download:

/IPCTool.exe

Full analysis: https://app.any.run/tasks/94e1ec46-a376-4fd8-9d0d-1baed8e6065c
Verdict: Malicious activity
Analysis date: June 16, 2024, 09:31:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
qrcode
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

CBFF34D1DD2F19BB6A2622B6F6DD8301

SHA1:

9C4C02DABA6E35B3FC7C92B958931DD07AF3ABBE

SHA256:

28EA397AD66AA38B0A5CC83B0295DB4569612169984261ECDCF1BCBBA11E0470

SSDEEP:

24576:3DKif3q/x9kPQm6cLbmUgDm/Z1UbGhm3+8lbVOAgWQ7VqkGE:3DKif3q/xyYm6ebmUgDmx1UbGhm3+8lq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • IPCTool.exe (PID: 4080)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • IPCTool.exe (PID: 4080)

    • Executable content was dropped or overwritten

      • IPCTool.exe (PID: 4080)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • IPCTool.exe (PID: 4080)

    • Creates a software uninstall entry

      • IPCTool.exe (PID: 4080)

  • INFO

    • Create files in a temporary directory

      • IPCTool.exe (PID: 4080)
      • IPCTool.exe (PID: 2036)

    • Checks supported languages

      • IPCTool.exe (PID: 4080)
      • IPCTool.exe (PID: 2036)

    • Reads the computer name

      • IPCTool.exe (PID: 4080)

    • Creates files in the program directory

      • IPCTool.exe (PID: 4080)

    • Manual execution by a user

      • IPCTool.exe (PID: 2036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (91.9)
.exe | Win32 Executable MS Visual C++ (generic) (3.3)
.exe | Win64 Executable (generic) (3)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:10:10 21:49:01+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30e3
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ipctool.exe ipctool.exe ipctool.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2036"C:\Program Files\IPCTool\IPCTool.exe" C:\Program Files\IPCTool\IPCTool.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
IPCamSearch Microsoft 基础类应用程序
Version:
3, 0, 0, 1
Modules
Images
c:\program files\ipctool\ipctool.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ipctool\ns_net.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
3976"C:\Users\admin\AppData\Local\Temp\IPCTool.exe" C:\Users\admin\AppData\Local\Temp\IPCTool.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\ipctool.exe
c:\windows\system32\ntdll.dll
4080"C:\Users\admin\AppData\Local\Temp\IPCTool.exe" C:\Users\admin\AppData\Local\Temp\IPCTool.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ipctool.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 671
Read events
2 664
Write events
7
Delete events
0

Modification events

(PID) Process:(4080) IPCTool.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\IPCTool
Operation:writeName:AppName
Value:
IPCTool
(PID) Process:(4080) IPCTool.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\IPCTool
Operation:writeName:CompanyName
Value:
jabsco_wu
(PID) Process:(4080) IPCTool.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\IPCTool
Operation:writeName:INSTDIR
Value:
C:\Program Files\IPCTool
(PID) Process:(4080) IPCTool.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IPCTool
Operation:writeName:DisplayName
Value:
IPCTool
(PID) Process:(4080) IPCTool.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IPCTool
Operation:writeName:UninstallString
Value:
C:\Program Files\IPCTool\uninstall.exe
(PID) Process:(2036) IPCTool.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Jabsco_IPCamSearch
Operation:writeName:IPCamSearch Language
Value:
0
Executable files
7
Suspicious files
3
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
4080IPCTool.exeC:\Users\admin\Desktop\IPCTool.lnkbinary
MD5:E67D3F6331743D5B6385F5B9F8DD4EC1
SHA256:27CBF47CCF62B3F1C68DCC1F70A347B1400A3EA8FBA9F6325C3AEAB90EB6797D
4080IPCTool.exeC:\Users\admin\AppData\Local\Temp\nsf2BB6.tmp\System.dllexecutable
MD5:7E3C808299AA2C405DFFA864471DDB7F
SHA256:91C47A9A54A3A8C359E89A8B4E133E6B7296586748ED3E8F4FE566ABD6C81DDD
4080IPCTool.exeC:\Users\Administrator\Desktop\IPCTool.lnkbinary
MD5:E67D3F6331743D5B6385F5B9F8DD4EC1
SHA256:27CBF47CCF62B3F1C68DCC1F70A347B1400A3EA8FBA9F6325C3AEAB90EB6797D
4080IPCTool.exeC:\Users\admin\AppData\Local\Temp\nsf2BB6.tmp\modern-header.bmpimage
MD5:EADF80C79F88337C58CA0FB5032CB579
SHA256:8E58B3E6E3896A4BAE05FA2F6ADC238D391AA80BC51C138F851F373C6C23E518
4080IPCTool.exeC:\Program Files\IPCTool\IPCamTool.initext
MD5:B6AFA094AF833EB0E2E1D8C0514572E6
SHA256:9D4F3F596EC5A818ACF0B2BBF3A4BD0353A8447EDDEE454BD207293266496805
4080IPCTool.exeC:\Program Files\IPCTool\IPCTool.exeexecutable
MD5:7C3E06E82260C3A908AB6710E6EB8091
SHA256:0851A96F665402B6FA8DCE52EA252C67B8E3DB549344CF5102E2B92BD82848B6
4080IPCTool.exeC:\Program Files\IPCTool\ns_net.dllexecutable
MD5:CCB2CEAB605739178149028714EAAB30
SHA256:0533963943032A924FD4FCF88384D0B29CEA0C24D6C9EEBB69088FFD79C29848
4080IPCTool.exeC:\Users\admin\AppData\Local\Temp\nsf2BB6.tmp\InstallOptions.dllexecutable
MD5:06BEF96B91BFA75B7F7817341A6CD597
SHA256:2CA5590C85CC31285B83BBE569755D909D91B559DB2D6CE3BCA2FCC075225364
4080IPCTool.exeC:\Program Files\IPCTool\danale_app.pngimage
MD5:86ED00412AB43965D75B0FAB05ABB875
SHA256:D0D9381398AC029F14240B20ECA530246B6D2E4174FA05584EE4D0C133E292C4
4080IPCTool.exeC:\Users\admin\AppData\Local\Temp\nsf2BB6.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
8
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
255.255.255.255:8002
unknown
2036
IPCTool.exe
230.230.230.230:8002
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/IPCTool.exe