File name:

WireguardPortable_0.5.3_Dev_Test_1.paf.exe

Full analysis: https://app.any.run/tasks/b0baf5ae-1159-4aaa-940f-f2895443b68e
Verdict: Malicious activity
Analysis date: March 01, 2024, 09:29:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

CF9ED9390EE652614440A3387077AAD5

SHA1:

AC0A603D9E502929B16326996C0A7DF005C8E0F3

SHA256:

0936F58046A658194A4502A8F0A2EBE15501434CF4872662627949DC173CA218

SSDEEP:

98304:8aXzXkG/XKhOdpF7yX1F1s4z21r6vAxuQ2CBHMIKcyKxY4HWRVDpFLShCgFI/1r7:gYKLyVk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)

    • The process creates files with name similar to system file names

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)

    • Executable content was dropped or overwritten

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)

  • INFO

    • Reads the computer name

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)

    • Checks supported languages

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)

    • Create files in a temporary directory

      • WireguardPortable_0.5.3_Dev_Test_1.paf.exe (PID: 3668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:10:30+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 412160
UninitializedDataSize: 16384
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.5.2.991
ProductVersionNumber: 0.5.2.991
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: For additional details, visit PortableApps.com
CompanyName: PortableApps.com
FileDescription: Wireguard Portable
FileVersion: 0.5.2.991
InternalName: Wireguard Portable
LegalCopyright: 2007-2023 PortableApps.com, PortableApps.com Installer 3.8.3.0
LegalTrademarks: PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFileName: WireguardPortable_0.5.3.paf.exe
PortableAppscomAppID: WireguardPortable
PortableAppscomFormatVersion: 3.8
PortableAppscomInstallerVersion: 3.8.3.0
ProductName: Wireguard Portable
ProductVersion: 0.5.2.991
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wireguardportable_0.5.3_dev_test_1.paf.exe

Process information

PID
CMD
Path
Indicators
Parent process
3668"C:\Users\admin\AppData\Local\Temp\WireguardPortable_0.5.3_Dev_Test_1.paf.exe" C:\Users\admin\AppData\Local\Temp\WireguardPortable_0.5.3_Dev_Test_1.paf.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
Wireguard Portable
Exit code:
0
Version:
0.5.2.991
Modules
Images
c:\users\admin\appdata\local\temp\wireguardportable_0.5.3_dev_test_1.paf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
3 829
Read events
3 824
Write events
5
Delete events
0

Modification events

(PID) Process:(3668) WireguardPortable_0.5.3_Dev_Test_1.paf.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3668) WireguardPortable_0.5.3_Dev_Test_1.paf.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-2
Value:
Access the computers and devices that are on your network.
(PID) Process:(3668) WireguardPortable_0.5.3_Dev_Test_1.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(3668) WireguardPortable_0.5.3_Dev_Test_1.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
Executable files
10
Suspicious files
0
Text files
21
Unknown types
0

Dropped files

PID
Process
Filename
Type
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\Users\admin\AppData\Local\Temp\nspF435.tmp\modern-wizard.bmpimage
MD5:4DF53EFCAA2C52F39618B2AAD77BB552
SHA256:EE13539F3D66CC0592942EA1A4C35D8FD9AF67B1A7F272D0D791931E6E9CE4EB
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\Users\admin\AppData\Local\Temp\nspF435.tmp\modern-header.bmpimage
MD5:0A3A1ACAAA81C4CDB498F261E742195D
SHA256:745F31BB3AC635B13ECA76D829A636DCF4BDEA0C7EC4BFE84A37767D64892368
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\Users\admin\AppData\Local\Temp\nspF435.tmp\System.dllexecutable
MD5:4ADD245D4BA34B04F213409BFE504C07
SHA256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\WireguardPortable\WireguardPortable.exeexecutable
MD5:64213ABD93CD1551D2D4FC950C7165E0
SHA256:B313E650D32F452300E1C08C4F59184EAFA15F815A9C5047EB261421588A34A6
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\Users\admin\AppData\Local\Temp\nspF435.tmp\LangDLL.dllexecutable
MD5:50016010FB0D8DB2BC4CD258CEB43BE5
SHA256:32230128C18574C1E860DFE4B17FE0334F685740E27BC182E0D525A8948C9C2E
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\WireguardPortable\App\AppInfo\pac_installer_log.initext
MD5:BF1D66442DA0F4F9936A1DDBFBD426F2
SHA256:35A3A89EBDB292B73464BAB6782990C6C67F70EB40D5D888C6C208EE6AB81DD1
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\WireguardPortable\App\AppInfo\appinfo.initext
MD5:0D3AECA4765B4BC394A114705A5C4773
SHA256:DF1DA0334048120231EB7720C2B86F0C542614507D1F420160F03AAE77E6C022
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\WireguardPortable\App\AppInfo\installer.initext
MD5:5FE539F163A8B44E2812B9095D9E5902
SHA256:62B18C19A8F2B4E1967EE7FD9D133B0DD6E3140110ECBE3ED30A3B7BBCCB9D6F
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\WireguardPortable\App\AppInfo\Launcher\WireguardPortable.initext
MD5:0093B10F599EDEB9D0723F5CB0F6F0E6
SHA256:A5F9E3C7BBB77FEB2BCED9162BD0689772896766ABDDDA7092DACF3BEF06B7A3
3668WireguardPortable_0.5.3_Dev_Test_1.paf.exeC:\WireguardPortable\App\AppInfo\Launcher\Splash.jpgimage
MD5:4CE00EB626A3814A09B7BDFCA1ADF1AA
SHA256:4C5F704CFACC3D86BE933E2239B1787C0D5200B1FCAE5A0735C0B93F1A463D11
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WireguardPortable_0.5.3_Dev_Test_1.paf.exe