download:

itube-studio_full1169.exe

Full analysis: https://app.any.run/tasks/eadc6734-e997-4083-b151-bf9fda84f133
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 09, 2021, 17:26:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
trojan
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

EDF84AAB7F20FA144BB01EA0625340BC

SHA1:

B683D4AAD9FC088E99F29693E822EBDDE8008EAF

SHA256:

180ABAAE38935529DAECA673FA9F31E5D664AD90D9F5E96DB462B1F15285AC82

SSDEEP:

12288:2w8Jiq97i32bkQoTHHYn5iwh6lcKHfgmWlWYwU0fClaLMiUtfvHB1+j/rPvB:aw9QoTQiwh6lcKHYm9Yw0WTUFvv+Dr3B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • itube-studio_full1169.tmp (PID: 1340)
      • Aimersoft Helper Compact.tmp (PID: 3712)

    • Application was dropped or rewritten from another process

      • itube-studio_full1169.exe (PID: 3492)
      • Aimersoft Helper Compact.exe (PID: 540)
      • ASHelper.exe (PID: 3600)
      • CreateLib.exe (PID: 1232)
      • KVYDUrlProtocol.exe (PID: 860)
      • URLReqService.exe (PID: 3964)
      • iTubeStudio.exe (PID: 3908)
      • PluginInstaller.exe (PID: 3708)
      • KVYDUrlProtocol.exe (PID: 2364)
      • ASHelper.exe (PID: 2824)
      • sniffer.exe (PID: 988)
      • iTubeStudioUpdateHelper.exe (PID: 2980)
      • kv_dr.exe (PID: 2076)

    • Drops executable file immediately after starts

      • itube-studio_full1169.tmp (PID: 1340)

    • Loads dropped or rewritten executable

      • ASHelper.exe (PID: 3600)
      • PluginInstaller.exe (PID: 3708)
      • iTubeStudio.exe (PID: 3908)
      • sniffer.exe (PID: 988)
      • iTubeStudioUpdateHelper.exe (PID: 2980)
      • kv_dr.exe (PID: 2076)

    • Changes settings of System certificates

      • itube-studio_full1169.tmp (PID: 1340)

    • Changes internet zones settings

      • itube-studio_full1169.tmp (PID: 1340)

    • Actions looks like stealing of personal data

      • kv_dr.exe (PID: 2076)

    • Steals credentials from Web Browsers

      • kv_dr.exe (PID: 2076)

  • SUSPICIOUS

    • Creates a directory in Program Files

      • itube-studio_full1169.tmp (PID: 1340)
      • Aimersoft Helper Compact.tmp (PID: 3712)
      • ASHelper.exe (PID: 3600)
      • iTubeStudio.exe (PID: 3908)
      • ASHelper.exe (PID: 2824)
      • sniffer.exe (PID: 988)
      • kv_dr.exe (PID: 2076)

    • Creates files in the user directory

      • itube-studio_full1169.tmp (PID: 1340)
      • CreateLib.exe (PID: 1232)
      • iTubeStudio.exe (PID: 3908)

    • Reads internet explorer settings

      • itube-studio_full1169.exe (PID: 3700)
      • iTubeStudio.exe (PID: 3908)

    • Low-level read access rights to disk partition

      • itube-studio_full1169.exe (PID: 3700)

    • Executable content was dropped or overwritten

      • itube-studio_full1169.exe (PID: 3492)
      • Aimersoft Helper Compact.exe (PID: 540)
      • Aimersoft Helper Compact.tmp (PID: 3712)
      • itube-studio_full1169.tmp (PID: 1340)
      • iTubeStudioUpdateHelper.exe (PID: 2980)

    • Reads Windows owner or organization settings

      • itube-studio_full1169.tmp (PID: 1340)

    • Reads the Windows organization settings

      • itube-studio_full1169.tmp (PID: 1340)

    • Drops a file with too old compile date

      • itube-studio_full1169.tmp (PID: 1340)
      • Aimersoft Helper Compact.exe (PID: 540)
      • Aimersoft Helper Compact.tmp (PID: 3712)

    • Drops a file that was compiled in debug mode

      • Aimersoft Helper Compact.tmp (PID: 3712)
      • itube-studio_full1169.tmp (PID: 1340)

    • Uses TASKKILL.EXE to kill Browsers

      • itube-studio_full1169.tmp (PID: 1340)

    • Uses TASKKILL.EXE to kill process

      • itube-studio_full1169.tmp (PID: 1340)

    • Adds / modifies Windows certificates

      • itube-studio_full1169.tmp (PID: 1340)

    • Starts Internet Explorer

      • itube-studio_full1169.exe (PID: 3700)

    • Changes default file association

      • KVYDUrlProtocol.exe (PID: 2364)

    • Loads Python modules

      • iTubeStudio.exe (PID: 3908)
      • sniffer.exe (PID: 988)
      • kv_dr.exe (PID: 2076)

    • Executed via COM

      • ASHelper.exe (PID: 2824)

    • Creates files in the program directory

      • ASHelper.exe (PID: 2824)
      • iTubeStudio.exe (PID: 3908)
      • iTubeStudioUpdateHelper.exe (PID: 2980)
      • sniffer.exe (PID: 988)
      • kv_dr.exe (PID: 2076)

    • Reads Environment values

      • iTubeStudio.exe (PID: 3908)
      • iTubeStudioUpdateHelper.exe (PID: 2980)

    • Reads the cookies of Google Chrome

      • kv_dr.exe (PID: 2076)

    • Reads the cookies of Mozilla Firefox

      • kv_dr.exe (PID: 2076)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3644)

  • INFO

    • Application was dropped or rewritten from another process

      • itube-studio_full1169.tmp (PID: 1340)
      • Aimersoft Helper Compact.tmp (PID: 3712)

    • Dropped object may contain TOR URL's

      • itube-studio_full1169.tmp (PID: 1340)
      • iTubeStudio.exe (PID: 3908)

    • Dropped object may contain Bitcoin addresses

      • itube-studio_full1169.tmp (PID: 1340)
      • iTubeStudio.exe (PID: 3908)
      • sniffer.exe (PID: 988)
      • chrome.exe (PID: 2168)

    • Loads dropped or rewritten executable

      • itube-studio_full1169.tmp (PID: 1340)
      • Aimersoft Helper Compact.tmp (PID: 3712)

    • Creates a software uninstall entry

      • itube-studio_full1169.tmp (PID: 1340)
      • Aimersoft Helper Compact.tmp (PID: 3712)

    • Creates files in the program directory

      • Aimersoft Helper Compact.tmp (PID: 3712)
      • itube-studio_full1169.tmp (PID: 1340)

    • Application launched itself

      • iexplore.exe (PID: 2708)
      • chrome.exe (PID: 2532)
      • chrome.exe (PID: 3644)

    • Changes internet zones settings

      • iexplore.exe (PID: 2708)

    • Creates files in the user directory

      • iexplore.exe (PID: 2560)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2560)
      • chrome.exe (PID: 1748)
      • iexplore.exe (PID: 2708)
      • iTubeStudio.exe (PID: 3908)
      • chrome.exe (PID: 1820)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2560)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2560)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2560)

    • Manual execution by user

      • chrome.exe (PID: 2532)
      • chrome.exe (PID: 3644)

    • Reads the hosts file

      • chrome.exe (PID: 2532)
      • chrome.exe (PID: 1748)
      • chrome.exe (PID: 3644)
      • chrome.exe (PID: 1820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (16.3)
.exe | Win64 Executable (generic) (14.5)
.dll | Win32 Dynamic Link Library (generic) (3.4)
.exe | Win32 Executable (generic) (2.3)

EXIF

EXE

ProductVersion: 7.1.2
ProductName: Aimersoft iTube Studio
LegalCopyright: Copyright©2017 AimerSoft. All rights reserved.
FileVersion: 2.0.9.2
FileDescription: aimersoft-itube-studio_setup_full1169.exe
CharacterSet: Unicode
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0017
ProductVersionNumber: 2.0.9.2
FileVersionNumber: 2.0.9.2
Subsystem: Windows GUI
SubsystemVersion: 5
ImageVersion: -
OSVersion: 5
EntryPoint: 0x51167
UninitializedDataSize: -
InitializedDataSize: 538112
CodeSize: 451072
LinkerVersion: 9
PEType: PE32
TimeStamp: 2018:06:01 05:42:12+02:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
90
Malicious processes
11
Suspicious processes
3

Behavior graph

Click at the process to see the details
download and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start itube-studio_full1169.exe nfwchk.exe no specs itube-studio_full1169.exe itube-studio_full1169.tmp taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs aimersoft helper compact.exe aimersoft helper compact.tmp ashelper.exe no specs createlib.exe no specs urlreqservice.exe no specs kvydurlprotocol.exe no specs plugininstaller.exe no specs kvydurlprotocol.exe no specs itubestudio.exe iexplore.exe iexplore.exe ashelper.exe sniffer.exe no specs itubestudioupdatehelper.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs kv_dr.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs itube-studio_full1169.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2986936793168772101,7543816733261698739,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5004865723668943963 --mojo-platform-channel-handle=3984 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
328"C:\Windows\system32\taskkill.exe" /F /IM WsConverter.exeC:\Windows\system32\taskkill.exeitube-studio_full1169.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
392"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,2986936793168772101,7543816733261698739,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10498542195136547152 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2986936793168772101,7543816733261698739,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1753236011197850157 --mojo-platform-channel-handle=3800 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
540"C:\Program Files\Aimersoft\Aimersoft iTube Studio\Aimersoft Helper Compact.exe" /VERYSILENTC:\Program Files\Aimersoft\Aimersoft iTube Studio\Aimersoft Helper Compact.exe
itube-studio_full1169.tmp
User:
admin
Company:
Aimersoft
Integrity Level:
HIGH
Description:
Aimersoft Helper Compact
Exit code:
0
Version:
2.5.2.3
Modules
Images
c:\program files\aimersoft\aimersoft itube studio\aimersoft helper compact.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
576"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,4940051251481283999,7493760333621727803,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=7734589557705944090 --mojo-platform-channel-handle=4064 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2986936793168772101,7543816733261698739,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=9756458036239205474 --mojo-platform-channel-handle=3704 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
656"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2986936793168772101,7543816733261698739,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5504363305477344716 --mojo-platform-channel-handle=2712 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
824"C:\Windows\system32\taskkill.exe" /F /IM iTubeStudio.exeC:\Windows\system32\taskkill.exeitube-studio_full1169.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
860"C:\Program Files\Aimersoft\Aimersoft iTube Studio\BrowserPlugin\KVYDUrlProtocol.exe"C:\Program Files\Aimersoft\Aimersoft iTube Studio\BrowserPlugin\KVYDUrlProtocol.exeitube-studio_full1169.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\aimersoft\aimersoft itube studio\browserplugin\kvydurlprotocol.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
2 763
Read events
2 225
Write events
522
Delete events
16

Modification events

(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WafCX
Operation:writeName:(default)
Value:
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WafCX
Operation:writeName:1169
Value:
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Aimersoft\Aimersoft Helper Compact
Operation:writeName:ClientSign
Value:
{C4BA3647-0000-0QM0-0001-1203334A04AF}
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Aimersoft\WAF
Operation:writeName:ClientSign
Value:
{C4BA3647-0000-0QM0-0001-1203334A04AF}
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3700) itube-studio_full1169.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
197
Suspicious files
129
Text files
1 998
Unknown types
1 251

Dropped files

PID
Process
Filename
Type
3700itube-studio_full1169.exeC:\Users\Public\Documents\Aimersoft\NFWCHK.exe
MD5:
SHA256:
3700itube-studio_full1169.exeC:\Users\Public\Documents\Aimersoft\NFWCHK.exe.config
MD5:
SHA256:
3700itube-studio_full1169.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\1169-20180601145035[1].htm
MD5:
SHA256:
3700itube-studio_full1169.exeC:\Users\Public\Documents\Aimersoft\itube-studio_full1169.exe.~P2S
MD5:
SHA256:
3700itube-studio_full1169.exeC:\Users\Public\Documents\Aimersoft\itube-studio_full1169.exe
MD5:
SHA256:
1340itube-studio_full1169.tmpC:\Program Files\Aimersoft\Aimersoft iTube Studio\is-I65QA.tmp
MD5:
SHA256:
1340itube-studio_full1169.tmpC:\Program Files\Aimersoft\Aimersoft iTube Studio\is-2MR47.tmp
MD5:
SHA256:
1340itube-studio_full1169.tmpC:\Program Files\Aimersoft\Aimersoft iTube Studio\is-02Q10.tmp
MD5:
SHA256:
1340itube-studio_full1169.tmpC:\Program Files\Aimersoft\Aimersoft iTube Studio\is-SD298.tmp
MD5:
SHA256:
1340itube-studio_full1169.tmpC:\Program Files\Aimersoft\Aimersoft iTube Studio\is-38OBM.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
114
TCP/UDP connections
182
DNS requests
81
Threats
20

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3700
itube-studio_full1169.exe
GET
2.16.186.82:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
whitelisted
3700
itube-studio_full1169.exe
GET
2.16.186.82:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
whitelisted
3700
itube-studio_full1169.exe
GET
200
47.91.67.36:80
http://platform.wondershare.com/rest/v2/downloader/runtime/?client_sign={C4BA3647-0000-0QM0-0001-1203334A04AF}&product_id=1169
US
xml
1.68 Kb
suspicious
3700
itube-studio_full1169.exe
GET
206
2.16.186.82:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
executable
6.61 Mb
whitelisted
3700
itube-studio_full1169.exe
GET
206
2.16.186.82:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
binary
6.61 Mb
whitelisted
3700
itube-studio_full1169.exe
GET
206
2.16.186.112:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
binary
6.61 Mb
whitelisted
3700
itube-studio_full1169.exe
GET
206
2.16.186.112:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
binary
6.61 Mb
whitelisted
3700
itube-studio_full1169.exe
HEAD
200
2.16.186.112:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
whitelisted
3700
itube-studio_full1169.exe
GET
47.91.67.36:80
http://dlinst.aimersoft.com/player/style/orbit-1.3.0.css
US
suspicious
3700
itube-studio_full1169.exe
HEAD
200
2.16.186.82:80
http://download.aimersoft.com/cbs_down/itube-studio_full1169.exe
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3700
itube-studio_full1169.exe
2.16.186.82:80
download.aimersoft.com
Akamai International B.V.
whitelisted
3700
itube-studio_full1169.exe
47.91.67.36:80
platform.wondershare.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
3700
itube-studio_full1169.exe
2.16.186.112:80
download.aimersoft.com
Akamai International B.V.
whitelisted
1340
itube-studio_full1169.tmp
47.91.76.37:80
cbs.aimersoft.com
Alibaba (China) Technology Co., Ltd.
US
malicious
47.91.67.36:80
platform.wondershare.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
2824
ASHelper.exe
47.91.67.36:80
platform.wondershare.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
1340
itube-studio_full1169.tmp
104.117.222.119:443
www.aimersoft.com
TPG Telecom Limited
US
unknown
2560
iexplore.exe
104.117.222.119:443
www.aimersoft.com
TPG Telecom Limited
US
unknown
2560
iexplore.exe
47.91.76.37:80
cbs.aimersoft.com
Alibaba (China) Technology Co., Ltd.
US
malicious
2560
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
platform.wondershare.com
  • 47.91.67.36
suspicious
download.aimersoft.com
  • 2.16.186.82
  • 2.16.186.112
whitelisted
dlinst.aimersoft.com
  • 47.91.67.36
suspicious
cbs.aimersoft.com
  • 47.91.76.37
  • 47.91.89.199
  • 47.91.91.66
  • 47.91.89.20
malicious
www.aimersoft.com
  • 104.117.222.119
malicious
platform.aimersoft.com
  • 47.91.67.36
suspicious
us.AimerSoft.com
unknown
www.google-analytics.com
  • 142.250.74.142
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
images.aimersoft.com
  • 104.117.222.119
malicious

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
Generic Protocol Command Decode
SURICATA HTTP Unexpected Request body
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
itube-studio_full1169.exe