File name: | Full Fix-Xentry 2022.exe |
Full analysis: | https://app.any.run/tasks/d132b62d-deb2-4eda-bb15-f6c3952aa95b |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 19:27:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 2C0FA6E8C0EBF78FC7875495D907C5C0 |
SHA1: | F50A542E49AD33B1A59C5223148B221CED62BC2C |
SHA256: | 219FB6AF7DA3A7E932A36FFCE9AD67FFF9B4E4AEE3D624514DDE36092E449CDF |
SSDEEP: | 393216:WKHx59nxhEzDrGNgj1j03Iqf7jAO/cKrn9vC5o:WWtUvGNgR04qf/pncC |
.exe | | | Win32 Executable Microsoft Visual Basic 6 (26.5) |
---|---|---|
.exe | | | InstallShield setup (13.9) |
.exe | | | Win32 Executable MS Visual C++ (generic) (10) |
.exe | | | Win64 Executable (generic) (8.9) |
OriginalFileName: | Win.exe |
---|---|
InternalName: | Win |
ProductVersion: | 1 |
FileVersion: | 1 |
ProductName: | Win |
CompanyName: | Microsoft |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 1.0.0.0 |
FileVersionNumber: | 1.0.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 1 |
OSVersion: | 4 |
EntryPoint: | 0x3670 |
UninitializedDataSize: | - |
InitializedDataSize: | 12288 |
CodeSize: | 176128 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2011:06:14 21:01:16+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 14-Jun-2011 19:01:16 |
Detected languages: |
|
CompanyName: | Microsoft |
ProductName: | Win |
FileVersion: | 1.00 |
ProductVersion: | 1.00 |
InternalName: | Win |
OriginalFilename: | Win.exe |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000B8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 14-Jun-2011 19:01:16 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0002A728 | 0x0002B000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.9472 |
.data | 0x0002C000 | 0x00001B74 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x0002E000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.95655 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.12197 | 500 | Unicode (UTF 16LE) | English - United States | RT_VERSION |
30001 | 3.78952 | 3280 | Unicode (UTF 16LE) | UNKNOWN | RT_ICON |
MSVBVM60.DLL |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1180 | "C:\Users\admin\AppData\Local\Temp\Full Fix-Xentry 2022.exe" | C:\Users\admin\AppData\Local\Temp\Full Fix-Xentry 2022.exe | Explorer.EXE | |
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
3652 | "c:\users\admin\appdata\local\temp\full fix-xentry 2022.exe " | c:\users\admin\appdata\local\temp\full fix-xentry 2022.exe | Full Fix-Xentry 2022.exe | |
User: admin Company: Mercedes Integrity Level: MEDIUM Description: DAS Diagnosis Installer Exit code: 0 Version: 2022 | ||||
3856 | C:\Users\admin\AppData\Local\icsys.icn.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | — | Full Fix-Xentry 2022.exe |
User: admin Company: Microsoft Integrity Level: MEDIUM Version: 1.00 | ||||
280 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2540 | C:\Windows\system32\MsiExec.exe -Embedding 0E713C331C178500594EF2386C4D8CA7 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2840 | "C:\Windows\system32\msiexec.exe" /i "C:\Users\admin\AppData\Roaming\Mercedes\DAS Diagnosis 2022\install\Full Fix-Xentry 2022.msi" AI_SETUPEXEPATH="c:\users\admin\appdata\local\temp\full fix-xentry 2022.exe " SETUPEXEDIR=c:\users\admin\appdata\local\temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1653073835 " ALLUSERS="1" | C:\Windows\system32\msiexec.exe | full fix-xentry 2022.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3152 | C:\Windows\system32\MsiExec.exe -Embedding E11ADF4315DC5812C0D43405D00E0F24 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3772 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2224 | C:\Windows\system32\MsiExec.exe -Embedding 33A40B2463A4B1524791D1A7DD5DD052 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2084 | "C:\Program Files\Mercedes-Benz\DAS\bin\DAS32R2sd.exe" | C:\Program Files\Mercedes-Benz\DAS\bin\DAS32R2sd.exe | Explorer.EXE | |
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 |
(PID) Process: | (1180) Full Fix-Xentry 2022.exe | Key: | HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process |
Operation: | write | Name: | LO |
Value: 1 | |||
(PID) Process: | (3856) icsys.icn.exe | Key: | HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process |
Operation: | write | Name: | LO |
Value: 1 | |||
(PID) Process: | (280) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore |
Operation: | write | Name: | SrCreateRp (Enter) |
Value: 40000000000000002E4EA2D97F6CD801180100009C0D0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (280) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP |
Operation: | write | Name: | SppCreate (Enter) |
Value: 40000000000000002E4EA2D97F6CD801180100009C0D0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (280) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP |
Operation: | write | Name: | LastIndex |
Value: 69 | |||
(PID) Process: | (280) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP |
Operation: | write | Name: | SppGatherWriterMetadata (Enter) |
Value: 40000000000000004CD308DA7F6CD801180100009C0D0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (280) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher |
Operation: | write | Name: | IDENTIFY (Enter) |
Value: 40000000000000004CD308DA7F6CD8011801000060070000E8030000010000000000000000000000EAAD8CCCA784DF4380F1853D1694A7EA0000000000000000 | |||
(PID) Process: | (3772) vssvc.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer |
Operation: | write | Name: | IDENTIFY (Enter) |
Value: 40000000000000001CE61BDA7F6CD801BC0E000068080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (3772) vssvc.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer |
Operation: | write | Name: | IDENTIFY (Enter) |
Value: 40000000000000001CE61BDA7F6CD801BC0E0000BC0D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (3772) vssvc.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer |
Operation: | write | Name: | IDENTIFY (Enter) |
Value: 40000000000000001CE61BDA7F6CD801BC0E000008090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3652 | full fix-xentry 2022.exe | C:\Users\admin\AppData\Roaming\Mercedes\DAS Diagnosis 2022\install\holder0.aiph | — | |
MD5:— | SHA256:— | |||
280 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
280 | msiexec.exe | C:\Windows\Installer\10e997.msi | executable | |
MD5:579AE59283416D00359FFC291A8CA99E | SHA256:0F8A8C47434FBCFD8D18AFF50099379B9759F3C58865D263BF05AF8FFC3149CA | |||
3652 | full fix-xentry 2022.exe | C:\Users\admin\AppData\Roaming\Mercedes\DAS Diagnosis 2022\install\Full Fix-Xentry 2022.msi | executable | |
MD5:579AE59283416D00359FFC291A8CA99E | SHA256:0F8A8C47434FBCFD8D18AFF50099379B9759F3C58865D263BF05AF8FFC3149CA | |||
2840 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIC03A.tmp | executable | |
MD5:95623BECF64DE0F8ED11C1BF4F8C48F2 | SHA256:534B261A85B3BA8BD0F23DF4AB9A14AC737D9D7D5A617B1CCA0BDBB57CF03447 | |||
1180 | Full Fix-Xentry 2022.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | executable | |
MD5:7D48E0E783F0B47A1F0A7E45546C8538 | SHA256:9D3DB56C2444FFF55E5A49753ED58C9B91B68F820775355175E9F1A46399C074 | |||
3652 | full fix-xentry 2022.exe | C:\Users\admin\AppData\Roaming\Mercedes\DAS Diagnosis 2022\install\Full Fix-Xentry 2022.x64.msi | executable | |
MD5:5BF4A89769144F105E9116B92B30C824 | SHA256:539F45FE23117F9301EFBD8CAE49697343C7AA969EA26B5B089E6F42EAA2BA35 | |||
3652 | full fix-xentry 2022.exe | C:\Users\admin\AppData\Roaming\Mercedes\DAS Diagnosis 2022\install\Full Fix-Xentry 20221.cab | — | |
MD5:— | SHA256:— | |||
1180 | Full Fix-Xentry 2022.exe | C:\users\admin\appdata\local\temp\full fix-xentry 2022.exe | executable | |
MD5:7D4315474724934A249A03D60E948EB8 | SHA256:A69A7354AC7B91246D7FC7264AF69D1BD31C5A68CD9BDF3B4493BA0980803802 | |||
280 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:C3D7042651DA92081F68B1BA379A23DA | SHA256:69E1D280A21DD3FDA6F30868469B3AA05C1CF9BA52DEA930C5AA8A7E4AF7F31E |