File name:

SmartPlayer.exe

Full analysis: https://app.any.run/tasks/4a598136-730d-42d6-8fd5-83cc79a7cbdd
Verdict: Malicious activity
Analysis date: December 16, 2019, 19:06:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

49CD42379F4ECD289815B4BAFF29303F

SHA1:

AE166E0B3D46F0099FC8A0201679C5B758740B60

SHA256:

0A0E8ECA5ABF52ADF68199005B64580D5A8C794785103C2F6D09BF256D383C36

SSDEEP:

49152:xdm8FHMnjgUvBd04OrYbRf1TdXTw0lTkchQyARPTQ7jky8zokzCp:x8fgUpdPOr4Rf1TBhT4NJQ7jzSH0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Smart Player.exe (PID: 2996)

    • Loads dropped or rewritten executable

      • Smart Player.exe (PID: 2996)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SmartPlayer.exe (PID: 2120)

    • Creates files in the user directory

      • SmartPlayer.exe (PID: 2120)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:11:20 08:40:00+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 69632
InitializedDataSize: 1716224
UninitializedDataSize: -
EntryPoint: 0x8c45
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 20-Nov-2014 07:40:00
Detected languages:
  • Chinese - PRC
  • English - United States

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 20-Nov-2014 07:40:00
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00010084
0x00011000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.46014
.rdata
0x00012000
0x000024E0
0x00003000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.66313
.data
0x00015000
0x00004BC8
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.34648
.rsrc
0x0001A000
0x0019E1F4
0x0019F000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.99971

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.65542
86
Latin 1 / Western European
English - United States
RT_MANIFEST
102
7.99988
1688486
Latin 1 / Western European
Chinese - PRC
ZIP
103
1.91924
20
Latin 1 / Western European
Chinese - PRC
RT_GROUP_ICON

Imports

KERNEL32.dll
SHELL32.dll
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start smartplayer.exe smart player.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2120"C:\Users\admin\AppData\Local\Temp\SmartPlayer.exe" C:\Users\admin\AppData\Local\Temp\SmartPlayer.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\smartplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
2996"C:\Users\admin\AppData\Roaming\SPTemp\Smart Player.exe" C:\Users\admin\AppData\Local\TempC:\Users\admin\AppData\Roaming\SPTemp\Smart Player.exeSmartPlayer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Smart Player
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\roaming\sptemp\smart player.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\sptemp\sf_uibase_r.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
464
Read events
331
Write events
133
Delete events
0

Modification events

(PID) Process:(2120) SmartPlayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2120) SmartPlayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2996) Smart Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Smart Player.exe
(PID) Process:(2996) Smart Player.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:Name
Value:
Smart Player.exe
(PID) Process:(2996) Smart Player.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:ID
Value:
1416469119
Executable files
13
Suspicious files
2
Text files
176
Unknown types
0

Dropped files

PID
Process
Filename
Type
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_monitor.pngimage
MD5:A406E6A649A8412B8792107F04B44F8E
SHA256:B99611A230E9BC2C43FCE9E73BF5DF9B38774C8F7899D396D2781ECC29FE6987
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_date_disable.pngimage
MD5:6818FCCC4D3AB56A9666FFCA16538FAD
SHA256:06BA5013726376F9926B0FC5D578D15E4D407FF1F9E51AE11F4B97BFC61B5892
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\AboutPic.pngimage
MD5:CDE092139B7922262D0CCCF567EB0E07
SHA256:8F85C1918F910841952652500B4810445684B157AEB1E976655E304C6C790E06
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_date_down.pngimage
MD5:1C607E0FF724886D4D0906A8A9A3137B
SHA256:0B250350165ABB6A00C618E26FF6072120E5CC78C3F1B365A58B4E56149F6327
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_date_nor.pngimage
MD5:E46EEDFD314154BC2B567A540CAEEFBC
SHA256:E0922C8E81FCD2B7ED66953B6AF57412BDA35522CB34F318E026C001CB4DE896
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_filelisttitle.pngimage
MD5:F1F1A4110C38B4B2B28C16A1BCB43A1C
SHA256:2C22F1F8A15B08980EBDE04B561ED20BEA3EEFB40F1AC774E2C8737F4F4EB8E9
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_playbar.pngimage
MD5:4BCB4A1E3B5921BFFDD3329D773B89F4
SHA256:032FA84F8CC560C796C70B9762DED5E55118C9E22AD673AA513DC335200A004E
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_simpleplayer.pngimage
MD5:68B0357B1778960BF4BEEE55A0025BB9
SHA256:0605BEDD81CCAE9E3DC78EC56AD4461C7783D7E780566F04F9F7803D5D08E468
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_curtime.pngimage
MD5:35EF0D13579F74DEC3F5E8FB4C542E15
SHA256:D3E169925F95240708C8050718B9AB255A7B6F0736004A0AC2DB10D2BE34153B
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_curtime_text.pngimage
MD5:E6E2F9427B422327AE5B130A94A990B3
SHA256:21B9D2FF90271B921206A86B24D241E038EB30CE2C9B5D2A9571336E124EB065
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
SmartPlayer.exe
start 7zUnzip main!
SmartPlayer.exe
ERROR:
SmartPlayer.exe
Extract7zZip succeed!
SmartPlayer.exe
ERROR:
SmartPlayer.exe
ERROR:
SmartPlayer.exe
ShellExecute succeed!
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SmartPlayer.exe