File name:

lua51.dll

Full analysis: https://app.any.run/tasks/3dec455a-2d77-4632-8e1f-a4e8cf176572
Verdict: Malicious activity
Analysis date: January 18, 2024, 10:29:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5:

7FA818F532EFFD80CF7C1C54676E5A0D

SHA1:

05CE44C8D0672C9F3CE66436C592442377E69DBA

SHA256:

1C2D1BA8425139D45DE89192D2AE4982E9581F8AE0F22B8497AA0055080237CA

SSDEEP:

192:En9bwibw7JYkjcyFZNcvqr0Py3v7u8meG1+mlXzI+eN1qyOd8cw/RsT9QwHzBDkN:En9ZPvqr0uzu8meYyOd8cqsT9QwHFYf1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • rundll32.exe (PID: 128)

  • SUSPICIOUS

    • Reads the Internet Settings

      • filezilla.exe (PID: 2076)

    • Reads settings of System Certificates

      • filezilla.exe (PID: 2076)

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2036)
      • filezilla.exe (PID: 2076)

    • Checks supported languages

      • filezilla.exe (PID: 2076)
      • wmpnscfg.exe (PID: 2036)

    • Reads the computer name

      • filezilla.exe (PID: 2076)
      • wmpnscfg.exe (PID: 2036)

    • Creates files or folders in the user directory

      • filezilla.exe (PID: 2076)

    • Reads the machine GUID from the registry

      • filezilla.exe (PID: 2076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:08:28 20:04:40+02:00
ImageFileCharacteristics: Executable, 32-bit, DLL
PEType: PE32
LinkerVersion: 8
CodeSize: 1024
InitializedDataSize: 9216
UninitializedDataSize: -
EntryPoint: 0x0000
OSVersion: 4
ImageVersion: 5.1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.1.4.0
ProductVersionNumber: 5.1.4.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: www.lua.org
CompanyName: Lua.org
FileDescription: Lua Language Run Time
FileVersion: 5.1.4
LegalCopyright: Copyright © 1994-2008 Lua.org, PUC-Rio.
OriginalFileName: lua5.1.dll
ProductName: Lua - The Programming Language
ProductVersion: 5.1.4
PrivateBuild: Build by Tecgraf/PUC-Rio for LuaBinaries
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs wmpnscfg.exe no specs filezilla.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Windows\System32\rundll32.exe" "C:\Users\admin\AppData\Local\Temp\lua51.dll", #1C:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2036"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Program Files\FileZilla FTP Client\filezilla.exe" C:\Program Files\FileZilla FTP Client\filezilla.exeexplorer.exe
User:
admin
Company:
FileZilla Project
Integrity Level:
MEDIUM
Description:
FileZilla FTP Client
Exit code:
0
Version:
3, 65, 0, 0
Modules
Images
c:\program files\filezilla ftp client\filezilla.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\filezilla ftp client\libfzclient-commonui-private-3-65-0.dll
c:\program files\filezilla ftp client\libfzclient-private-3-65-0.dll
c:\program files\filezilla ftp client\libfilezilla-40.dll
c:\program files\filezilla ftp client\libgmp-10.dll
c:\windows\system32\msvcrt.dll
c:\program files\filezilla ftp client\libgcc_s_dw2-1.dll
Total events
2 703
Read events
2 678
Write events
24
Delete events
1

Modification events

(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
06000000000000000B0000000100000002000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0200000006000000000000000B00000001000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_FolderType
Value:
{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_TopViewID
Value:
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_TopViewVersion
Value:
0
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2076) filezilla.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Operation:delete valueName:4
Value:
660069006C0065007A0069006C006C0061002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003801000061000000B803000041020000000000000000000000000000000000000100000000000000
(PID) Process:(2076) filezilla.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Operation:writeName:MRUListEx
Value:
02000000030000000000000001000000FFFFFFFF
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Operation:writeName:Mode
Value:
4
Executable files
0
Suspicious files
0
Text files
28
Unknown types
0

Dropped files

PID
Process
Filename
Type
2076filezilla.exeC:\Users\admin\AppData\Roaming\FileZilla\layout.xmlxml
MD5:2C67357412FE5428D2EB67E2178925FA
SHA256:6E8BEE236C7BB6E2CD249AF7449B0F08AFCEBEBE4140CF818750E4489D570B69
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_leds24x24.pngimage
MD5:3CDB1F496431271DB6C442BC0DFA4C87
SHA256:E9DB40BC4ACAF1B3D7C9262B6EB616C8C29DB3E34D4006443D36F1794553330E
2076filezilla.exeC:\Users\admin\AppData\Roaming\FileZilla\layout.xml~xml
MD5:2C67357412FE5428D2EB67E2178925FA
SHA256:6E8BEE236C7BB6E2CD249AF7449B0F08AFCEBEBE4140CF818750E4489D570B69
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_refresh20x20.pngimage
MD5:4200F34DDE6326197C308F620DE40E17
SHA256:81FAD4C1D3BB7678FCD32B29DCF113B4AB869653C4A31EDEF61EC560CFD1D5B5
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_speedlimits16x16.pngimage
MD5:EF56A56C6385B8E73B8DF483FB2B7286
SHA256:8C31386474FBFEC93A303DF0ED1B2D6029CFFD648604A1FB91A9969107D2186F
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_logview20x20.pngimage
MD5:7CDD1BBF7FF3DDABA37B94B3A8844EFA
SHA256:682ADA4732A0D9282BA25B65C17D5C487DEA484A95E04E5C50E5C3FB2550F0F6
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_localtreeview20x20.pngimage
MD5:6F1521A05994C29F5DB6711A2A56E25A
SHA256:C0B2F0998B11BFBC0D5EE0FBCA3320CC79A5AF5DF16800F7EDAAB99C7AF0949F
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_queueview20x20.pngimage
MD5:FF1A0CACBDBCADD77C43F9E245345755
SHA256:281C277F9144F6E43BFFCEF5AD6888E9B8356AACAD75292DB364EA23BF2818C1
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_remotetreeview20x20.pngimage
MD5:6C92B93B3D359862261CA013F82A67B9
SHA256:C9FB39828A6523088FACF944E2DA8BB2844D902C23BF37CBD9A855B316E507D6
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_sitemanager20x20.pngimage
MD5:0DA3E808ABE002C20B4451F5D0F2990F
SHA256:6B2CE84C384134C13BCDBF03F3163EBD9B59E6E40D5A881DF02A2B671F8F12A1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lua51.dll