Malware analysis reiboot-for-android.exe Malicious activity

Add for printing

File name:	reiboot-for-android.exe
Full analysis:	https://app.any.run/tasks/6594e5b6-0f39-4af7-b431-14f415ed3d6c
Verdict:	Malicious activity
Analysis date:	February 26, 2024, 18:22:30
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	evasion
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:	DEB9A371B713547898A18A44BF2B2F89
SHA1:	1B00D97D1DF288BC7F0A0247A381043387D088D8
SHA256:	2E8B0749A2846D176BA40C52692CB84C772460C38E705214C0758CF8E41F7A03
SSDEEP:	98304:lSFLSo83jLaluX8+FPdcxsta+eI2X5eraGW40M1kuQ9/SLEjZFEXVjxgy9jj17HT:6eATI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - reiboot-for-android.exe (PID: 3772)
  - reibootforandroid_ts_2.1.21.exe (PID: 2904)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - ReibootForAndroid.exe (PID: 2244)
  - DPInst32.exe (PID: 552)
  - drvinst.exe (PID: 2376)
  - drvinst.exe (PID: 2120)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3100)
- Connects to the CnC server
  - reiboot-for-android.exe (PID: 3772)
- Creates a writable file in the system directory
  - drvinst.exe (PID: 2376)
  - drvinst.exe (PID: 2120)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3100)
SUSPICIOUS
- Reads settings of System Certificates
  - reiboot-for-android.exe (PID: 3772)
  - ReibootForAndroid.exe (PID: 2244)
  - rundll32.exe (PID: 3276)
  - rundll32.exe (PID: 784)
- Reads security settings of Internet Explorer
  - reiboot-for-android.exe (PID: 3772)
  - Start.exe (PID: 980)
  - ReibootForAndroid.exe (PID: 2244)
- Executable content was dropped or overwritten
  - reibootforandroid_ts_2.1.21.exe (PID: 2904)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - ReibootForAndroid.exe (PID: 2244)
  - DPInst32.exe (PID: 552)
  - drvinst.exe (PID: 2376)
  - drvinst.exe (PID: 2120)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3100)
- Checks Windows Trust Settings
  - reiboot-for-android.exe (PID: 3772)
  - drvinst.exe (PID: 2376)
  - ReibootForAndroid.exe (PID: 2244)
  - drvinst.exe (PID: 2120)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3100)
- Checks for external IP
  - reiboot-for-android.exe (PID: 3772)
- Process drops legitimate windows executable
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - DPInst32.exe (PID: 552)
  - drvinst.exe (PID: 2376)
  - drvinst.exe (PID: 2120)
  - drvinst.exe (PID: 3136)
- Drops 7-zip archiver for unpacking
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - ReibootForAndroid.exe (PID: 2244)
- Reads the Windows owner or organization settings
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
- Process drops legitimate windows executable (CertUtil.exe)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
- The process drops C-runtime libraries
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
- Drops a system driver (possible attempt to evade defenses)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - DPInst32.exe (PID: 552)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3100)
- Creates a software uninstall entry
  - reiboot-for-android.exe (PID: 3772)
  - ReibootForAndroid.exe (PID: 2244)
  - DPInst32.exe (PID: 552)
- Reads the Internet Settings
  - Start.exe (PID: 980)
  - ReibootForAndroid.exe (PID: 2244)
  - reiboot-for-android.exe (PID: 3772)
- Searches for installed software
  - ReibootForAndroid.exe (PID: 2244)
- Changes Internet Explorer settings (feature browser emulation)
  - ReibootForAndroid.exe (PID: 2244)
- Creates files in the driver directory
  - drvinst.exe (PID: 2376)
  - drvinst.exe (PID: 2120)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3100)
- Starts CMD.EXE for commands execution
  - ReibootForAndroid.exe (PID: 2244)
- Executes as Windows Service
  - VSSVC.exe (PID: 2616)
- Application launched itself
  - adb.exe (PID: 2996)
  - adb.exe (PID: 2928)
INFO
- Reads Environment values
  - reiboot-for-android.exe (PID: 3772)
  - ReibootForAndroid.exe (PID: 2244)
- Reads the computer name
  - reiboot-for-android.exe (PID: 3772)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - Start.exe (PID: 980)
  - ReibootForAndroid.exe (PID: 2244)
  - fastboot.exe (PID: 1540)
  - fastboot.exe (PID: 924)
  - DPInst32.exe (PID: 552)
  - drvinst.exe (PID: 2376)
  - fastboot.exe (PID: 2308)
  - fastboot.exe (PID: 1652)
  - fastboot.exe (PID: 1836)
  - fastboot.exe (PID: 3684)
  - fastboot.exe (PID: 1632)
  - fastboot.exe (PID: 3052)
  - fastboot.exe (PID: 2848)
  - drvinst.exe (PID: 2120)
  - fastboot.exe (PID: 3260)
  - fastboot.exe (PID: 584)
  - fastboot.exe (PID: 2520)
  - fastboot.exe (PID: 3752)
  - fastboot.exe (PID: 1072)
  - fastboot.exe (PID: 2380)
  - fastboot.exe (PID: 1404)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3136)
  - fastboot.exe (PID: 3692)
  - drvinst.exe (PID: 3100)
  - fastboot.exe (PID: 2160)
  - adb.exe (PID: 3608)
  - adb.exe (PID: 3260)
  - fastboot.exe (PID: 2520)
  - fastboot.exe (PID: 3164)
  - wmpnscfg.exe (PID: 2032)
  - fastboot.exe (PID: 2980)
  - fastboot.exe (PID: 3396)
  - fastboot.exe (PID: 1172)
  - fastboot.exe (PID: 3440)
  - fastboot.exe (PID: 2016)
  - fastboot.exe (PID: 2652)
  - fastboot.exe (PID: 2136)
  - fastboot.exe (PID: 3140)
  - fastboot.exe (PID: 2440)
  - fastboot.exe (PID: 1652)
  - fastboot.exe (PID: 3900)
  - fastboot.exe (PID: 3656)
  - fastboot.exe (PID: 1072)
  - fastboot.exe (PID: 2980)
  - fastboot.exe (PID: 3244)
  - fastboot.exe (PID: 1936)
  - fastboot.exe (PID: 1192)
  - fastboot.exe (PID: 3396)
  - fastboot.exe (PID: 3612)
  - fastboot.exe (PID: 1424)
  - fastboot.exe (PID: 584)
  - fastboot.exe (PID: 3536)
  - fastboot.exe (PID: 3876)
  - fastboot.exe (PID: 3824)
  - fastboot.exe (PID: 1344)
  - fastboot.exe (PID: 3052)
  - fastboot.exe (PID: 3256)
  - fastboot.exe (PID: 3076)
  - fastboot.exe (PID: 2332)
  - fastboot.exe (PID: 3996)
  - fastboot.exe (PID: 116)
  - fastboot.exe (PID: 3200)
  - fastboot.exe (PID: 2844)
  - fastboot.exe (PID: 2032)
  - fastboot.exe (PID: 2572)
  - fastboot.exe (PID: 1636)
  - fastboot.exe (PID: 2648)
  - fastboot.exe (PID: 2104)
  - fastboot.exe (PID: 3232)
  - fastboot.exe (PID: 2268)
  - fastboot.exe (PID: 2476)
  - fastboot.exe (PID: 3032)
  - fastboot.exe (PID: 980)
  - fastboot.exe (PID: 2068)
  - fastboot.exe (PID: 3000)
  - fastboot.exe (PID: 924)
  - fastboot.exe (PID: 2232)
  - fastboot.exe (PID: 908)
  - fastboot.exe (PID: 2592)
  - fastboot.exe (PID: 2020)
  - fastboot.exe (PID: 4048)
  - fastboot.exe (PID: 2572)
  - fastboot.exe (PID: 2108)
  - fastboot.exe (PID: 2788)
  - fastboot.exe (PID: 1628)
  - fastboot.exe (PID: 3496)
  - fastboot.exe (PID: 4012)
  - fastboot.exe (PID: 1352)
  - fastboot.exe (PID: 3536)
  - fastboot.exe (PID: 3652)
  - fastboot.exe (PID: 452)
  - fastboot.exe (PID: 4088)
  - fastboot.exe (PID: 2096)
  - fastboot.exe (PID: 4008)
  - fastboot.exe (PID: 1836)
  - fastboot.exe (PID: 3232)
  - fastboot.exe (PID: 2892)
  - fastboot.exe (PID: 1576)
  - fastboot.exe (PID: 3740)
  - fastboot.exe (PID: 1860)
  - fastboot.exe (PID: 2848)
  - fastboot.exe (PID: 1072)
  - fastboot.exe (PID: 3036)
  - fastboot.exe (PID: 1264)
  - fastboot.exe (PID: 3936)
  - fastboot.exe (PID: 1352)
  - fastboot.exe (PID: 2424)
  - fastboot.exe (PID: 3372)
  - fastboot.exe (PID: 2532)
  - fastboot.exe (PID: 3040)
  - fastboot.exe (PID: 1812)
  - fastboot.exe (PID: 3476)
  - fastboot.exe (PID: 1792)
  - fastboot.exe (PID: 1932)
  - fastboot.exe (PID: 2292)
  - fastboot.exe (PID: 1316)
  - fastboot.exe (PID: 3820)
  - fastboot.exe (PID: 2744)
  - fastboot.exe (PID: 2580)
  - fastboot.exe (PID: 3256)
  - fastboot.exe (PID: 3068)
  - fastboot.exe (PID: 2752)
  - fastboot.exe (PID: 876)
  - fastboot.exe (PID: 3412)
  - fastboot.exe (PID: 3432)
  - fastboot.exe (PID: 3840)
  - fastboot.exe (PID: 3664)
  - fastboot.exe (PID: 1784)
  - fastboot.exe (PID: 2892)
  - fastboot.exe (PID: 3932)
  - fastboot.exe (PID: 1056)
  - fastboot.exe (PID: 2372)
  - fastboot.exe (PID: 548)
  - fastboot.exe (PID: 3780)
  - fastboot.exe (PID: 3536)
  - fastboot.exe (PID: 3584)
  - fastboot.exe (PID: 2448)
  - fastboot.exe (PID: 452)
  - fastboot.exe (PID: 3492)
  - fastboot.exe (PID: 2832)
  - fastboot.exe (PID: 3836)
  - fastboot.exe (PID: 2036)
  - fastboot.exe (PID: 3448)
  - fastboot.exe (PID: 3728)
  - fastboot.exe (PID: 2072)
  - fastboot.exe (PID: 3476)
  - fastboot.exe (PID: 3548)
  - fastboot.exe (PID: 2788)
  - fastboot.exe (PID: 3944)
  - fastboot.exe (PID: 2088)
  - fastboot.exe (PID: 2976)
  - fastboot.exe (PID: 3460)
  - fastboot.exe (PID: 2376)
  - fastboot.exe (PID: 696)
  - fastboot.exe (PID: 3268)
  - fastboot.exe (PID: 3740)
  - fastboot.exe (PID: 680)
  - fastboot.exe (PID: 4052)
  - fastboot.exe (PID: 3000)
  - fastboot.exe (PID: 3240)
  - fastboot.exe (PID: 3484)
  - fastboot.exe (PID: 1652)
  - fastboot.exe (PID: 2636)
  - fastboot.exe (PID: 2052)
  - fastboot.exe (PID: 2568)
  - fastboot.exe (PID: 2688)
  - fastboot.exe (PID: 1368)
  - fastboot.exe (PID: 1112)
  - fastboot.exe (PID: 3516)
  - fastboot.exe (PID: 1848)
  - fastboot.exe (PID: 2512)
  - fastboot.exe (PID: 3008)
  - fastboot.exe (PID: 3768)
  - fastboot.exe (PID: 1544)
  - fastboot.exe (PID: 4024)
  - fastboot.exe (PID: 2096)
  - fastboot.exe (PID: 2156)
  - fastboot.exe (PID: 1020)
  - fastboot.exe (PID: 1424)
  - fastboot.exe (PID: 2228)
  - fastboot.exe (PID: 3228)
  - fastboot.exe (PID: 3180)
  - fastboot.exe (PID: 3256)
  - fastboot.exe (PID: 3308)
  - fastboot.exe (PID: 3704)
  - fastboot.exe (PID: 1900)
  - fastboot.exe (PID: 2736)
  - fastboot.exe (PID: 3212)
  - fastboot.exe (PID: 3820)
  - fastboot.exe (PID: 1976)
  - fastboot.exe (PID: 1852)
  - fastboot.exe (PID: 1624)
  - fastboot.exe (PID: 2500)
  - fastboot.exe (PID: 2036)
  - fastboot.exe (PID: 2136)
  - fastboot.exe (PID: 2892)
  - fastboot.exe (PID: 4004)
  - fastboot.exe (PID: 3140)
  - fastboot.exe (PID: 1772)
  - fastboot.exe (PID: 3432)
  - fastboot.exe (PID: 4080)
  - fastboot.exe (PID: 1560)
  - fastboot.exe (PID: 2308)
  - fastboot.exe (PID: 3460)
  - fastboot.exe (PID: 3236)
  - fastboot.exe (PID: 1928)
  - fastboot.exe (PID: 4012)
  - fastboot.exe (PID: 2980)
  - fastboot.exe (PID: 2052)
  - fastboot.exe (PID: 3960)
  - fastboot.exe (PID: 3472)
  - fastboot.exe (PID: 3668)
  - fastboot.exe (PID: 1832)
  - fastboot.exe (PID: 240)
  - fastboot.exe (PID: 3672)
  - fastboot.exe (PID: 884)
  - fastboot.exe (PID: 4072)
  - fastboot.exe (PID: 3664)
  - fastboot.exe (PID: 3148)
- Reads the software policy settings
  - reiboot-for-android.exe (PID: 3772)
  - ReibootForAndroid.exe (PID: 2244)
  - drvinst.exe (PID: 2376)
  - rundll32.exe (PID: 784)
  - drvinst.exe (PID: 2120)
  - rundll32.exe (PID: 3276)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3100)
  - drvinst.exe (PID: 3456)
- Creates files or folders in the user directory
  - reiboot-for-android.exe (PID: 3772)
  - ReibootForAndroid.exe (PID: 2244)
- Creates files in the program directory
  - reiboot-for-android.exe (PID: 3772)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - Start.exe (PID: 980)
  - ReibootForAndroid.exe (PID: 2244)
- Create files in a temporary directory
  - reibootforandroid_ts_2.1.21.exe (PID: 2904)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - ReibootForAndroid.exe (PID: 2244)
  - DPInst32.exe (PID: 552)
  - reiboot-for-android.exe (PID: 3772)
  - adb.exe (PID: 3260)
- Checks supported languages
  - reibootforandroid_ts_2.1.21.exe (PID: 2904)
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
  - Start.exe (PID: 980)
  - ReibootForAndroid.exe (PID: 2244)
  - fastboot.exe (PID: 1540)
  - InstallAndDriver.exe (PID: 3556)
  - repair.exe (PID: 296)
  - DPInst32.exe (PID: 552)
  - fastboot.exe (PID: 924)
  - drvinst.exe (PID: 2376)
  - fastboot.exe (PID: 2308)
  - fastboot.exe (PID: 1652)
  - fastboot.exe (PID: 1836)
  - fastboot.exe (PID: 1632)
  - fastboot.exe (PID: 3684)
  - fastboot.exe (PID: 3052)
  - reiboot-for-android.exe (PID: 3772)
  - drvinst.exe (PID: 2120)
  - fastboot.exe (PID: 2848)
  - fastboot.exe (PID: 2520)
  - fastboot.exe (PID: 584)
  - fastboot.exe (PID: 3752)
  - fastboot.exe (PID: 1072)
  - fastboot.exe (PID: 2380)
  - drvinst.exe (PID: 3136)
  - fastboot.exe (PID: 1404)
  - fastboot.exe (PID: 3260)
  - drvinst.exe (PID: 3456)
  - fastboot.exe (PID: 3692)
  - drvinst.exe (PID: 3100)
  - fastboot.exe (PID: 3164)
  - adb.exe (PID: 2928)
  - adb.exe (PID: 2996)
  - adb.exe (PID: 4016)
  - fastboot.exe (PID: 2160)
  - adb.exe (PID: 3260)
  - adb.exe (PID: 3608)
  - adb.exe (PID: 4028)
  - adb.exe (PID: 1112)
  - wmpnscfg.exe (PID: 2032)
  - adb.exe (PID: 3216)
  - adb.exe (PID: 3244)
  - fastboot.exe (PID: 1172)
  - fastboot.exe (PID: 3396)
  - fastboot.exe (PID: 3900)
  - fastboot.exe (PID: 3440)
  - fastboot.exe (PID: 2520)
  - fastboot.exe (PID: 2980)
  - fastboot.exe (PID: 2652)
  - fastboot.exe (PID: 3656)
  - fastboot.exe (PID: 2136)
  - fastboot.exe (PID: 2440)
  - fastboot.exe (PID: 3140)
  - fastboot.exe (PID: 1424)
  - fastboot.exe (PID: 1652)
  - fastboot.exe (PID: 2016)
  - fastboot.exe (PID: 2980)
  - fastboot.exe (PID: 1072)
  - fastboot.exe (PID: 3244)
  - fastboot.exe (PID: 3396)
  - fastboot.exe (PID: 1936)
  - fastboot.exe (PID: 3612)
  - fastboot.exe (PID: 1192)
  - fastboot.exe (PID: 584)
  - fastboot.exe (PID: 3052)
  - fastboot.exe (PID: 3824)
  - fastboot.exe (PID: 1344)
  - fastboot.exe (PID: 3076)
  - fastboot.exe (PID: 3876)
  - fastboot.exe (PID: 1636)
  - fastboot.exe (PID: 2332)
  - fastboot.exe (PID: 3536)
  - fastboot.exe (PID: 3256)
  - fastboot.exe (PID: 116)
  - fastboot.exe (PID: 3200)
  - fastboot.exe (PID: 2844)
  - fastboot.exe (PID: 2032)
  - fastboot.exe (PID: 2572)
  - fastboot.exe (PID: 924)
  - fastboot.exe (PID: 2648)
  - fastboot.exe (PID: 3996)
  - fastboot.exe (PID: 2104)
  - fastboot.exe (PID: 2268)
  - fastboot.exe (PID: 2476)
  - fastboot.exe (PID: 3032)
  - fastboot.exe (PID: 980)
  - fastboot.exe (PID: 2232)
  - fastboot.exe (PID: 2068)
  - fastboot.exe (PID: 3000)
  - fastboot.exe (PID: 908)
  - fastboot.exe (PID: 3232)
  - fastboot.exe (PID: 2592)
  - fastboot.exe (PID: 4048)
  - fastboot.exe (PID: 2108)
  - fastboot.exe (PID: 2788)
  - fastboot.exe (PID: 3496)
  - fastboot.exe (PID: 1628)
  - fastboot.exe (PID: 4012)
  - fastboot.exe (PID: 2572)
  - fastboot.exe (PID: 2020)
  - fastboot.exe (PID: 1352)
  - fastboot.exe (PID: 4008)
  - fastboot.exe (PID: 1836)
  - fastboot.exe (PID: 3652)
  - fastboot.exe (PID: 3936)
  - fastboot.exe (PID: 2096)
  - fastboot.exe (PID: 3536)
  - fastboot.exe (PID: 3232)
  - fastboot.exe (PID: 452)
  - fastboot.exe (PID: 4088)
  - fastboot.exe (PID: 2848)
  - fastboot.exe (PID: 3740)
  - fastboot.exe (PID: 1860)
  - fastboot.exe (PID: 1072)
  - fastboot.exe (PID: 3036)
  - fastboot.exe (PID: 1264)
  - fastboot.exe (PID: 2892)
  - fastboot.exe (PID: 1576)
  - fastboot.exe (PID: 1932)
  - fastboot.exe (PID: 3372)
  - fastboot.exe (PID: 2424)
  - fastboot.exe (PID: 3040)
  - fastboot.exe (PID: 3476)
  - fastboot.exe (PID: 1812)
  - fastboot.exe (PID: 2532)
  - fastboot.exe (PID: 1792)
  - fastboot.exe (PID: 1352)
  - fastboot.exe (PID: 3256)
  - fastboot.exe (PID: 2292)
  - fastboot.exe (PID: 3068)
  - fastboot.exe (PID: 3820)
  - fastboot.exe (PID: 1316)
  - fastboot.exe (PID: 2744)
  - fastboot.exe (PID: 2580)
  - fastboot.exe (PID: 1784)
  - fastboot.exe (PID: 3412)
  - fastboot.exe (PID: 1056)
  - fastboot.exe (PID: 3840)
  - fastboot.exe (PID: 3432)
  - fastboot.exe (PID: 2892)
  - fastboot.exe (PID: 3932)
  - fastboot.exe (PID: 2752)
  - fastboot.exe (PID: 876)
  - fastboot.exe (PID: 3664)
  - fastboot.exe (PID: 548)
  - fastboot.exe (PID: 3536)
  - fastboot.exe (PID: 3584)
  - fastboot.exe (PID: 2448)
  - fastboot.exe (PID: 3492)
  - fastboot.exe (PID: 452)
  - fastboot.exe (PID: 2372)
  - fastboot.exe (PID: 3780)
  - fastboot.exe (PID: 3836)
  - fastboot.exe (PID: 2788)
  - fastboot.exe (PID: 3448)
  - fastboot.exe (PID: 2036)
  - fastboot.exe (PID: 2072)
  - fastboot.exe (PID: 3728)
  - fastboot.exe (PID: 680)
  - fastboot.exe (PID: 3476)
  - fastboot.exe (PID: 3548)
  - fastboot.exe (PID: 2832)
  - fastboot.exe (PID: 2088)
  - fastboot.exe (PID: 3944)
  - fastboot.exe (PID: 3460)
  - fastboot.exe (PID: 2976)
  - fastboot.exe (PID: 2376)
  - fastboot.exe (PID: 696)
  - fastboot.exe (PID: 3268)
  - fastboot.exe (PID: 3740)
  - fastboot.exe (PID: 2688)
  - fastboot.exe (PID: 4052)
  - fastboot.exe (PID: 3240)
  - fastboot.exe (PID: 3000)
  - fastboot.exe (PID: 3484)
  - fastboot.exe (PID: 1652)
  - fastboot.exe (PID: 2636)
  - fastboot.exe (PID: 2568)
  - fastboot.exe (PID: 1112)
  - fastboot.exe (PID: 2052)
  - fastboot.exe (PID: 1368)
  - fastboot.exe (PID: 1848)
  - fastboot.exe (PID: 2512)
  - fastboot.exe (PID: 3008)
  - fastboot.exe (PID: 1544)
  - fastboot.exe (PID: 3768)
  - fastboot.exe (PID: 4024)
  - fastboot.exe (PID: 2096)
  - fastboot.exe (PID: 3704)
  - fastboot.exe (PID: 3516)
  - fastboot.exe (PID: 1900)
  - fastboot.exe (PID: 1020)
  - fastboot.exe (PID: 1424)
  - fastboot.exe (PID: 3228)
  - fastboot.exe (PID: 2228)
  - fastboot.exe (PID: 3256)
  - fastboot.exe (PID: 3180)
  - fastboot.exe (PID: 3308)
  - fastboot.exe (PID: 2156)
  - fastboot.exe (PID: 2036)
  - fastboot.exe (PID: 1852)
  - fastboot.exe (PID: 3212)
  - fastboot.exe (PID: 2736)
  - fastboot.exe (PID: 1976)
  - fastboot.exe (PID: 3820)
  - fastboot.exe (PID: 2136)
  - fastboot.exe (PID: 1624)
  - fastboot.exe (PID: 2500)
  - fastboot.exe (PID: 2892)
  - fastboot.exe (PID: 4004)
  - fastboot.exe (PID: 3140)
  - fastboot.exe (PID: 1772)
  - fastboot.exe (PID: 4080)
  - fastboot.exe (PID: 3432)
  - fastboot.exe (PID: 2308)
  - fastboot.exe (PID: 3460)
  - fastboot.exe (PID: 1560)
  - fastboot.exe (PID: 3960)
  - fastboot.exe (PID: 3236)
  - fastboot.exe (PID: 4012)
  - fastboot.exe (PID: 2980)
  - fastboot.exe (PID: 2052)
  - fastboot.exe (PID: 3472)
  - fastboot.exe (PID: 3668)
  - fastboot.exe (PID: 3148)
  - fastboot.exe (PID: 1832)
  - fastboot.exe (PID: 1928)
  - fastboot.exe (PID: 240)
  - fastboot.exe (PID: 3672)
  - fastboot.exe (PID: 4072)
  - fastboot.exe (PID: 3664)
  - fastboot.exe (PID: 884)
- Creates a software uninstall entry
  - reibootforandroid_ts_2.1.21.tmp (PID: 3072)
- Reads the machine GUID from the registry
  - ReibootForAndroid.exe (PID: 2244)
  - DPInst32.exe (PID: 552)
  - drvinst.exe (PID: 2376)
  - drvinst.exe (PID: 2120)
  - reiboot-for-android.exe (PID: 3772)
  - drvinst.exe (PID: 3136)
  - drvinst.exe (PID: 3456)
  - drvinst.exe (PID: 3100)
  - adb.exe (PID: 3608)
  - adb.exe (PID: 3260)
- Reads security settings of Internet Explorer
  - rundll32.exe (PID: 784)
  - rundll32.exe (PID: 3276)
- Application launched itself
  - msedge.exe (PID: 896)
  - msedge.exe (PID: 2524)
  - msedge.exe (PID: 2296)
  - msedge.exe (PID: 3472)
  - msedge.exe (PID: 2364)
  - msedge.exe (PID: 3324)
- Checks proxy server information
  - ReibootForAndroid.exe (PID: 2244)
  - reiboot-for-android.exe (PID: 3772)
- Manual execution by a user
  - msedge.exe (PID: 2524)
  - msedge.exe (PID: 3472)
  - wmpnscfg.exe (PID: 2032)
  - msedge.exe (PID: 3324)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	UPX compressed Win32 Executable (76)
.exe	\|	Win32 Executable (generic) (12.6)
.exe	\|	Generic Win/DOS Executable (5.6)
.exe	\|	DOS Executable Generic (5.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:06:27 03:11:21+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14
CodeSize:	1802240
InitializedDataSize:	241664
UninitializedDataSize:	2187264
EntryPoint:	0x3ce820
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	2.7.11.0
ProductVersionNumber:	2.7.11.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Windows, Latin1
CompanyName:	Tenorshare Co., Ltd.
FileDescription:	ReiBoot for Android
FileVersion:	2.7.11.0
LegalCopyright:	Copyright © 2007-2023 Tenorshare Co.,Ltd.
ProductName:	20230627111056
ProductVersion:	2.7.11.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

763

Monitored processes

503

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

116

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

240

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

268

"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devices

C:\Windows\System32\cmd.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

268

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1284,i,8244457642628466432,4313857978834653277,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

296

"C:\Program Files\Tenorshare\ReiBoot for Android\repair.exe"

C:\Program Files\Tenorshare\ReiBoot for Android\repair.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Samsung Electronics Co., Ltd.

Integrity Level:

HIGH

Description:

Odin Downloader

Exit code:

Version:

2017.10.18.1

Modules

Images
c:\program files\tenorshare\reiboot for android\repair.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msimg32.dll

324

"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devices

C:\Windows\System32\cmd.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

452

"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devices

C:\Windows\System32\cmd.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

452

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1324,i,8283290480293021917,15204910297641279914,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

452

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

452

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

Add for printing

Total events

81 573

Read events

80 828

Write events

707

Delete events

Modification events


(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Tenorshare\Downloader2.5.0
Operation:	write	Name:	GA_PC
Value: 1
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	ProxyServer
Value:
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	ProxyOverride
Value:
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	AutoConfigURL
Value:
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	AutoDetect
Value:
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(3772) reiboot-for-android.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1

Add for printing

Executable files

386

Suspicious files

186

Text files

265

Unknown types

191

Dropped files

PID	Process	Filename		Type
3772	reiboot-for-android.exe	C:\Users\admin\AppData\Local\Temp\reibootforandroid_ts\reibootforandroid_ts_2.1.21.exe		—
		MD5:—	SHA256:—
3772	reiboot-for-android.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\0862UO6N.txt		text
		MD5:820219A2634D6387B28F27F1A248091E	SHA256:38FCE2C2BFD48DD14C6984798BA1866933056C3C5716DE0404435A4F657BB902
3772	reiboot-for-android.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C		binary
		MD5:E110D7E9FD42BB02A914A1FF4CB94477	SHA256:8A68117880D2626632BC039F84F449F53EF4D16F38DFF348B7C231B883BE0E8E
3772	reiboot-for-android.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\1S5YPBZJ.txt		text
		MD5:2B2721642349146EF2F6686594144E97	SHA256:6C8AF1235DBC8D65FDD3C2520B8EE9535934AE7B3A459C7C84DD97FE8E4C2247
3072	reibootforandroid_ts_2.1.21.tmp	C:\Program Files\Tenorshare\ReiBoot for Android\is-LPQI0.tmp		executable
		MD5:C7DFA5DF70CB98D5AD0CEA1258285F3D	SHA256:04DBA27A3A84CFD17AF5FE9019F4047C4B492C062DDB195572DB942FBEDB78CE
3772	reiboot-for-android.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_EB10CBE5F5A4C34C11B6616190391C99		binary
		MD5:98AD204FDA86BD5FE7C1E67B944EC034	SHA256:76AE82F49CECCBFC6AADCC92784B0320192180FCAF733CA556C11DC1B00A223B
3772	reiboot-for-android.exe	C:\Users\admin\AppData\Local\Temp\reibootforandroid_ts\reibootforandroid_ts_2.1.21.exe.xml		text
		MD5:F0F4C58FFBAE67D2E0775BDB3D9A315F	SHA256:A8C44E659876FF7FFCB652769759A00059F8E616670857F0D3F7A5152D844408
3072	reibootforandroid_ts_2.1.21.tmp	C:\Program Files\Tenorshare\ReiBoot for Android\is-E459Q.tmp		executable
		MD5:C3756557DA17AA37945192D3B72DDCDB	SHA256:7142AE144CC9C917BA8BCCB7F16C2BFF6A0E2B3280DA7549682C549A9D090832
2904	reibootforandroid_ts_2.1.21.exe	C:\Users\admin\AppData\Local\Temp\is-Q328J.tmp\reibootforandroid_ts_2.1.21.tmp		executable
		MD5:C3756557DA17AA37945192D3B72DDCDB	SHA256:7142AE144CC9C917BA8BCCB7F16C2BFF6A0E2B3280DA7549682C549A9D090832
3072	reibootforandroid_ts_2.1.21.tmp	C:\Program Files\Tenorshare\ReiBoot for Android\unins000.exe		executable
		MD5:C3756557DA17AA37945192D3B72DDCDB	SHA256:7142AE144CC9C917BA8BCCB7F16C2BFF6A0E2B3280DA7549682C549A9D090832

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

222

DNS requests

219

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3772	reiboot-for-android.exe	GET	304	184.24.77.199:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?04b2dea8abd60a79	unknown	—	—	unknown
3772	reiboot-for-android.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D	unknown	binary	471 b	unknown
3772	reiboot-for-android.exe	GET	301	104.17.192.141:80	http://www.tenorshare.com/downloads/service/softwarelog.txt	unknown	html	245 b	unknown
3772	reiboot-for-android.exe	POST	200	142.250.185.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
3772	reiboot-for-android.exe	GET	200	208.95.112.1:80	http://ip-api.com/csv	unknown	text	172 b	unknown
3772	reiboot-for-android.exe	POST	200	142.250.185.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
3772	reiboot-for-android.exe	POST	200	142.250.185.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
3772	reiboot-for-android.exe	POST	200	142.250.185.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
3772	reiboot-for-android.exe	POST	200	142.250.185.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
3772	reiboot-for-android.exe	POST	200	142.250.185.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3772	reiboot-for-android.exe	104.17.192.141:80	www.tenorshare.com	CLOUDFLARENET	—	unknown
3772	reiboot-for-android.exe	104.17.192.141:443	www.tenorshare.com	CLOUDFLARENET	—	unknown
3772	reiboot-for-android.exe	184.24.77.199:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3772	reiboot-for-android.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
3772	reiboot-for-android.exe	208.95.112.1:80	ip-api.com	TUT-AS	US	unknown
3772	reiboot-for-android.exe	142.250.185.78:443	www.google-analytics.com	GOOGLE	US	whitelisted
3772	reiboot-for-android.exe	104.18.25.249:443	update.tenorshare.com	CLOUDFLARENET	—	unknown

DNS requests

Domain	IP	Reputation
www.tenorshare.com	104.17.192.141 104.17.207.155	whitelisted
ctldl.windowsupdate.com	184.24.77.199 184.24.77.176 184.24.77.207 184.24.77.205 184.24.77.191 184.24.77.174 184.24.77.209 184.24.77.208	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
ip-api.com	208.95.112.1	shared
www.google-analytics.com	142.250.185.78	whitelisted
update.tenorshare.com	104.18.25.249 104.18.24.249	unknown
download.tenorshare.com	104.18.25.249 104.18.24.249	unknown
apiw.tenorshare.com	104.18.25.249 104.18.24.249	unknown
analytics.afirstsoft.cn	104.18.3.37 104.18.2.37	unknown
ocsp.pki.goog	172.217.16.195	whitelisted

Threats

PID	Process	Class	Message
3772	reiboot-for-android.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0
3772	reiboot-for-android.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0
3772	reiboot-for-android.exe	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com
3772	reiboot-for-android.exe	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
3772	reiboot-for-android.exe	Possibly Unwanted Program Detected	ET ADWARE_PUP Tensorshare Google Analytics Checkin
2244	ReibootForAndroid.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0

3 ETPRO signatures available at the full report

Add for printing

Process	Message
ReibootForAndroid.exe	log4net:ERROR XmlHierarchyConfigurator: No appender named [ConsoleAppender] could be found.
ReibootForAndroid.exe	log4net:ERROR Appender named [ConsoleAppender] not found.
ReibootForAndroid.exe	Native library pre-loader is trying to load native SQLite library "C:\Program Files\Tenorshare\ReiBoot for Android\x86\SQLite.Interop.dll"...

General Info

reiboot-for-android.exe

DEB9A371B713547898A18A44BF2B2F89

1B00D97D1DF288BC7F0A0247A381043387D088D8

2E8B0749A2846D176BA40C52692CB84C772460C38E705214C0758CF8E41F7A03

98304:lSFLSo83jLaluX8+FPdcxsta+eI2X5eraGW40M1kuQ9/SLEjZFEXVjxgy9jj17HT:6eATI

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Connects to the CnC server

Creates a writable file in the system directory

SUSPICIOUS

Reads settings of System Certificates

Reads security settings of Internet Explorer

Executable content was dropped or overwritten

Checks Windows Trust Settings

Checks for external IP

Process drops legitimate windows executable

Drops 7-zip archiver for unpacking

Reads the Windows owner or organization settings

Process drops legitimate windows executable (CertUtil.exe)

The process drops C-runtime libraries

Drops a system driver (possible attempt to evade defenses)

Creates a software uninstall entry

Reads the Internet Settings

Searches for installed software

Changes Internet Explorer settings (feature browser emulation)

Creates files in the driver directory

Starts CMD.EXE for commands execution

Executes as Windows Service

Application launched itself

INFO

Reads Environment values

Reads the computer name

Reads the software policy settings

Creates files or folders in the user directory

Creates files in the program directory

Create files in a temporary directory

Checks supported languages

Creates a software uninstall entry

Reads the machine GUID from the registry

Reads security settings of Internet Explorer

Application launched itself

Checks proxy server information

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events