download:

Baidu-PC-Faster-5.1.3.131061.exe

Full analysis: https://app.any.run/tasks/b47b1dac-3df8-4c77-9a95-fc3d048725c8
Verdict: Malicious activity
Analysis date: August 19, 2019, 09:22:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

BC4BD700EB90AF556BEA36A621309B93

SHA1:

68747762D7FE93D5A6E7216EA7CC4FE2B4F3F252

SHA256:

0A734E7A121E820A06492320C95F48F27E583AB8D023811834B8EB38847110F2

SSDEEP:

786432:V7Zcbp+3OIxbcsGnQRgFDNlolJFoijf/tHKB6BUxiq94CV:V7ZcbsbxbcsaFJNKlcE/tH7UxSC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Baidu-PC-Faster-5.1.3.131061.exe (PID: 3044)

    • Application was dropped or rewritten from another process

      • PCFC3D1.exe (PID: 3920)
      • PC_Faster_Setup_Mini.exe (PID: 3192)

  • SUSPICIOUS

    • Low-level read access rights to disk partition

      • Baidu-PC-Faster-5.1.3.131061.exe (PID: 3044)
      • PCFC3D1.exe (PID: 3920)

    • Executable content was dropped or overwritten

      • Baidu-PC-Faster-5.1.3.131061.exe (PID: 3044)
      • PC_Faster_Setup_Mini.exe (PID: 3192)

    • Creates files in the program directory

      • PCFC3D1.exe (PID: 3920)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:04:10 14:19:31+02:00
PEType: PE32
LinkerVersion: 9
CodeSize: 25600
InitializedDataSize: 431104
UninitializedDataSize: 16896
EntryPoint: 0x354b
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 5.1.3.65525
ProductVersionNumber: 5.1.3.65525
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Beta: 1
ChannelName: web|gl|official|direct
CompanyName: Baidu, Inc.
FileDescription: PC Faster Setup
FileVersion: 5.1.3.131061
LegalCopyright: Copyright (C) 2014 Baidu, Inc. All Rights Reserved.
ProductName: Baidu PC Faster
ProductVersion: 5.1.3.131061
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start start drop and start baidu-pc-faster-5.1.3.131061.exe pc_faster_setup_mini.exe pcfc3d1.exe no specs baidu-pc-faster-5.1.3.131061.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2248"C:\Users\admin\AppData\Local\Temp\Baidu-PC-Faster-5.1.3.131061.exe" C:\Users\admin\AppData\Local\Temp\Baidu-PC-Faster-5.1.3.131061.exeexplorer.exe
User:
admin
Company:
Baidu, Inc.
Integrity Level:
MEDIUM
Description:
PC Faster Setup
Exit code:
3221226540
Version:
5.1.3.131061
Modules
Images
c:\users\admin\appdata\local\temp\baidu-pc-faster-5.1.3.131061.exe
c:\systemroot\system32\ntdll.dll
3044"C:\Users\admin\AppData\Local\Temp\Baidu-PC-Faster-5.1.3.131061.exe" C:\Users\admin\AppData\Local\Temp\Baidu-PC-Faster-5.1.3.131061.exe
explorer.exe
User:
admin
Company:
Baidu, Inc.
Integrity Level:
HIGH
Description:
PC Faster Setup
Exit code:
2
Version:
5.1.3.131061
Modules
Images
c:\users\admin\appdata\local\temp\baidu-pc-faster-5.1.3.131061.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3192"C:\Users\admin\AppData\Local\Temp\nseC172.tmp\PC_Faster_Setup_Mini.exe" "/FullInstallSrc=C:\Users\admin\AppData\Local\Temp\Baidu-PC-Faster-5.1.3.131061.exe"C:\Users\admin\AppData\Local\Temp\nseC172.tmp\PC_Faster_Setup_Mini.exe
Baidu-PC-Faster-5.1.3.131061.exe
User:
admin
Company:
Baidu Inc.
Integrity Level:
HIGH
Description:
Baidu PC Faster MiniSetup
Exit code:
0
Version:
4,0,0,118310
Modules
Images
c:\users\admin\appdata\local\temp\nsec172.tmp\pc_faster_setup_mini.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3920"C:\Users\admin\AppData\Local\Temp\PCFC3D1.exe" "/FullInstallSrc=C:\Users\admin\AppData\Local\Temp\Baidu-PC-Faster-5.1.3.131061.exe" /UrlIni=PCFC47E.tmp /REPORT_CLASS_TYPE=0 "/sid=Mini"C:\Users\admin\AppData\Local\Temp\PCFC3D1.exePC_Faster_Setup_Mini.exe
User:
admin
Company:
Baidu Inc.
Integrity Level:
HIGH
Description:
Baidu PC Faster MiniSetup
Exit code:
0
Version:
4,0,0,118310
Modules
Images
c:\users\admin\appdata\local\temp\pcfc3d1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
370
Read events
358
Write events
12
Delete events
0

Modification events

(PID) Process:(3044) Baidu-PC-Faster-5.1.3.131061.exeKey:HKEY_CURRENT_USER\Software\Baidu Security\PC Faster
Operation:writeName:pcfaster-guid
Value:
7fb6e5ba-0c9c-420a-8136-056850b43ce7
(PID) Process:(3044) Baidu-PC-Faster-5.1.3.131061.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Users\admin\AppData\Local\Temp\nseC172.tmp\BHips.dll
(PID) Process:(3920) PCFC3D1.exeKey:HKEY_CURRENT_USER\Software\Baidu Security\PC Faster
Operation:writeName:pcfaster-id
Value:
S-1-5-21-1302019708-1500728564-335382590-1000#5254004A04AF
(PID) Process:(3920) PCFC3D1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing
Operation:writeName:C:\ProgramData\Baidu Security\RpData\rpFile-PCFC3D1-2019-08-19 08-23-48-0104-[11350].dat
Value:
http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi
(PID) Process:(3920) PCFC3D1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing
Operation:writeName:C:\ProgramData\Baidu Security\RpData\rpFile-PCFC3D1-2019-08-19 08-23-48-0187-[11350].dat
Value:
http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi
Executable files
9
Suspicious files
2
Text files
17
Unknown types
0

Dropped files

PID
Process
Filename
Type
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\admin\AppData\Local\Temp\nseC172.tmp\LogReporter.exe
MD5:
SHA256:
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\admin\AppData\Local\Temp\nseC172.tmp\DataReport.dll
MD5:
SHA256:
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\admin\AppData\Local\Temp\nszC152.tmp
MD5:
SHA256:
3920PCFC3D1.exeC:\Users\admin\AppData\Local\Temp\pcfC4EB.tmp
MD5:
SHA256:
3920PCFC3D1.exeC:\ProgramData\Baidu Security\RpData\rpFile-PCFC3D1-2019-08-19 08-23-48-0104-[11350].tmp
MD5:
SHA256:
3920PCFC3D1.exeC:\ProgramData\Baidu Security\RpData\rpFile-PCFC3D1-2019-08-19 08-23-48-0187-[11350].tmp
MD5:
SHA256:
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\admin\AppData\Local\Temp\nseC172.tmp\log2.dllexecutable
MD5:175EA664F62CDC31949D29A9A3ECD4F2
SHA256:1980BFF5D376F07C7F01A6301F60D2012A90E84C2F9095EF4C1DEF3CBFCBE25B
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\admin\AppData\Local\Temp\nseC172.tmp\InstallCheck.dllexecutable
MD5:0113B5401128D49B6B0DF587A389EB1E
SHA256:32252B067353F187BCBBF59F3A13936C34CB3A390DC1A5F5D0774E17B11C4A32
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\admin\AppData\Local\Temp\nseC172.tmp\InstallUtility.logtext
MD5:
SHA256:
3044Baidu-PC-Faster-5.1.3.131061.exeC:\Users\Public\Documents\Baidu\Common\I18N\conf.dbtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

Domain
IP
Reputation
sync.pcfaster.baidu.com.eg
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Baidu-PC-Faster-5.1.3.131061.exe