File name:

lua51.dll

Full analysis: https://app.any.run/tasks/3dec455a-2d77-4632-8e1f-a4e8cf176572
Verdict: Malicious activity
Analysis date: January 18, 2024, 10:29:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5:

7FA818F532EFFD80CF7C1C54676E5A0D

SHA1:

05CE44C8D0672C9F3CE66436C592442377E69DBA

SHA256:

1C2D1BA8425139D45DE89192D2AE4982E9581F8AE0F22B8497AA0055080237CA

SSDEEP:

192:En9bwibw7JYkjcyFZNcvqr0Py3v7u8meG1+mlXzI+eN1qyOd8cw/RsT9QwHzBDkN:En9ZPvqr0uzu8meYyOd8cqsT9QwHFYf1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • rundll32.exe (PID: 128)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • filezilla.exe (PID: 2076)

    • Reads the Internet Settings

      • filezilla.exe (PID: 2076)

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 2036)
      • filezilla.exe (PID: 2076)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2036)
      • filezilla.exe (PID: 2076)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2036)
      • filezilla.exe (PID: 2076)

    • Reads the machine GUID from the registry

      • filezilla.exe (PID: 2076)

    • Creates files or folders in the user directory

      • filezilla.exe (PID: 2076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:08:28 20:04:40+02:00
ImageFileCharacteristics: Executable, 32-bit, DLL
PEType: PE32
LinkerVersion: 8
CodeSize: 1024
InitializedDataSize: 9216
UninitializedDataSize: -
EntryPoint: 0x0000
OSVersion: 4
ImageVersion: 5.1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.1.4.0
ProductVersionNumber: 5.1.4.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: www.lua.org
CompanyName: Lua.org
FileDescription: Lua Language Run Time
FileVersion: 5.1.4
LegalCopyright: Copyright © 1994-2008 Lua.org, PUC-Rio.
OriginalFileName: lua5.1.dll
ProductName: Lua - The Programming Language
ProductVersion: 5.1.4
PrivateBuild: Build by Tecgraf/PUC-Rio for LuaBinaries
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs wmpnscfg.exe no specs filezilla.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Windows\System32\rundll32.exe" "C:\Users\admin\AppData\Local\Temp\lua51.dll", #1C:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2036"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Program Files\FileZilla FTP Client\filezilla.exe" C:\Program Files\FileZilla FTP Client\filezilla.exeexplorer.exe
User:
admin
Company:
FileZilla Project
Integrity Level:
MEDIUM
Description:
FileZilla FTP Client
Exit code:
0
Version:
3, 65, 0, 0
Modules
Images
c:\program files\filezilla ftp client\filezilla.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\filezilla ftp client\libfzclient-commonui-private-3-65-0.dll
c:\program files\filezilla ftp client\libfzclient-private-3-65-0.dll
c:\program files\filezilla ftp client\libfilezilla-40.dll
c:\program files\filezilla ftp client\libgmp-10.dll
c:\windows\system32\msvcrt.dll
c:\program files\filezilla ftp client\libgcc_s_dw2-1.dll
Total events
2 703
Read events
2 678
Write events
24
Delete events
1

Modification events

(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
06000000000000000B0000000100000002000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0200000006000000000000000B00000001000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_FolderType
Value:
{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_TopViewID
Value:
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_TopViewVersion
Value:
0
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2076) filezilla.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Operation:delete valueName:4
Value:
660069006C0065007A0069006C006C0061002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003801000061000000B803000041020000000000000000000000000000000000000100000000000000
(PID) Process:(2076) filezilla.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Operation:writeName:MRUListEx
Value:
02000000030000000000000001000000FFFFFFFF
(PID) Process:(2076) filezilla.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Operation:writeName:Mode
Value:
4
Executable files
0
Suspicious files
0
Text files
28
Unknown types
0

Dropped files

PID
Process
Filename
Type
2076filezilla.exeC:\Users\admin\AppData\Roaming\FileZilla\layout.xmlxml
MD5:2C67357412FE5428D2EB67E2178925FA
SHA256:6E8BEE236C7BB6E2CD249AF7449B0F08AFCEBEBE4140CF818750E4489D570B69
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_localtreeview20x20.pngimage
MD5:6F1521A05994C29F5DB6711A2A56E25A
SHA256:C0B2F0998B11BFBC0D5EE0FBCA3320CC79A5AF5DF16800F7EDAAB99C7AF0949F
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_reconnect20x20.pngimage
MD5:0AFE55D6CF1766E96B09E7CA9A663FF5
SHA256:4911B7816BD68BE298B77F97B9042643A1353826ED74A98B4B1549A225370D9A
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_disconnect20x20.pngimage
MD5:83A9C5C3B1F35ED0831BF7DDD4C770B9
SHA256:B8AE6364C0E09631E8585ECC9CCBD18FC4A34AA5E46C3C5F7B9B94D0B02470A4
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_leds24x24.pngimage
MD5:3CDB1F496431271DB6C442BC0DFA4C87
SHA256:E9DB40BC4ACAF1B3D7C9262B6EB616C8C29DB3E34D4006443D36F1794553330E
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_cancel20x20.pngimage
MD5:6BE7EED3137A96DACD17950450172DA7
SHA256:16DE9E9B70D7972B3A23116EA4D32E3E6F289A2B1516B5D8CE66883680CCF6FD
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_processqueue20x20.pngimage
MD5:8981536CE9B6CA800D4AA3E1531F5E18
SHA256:FDF9033E11E9A2573320A4012154D4014AD288C3F6528079F22379566BE75D55
2076filezilla.exeC:\Users\admin\AppData\Roaming\FileZilla\layout.xml~xml
MD5:2C67357412FE5428D2EB67E2178925FA
SHA256:6E8BEE236C7BB6E2CD249AF7449B0F08AFCEBEBE4140CF818750E4489D570B69
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_compare20x20.pngimage
MD5:201C6814F606B793972A50C90E5969FF
SHA256:45A3DE04CAA4F2829AAF8AA3997D7514AB7A71DEF54510D78847779E7767ACDC
2076filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_synchronize20x20.pngimage
MD5:18A1FD4D78B7875FF7A41FACDDEBABD5
SHA256:51ECA3CFC0917F0CB8B439AE7BF55525924A9E12083A078D8C9422B1B0B2CE47
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lua51.dll