File name: | OperaGXSetup.exe |
Full analysis: | https://app.any.run/tasks/4e4f35b5-ead3-433b-ba6b-109f70a27006 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2023, 19:39:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5: | 2D1079B9CB21A2CDB56799C2601A4F57 |
SHA1: | DE7642E21B26CD2110B5587C5BABE6D3E913808D |
SHA256: | 0F7C489C79CFFBD581CFBB32FB066C223F8DE1FF30F71E129D0F4DE34ED532AB |
SSDEEP: | 98304:vPxoH1bw2wniA9q7hbBLKeqV9PdDOAz9ulhDAtmLPUFOOY961QdOjcXSnoJQ:vJcb+Zq7hbyVbPtmhOGOtT |
.exe | | | Generic Win/DOS Executable (50) |
---|---|---|
.exe | | | DOS Executable Generic (49.9) |
ProductVersion: | 96.0.4693.127 |
---|---|
ProductName: | Opera GX Installer |
LegalCopyright: | Copyright Opera Software 2023 |
InternalName: | Opera GX |
FileVersion: | 96.0.4693.127 |
FileDescription: | Opera GX Installer |
CompanyName: | Opera Software |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 96.0.4693.127 |
FileVersionNumber: | 96.0.4693.127 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x5e2e70 |
UninitializedDataSize: | 2588672 |
InitializedDataSize: | 16384 |
CodeSize: | 3584000 |
LinkerVersion: | 14 |
PEType: | PE32 |
ImageFileCharacteristics: | Executable, Large address aware, 32-bit |
TimeStamp: | 2023:03:28 15:34:35+00:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 28-Mar-2023 15:34:35 |
Detected languages: |
|
CompanyName: | Opera Software |
FileDescription: | Opera GX Installer |
FileVersion: | 96.0.4693.127 |
InternalName: | Opera GX |
LegalCopyright: | Copyright Opera Software 2023 |
ProductName: | Opera GX Installer |
ProductVersion: | 96.0.4693.127 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0078 |
Pages in file: | 0x0001 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0x0000 |
Initial SS value: | 0x0000 |
Initial SP value: | 0x0000 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000078 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 28-Mar-2023 15:34:35 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x00278000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
UPX1 | 0x00279000 | 0x0036B000 | 0x0036A200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.7771 |
.rsrc | 0x005E4000 | 0x00004000 | 0x00003200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.30527 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.34927 | 978 | Latin 1 / Western European | English - United States | RT_MANIFEST |
132 | 5.27193 | 40 | Latin 1 / Western European | English - United States | TXT |
140 | 7.69054 | 11540 | Latin 1 / Western European | English - United States | TXT |
141 | 7.46366 | 1267 | Latin 1 / Western European | English - United States | PNG |
142 | 7.43993 | 1508 | Latin 1 / Western European | English - United States | PNG |
143 | 7.57355 | 1792 | Latin 1 / Western European | English - United States | PNG |
144 | 7.68251 | 2370 | Latin 1 / Western European | English - United States | PNG |
145 | 7.70518 | 11540 | Latin 1 / Western European | English - United States | TXT |
146 | 7.74528 | 52724 | Latin 1 / Western European | English - United States | TXT |
147 | 7.70817 | 52724 | Latin 1 / Western European | English - United States | TXT |
COMCTL32.dll |
KERNEL32.DLL |
USER32.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2668 | "C:\Users\admin\AppData\Local\Temp\OperaGXSetup.exe" | C:\Users\admin\AppData\Local\Temp\OperaGXSetup.exe | explorer.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera GX Installer Version: 96.0.4693.127 Modules
| |||||||||||||||
3060 | C:\Users\admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=96.0.4693.127 --initial-client-data=0x178,0x17c,0x180,0x14c,0x184,0x6ceea4b0,0x6ceea4c0,0x6ceea4cc | C:\Users\admin\AppData\Local\Temp\OperaGXSetup.exe | OperaGXSetup.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera GX Installer Version: 96.0.4693.127 Modules
| |||||||||||||||
3116 | "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version | C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe | OperaGXSetup.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera GX Installer Exit code: 0 Version: 96.0.4693.127 Modules
|
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 460000003D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (2668) OperaGXSetup.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_4951C995B7E4D893C4215525FE046100 | binary | |
MD5:25EEE5F200FBCBAB067290A070C1B983 | SHA256:6D9871F82E7ACE3606B89EB5112099E4FBC45EBD6D74E9134777E8058B1E5F9C | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat | binary | |
MD5:0183B32A6640425DE97AA2CBD967DAA8 | SHA256:42E9478FACB58A41EE17CF6860A707EC626DC867029FD414772BF95317138248 | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\Local\Temp\Opera_installer_2303311939189422668.dll | executable | |
MD5:1CF4908922FF2DE82DFCC53695DB91CE | SHA256:D4504F4874884779CC23606A9B219E442AB38E49E9F8F7C7FFE8B51D45D76592 | |||
3060 | OperaGXSetup.exe | C:\Users\admin\AppData\Local\Temp\Opera_installer_2303311939191143060.dll | executable | |
MD5:1CF4908922FF2DE82DFCC53695DB91CE | SHA256:D4504F4874884779CC23606A9B219E442AB38E49E9F8F7C7FFE8B51D45D76592 | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565 | binary | |
MD5:F3235AA4C0FBB7602215BF6D1E257DDD | SHA256:DDC3F194EC7860FA6B34728432481542B227F4F1C708C6DE002E90C61CAD6223 | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe | executable | |
MD5:2D1079B9CB21A2CDB56799C2601A4F57 | SHA256:0F7C489C79CFFBD581CFBB32FB066C223F8DE1FF30F71E129D0F4DE34ED532AB | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:EEA3E5E6993311D7CAEA322ECA95CF3F | SHA256:DFB994A6FAFD5C0670772CD1D3FE202698134FE6048E6F42F6FE03DF67239968 | |||
3116 | OperaGXSetup.exe | C:\Users\admin\AppData\Local\Temp\Opera_installer_2303311939193803116.dll | executable | |
MD5:1CF4908922FF2DE82DFCC53695DB91CE | SHA256:D4504F4874884779CC23606A9B219E442AB38E49E9F8F7C7FFE8B51D45D76592 | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_4951C995B7E4D893C4215525FE046100 | der | |
MD5:4FF5005D657E2CF17B5501B004E8B0CD | SHA256:4729A41CABDF185EC4413ED883A4453FC4D9F991E63AB8E7B2EC867239DECA66 | |||
2668 | OperaGXSetup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565 | der | |
MD5:84B1F477C90DBEB15A36B2CCAC368A13 | SHA256:00AF63B52D5AB007911925C905AF313AEFB5F6B61E8DFD17BED35ABF8B0786EF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2668 | OperaGXSetup.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D | US | der | 471 b | whitelisted |
2668 | OperaGXSetup.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAkWPlmkY2sM4Y0QWNg2lJM%3D | US | der | 313 b | whitelisted |
2668 | OperaGXSetup.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAonX%2BcE1u7LI9XNW0saTgQ%3D | US | der | 471 b | whitelisted |
2668 | OperaGXSetup.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d6feabe791fc9d3c | US | compressed | 4.70 Kb | whitelisted |
2668 | OperaGXSetup.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2668 | OperaGXSetup.exe | 82.145.216.16:443 | features.opera-api2.com | Opera Software AS | NO | suspicious |
2668 | OperaGXSetup.exe | 82.145.216.15:443 | features.opera-api2.com | Opera Software AS | NO | suspicious |
2668 | OperaGXSetup.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
2668 | OperaGXSetup.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
2668 | OperaGXSetup.exe | 185.26.182.117:443 | download.opera.com | Opera Software AS | — | unknown |
2668 | OperaGXSetup.exe | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | Opera Software AS | NO | suspicious |
2668 | OperaGXSetup.exe | 185.26.182.123:443 | autoupdate.geo.opera.com | Opera Software AS | — | suspicious |
2668 | OperaGXSetup.exe | 185.26.182.124:443 | autoupdate.geo.opera.com | Opera Software AS | — | suspicious |
2668 | OperaGXSetup.exe | 185.26.182.122:443 | download.opera.com | Opera Software AS | — | unknown |
2668 | OperaGXSetup.exe | 104.18.2.211:443 | download5.operacdn.com | CLOUDFLARENET | — | unknown |
Domain | IP | Reputation |
---|---|---|
desktop-netinstaller-sub.osp.opera.software |
| whitelisted |
autoupdate.geo.opera.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
features.opera-api2.com |
| malicious |
download.opera.com |
| whitelisted |
download5.operacdn.com |
| suspicious |