File name:

Uploader.exe

Full analysis: https://app.any.run/tasks/30626a6f-f95c-4983-971a-b846ba534f62
Verdict: Malicious activity
Analysis date: May 10, 2024, 13:30:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1CEC9A3158A470F53F84B837B6E7D658

SHA1:

22F874A033B542AAF0D40158CB17C91E8E835ED2

SHA256:

13B8F51DBF344063326F811E6C82ECA08767B2FD56FB4449CA22C6B690A4EA91

SSDEEP:

98304:0at/0SdpmYs/Nf4HhSjrckztFmG5Zmy+XerxuU3uvm3A2c8DwRosU/jxKa359bhA:N3eKaB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Uploader.exe (PID: 3964)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Uploader.exe (PID: 3964)

  • INFO

    • Checks supported languages

      • Uploader.exe (PID: 3964)

    • Reads mouse settings

      • Uploader.exe (PID: 3964)

    • Create files in a temporary directory

      • Uploader.exe (PID: 3964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:15 13:50:45+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 581120
InitializedDataSize: 2159104
UninitializedDataSize: -
EntryPoint: 0x27f4a
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 3.0.0.3
ProductVersionNumber: 3.0.0.3
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Unicode
CompanyName: Avtec Inc.
FileDescription: Avtec Outpost Uploader Utility
FileVersion: 3.0.0.3
LegalCopyright: (c) Avtec Inc., 2018
ProductName: Avtec Outpost Uploader Utility
ProductVersion: 3.0.0.3
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start uploader.exe

Process information

PID
CMD
Path
Indicators
Parent process
3964"C:\Users\admin\AppData\Local\Temp\Uploader.exe" C:\Users\admin\AppData\Local\Temp\Uploader.exe
explorer.exe
User:
admin
Company:
Avtec Inc.
Integrity Level:
MEDIUM
Description:
Avtec Outpost Uploader Utility
Version:
3.0.0.3
Modules
Images
c:\users\admin\appdata\local\temp\uploader.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
Total events
133
Read events
133
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
3
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\aut4037.tmp
MD5:
SHA256:
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\Uploader Help.pdf
MD5:
SHA256:
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\aut4048.tmppdf
MD5:811DFA7040891253188FECCE25A2EA6D
SHA256:38CF649881F695558269877A09D16813C449A3F86991CE498407FA2283440031
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\Uploader.logtext
MD5:085FF2D2F31560CF059DCCB2D73D3FC3
SHA256:DC15263BD7E74999B1255D642E363376342A089841CDB10E1D79D9EFC77283E3
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\Uploader.initext
MD5:3118AB3197DA85ABCC030BE2CBEDFAB3
SHA256:A46BCB480AE49804EE8B694558BD868301A7D8F83FA0E4C422AB23DE325881A7
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\aut4144.tmpbinary
MD5:BDC97109695CAF36AE5D05AA54226A45
SHA256:DCC03D6EB9A37343BB242E2E3507B774901A93014213D657618108F974C4647C
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\ThirdParty\plink.exeexecutable
MD5:83ADE0CBFA45FAD4AB560365DFC779E8
SHA256:3984AE8DD6DF1196211232EB56393A4CE3A330508C5862C38EA3B8FAF8048072
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\aut40B6.tmpbinary
MD5:A49D976029AC8F9BF4107C75386846CD
SHA256:FAAB1AA06103716E07EBAB36B909ACCCA5755EC14851C89685366DD448698ADD
3964Uploader.exeC:\Users\admin\AppData\Local\Temp\ThirdParty\psftp.exeexecutable
MD5:9F0490C599DC81FAD16A6D30DFC1F9B0
SHA256:57D0F89D1A9F4DCBF0D8D2FF8CDA892358BE8142187E0FACA3FB4E383E39F289
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Uploader.exe