File name:

wirelesskeyview.exe

Full analysis: https://app.any.run/tasks/97203704-9b8d-4114-9444-1dd93ce8ba03
Verdict: Malicious activity
Analysis date: September 19, 2023, 08:10:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
MD5:

0D06681F63F3026260AA1E15D86520A0

SHA1:

12C42B7FEFDEFB752A8118FB928B913C0EF7562D

SHA256:

2C7B1C5C51F6952E7B8D0AC8137BC890F0EDB43F878D0E356A4BDBE1AB325127

SSDEEP:

3072:VYfuVGYJYN5XRu39qWq+5EXzBbRDtgTjcFgHnqfqeg8pAwyy3PZYl:iD03EWaV1SbqsaAwyy+l

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ins1173.exe (PID: 2860)

  • SUSPICIOUS

    • Reads the Internet Settings

      • wirelesskeyview.exe (PID: 2816)

  • INFO

    • Create files in a temporary directory

      • wirelesskeyview.exe (PID: 2816)

    • Checks supported languages

      • wirelesskeyview.exe (PID: 2816)
      • ins1173.exe (PID: 2860)

    • Reads the computer name

      • wirelesskeyview.exe (PID: 2816)
      • ins1173.exe (PID: 2860)

    • Reads the machine GUID from the registry

      • ins1173.exe (PID: 2860)

    • Reads Environment values

      • ins1173.exe (PID: 2860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

ProductVersion: 3.0.26
OriginalFileName: inst4ll·3x3
LegalCopyright: copyright·©·2013
InternalName: *install*
FileVersion: 1.0.0.30
FileDescription: Setup Manager
CompanyName: *Rapiddown*
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0017
ProductVersionNumber: 3.0.26.0
FileVersionNumber: 1.0.0.30
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x60117
UninitializedDataSize: -
InitializedDataSize: 265728
CodeSize: 102912
LinkerVersion: 10
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit, No debug
TimeStamp: 2013:12:31 11:25:30+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start wirelesskeyview.exe ins1173.exe wirelesskeyview.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2816"C:\Users\admin\AppData\Local\Temp\wirelesskeyview.exe" C:\Users\admin\AppData\Local\Temp\wirelesskeyview.exe
explorer.exe
User:
admin
Company:
*Rapiddown*
Integrity Level:
HIGH
Description:
Setup Manager
Exit code:
0
Version:
1.0.0.30
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\users\admin\appdata\local\temp\wirelesskeyview.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2860"C:\Users\admin\AppData\Local\Temp\n1173\ins1173.exe" ins.exe /e4878377 /u4fe0cf9f-1fe4-4abb-905a-57915bc06f2f C:\Users\admin\AppData\Local\Temp\n1173\ins1173.exe
wirelesskeyview.exe
User:
admin
Company:
·Rapiddown·
Integrity Level:
HIGH
Description:
·Appsinstall
Exit code:
23
Version:
3.0.26.4
Modules
Images
c:\users\admin\appdata\local\temp\n1173\ins1173.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3488"C:\Users\admin\AppData\Local\Temp\wirelesskeyview.exe" C:\Users\admin\AppData\Local\Temp\wirelesskeyview.exeexplorer.exe
User:
admin
Company:
*Rapiddown*
Integrity Level:
MEDIUM
Description:
Setup Manager
Exit code:
3221226540
Version:
1.0.0.30
Modules
Images
c:\users\admin\appdata\local\temp\wirelesskeyview.exe
c:\windows\system32\ntdll.dll
Total events
1 336
Read events
1 328
Write events
8
Delete events
0

Modification events

(PID) Process:(2816) wirelesskeyview.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2816) wirelesskeyview.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2816) wirelesskeyview.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2816) wirelesskeyview.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2816wirelesskeyview.exeC:\Users\admin\AppData\Local\Temp\n1173\ins1173.exeexecutable
MD5:895CB5AB5FFB2F8DDE5E3CDC7A84BFFC
SHA256:44DC4038B14A188209ACABBDF44CCE73B5AABD7B4EA27D643E3231EC91F2090D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
3
DNS requests
1
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2860
ins1173.exe
GET
200
76.223.26.96:80
http://api.socdn.com/installer/4fe0cf9f-1fe4-4abb-905a-57915bc06f2f/4878377/config
unknown
html
2.23 Kb
malicious
2860
ins1173.exe
POST
403
76.223.26.96:80
http://api.socdn.com/installer/4fe0cf9f-1fe4-4abb-905a-57915bc06f2f/4878377/event
unknown
html
138 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2860
ins1173.exe
76.223.26.96:80
api.socdn.com
AMAZON-02
US
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
api.socdn.com
  • 76.223.26.96
  • 13.248.148.254
malicious

Threats

PID
Process
Class
Message
2860
ins1173.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User-Agent (DownloadMR)
2860
ins1173.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User-Agent (DownloadMR)
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
wirelesskeyview.exe