File name:

bytefence-installer.malware

Full analysis: https://app.any.run/tasks/948e4d03-f883-456b-b238-cf08332c621b
Verdict: Malicious activity
Analysis date: March 02, 2024, 16:43:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

387F8040602E03889B71D9323AE21557

SHA1:

EF925F1B0BA772D026B9FCDFE901BE95110E5E5E

SHA256:

21DFA4ED47DE7007C0FB6EADB3F94D2E847B3F4E301767D2320623F02F0926BA

SSDEEP:

98304:AqOvMBiS0KZ4WIsfmunX6CFX7KqPQ4JP83NiYIhWrFK6+S0HLZruFaXHBntSDy7t:k2uceCLmoJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • bytefence-installer.malware.exe (PID: 1776)

    • Actions looks like stealing of personal data

      • ByteFence.exe (PID: 2580)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • bytefence-installer.malware.exe (PID: 1776)

    • The process creates files with name similar to system file names

      • bytefence-installer.malware.exe (PID: 1776)

    • Creates a software uninstall entry

      • bytefence-installer.malware.exe (PID: 1776)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • bytefence-installer.malware.exe (PID: 1776)

    • Reads the date of Windows installation

      • ByteFence.exe (PID: 2580)

    • Reads the BIOS version

      • ByteFence.exe (PID: 2580)

    • Reads the Internet Settings

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Reads settings of System Certificates

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 3848)

    • Searches for installed software

      • ByteFence.exe (PID: 2580)
      • ByteFence.exe (PID: 1124)

  • INFO

    • Checks supported languages

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Create files in a temporary directory

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • ByteFence.exe (PID: 1124)

    • Reads the computer name

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Creates files in the program directory

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)

    • Reads the machine GUID from the registry

      • bytefence-installer.malware.exe (PID: 1776)
      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • rsEngineHelper.exe (PID: 3984)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Reads Environment values

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1336)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 3984)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 392)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 2948)
      • rsEngineHelper.exe (PID: 3848)

    • Reads product name

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1496)

    • Reads the software policy settings

      • ByteFence.exe (PID: 2580)
      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1976)
      • rsEngineHelper.exe (PID: 1496)
      • rsEngineHelper.exe (PID: 3404)
      • rsEngineHelper.exe (PID: 1784)
      • ByteFence.exe (PID: 1124)
      • rsEngineHelper.exe (PID: 2192)
      • rsEngineHelper.exe (PID: 2492)
      • rsEngineHelper.exe (PID: 3572)
      • rsEngineHelper.exe (PID: 3548)
      • rsEngineHelper.exe (PID: 3296)
      • rsEngineHelper.exe (PID: 3848)

    • Reads Microsoft Office registry keys

      • ByteFence.exe (PID: 2580)
      • ByteFence.exe (PID: 1124)

    • Process checks whether UAC notifications are on

      • rsEngineHelper.exe (PID: 3164)
      • rsEngineHelper.exe (PID: 1496)

    • Manual execution by a user

      • ByteFence.exe (PID: 124)
      • ByteFence.exe (PID: 1124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:41+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.1.4
ProductVersionNumber: 2.0.1.4
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: ByteFence Anti-Malware
CompanyName: Byte Technologies LLC
FileDescription: ByteFence Anti-Malware Installer
FileVersion: 2.0.1.4
LegalCopyright: Copyright © 2015 Byte Technologies LLC
LegalTrademarks: ByteFence Anti-Malware is a trademark of Byte Technologies LLC
ProductName: ByteFence Anti-Malware
ProductVersion: 2.0.1.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
81
Monitored processes
20
Malicious processes
14
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bytefence-installer.malware.exe bytefence.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe no specs rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe bytefence.exe no specs bytefence.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe rsenginehelper.exe bytefence-installer.malware.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\ByteFence\ByteFence.exe" C:\Program Files\ByteFence\ByteFence.exeexplorer.exe
User:
admin
Company:
Byte Technologies LLC
Integrity Level:
MEDIUM
Description:
ByteFence Anti-Malware
Exit code:
3221226540
Version:
2.0.1.4
Modules
Images
c:\program files\bytefence\bytefence.exe
c:\windows\system32\ntdll.dll
392"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:http://api.reasonsecurity.com/api.ashx?method=gSR token:7bd2c676-18f7-42d2-bcd8-7155cabc7d6f method:scanresults product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1124"C:\Program Files\ByteFence\ByteFence.exe" C:\Program Files\ByteFence\ByteFence.exe
explorer.exe
User:
admin
Company:
Byte Technologies LLC
Integrity Level:
HIGH
Description:
ByteFence Anti-Malware
Exit code:
3221226356
Version:
2.0.1.4
Modules
Images
c:\program files\bytefence\bytefence.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1336"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://logs.bytefence.com/event token:3f5fdf2a-eacc-4062-b56f-c6389017cc84 method:sEL product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exeByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1496"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api.reasonsecurity.com/api.ashx?method=gIDU&p=RTOP token:d205a172-0c1f-4d1f-9a8e-d32e0615adbb method:downoadurl product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1776"C:\Users\admin\AppData\Local\Temp\bytefence-installer.malware.exe" C:\Users\admin\AppData\Local\Temp\bytefence-installer.malware.exe
explorer.exe
User:
admin
Company:
Byte Technologies LLC
Integrity Level:
HIGH
Description:
ByteFence Anti-Malware Installer
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\users\admin\appdata\local\temp\bytefence-installer.malware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1784"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api.reasonsecurity.com/api.ashx?method=gSR&encrm=1 token:d595c25b-ad23-4d26-9839-9d19e2c717a3 method:scanresults product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1976"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api1.reasonsecurity.com/api.ashx?method=rU token:14ea8e1b-f226-4067-ae3c-6ddbf0a244a1 method:register product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2192"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api1.reasonsecurity.com/api.ashx?method=gIDU&p=RTOP token:27392c88-fbc9-4f7b-a46d-1dcd64938b58 method:downoadurl product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2492"C:\Program Files\ByteFence\rsEngineHelper.exe" uploadString url:https://api.reasonsecurity.com/api.ashx?method=gSR token:c258045a-5b82-437b-966d-9d497fab1aa9 method:scanresults product:ByteFenceC:\Program Files\ByteFence\rsEngineHelper.exe
ByteFence.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Engine Helper
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\program files\bytefence\rsenginehelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
55 876
Read events
55 626
Write events
247
Delete events
3

Modification events

(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:DisplayName
Value:
ByteFence Anti-Malware
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:UninstallString
Value:
"C:\Program Files\ByteFence\uninstall.exe"
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:Publisher
Value:
Byte Technologies LLC
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:InstallSource
Value:
C:\Program Files\ByteFence\
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:DisplayVersion
Value:
2.0.1.4
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:DisplayIcon
Value:
C:\Program Files\ByteFence\Uninstall.exe
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:NoModify
Value:
1
(PID) Process:(1776) bytefence-installer.malware.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2580) ByteFence.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ByteFence
Operation:writeName:U
Value:
08d94f13-0a75-4783-b7ad-65090244ba6c
(PID) Process:(2580) ByteFence.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ByteFence
Operation:writeName:UH
Value:
B6FD3A71A501111D87C741C2F77A7F96
Executable files
11
Suspicious files
2
Text files
19
Unknown types
1

Dropped files

PID
Process
Filename
Type
1776bytefence-installer.malware.exeC:\Users\admin\AppData\Local\Temp\nswF7FD.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
1776bytefence-installer.malware.exeC:\Users\admin\AppData\Local\Temp\nswF7FD.tmp\modern-wizard.bmpimage
MD5:0A3789BD73553A4E0F37022CF348653F
SHA256:282B94F02F605A667F0FC5C6DBDC6C9DDEB8048D811826FCF7E956ED263B7EE0
1776bytefence-installer.malware.exeC:\Users\admin\AppData\Local\Temp\nswF7FD.tmp\modern-header.bmpimage
MD5:47C5CD0B09846144FBA0DA4C044E894F
SHA256:5604F656590451D28D1653AD5C5D385FBA1DCE76B39C14F917C6AAAD08F96B89
1776bytefence-installer.malware.exeC:\Users\admin\AppData\Local\Temp\nswF7FD.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\rsEngineHelper.exe.configxml
MD5:E3D5F62B7B28176A510484E465FA0F18
SHA256:827CDA24DF7876010D5239FE2B8AF49472442D899F9C0F6D9FF53B4FF6860946
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\ByteFenceGUI.dllexecutable
MD5:FAEB6339B07A663FF345D4EC041B8F6B
SHA256:DB932A41BC489906B3BA20561DE201EFF965C45C2041A57F53E95404B33D2A67
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dllexecutable
MD5:E80966F02D2869874ACC1507DE43F547
SHA256:69EFC3781B846421A5356A239A85000AC3EA0BF4CA732CC4796A6899483C5BC9
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\rsEngine.dllexecutable
MD5:318AD54A36CF38DBCC9898FE01492165
SHA256:9AD5D0B08A12351915D67AF2E531180ADB8BBA1155D909617068087EFC90BCCD
1776bytefence-installer.malware.exeC:\Program Files\ByteFence\ByteFence.exe.configxml
MD5:E3D5F62B7B28176A510484E465FA0F18
SHA256:827CDA24DF7876010D5239FE2B8AF49472442D899F9C0F6D9FF53B4FF6860946
1776bytefence-installer.malware.exeC:\Users\admin\AppData\Local\Temp\nswF7FD.tmp\KillProcWMI.dllexecutable
MD5:2315DAE754025664B6FDAAD55D822A34
SHA256:FEDD01F14F8F01CA71F3702436F46A1ABBAACB312F07BE045D1F57A50435C588
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
61
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2580
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
2580
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
3984
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
3984
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=676e8381df12fd4690bae0bac966d0344a352565
unknown
html
14.4 Kb
1124
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
1124
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
392
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
392
rsEngineHelper.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
1124
ByteFence.exe
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
POST
403
104.22.0.235:80
http://api.reasonsecurity.com/api.ashx?method=gSR&checksum=83d9b7effd011cf3e2523116ddab35aa65e64973
unknown
html
14.4 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2580
ByteFence.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
1496
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
3164
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
1976
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
3404
rsEngineHelper.exe
104.22.0.235:443
api.reasonsecurity.com
CLOUDFLARENET
unknown
2580
ByteFence.exe
104.22.0.235:80
api.reasonsecurity.com
CLOUDFLARENET
unknown
3984
rsEngineHelper.exe
104.22.0.235:80
api.reasonsecurity.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
api.reasonsecurity.com
  • 104.22.0.235
unknown
api1.reasonsecurity.com
  • 104.22.0.235
unknown
cdn.bytefence.com
unknown
logs.bytefence.com
unknown
watson.microsoft.com
  • 104.208.16.93
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
bytefence-installer.malware