File name:

SmartPlayer.exe

Full analysis: https://app.any.run/tasks/4a598136-730d-42d6-8fd5-83cc79a7cbdd
Verdict: Malicious activity
Analysis date: December 16, 2019, 19:06:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

49CD42379F4ECD289815B4BAFF29303F

SHA1:

AE166E0B3D46F0099FC8A0201679C5B758740B60

SHA256:

0A0E8ECA5ABF52ADF68199005B64580D5A8C794785103C2F6D09BF256D383C36

SSDEEP:

49152:xdm8FHMnjgUvBd04OrYbRf1TdXTw0lTkchQyARPTQ7jky8zokzCp:x8fgUpdPOr4Rf1TBhT4NJQ7jzSH0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Smart Player.exe (PID: 2996)

    • Loads dropped or rewritten executable

      • Smart Player.exe (PID: 2996)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SmartPlayer.exe (PID: 2120)

    • Creates files in the user directory

      • SmartPlayer.exe (PID: 2120)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:11:20 08:40:00+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 69632
InitializedDataSize: 1716224
UninitializedDataSize: -
EntryPoint: 0x8c45
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 20-Nov-2014 07:40:00
Detected languages:
  • Chinese - PRC
  • English - United States

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 20-Nov-2014 07:40:00
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00010084
0x00011000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.46014
.rdata
0x00012000
0x000024E0
0x00003000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.66313
.data
0x00015000
0x00004BC8
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.34648
.rsrc
0x0001A000
0x0019E1F4
0x0019F000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.99971

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.65542
86
Latin 1 / Western European
English - United States
RT_MANIFEST
102
7.99988
1688486
Latin 1 / Western European
Chinese - PRC
ZIP
103
1.91924
20
Latin 1 / Western European
Chinese - PRC
RT_GROUP_ICON

Imports

KERNEL32.dll
SHELL32.dll
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start smartplayer.exe smart player.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2120"C:\Users\admin\AppData\Local\Temp\SmartPlayer.exe" C:\Users\admin\AppData\Local\Temp\SmartPlayer.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\smartplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
2996"C:\Users\admin\AppData\Roaming\SPTemp\Smart Player.exe" C:\Users\admin\AppData\Local\TempC:\Users\admin\AppData\Roaming\SPTemp\Smart Player.exeSmartPlayer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Smart Player
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\roaming\sptemp\smart player.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\sptemp\sf_uibase_r.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
464
Read events
331
Write events
133
Delete events
0

Modification events

(PID) Process:(2120) SmartPlayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2120) SmartPlayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2996) Smart Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Smart Player.exe
(PID) Process:(2996) Smart Player.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:Name
Value:
Smart Player.exe
(PID) Process:(2996) Smart Player.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:ID
Value:
1416469119
Executable files
13
Suspicious files
2
Text files
176
Unknown types
0

Dropped files

PID
Process
Filename
Type
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\AboutPic.pngimage
MD5:CDE092139B7922262D0CCCF567EB0E07
SHA256:8F85C1918F910841952652500B4810445684B157AEB1E976655E304C6C790E06
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_curtime_text.pngimage
MD5:E6E2F9427B422327AE5B130A94A990B3
SHA256:21B9D2FF90271B921206A86B24D241E038EB30CE2C9B5D2A9571336E124EB065
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_customerlayout.pngimage
MD5:2B9048FCB608EAF7B6570C483BF691FB
SHA256:A6610D36D4DA25DDFF94CDF8F4CF2293AE32F6AA1B71F5546D701A2C19D82CC7
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_date_hover.pngimage
MD5:E46EEDFD314154BC2B567A540CAEEFBC
SHA256:E0922C8E81FCD2B7ED66953B6AF57412BDA35522CB34F318E026C001CB4DE896
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_curtime.pngimage
MD5:35EF0D13579F74DEC3F5E8FB4C542E15
SHA256:D3E169925F95240708C8050718B9AB255A7B6F0736004A0AC2DB10D2BE34153B
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_date_disable.pngimage
MD5:6818FCCC4D3AB56A9666FFCA16538FAD
SHA256:06BA5013726376F9926B0FC5D578D15E4D407FF1F9E51AE11F4B97BFC61B5892
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_time_disable.pngimage
MD5:A4832D25A100366AAA229CA3B2042788
SHA256:3CA77B1709C9A8FDB5A76F73606C0382F31899DAB1440488378494B91F34B323
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_tabbar.pngimage
MD5:3C49300BC78326AE353C1404C5ABC56C
SHA256:C849C1D9C5E3A7585F2755CF6B50691EF53CBA0CBED3AA281E73024E8CA4482B
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_timeline.pngimage
MD5:DBE9F6A417E27D50C682E60077FBB9BB
SHA256:437CF7CA3831A13FDC685AAE2A33558893E90B7E75DD6735BB67AE6C5C5312A7
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_timelinepopdlg.pngimage
MD5:0AA59BF68C60E50E091E1FA760F9612B
SHA256:97A6B369F2E9245CD9F8458DEE524BD4F73A06390CE68109BFDAD19AC7E443FF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
SmartPlayer.exe
start 7zUnzip main!
SmartPlayer.exe
ERROR:
SmartPlayer.exe
Extract7zZip succeed!
SmartPlayer.exe
ERROR:
SmartPlayer.exe
ERROR:
SmartPlayer.exe
ShellExecute succeed!
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SmartPlayer.exe