSize: 48640
UninitializedDataSize: -
EntryPoint: 0x2ce1
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 9.5.2.0
ProductVersionNumber: 9.5.2.0
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.5.2.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2018 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFileName: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.5.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start anonympsupdater_setup_en.exe irsetup.exe no specs updater.exe no specs updater.exe anonympsupdater_setup_en.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2764"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1798690 "__IRAFN:C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exeAnonymPSUpdater_Setup_EN.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
9.5.2.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2880"C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe" C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
QS.PortableStation.Updater
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\program files\anonym\portable radio update tools\v1.1.12\updater.exe
c:\windows\system32\ntdll.dll
2916"C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe" C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
9.5.2.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\anonympsupdater_setup_en.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
3056"C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exe" C:\Users\admin\AppData\Local\Temp\AnonymPSUpdater_Setup_EN.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Application
Exit code:
3221226540
Version:
9.5.2.0
Modules
Images
c:\users\admin\appdata\local\temp\anonympsupdater_setup_en.exe
c:\windows\system32\ntdll.dll
3788"C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe" C:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
QS.PortableStation.Updater
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\anonym\portable radio update tools\v1.1.12\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
Total events
1 154
Read events
1 146
Write events
8
Delete events
0

Modification events

(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2916) AnonymPSUpdater_Setup_EN.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
6
Suspicious files
6
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
2764irsetup.exeC:\Users\admin\AppData\Local\Temp\Portable Radio Update Tools Setup Log.txttext
MD5:C191410E8E97EBEF6FEDF5C9915614DC
SHA256:59D7EA7A8E5E9A8EE4C0A8E835EED3C242CB3A3ED92D0E295911CD03C99B6E43
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Uninstall\uniBFCC.tmpbinary
MD5:C60A41654E4F6C592E258256939CE9A4
SHA256:1C2635C438C1A198C04EADFD66DED1CCFC21FD66563DCA3A6B42569E1743209F
2764irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPGimage
MD5:AC40DED6736E08664F2D86A65C47EF60
SHA256:F35985FE1E46A767BE7DCEA35F8614E1EDD60C523442E6C2C2397D1E23DBD3EA
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\uninstall.exeexecutable
MD5:7EB6266334C70E3FFA235D2571614734
SHA256:0249A947699C4B9678718905D93811A0ABB4E1B9528C405F70102CEEA68BB00F
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Uninstall\uninstall.xmlxml
MD5:2D3933879617F85722616C5B78C6A971
SHA256:2596284C61BE30F885BBE9393F4031F9355DBCFD43BE4EA80C4155668B4FBCF0
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exe.configxml
MD5:071B39DE7DE645EDE9123671E8C87E3F
SHA256:17A8FDF0CDE1D97582575AEE7D21A6E392D6F722D3318B9BC869B8DC2AC909D2
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Uninstall\uninstall.datbinary
MD5:482E7EB25FDC4D7D503752914CBADAD6
SHA256:DA353CB6BE97A21A969612DED5FB1590984D949B549C6468DF3EEEF928AE6C9E
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\update.icoimage
MD5:8AAAA971A349ED18850A07229F28712B
SHA256:C2E7B450E516A7EDBB464BEE45CC09868D64BF7F6341A48974AAA737963D89DB
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\Updater.exeexecutable
MD5:8910762FB77F8A5C37C136DCCC4E72D6
SHA256:1228C2D84277873E2DBA0D17A006339CC2B743496A88857C728532A168D63F0B
2764irsetup.exeC:\Program Files\Anonym\Portable Radio Update Tools\V1.1.12\lua5.1.dllexecutable
MD5:E7A789232EF503DCB4929791673009A3
SHA256:89DAA79B558055F6F893ABF38A0F17D3E1E0193D59DAFBDF98D72D4E5961C2A1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AnonymPSUpdater_Setup_EN.exe