File name: | e6f77ec185046251bb1a3eb9c899f886 |
Full analysis: | https://app.any.run/tasks/8fef6b3d-e6b0-4808-b101-aaa8b04e5eb7 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 09:21:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | E6F77EC185046251BB1A3EB9C899F886 |
SHA1: | 47570E9479CB50DF3ECC6278C31BDA3B3ED83253 |
SHA256: | 1EF264F85FDBE3D22E3887A5930971F47552973ADB06D787F3ADA97899E3B32E |
SSDEEP: | 49152:L7AxPHkce3WYILLIb/iCXgjJWI5D8qNKENjuphxXINSICqmHkwvCTv5S7:ynYaGiDjkI54+KBX+SIChkF |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
ProductName: | DriverFixer |
---|---|
LegalCopyright: | Copyright (c) 2019 6LOOP LIMITED |
FileVersion: | 3.0.0.1 |
FileDescription: | DriverFixer |
CompanyName: | - |
CharacterSet: | Windows, Latin1 |
LanguageCode: | Neutral |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 3.0.0.1 |
FileVersionNumber: | 3.0.0.1 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 6 |
OSVersion: | 4 |
EntryPoint: | 0x30fb |
UninitializedDataSize: | 1024 |
InitializedDataSize: | 120320 |
CodeSize: | 23552 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2016:04:02 05:20:05+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 02-Apr-2016 03:20:05 |
Detected languages: |
|
CompanyName: | - |
FileDescription: | DriverFixer |
FileVersion: | 3.0.0.1 |
LegalCopyright: | Copyright (c) 2019 6LOOP LIMITED |
ProductName: | DriverFixer |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000C8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 02-Apr-2016 03:20:05 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00005AEB | 0x00005C00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.42231 |
.rdata | 0x00007000 | 0x00001196 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.20292 |
.data | 0x00009000 | 0x0001B038 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.04751 |
.ndata | 0x00025000 | 0x0000A000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x0002F000 | 0x00005A18 | 0x00005C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.88366 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.21417 | 958 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 5.52074 | 4264 | UNKNOWN | English - United States | RT_ICON |
3 | 3.65393 | 2216 | UNKNOWN | English - United States | RT_ICON |
4 | 0 | 1384 | UNKNOWN | English - United States | RT_ICON |
5 | 0 | 1128 | UNKNOWN | English - United States | RT_ICON |
6 | 0 | 744 | UNKNOWN | English - United States | RT_ICON |
7 | 0 | 296 | UNKNOWN | English - United States | RT_ICON |
103 | 2.86993 | 104 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.69888 | 548 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.91148 | 248 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3044 | "C:\Users\admin\AppData\Local\Temp\e6f77ec185046251bb1a3eb9c899f886.exe" | C:\Users\admin\AppData\Local\Temp\e6f77ec185046251bb1a3eb9c899f886.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: DriverFixer Exit code: 3221226540 Version: 3.0.0.1 | ||||
2288 | "C:\Users\admin\AppData\Local\Temp\e6f77ec185046251bb1a3eb9c899f886.exe" | C:\Users\admin\AppData\Local\Temp\e6f77ec185046251bb1a3eb9c899f886.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: DriverFixer Exit code: 0 Version: 3.0.0.1 | ||||
3636 | "C:\Program Files\DriverFixer\Setup\drfixer_setup.exe" /S | C:\Program Files\DriverFixer\Setup\drfixer_setup.exe | e6f77ec185046251bb1a3eb9c899f886.exe | |
User: admin Company: 6LOOP LIMITED Integrity Level: HIGH Description: DriverFixer Exit code: 0 Version: 2.0.0.1 | ||||
2208 | "C:\Program Files\DriverFixer\helper.exe" -driverfixer.exe | C:\Program Files\DriverFixer\helper.exe | — | drfixer_setup.exe |
User: admin Company: 6LOOP LIMITED Integrity Level: HIGH Description: FirePlayer Uninstall Component Exit code: 0 Version: 1.0.0.1 | ||||
3168 | "C:\Program Files\DriverFixer\DriverFixer.exe" | C:\Program Files\DriverFixer\DriverFixer.exe | explorer.exe | |
User: admin Company: 6LOOP LIMITED Integrity Level: MEDIUM Description: DriverFixer Exit code: 0 Version: 1.0.0.2 | ||||
584 | "C:\Program Files\DriverFixer\DriverFixer.exe" /startScan | C:\Program Files\DriverFixer\DriverFixer.exe | DriverFixer.exe | |
User: admin Company: 6LOOP LIMITED Integrity Level: HIGH Description: DriverFixer Version: 1.0.0.2 | ||||
2620 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{18694d34-c33d-5211-6e15-51540cc05278}\ich9usb.inf" "0" "6415d1aa7" "00000394" "WinSta0\Default" "000003C8" "208" "c:\users\admin\appdata\local\temp\driverfixer_rzuzzi0i.iad" | C:\Windows\system32\DrvInst.exe | svchost.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3780 | rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{6aa93559-c33f-59c6-41fb-b9407c2d912b} Global\{1f7ca9ad-89ad-7e27-b859-19568011e838} C:\Windows\System32\DriverStore\Temp\{5b5fcafc-b6ab-73ec-57ac-0b688d359737}\ich9usb.inf C:\Windows\System32\DriverStore\Temp\{5b5fcafc-b6ab-73ec-57ac-0b688d359737}\ich9usb.cat | C:\Windows\system32\rundll32.exe | — | DrvInst.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3636 | drfixer_setup.exe | C:\Users\admin\AppData\Local\Temp\nsp1FEC.tmp\GetVersion.dll | — | |
MD5:— | SHA256:— | |||
2288 | e6f77ec185046251bb1a3eb9c899f886.exe | C:\Users\admin\AppData\Local\Temp\nseECE5.tmp\DriverFixer.tif | — | |
MD5:— | SHA256:— | |||
3636 | drfixer_setup.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFixer\DriverFixer.lnk | lnk | |
MD5:50CF7473A989474F4CC15BB5B95168C8 | SHA256:653F312DD903BF150F2B321D50BD03ED2384897FAB66616E57FBC24A5A35ABFA | |||
3636 | drfixer_setup.exe | C:\Program Files\DriverFixer\DriverFixer.ico | image | |
MD5:46006CAC69B2AA6C73CD9DA64A12B760 | SHA256:C5AD982F816444E5E7042EC1A4BC5E3D7581D1109E408D7BE4449FD76AB58705 | |||
3636 | drfixer_setup.exe | C:\Users\Public\Desktop\DriverFixer.lnk | lnk | |
MD5:CDFB8AFC142506096D61BD449E8C4FFB | SHA256:B3910A79531EF5048AF1B86004771C383A9BA59BD24CF291C1DD120D59782928 | |||
3636 | drfixer_setup.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFixer\Uninstall.lnk | lnk | |
MD5:7648543ADB6D8A467D68C957CFE4320F | SHA256:AC2B90DBA26CB635FE91727518D75842BFBD36BEA2C47B4AC5CF95A2FD069211 | |||
3636 | drfixer_setup.exe | C:\Program Files\DriverFixer\DriverFixer.exe | executable | |
MD5:576D7172CAA84ED216E55F7CB35F20C2 | SHA256:5A002F92B975F2462EF56C0BBBA7CC7E060856CD87E421687CBA94EAA879180C | |||
3636 | drfixer_setup.exe | C:\Program Files\DriverFixer\uninstall.exe | executable | |
MD5:628EE76F5E62656621A1AF9119E9BB79 | SHA256:91F7E59911D051638EE0AB33987D7B56FB48C6BA205E369C6342393102D3AA2E | |||
2288 | e6f77ec185046251bb1a3eb9c899f886.exe | C:\Users\admin\AppData\Local\Temp\nseECE5.tmp\TopLogo1.bmp | image | |
MD5:045438BA6FC9A2FBCF337505C9063AB3 | SHA256:778ACE132752F20A15D697ACE5860AE81D54B9684102E1B2368C6BFF7BE49441 | |||
3168 | DriverFixer.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 | binary | |
MD5:821F539206D4146D8C5ED289E5F86789 | SHA256:9124B2B0CFDABF013D28FDBCA2C6CED78416822545E7CF831638C5764718CB16 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
584 | DriverFixer.exe | GET | — | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_8086%26dev_2934&OS=7&digitOs=32&date=2006-06-21&version=6.1.7601.17514 | US | — | — | suspicious |
584 | DriverFixer.exe | GET | — | 172.245.127.13:80 | http://172.245.127.13/drivers/data/Drivers/DriversArch/DP_Chipset_13072/Intel/WinAll/INF_9.4.0.1017.zip | US | — | — | unknown |
3168 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/version.php | US | text | 17 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_8086%26dev_293a&OS=7&digitOs=32&date=2006-06-21&version=6.1.7601.17514 | US | text | 339 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_8086%26dev_2936&OS=7&digitOs=32&date=2006-06-21&version=6.1.7601.17514 | US | text | 339 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_8086%26dev_2935&OS=7&digitOs=32&date=2006-06-21&version=6.1.7601.17514 | US | text | 339 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/version.php | US | text | 17 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_8086%26dev_7010&OS=7&digitOs=32&date=2006-06-21&version=6.1.7601.17514 | US | text | 2 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_8086%26dev_100e&OS=7&digitOs=32&date=2008-05-28&version=8.4.1.1 | US | text | 2 b | suspicious |
584 | DriverFixer.exe | GET | 200 | 104.17.234.32:80 | http://backend.driver-fixer.com/drivers/update.php?devid=pci%5cven_1af4%26dev_1003%26subsys_00031af4%26rev_00&OS=7&digitOs=32&date=2017-07-19&version=61.74.104.14100 | US | text | 2 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3168 | DriverFixer.exe | 104.17.234.32:80 | driver-fixer.com | Cloudflare Inc | US | shared |
3168 | DriverFixer.exe | 91.199.212.52:80 | crt.comodoca.com | Comodo CA Ltd | GB | suspicious |
2288 | e6f77ec185046251bb1a3eb9c899f886.exe | 104.17.234.32:443 | driver-fixer.com | Cloudflare Inc | US | shared |
584 | DriverFixer.exe | 172.245.127.13:80 | — | ColoCrossing | US | unknown |
584 | DriverFixer.exe | 104.17.234.32:80 | driver-fixer.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
driver-fixer.com |
| suspicious |
crt.comodoca.com |
| whitelisted |
backend.driver-fixer.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
2288 | e6f77ec185046251bb1a3eb9c899f886.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
584 | DriverFixer.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake FireFox Version 2. |
584 | DriverFixer.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake FireFox Version 2. |