File name:

IdeaShare Key.exe

Full analysis: https://app.any.run/tasks/4426ee9f-413d-4062-b49f-825b503bcd3b
Verdict: Malicious activity
Analysis date: June 12, 2024, 17:12:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

4D7B7F447ECF5B7F5C94ECDE378875D5

SHA1:

136683B42B25753BAFE134F2E298C7C5A0C32C83

SHA256:

1CAEC4568038C91278843FC4E18AE2DD67179EC2A3139C14338CEC33AF2A112C

SSDEEP:

98304:gxYDWMCh49GpSioSiDLnKejDy/LcvAl8G46vRfg9VXaugaNQcYCYbPZRnGaaqM/k:wFOru

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • IdeaShare Key.exe (PID: 4084)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • IdeaShare Key.exe (PID: 4084)

    • Executable content was dropped or overwritten

      • IdeaShare Key.exe (PID: 4084)

  • INFO

    • Checks supported languages

      • IdeaShare Key.exe (PID: 4084)
      • IdeaShareKeyForm.exe (PID: 1020)

    • Reads the computer name

      • IdeaShare Key.exe (PID: 4084)
      • IdeaShareKeyForm.exe (PID: 1020)

    • Creates files or folders in the user directory

      • IdeaShare Key.exe (PID: 4084)
      • IdeaShareKeyForm.exe (PID: 1020)

    • Reads the machine GUID from the registry

      • IdeaShareKeyForm.exe (PID: 1020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:12:17 06:46:04+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 30720
InitializedDataSize: 442880
UninitializedDataSize: 16896
EntryPoint: 0x38a8
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 7.2.1.9
ProductVersionNumber: 7.2.1.9
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: IdeaShare Key
FileDescription: IdeaShare Key
FileVersion: 7.02.1.09
ProductName: IdeaShare Key
ProductVersion: 7.02.1.09
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ideashare key.exe ideasharekeyform.exe ideashare key.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1020"C:\Users\admin\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe"C:\Users\admin\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
IdeaShare Key.exe
User:
admin
Company:
Huawei Technologies Co., Ltd.
Integrity Level:
HIGH
Description:
IdeaShareKeyForm
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\ideasharekey\ideasharekeyform.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\ideasharekey\qtsingleapp.dll
c:\users\admin\appdata\local\ideasharekey\qt5widgets.dll
c:\users\admin\appdata\local\ideasharekey\qt5gui.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dxgi.dll
3972"C:\Users\admin\AppData\Local\Temp\IdeaShare Key.exe" C:\Users\admin\AppData\Local\Temp\IdeaShare Key.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
IdeaShare Key
Exit code:
3221226540
Version:
7.02.1.09
Modules
Images
c:\users\admin\appdata\local\temp\ideashare key.exe
c:\windows\system32\ntdll.dll
4084"C:\Users\admin\AppData\Local\Temp\IdeaShare Key.exe" C:\Users\admin\AppData\Local\Temp\IdeaShare Key.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
IdeaShare Key
Exit code:
0
Version:
7.02.1.09
Modules
Images
c:\users\admin\appdata\local\temp\ideashare key.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 436
Read events
2 435
Write events
1
Delete events
0

Modification events

(PID) Process:(1020) IdeaShareKeyForm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
IdeaShareKeyForm.exe
Executable files
8
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\platforms\qwindows.dllexecutable
MD5:9172F1F83AFE72904A82FE3425F8017F
SHA256:DBBF2C895BAB5887A52DB4A6E24737BAF5F1CF066FEA73ADF86402660B7AF73D
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\log\insit.logtext
MD5:2E780E11BF957CCD98B71B5945FA261F
SHA256:9596A65B00D8C31C534C8FD6E6526B1D311F7ED5D8B33ACEF34CDE713B1EE8FF
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exeexecutable
MD5:87454FF47380B260CF1293D604587B2E
SHA256:36DD0E53963C973B7782248F83CAC003CE67486CD77C71C7347EB7DF2EE32E81
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\Qt5Gui.dllexecutable
MD5:BCD8DF57A00553467884C6BF5AA2A00D
SHA256:4660E18109B1ACF47582D38267E968A85CA423DFFE9B8F169B230008C1E251CB
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\Qt5Network.dllexecutable
MD5:D3F5C11E51F8CF84932BA6BE5A913873
SHA256:6C63DDA86B609AB34A3A38916CEAE9C9F53439329C218502CF09A1A5451C50A0
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\Qt5Core.dllexecutable
MD5:14513C10F87FD2AD9BA8798408E6A6D0
SHA256:A0F832EDBAB0114A52DED288AEE9E557C3F29B00A6D687EEBCCA19D2BCC08383
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\Qt5Widgets.dllexecutable
MD5:B548A6CF2E028817A85871F15BDCB4CC
SHA256:9C5BB61F733E9D097BBE816037660C5DCCA0732AEB2A09AA5B6239C89FEA8C9C
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\msvcp140_1.dllexecutable
MD5:82DE3A54A3717428313815FD02D73429
SHA256:A6772FAA62212D1EAFBEA2F6E6C20012F950360683BC3A6DEB70C07775558EC8
4084IdeaShare Key.exeC:\Users\admin\AppData\Local\IdeaShareKey\QtSingleApp.dllexecutable
MD5:E04BC3BCAE5D70D65B3A736E93BBF9CE
SHA256:3808B258FBD33B4130883C4EC694CF607246A81F940F94D0A67E02E7D98C9984
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
IdeaShareKeyForm.exe
QObject::connect: No such signal QDesktopWidget::primaryScreenChanged(QScreen *)
IdeaShareKeyForm.exe
QObject::connect: (sender name: 'desktop')
IdeaShareKeyForm.exe
QObject::connect: (receiver name: 'Widget')
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IdeaShare Key.exe