download:

index.html

Full analysis: https://app.any.run/tasks/8cbd864b-ed7d-44ef-bdb0-0f8e77e6e261
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 09, 2019, 13:35:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
adware
adload
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5:

82D136151A981A95142191F4C3391ED1

SHA1:

C274FE739DDB2FAC497422A56F6A51DB01B8A1A0

SHA256:

21D1CD86021AE428BE7C39206CF95CE21FA6C364FA44688B89803553134FE216

SSDEEP:

384:3Px88cU3l7DazkHSELmpNLqyRqH94iiTBitpWizjy9p/EHtolfuGQEH:fZcU3lDaiSHPqqqHuVzP9FEHtAWP0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • EasyRadioPlayer-25780493.exe (PID: 2656)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3344)

    • ADLOAD was detected

      • EasyRadioPlayer-25780493.exe (PID: 2656)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3344)
      • iexplore.exe (PID: 2364)
      • EasyRadioPlayer-25780493.exe (PID: 2656)

    • Creates files in the user directory

      • EasyRadioPlayer-25780493.exe (PID: 2656)

    • Changes the started page of IE

      • EasyRadioPlayer-25780493.exe (PID: 2656)

    • Creates a software uninstall entry

      • EasyRadioPlayer-25780493.exe (PID: 2656)

    • Starts Internet Explorer

      • EasyRadioPlayer-25780493.exe (PID: 2656)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2364)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2940)
      • iexplore.exe (PID: 3344)
      • iexplore.exe (PID: 3572)

    • Application launched itself

      • iexplore.exe (PID: 2364)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2940)
      • iexplore.exe (PID: 3344)
      • iexplore.exe (PID: 2364)
      • iexplore.exe (PID: 3572)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2940)
      • iexplore.exe (PID: 3572)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2940)

    • Creates files in the user directory

      • iexplore.exe (PID: 2940)
      • iexplore.exe (PID: 3572)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

HTML

Title: Easy Radio Player
viewport: width=device-width, initial-scale=1.0
Description: -
Keywords: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start iexplore.exe iexplore.exe iexplore.exe #ADLOAD easyradioplayer-25780493.exe iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2092"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.easyradioplayertab.com/?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30C:\Program Files\Internet Explorer\IEXPLORE.EXEEasyRadioPlayer-25780493.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2364"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2656"C:\Users\admin\Downloads\EasyRadioPlayer-25780493.exe" C:\Users\admin\Downloads\EasyRadioPlayer-25780493.exe
iexplore.exe
User:
admin
Company:
SpringTech Ltd.
Integrity Level:
MEDIUM
Exit code:
0
Version:
4, 6, 0, 2
Modules
Images
c:\users\admin\downloads\easyradioplayer-25780493.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2940"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3344"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3572"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:203010C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
1 616
Read events
1 387
Write events
222
Delete events
7

Modification events

(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{B97D1DD5-EA99-11E9-AB4C-5254004A04AF}
Value:
0
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2364) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070A00030009000D0023003A00DA03
Executable files
3
Suspicious files
5
Text files
38
Unknown types
11

Dropped files

PID
Process
Filename
Type
2364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab9731.tmp
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar9732.tmp
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab9742.tmp
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar9743.tmp
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab9B7B.tmp
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar9B7C.tmp
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019092020190921\index.dat
MD5:
SHA256:
2940iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@appfocus.go2cloud[1].txt
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
40
DNS requests
23
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2656
EasyRadioPlayer-25780493.exe
GET
200
34.192.88.201:80
http://www.springdwnld2.com/impression.do?domain=easyradioplayertab.com&implementation_id=radio_spt__1.30&offer_id=_iei_&source=_v1-bb8-iei&sub_id=20191009&traffic_source=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1570628288&sgn=238fced39682e7b7d4d8e10241992b33a81be167&subid2=8.0.7601.17514&event=ex_accepted
US
shared
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/styles/home/setting?v=afdvy5eLG8dNaxuP72vIVdUdRwaXdSWUNJV2319aslM1
US
text
886 b
unknown
3344
iexplore.exe
GET
200
34.192.88.201:80
http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=easyradioplayertab.com&implementation_id=radio_spt_&source=_v1-bb8&adprovider=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&dfn=Easy%20Radio%20Player&spo=0&appname=Easy%20Radio%20Player&appdesc=Search%20your%20favorite%20Radio%20sites%20instantly%20from%20your%20home%20and%20new%20tab%20page!&ies=s,h&sso=
US
executable
975 Kb
shared
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/get/js/impression?uc=20191009&ap=appfocus154&source=_v1-bb8-iei&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&i_id=radio_spt__1.30&cid=
US
text
647 b
unknown
2656
EasyRadioPlayer-25780493.exe
GET
200
23.23.51.23:80
http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=RWFzeVJhZGlvUGxheWVyLTI1NzgwNDkzLmV4ZQ==&rf=0&proto=1
US
text
1.34 Kb
shared
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/Content/Home/Radio/Sprites/Sprite_Radio_V2.png
US
image
16.1 Kb
unknown
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30
US
html
9.26 Kb
unknown
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/styles/home/monetizedquicklinks?v=hfTCeRafbop5tZSUADzuYAXraeNOLI1QxPZmcvDjC601
US
text
1.94 Kb
unknown
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/styles/home/radio_v0?v=aIemU4Na4slV1VHiBpcDkKeVPHtPM8pDv141HvrEoiM1
US
text
5.93 Kb
unknown
3572
iexplore.exe
GET
200
54.210.223.173:80
http://search.easyradioplayertab.com/scripts/home/header_common?v=PU2rYNCahj4gR1fxkytfO2mCom2Puo08ln7KHS9YKBk1
US
text
1.24 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2940
iexplore.exe
172.217.22.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2364
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2940
iexplore.exe
34.197.23.58:443
pushible.com
Amazon.com, Inc.
US
unknown
2940
iexplore.exe
205.185.216.42:80
www.download.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2364
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2940
iexplore.exe
52.50.109.222:443
appfocus.go2cloud.org
Amazon.com, Inc.
IE
suspicious
2940
iexplore.exe
52.222.149.254:80
x.ss2.us
Amazon.com, Inc.
US
whitelisted
2940
iexplore.exe
54.72.199.154:443
appfocus.go2cloud.org
Amazon.com, Inc.
IE
suspicious
2940
iexplore.exe
54.173.225.117:443
easyradioplayer.com
Amazon.com, Inc.
US
unknown
2656
EasyRadioPlayer-25780493.exe
23.23.51.23:80
www.springdwnld2.com
Amazon.com, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
fonts.googleapis.com
  • 172.217.22.106
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
fonts.gstatic.com
  • 172.217.22.35
whitelisted
www.gstatic.com
  • 216.58.210.3
whitelisted
pushible.com
  • 34.197.23.58
  • 34.224.59.58
whitelisted
x.ss2.us
  • 52.222.149.253
  • 52.222.149.254
  • 52.222.149.113
  • 52.222.149.36
whitelisted
www.download.windowsupdate.com
  • 205.185.216.42
  • 205.185.216.10
whitelisted
appfocus.go2cloud.org
  • 52.50.109.222
  • 54.72.199.154
  • 52.30.52.254
shared
easyradioplayer.com
  • 54.173.225.117
  • 18.233.215.199
unknown
www.springdwnld2.com
  • 34.192.88.201
  • 23.23.51.23
shared

Threats

PID
Process
Class
Message
3344
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3344
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
2656
EasyRadioPlayer-25780493.exe
A Network Trojan was detected
ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
2656
EasyRadioPlayer-25780493.exe
A Network Trojan was detected
ET MALWARE MSIL/Adload.AT Beacon
2656
EasyRadioPlayer-25780493.exe
A Network Trojan was detected
ET MALWARE MSIL/Adload.AT Beacon
2656
EasyRadioPlayer-25780493.exe
A Network Trojan was detected
ET MALWARE MSIL/Adload.AT Beacon
2656
EasyRadioPlayer-25780493.exe
A Network Trojan was detected
ET MALWARE MSIL/Adload.AT Beacon
2656
EasyRadioPlayer-25780493.exe
A Network Trojan was detected
ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html