File name:

YUMI-2.0.9.4.exe

Full analysis: https://app.any.run/tasks/920e7d4c-6898-4ee8-b46e-2e091d7f026f
Verdict: Malicious activity
Analysis date: November 18, 2023, 17:57:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

8D47F1F9FBBBE4F61ED13A461F6BCB75

SHA1:

7063D881EC2D0C7CF39AA5B2CB05BEB18FA74C44

SHA256:

168A7FD30817E07EFECBD1805FF1E8629A62BE137B74D0B77958472F0993D134

SSDEEP:

49152:FEtHEek1Py6RURqIA1Dqml/v55Ng69nZlh+y/aSh+q10yNHTJzNQRORZcYibBy6Y:FEtHhk1Py6+RqVOml/v57g69nZP+ySrk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • YUMI-2.0.9.4.exe (PID: 3228)

  • SUSPICIOUS

    • Drops 7-zip archiver for unpacking

      • YUMI-2.0.9.4.exe (PID: 3228)

  • INFO

    • Reads the computer name

      • YUMI-2.0.9.4.exe (PID: 3228)

    • Checks supported languages

      • YUMI-2.0.9.4.exe (PID: 3228)

    • Create files in a temporary directory

      • YUMI-2.0.9.4.exe (PID: 3228)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 04:44:18+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x35d8
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.9.4
ProductVersionNumber: 2.0.9.4
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: pendrivelinux.com
FileDescription: YUMI
FileVersion: 2.0.9.4
LegalCopyright: Copyright © Pendrivelinux.com
License: GPL Version 2
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start yumi-2.0.9.4.exe yumi-2.0.9.4.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3228"C:\Users\admin\Downloads\YUMI-2.0.9.4.exe" C:\Users\admin\Downloads\YUMI-2.0.9.4.exe
explorer.exe
User:
admin
Company:
pendrivelinux.com
Integrity Level:
HIGH
Description:
YUMI
Exit code:
0
Version:
2.0.9.4
Modules
Images
c:\users\admin\downloads\yumi-2.0.9.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3428"C:\Users\admin\Downloads\YUMI-2.0.9.4.exe" C:\Users\admin\Downloads\YUMI-2.0.9.4.exeexplorer.exe
User:
admin
Company:
pendrivelinux.com
Integrity Level:
MEDIUM
Description:
YUMI
Exit code:
3221226540
Version:
2.0.9.4
Modules
Images
c:\users\admin\downloads\yumi-2.0.9.4.exe
c:\windows\system32\ntdll.dll
Total events
656
Read events
656
Write events
0
Delete events
0

Modification events

No data
Executable files
13
Suspicious files
8
Text files
81
Unknown types
0

Dropped files

PID
Process
Filename
Type
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\dd-diskpart.txttext
MD5:814209DD3CB4F219B7986E32C24C2EEA
SHA256:28F37A21DA104E03755507864B19C253A012544568CB0A9884B9DF7EE90D226C
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\grubpart4.lsttext
MD5:B5FFE24A81C6C4C9B192C8298BD7A799
SHA256:CBB7CDFE105484FA3B05AC569AF0F7A1A9D394C307B85DCB5DCB70174C3F4E7E
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\diskpartdetach.txttext
MD5:7DB3A9D4C5E308EC27997829B50F0A9B
SHA256:F5AEB338A52788F9D58140A487C0BA9751879E207A234615A9EB75A1FECFC6FB
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\diskpart.txttext
MD5:C2DD6D67EABDC21CF599B6858432CA2A
SHA256:522E554325FCDAB06669173DB657F63F0CF9C475D12072248A738B2828D0CCC6
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\autounattend.xmlxml
MD5:B74F7534A1BA470DF96710174D6C2833
SHA256:3512102FB79F459B795F848F0DC57CDF949C4C9B56B4E110D7DF4C5D9D712478
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\w2gdiskpart.txttext
MD5:27460E6F2B35B067EE26BA5ED01CFC08
SHA256:C707E60918F4236E1F85416B7661DB0C37C7247552211B733D74340885CC7619
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\syslinux.exeexecutable
MD5:D2922AD355EA02A59E563F327521A888
SHA256:AC389246CD45E69C1E41F88EF87F4083A817A97E0FEAA153BA677CA703D36FAB
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\menu.lsttext
MD5:F6B99B9EBA2DE4EE84DBE31417EF496E
SHA256:23399EFF27F9C22E35D31D8629168D3885CE06A0EE45B863F2E251DF87A2776B
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\syslinux.cfgtext
MD5:E6A8A3509B9E931DB90ED2582CF12D9F
SHA256:A557583F6F67B6AE7D3AB04FC006E3A284F34F19F6F80EB297020700773C7C78
3228YUMI-2.0.9.4.exeC:\Users\admin\AppData\Local\Temp\nsy721A.tmp\UserInfo.dllexecutable
MD5:98FF85B635D9114A9F6A0CD7B9B649D0
SHA256:933F93A30CE44DF96CBC4AC0B56A8B02EE01DA27E4EA665D1D846357A8FCA8DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
YUMI-2.0.9.4.exe