File name:

SmartPlayer.exe

Full analysis: https://app.any.run/tasks/4a598136-730d-42d6-8fd5-83cc79a7cbdd
Verdict: Malicious activity
Analysis date: December 16, 2019, 19:06:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

49CD42379F4ECD289815B4BAFF29303F

SHA1:

AE166E0B3D46F0099FC8A0201679C5B758740B60

SHA256:

0A0E8ECA5ABF52ADF68199005B64580D5A8C794785103C2F6D09BF256D383C36

SSDEEP:

49152:xdm8FHMnjgUvBd04OrYbRf1TdXTw0lTkchQyARPTQ7jky8zokzCp:x8fgUpdPOr4Rf1TBhT4NJQ7jzSH0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Smart Player.exe (PID: 2996)

    • Application was dropped or rewritten from another process

      • Smart Player.exe (PID: 2996)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SmartPlayer.exe (PID: 2120)

    • Creates files in the user directory

      • SmartPlayer.exe (PID: 2120)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:11:20 08:40:00+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 69632
InitializedDataSize: 1716224
UninitializedDataSize: -
EntryPoint: 0x8c45
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 20-Nov-2014 07:40:00
Detected languages:
  • Chinese - PRC
  • English - United States

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 20-Nov-2014 07:40:00
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00010084
0x00011000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.46014
.rdata
0x00012000
0x000024E0
0x00003000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.66313
.data
0x00015000
0x00004BC8
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.34648
.rsrc
0x0001A000
0x0019E1F4
0x0019F000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.99971

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.65542
86
Latin 1 / Western European
English - United States
RT_MANIFEST
102
7.99988
1688486
Latin 1 / Western European
Chinese - PRC
ZIP
103
1.91924
20
Latin 1 / Western European
Chinese - PRC
RT_GROUP_ICON

Imports

KERNEL32.dll
SHELL32.dll
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start smartplayer.exe smart player.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2120"C:\Users\admin\AppData\Local\Temp\SmartPlayer.exe" C:\Users\admin\AppData\Local\Temp\SmartPlayer.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\smartplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
2996"C:\Users\admin\AppData\Roaming\SPTemp\Smart Player.exe" C:\Users\admin\AppData\Local\TempC:\Users\admin\AppData\Roaming\SPTemp\Smart Player.exeSmartPlayer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Smart Player
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\roaming\sptemp\smart player.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\sptemp\sf_uibase_r.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
464
Read events
331
Write events
133
Delete events
0

Modification events

(PID) Process:(2120) SmartPlayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2120) SmartPlayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2996) Smart Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Smart Player.exe
(PID) Process:(2996) Smart Player.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:Name
Value:
Smart Player.exe
(PID) Process:(2996) Smart Player.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:ID
Value:
1416469119
Executable files
13
Suspicious files
2
Text files
176
Unknown types
0

Dropped files

PID
Process
Filename
Type
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_curtime_text.pngimage
MD5:E6E2F9427B422327AE5B130A94A990B3
SHA256:21B9D2FF90271B921206A86B24D241E038EB30CE2C9B5D2A9571336E124EB065
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_date_nor.pngimage
MD5:E46EEDFD314154BC2B567A540CAEEFBC
SHA256:E0922C8E81FCD2B7ED66953B6AF57412BDA35522CB34F318E026C001CB4DE896
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_customerlayout.pngimage
MD5:2B9048FCB608EAF7B6570C483BF691FB
SHA256:A6610D36D4DA25DDFF94CDF8F4CF2293AE32F6AA1B71F5546D701A2C19D82CC7
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_monitor.pngimage
MD5:A406E6A649A8412B8792107F04B44F8E
SHA256:B99611A230E9BC2C43FCE9E73BF5DF9B38774C8F7899D396D2781ECC29FE6987
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\SmartPlayer.7zcompressed
MD5:41225D345C359E4A0F60513004EDBBD5
SHA256:35EEBFF13DD405B234764E1B17603E0AF263E1ABB42A5637FFB76E0EA878432F
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_curtime.pngimage
MD5:35EF0D13579F74DEC3F5E8FB4C542E15
SHA256:D3E169925F95240708C8050718B9AB255A7B6F0736004A0AC2DB10D2BE34153B
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_popdlg.pngimage
MD5:39284217A605589FFEB06A52E112D687
SHA256:A40E424C3465B48808AEE9C148DF8371AD348751CFF85E0F5A8484D23F3957A1
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_edit.pngimage
MD5:929B3A8E1F9DD1F854698D68D15CF3B6
SHA256:3A3F5C1FC96E45CB58167EA0EFF29CE61C796553CE398ECF65295C5DA2B343E0
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_playbar.pngimage
MD5:4BCB4A1E3B5921BFFDD3329D773B89F4
SHA256:032FA84F8CC560C796C70B9762DED5E55118C9E22AD673AA513DC335200A004E
2120SmartPlayer.exeC:\Users\admin\AppData\Roaming\SPTemp\Skin\bg_timeline.pngimage
MD5:DBE9F6A417E27D50C682E60077FBB9BB
SHA256:437CF7CA3831A13FDC685AAE2A33558893E90B7E75DD6735BB67AE6C5C5312A7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
SmartPlayer.exe
start 7zUnzip main!
SmartPlayer.exe
ERROR:
SmartPlayer.exe
Extract7zZip succeed!
SmartPlayer.exe
ERROR:
SmartPlayer.exe
ERROR:
SmartPlayer.exe
ShellExecute succeed!
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
SmartPlayer.exe