File name: | win64.exe |
Full analysis: | https://app.any.run/tasks/20612c77-78b0-4516-b0f5-da82b8240151 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 08:32:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 28E30A2B3CBA5828061246F7C7C948C4 |
SHA1: | B7851A6943B9758CB261E4F9B1B1205E9E764125 |
SHA256: | 22D8FFD137D359E525E294E36F4C8D135636A71167D6B63A00800082D0A103F3 |
SSDEEP: | 24576:LNsfiTdYSuVzZH9tH1v1sisBrmmE5ZkihX7pBGoB:rT2pZ1IQm4kihXtV |
.exe | | | Win64 Executable (generic) (64.6) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.4) |
.exe | | | Win32 Executable (generic) (10.5) |
.exe | | | Generic Win/DOS Executable (4.6) |
.exe | | | DOS Executable Generic (4.6) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2019:09:17 07:33:38+02:00 |
PEType: | PE32 |
LinkerVersion: | 14.16 |
CodeSize: | 299008 |
InitializedDataSize: | 163328 |
UninitializedDataSize: | - |
EntryPoint: | 0x2df71 |
OSVersion: | 5.1 |
ImageVersion: | - |
SubsystemVersion: | 5.1 |
Subsystem: | Windows GUI |
FileVersionNumber: | 3.11.1.0 |
ProductVersionNumber: | 3.11.1.0 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | English (U.S.) |
CharacterSet: | Windows, Latin1 |
CompanyName: | Intel |
FileDescription: | Intel(R) Graphics Driver Software |
FileVersion: | 3.11.1.0 |
InternalName: | setup |
LegalCopyright: | Copyright (c) Intel. All rights reserved. |
OriginalFileName: | win64.exe |
ProductName: | Intel(R) Graphics Driver Software |
ProductVersion: | 3.11.1.0 |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 17-Sep-2019 05:33:38 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Intel |
FileDescription: | Intel(R) Graphics Driver Software |
FileVersion: | 3.11.1.0 |
InternalName: | setup |
LegalCopyright: | Copyright (c) Intel. All rights reserved. |
OriginalFilename: | win64.exe |
ProductName: | Intel(R) Graphics Driver Software |
ProductVersion: | 3.11.1.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000108 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 6 |
Time date stamp: | 17-Sep-2019 05:33:38 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00048FF7 | 0x00049000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.57206 |
.rdata | 0x0004A000 | 0x0001F760 | 0x0001F800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.13752 |
.data | 0x0006A000 | 0x000016FC | 0x00000A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.15516 |
.wixburn8 | 0x0006C000 | 0x00000038 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.593725 |
.rsrc | 0x0006D000 | 0x00003A6C | 0x00003C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.53568 |
.reloc | 0x00071000 | 0x00003DD0 | 0x00003E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.78827 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.30829 | 1234 | Latin 1 / Western European | English - United States | RT_MANIFEST |
ADVAPI32.dll |
Cabinet.dll (delay-loaded) |
GDI32.dll |
KERNEL32.dll |
OLEAUT32.dll |
RPCRT4.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2588 | "C:\Users\admin\AppData\Local\Temp\win64.exe" | C:\Users\admin\AppData\Local\Temp\win64.exe | explorer.exe | |
User: admin Company: Intel Integrity Level: MEDIUM Description: Intel(R) Graphics Driver Software Exit code: 2147942401 Version: 3.11.1.0 | ||||
3612 | "C:\Users\admin\AppData\Local\Temp\{505C26E6-B007-4727-9217-558E2EAB6FCD}\.cr\win64.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\win64.exe" -burn.filehandle.attached=148 -burn.filehandle.self=156 | C:\Users\admin\AppData\Local\Temp\{505C26E6-B007-4727-9217-558E2EAB6FCD}\.cr\win64.exe | win64.exe | |
User: admin Company: Intel Integrity Level: MEDIUM Description: Intel(R) Graphics Driver Software Exit code: 2147942401 Version: 3.11.1.0 | ||||
2820 | "C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.be\win64.exe" -q -burn.elevated BurnPipe.{B36798A5-86CC-43D4-9CC5-BAC9252B8479} {E8000872-C02A-4339-9896-ED08C46C7E28} 3612 | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.be\win64.exe | win64.exe | |
User: admin Company: Intel Integrity Level: HIGH Description: Intel(R) Graphics Driver Software Exit code: 2147942401 Version: 3.11.1.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2588 | win64.exe | C:\Users\admin\AppData\Local\Temp\{505C26E6-B007-4727-9217-558E2EAB6FCD}\.cr\win64.exe | executable | |
MD5:28E30A2B3CBA5828061246F7C7C948C4 | SHA256:22D8FFD137D359E525E294E36F4C8D135636A71167D6B63A00800082D0A103F3 | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\BootstrapperCore.dll | executable | |
MD5:6EC4F758CF5AAFF961998E3E91FDA644 | SHA256:E5B064589D741BDBAC1F45BE8867D62551EF3A36868DB0CAFE98F0CA483421BA | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\BootstrapperCore.config | text | |
MD5:2B5AB857C0A6D4DA493CD3BACE493BFF | SHA256:19AB823E7A8E98B5A47A8E85F0F0C9AEC17BB84976055AFE0C4FDC6ACE7EA987 | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\mbapreq.dll | executable | |
MD5:FE7E0BD53F52E6630473C31299A49FDD | SHA256:2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80 | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\1036\mbapreq.wxl | xml | |
MD5:AA32A059AADD42431F7837CB1BE7257F | SHA256:88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9 | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\1029\mbapreq.wxl | xml | |
MD5:CC8C6D04DC707B38E0F0C08BA16FE49B | SHA256:DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9 | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\1043\mbapreq.wxl | xml | |
MD5:67F28BCDB3BA6774CD66AA198B06FF38 | SHA256:226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\mbapreq.thm | xml | |
MD5:A20778EC90A094A62A6C3A6AB2A6DC7D | SHA256:F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\1040\mbapreq.wxl | xml | |
MD5:50261379B89457B1980FF19CFABE6A08 | SHA256:A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7 | |||
3612 | win64.exe | C:\Users\admin\AppData\Local\Temp\{29318A56-830B-489D-848C-2DF035D87336}\.ba\1030\mbapreq.wxl | xml | |
MD5:7C6E4CE87870B3B5E71D3EF4555500F8 | SHA256:CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696 |