File name:

imyfone-lockwiper-android_setup-com_android.exe

Full analysis: https://app.any.run/tasks/0e49f00e-4381-4da0-93cf-f542149eab07
Verdict: Malicious activity
Analysis date: February 11, 2024, 20:19:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

C56897CD1F8149712BAFDA1448CB0818

SHA1:

8E733DA939EC46D5706287B48F7FE8BD36520329

SHA256:

1B80F367960A01A967E0A1227078BB2D3EFD55592E91D640003A75F687D098A5

SSDEEP:

98304:lg5E057nmBV0wb/Zd0Xwi1ZZ6UWVWe0XEeqO3vbq+HqnwrFUtPx8VuZCcbP2HyxU:vFYc1F8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

  • SUSPICIOUS

    • Reads the Internet Settings

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Reads settings of System Certificates

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

  • INFO

    • Checks supported languages

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Reads the computer name

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Reads Environment values

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Reads product name

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Creates files in the program directory

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Reads the software policy settings

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Checks proxy server information

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)

    • Reads the machine GUID from the registry

      • imyfone-lockwiper-android_setup-com_android.exe (PID: 3216)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:12:18 10:35:40+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 2118144
InitializedDataSize: 2534400
UninitializedDataSize: -
EntryPoint: 0x1bb644
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.3.0.1
ProductVersionNumber: 4.3.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: imyfone-lockwiper-android_setup-com_android.exe
FileVersion: 4.3.0.1
LegalCopyright: Copyright (C) 2024 iMyFone. All rights reserved.
ProductName: iMyFone LockWiper (Android)
ProductVersion: 4.3.0.1
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start imyfone-lockwiper-android_setup-com_android.exe imyfone-lockwiper-android_setup-com_android.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2472"C:\Users\admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_android.exe" C:\Users\admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_android.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
imyfone-lockwiper-android_setup-com_android.exe
Exit code:
3221226540
Version:
4.3.0.1
Modules
Images
c:\users\admin\appdata\local\temp\imyfone-lockwiper-android_setup-com_android.exe
c:\windows\system32\ntdll.dll
3216"C:\Users\admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_android.exe" C:\Users\admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_android.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
imyfone-lockwiper-android_setup-com_android.exe
Exit code:
0
Version:
4.3.0.1
Modules
Images
c:\users\admin\appdata\local\temp\imyfone-lockwiper-android_setup-com_android.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
3 448
Read events
3 421
Write events
20
Delete events
7

Modification events

(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\iMyfone\iMyfoneDown
Operation:writeName:GUID
Value:
3CF79D66-2A38-44ba-A869-3A4B9F791994
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(3216) imyfone-lockwiper-android_setup-com_android.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
Executable files
0
Suspicious files
0
Text files
64
Unknown types
0

Dropped files

PID
Process
Filename
Type
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Chinese\pr_2.pngimage
MD5:FA971B8C6649D6810356F0010AA3428A
SHA256:77EB60EB2D69CC57EC8F89163C6FBB3A06F0C7264414FC859C83A14A7194E203
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Chinese\pr_1.pngimage
MD5:CE20D55C446BB069A51CD53BA2E8C815
SHA256:DD4982542675238C74B94A24B4044D46D6A1DB8A52B15601841A87B3766755AA
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Dutch\pr_3.pngimage
MD5:45BAE5D0A90A80F08935B9631768E61C
SHA256:BB13C2E4BCD9E5BBB56A4CF88EF0661F12EC379E5FDB10B5010F71EA9C6075E8
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\English\pr_1.pngimage
MD5:EC84B98B5366976F23D02E24468CBF8A
SHA256:60CDAA366A05A8DD43D91F89D5E06B3E8991B4B42AF0ACEE769FC2720A3C92C6
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Dutch\pr_1.pngimage
MD5:9E5A3E164B6D86623EC84A19241F74E1
SHA256:F3EECB73C259C024DE4F3A6C69011FFCBE4428090855B81C7A12874EC6C691F5
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\English\pr_2.pngimage
MD5:A56AB015E87698AC32143FDE4ACFAB79
SHA256:DAF13DA1C4D4C31C0AB87A1B5DA348DBF52E861D6C3B795234B1F9C5D2C4B4CC
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Dutch\pr_2.pngimage
MD5:D9BD60E7AEAA07F34C489E1F1F99E0B5
SHA256:0CB2A92EB62F3CCDEA940DB52233043DAE214BF518B0A5B5F51035DD20EAAE0A
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Dutch\text.initext
MD5:E91527FA739430A527C4780939287038
SHA256:EBB37E16A4A0A8E6E9B6E56938D2FC5BC80426A31D417E5955A599D24AC7E375
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\Chinese\text.initext
MD5:FFAA64827526F852271561EDB07F4231
SHA256:C423B0871C13A26DCE9D179090C9ACC4EE48B24F17E8C3D1380D7BF4C63B0C6E
3216imyfone-lockwiper-android_setup-com_android.exeC:\Program Files\imyfone_down\imyfone-lockwiper-android_setup-com_android\language\English\text.initext
MD5:5B689680607828AF706A76BD4C9BC67A
SHA256:6F57FD7E3ECEE7F32497E376EEAD707C9F0F1554B606D451A11E455E2C404459
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
31
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3216
imyfone-lockwiper-android_setup-com_android.exe
HEAD
200
18.173.154.109:80
http://download.imyfone.com/lockwiperforandroid/imyfone-lockwiper-android.exe
unknown
unknown
3216
imyfone-lockwiper-android_setup-com_android.exe
GET
200
47.252.43.235:80
http://apipdm.imyfone.club/downloader/carousel?pid=36&lang=English
unknown
binary
450 b
unknown
3216
imyfone-lockwiper-android_setup-com_android.exe
GET
200
18.173.154.109:80
http://download.imyfone.com/downloaderCarousel/20231214/pd-657a70844ad7b.png
unknown
image
33.3 Kb
unknown
3216
imyfone-lockwiper-android_setup-com_android.exe
GET
200
18.173.154.109:80
http://download.imyfone.com/downloaderCarousel/20231214/pd-657a70858fa76.png
unknown
image
59.6 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
3216
imyfone-lockwiper-android_setup-com_android.exe
142.250.185.238:443
www.google-analytics.com
GOOGLE
US
whitelisted
3216
imyfone-lockwiper-android_setup-com_android.exe
47.252.43.235:443
apipdm.imyfone.club
Alibaba US Technology Co., Ltd.
US
unknown
3216
imyfone-lockwiper-android_setup-com_android.exe
18.173.154.109:443
download.imyfone.com
US
unknown
3216
imyfone-lockwiper-android_setup-com_android.exe
18.173.154.109:80
download.imyfone.com
US
unknown
3216
imyfone-lockwiper-android_setup-com_android.exe
47.252.43.235:80
apipdm.imyfone.club
Alibaba US Technology Co., Ltd.
US
unknown

DNS requests

Domain
IP
Reputation
www.google-analytics.com
  • 142.250.185.238
whitelisted
download.imyfone.com
  • 18.173.154.109
  • 18.173.154.4
  • 18.173.154.38
  • 18.173.154.24
whitelisted
apipdm.imyfone.club
  • 47.252.43.235
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
imyfone-lockwiper-android_setup-com_android.exe