File name:

bytefence-installer.malware

Full analysis: https://app.any.run/tasks/948e4d03-f883-456b-b238-cf08332c621b
Verdict: Malicious activity
Analysis date: March 02, 2024, 16:43:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

387F8040602E03889B71D9323AE21557

SHA1:

EF925F1B0BA772D026B9FCDFE901BE95110E5E5E

SHA256:

21DFA4ED47DE7007C0FB6EADB3F94D2E847B3F4E301767D2320623F02F0926BA

SSDEEP:

98304:AqOvMBiS0KZ4WIsfmunX6CFX7KqPQ4JP83NiYIhWrFK6+S0HLZruFaXHBntSDy7t:k2uceCLmoJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • ByteFence.exe (PID: 2580)

    • Drops the executable file immediately after the start

      • bytefence-installer.malware.exe (PID: 1776)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • bytefence-installer.malware.exe (PID: 1776)

    • Executable content was dropped or overwritten

      • bytefence-installer.malware.exe (PID: 1776)

    • The process creates files with name similar to system file names

      • bytefence-installer.malware.exe (PID: 1776)

    • Creates a software uninstall entry

      • bytefence-installer.malware.exe (PID: 1776)

    • Reads the Internet Settings

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3848)

    • Reads the date of Windows installation

      • ByteFence.exe (PID: 2580)

    • Searches for installed software

      • ByteFence.exe (PID: 2580)
      • ByteFence.exe (PID: 1124)

    • Reads settings of System Certificates

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3848)

    • Reads the BIOS version

      • ByteFence.exe (PID: 2580)

  • INFO

    • Checks supported languages

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Create files in a temporary directory

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • ByteFence.exe (PID: 1124)

    • Reads the computer name

      • ByteFence.exe (PID: 2580)
      • bytefence-installer.malware.exe (PID: 1776)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 3848)

    • Reads the machine GUID from the registry

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Creates files in the program directory

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)

    • Reads product name

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1496)

    • Reads Environment values

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Reads the software policy settings

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 3848)

    • Process checks whether UAC notifications are on

      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)

    • Manual execution by a user

      • ByteFence.exe (PID: 124)
      • ByteFence.exe (PID: 1124)

    • Reads Microsoft Office registry keys

      • ByteFence.exe (PID: 1124)
      • ByteFence.exe (PID: 2580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:41+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.1.4
ProductVersionNumber: 2.0.1.4
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: ByteFence Anti-Malware
CompanyName: Byte Technologies LLC
FileDescription: ByteFence Anti-Malware Installer
FileVersion: 2.0.1.4
LegalCopyright: Copyright © 2015 Byte Technologies LLC
LegalTrademarks: ByteFence Anti-Malware is a trademark of Byte Technologies LLC
ProductName: ByteFence Anti-Malware
ProductVersion: 2.0.1.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
81
Monitored processes
20
Malicious processes
14
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bytefence-installer.malware.exe bytefence.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe no specs rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe bytefence.exe no specs bytefence.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe bytefence-installer.malware.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\ByteFence\ByteFence.exe" C:\Program Files\ByteFence\ByteFence.exeexplorer.exe
User:
admin
Company:
Byte Technologies LLC
Integrity Level:
MEDIUM
Description:
ByteFence Anti-Malware
Exit code:
3221226540
Version:
2.0.1.4
Modules
Images
c:\program files\bytefence\bytefence.exe
c:\windows\system32\ntdll.dll
392"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:http://api.reasonsecurity.com/api.ashx?method=gSR token:7bd2c676-18f7-42d2-bcd8-7155cabc7d6f method:scanresults product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1124"C:\Program Files\ByteFence\ByteFence.exe" C:\Program Files\ByteFence\ByteFence.exe
explorer.exe
User:
admin
Company:
Byte Technologies LLC
Integrity Level:
HIGH
Description:
ByteFence Anti-Malware
Exit code:
3221226356
Version:
2.0.1.4
Modules
Images
c:\program files\bytefence\bytefence.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1336"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://logs.bytefence.com/event token:3f5fdf2a-eacc-4062-b56f-c6389017cc84 method:sEL product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exeByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1496"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api.reasonsecurity.com/api.ashx?method=gIDU&p=RTOP token:d205a172-0c1f-4d1f-9a8e-d32e0615adbb method:downoadurl product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1776"C:\Users\admin\AppData\Local\Temp\bytefence-installer.malware.exe" C:\Users\admin\AppData\Local\Temp\bytefence-installer.malware.exe
explorer.exe
User:
admin
Company:
Byte Technologies LLC
Integrity Level:
HIGH
Description:
ByteFence Anti-Malware Installer
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\users\admin\appdata\local\temp\bytefence-installer.malware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1784"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api.reasonsecurity.com/api.ashx?method=gSR&encrm=1 token:d595c25b-ad23-4d26-9839-9d19e2c717a3 method:scanresults product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1976"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api1.reasonsecurity.com/api.ashx?method=rU token:14ea8e1b-f226-4067-ae3c-6ddbf0a244a1 method:register product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2192"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api1.reasonsecurity.com/api.ashx?method=gIDU&p=RTOP token:27392c88-fbc9-4f7b-a46d-1dcd64938b58 method:downoadurl product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2492"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api.reasonsecurity.com/api.ashx?method=gSR token:c258045a-5b82-437b-966d-9d497fab1aa9 method:scanresults product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
55 876
Read events
55 626
Write events
247
Delete events
3

Modification events

(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:DisplayName
Value:
ByteFence Anti-Malware
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:UninstallString
Value:
"C:\Program Files\ByteFence\uninstall.exe"
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:Publisher
Value:
Byte Technologies LLC
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:InstallSource
Value:
C:\Program Files\ByteFence\
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:DisplayVersion
Value:
2.0.1.4
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:DisplayIcon
Value:
C:\Program Files\ByteFence\Uninstall.exe
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:NoModify
Value:
1
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2580) ByteFence.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ByteFence
Operation:writeName:U
Value:
08d94f13-0a75-4783-b7ad-65090244ba6c
(PID) Process:(2580) ByteFence.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ByteFence
Operation:writeName:UH
Value:
B6FD3A71A501111D87C741C2F77A7F96
Executable files
11
Suspicious files
2
Text files
19
Unknown types
1

Dropped files

PID
Process
Filename
Type
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dllexecutable
MD5:E80966F02D2869874ACC1507DE43F547
SHA256:69EFC3781B846421A5356A239A85000AC3EA0BF4CA732CC4796A6899483C5BC9
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\rsEngineHelper.exeexecutable
MD5:4D7FA892345AC5F37A5D16F610C3DEC9
SHA256:292C1291BD069CD8B52AFBF110C0A6A34BE335C12D5691E9B5A784D1CEC75477
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\ByteFence.exeexecutable
MD5:FACC4FCC8368A8CB733733058AC93F9F
SHA256:D41405553DA0287BE81722125B35405AD90923E7AA0631B5E5C6AB80358355CA
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\Uninstall.exeexecutable
MD5:3F3DD33C45E75AB77E3B1CB015BB4985
SHA256:129480134027AD5DD23C9817E6724941634FAE4A9644E57CB9B7EF724210FD7E
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\rsEngineHelper.exe.configxml
MD5:E3D5F62B7B28176A510484E465FA0F18
SHA256:827CDA24DF7876010D5239FE2B8AF49472442D899F9C0F6D9FF53B4FF6860946
1776bytefence-installer.malware.exeC:\Users\admin\AppData\Local\Temp\nswF7FD.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\EULA.txttext
MD5:C901C634DD8E082F08F5B1F26D9E3D49
SHA256:D60A490918050254F9218443D7D38B39AE8EE3AF6719CAB7BECE27FB6304847F
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\Signatures.dattext
MD5:4EF9D6E1B42BBF40647F5A562CAD798D
SHA256:BED37FE19EC2320F540449546524742D55F32E94F20CFDFF00B11492B63CE355
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\x64\System.Data.SQLite.dllexecutable
MD5:24F2B130EB798DB10FFC21C662D3AE54
SHA256:FBDFB200E2C5E37863507F06883FD8D43FAB71D25B2E4718DA29FF7EE3539A01
1776bytefence-installer.malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence\ByteFence.lnkbinary
MD5:35C3DB8D2E9426344DC3034BBAD2086A
SHA256:629DCD763F9B7E5A630F880E33EEF6F5FE1F3B2D027B4850F9D44C486BC7E171
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
61
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2580
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
unknown
2580
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
unknown
3984
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
unknown
3984
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
unknown
1124
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
unknown
1124
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
unknown
392
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
unknown
1124
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
unknown
2948
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
unknown
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2580
ByteFence.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
1496
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
3164
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
1976
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
3404
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
2580
ByteFence.exe
104.22.0.235:80
api.reasonsecurity.com
CLOUDFLARENET
unknown
3984
rsEngineHelper.exe
104.22.0.235:80
api.reasonsecurity.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
api.reasonsecurity.com
  • 104.22.0.235
unknown
api1.reasonsecurity.com
  • 104.22.0.235
unknown
cdn.bytefence.com
unknown
logs.bytefence.com
unknown
watson.microsoft.com
  • 104.208.16.93
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bytefence-installer.malware