File name:

svfx.exe

Full analysis: https://app.any.run/tasks/dd910790-a8af-4253-a850-61fedb6dcda0
Verdict: Malicious activity
Analysis date: February 14, 2024, 12:18:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

3981DE6FC2A9F1D1E3F49C5A44EFC670

SHA1:

A83B3333561795AA3048246A3C99353B5F840452

SHA256:

3163DE77FB8AD857BBDEDCC49BABBEC157813423A5886F5A33B793CCF00F9D29

SSDEEP:

49152:B+95OGeFeWPjwGoqcelTAIFPxdYlk6jiGDSKJVnZiNOSZXP4BjqNVaiSZUycQdI4:QD8DPjCe+IFPqZDfHZiNtZ/IONENZFU8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • svfx.exe (PID: 1384)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • svfx.exe (PID: 1384)

    • Starts application with an unusual extension

      • svfx.exe (PID: 1384)

  • INFO

    • Checks supported languages

      • AutoItSC.bin (PID: 2472)
      • svfx.exe (PID: 1384)

    • Reads the computer name

      • AutoItSC.bin (PID: 2472)

    • Reads mouse settings

      • AutoItSC.bin (PID: 2472)

    • Create files in a temporary directory

      • svfx.exe (PID: 1384)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:06:01 12:00:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 32256
InitializedDataSize: 31232
UninitializedDataSize: -
EntryPoint: 0x8410
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.1.17.4366
ProductVersionNumber: 3.82.2021.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: SmartVersion File Extractor
LegalCopyright: forums.MyDigitalLife.net
ProductName: SmartVersion.com
ProductVersion: 3.82
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start svfx.exe autoitsc.bin no specs

Process information

PID
CMD
Path
Indicators
Parent process
1384"C:\Users\admin\AppData\Local\Temp\svfx.exe" C:\Users\admin\AppData\Local\Temp\svfx.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SmartVersion File Extractor
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\svfx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\vcruntime140.dll
2472"C:\Users\admin\AppData\Local\Temp\7z7C670568\AutoItSC.bin" /AutoIt3ExecuteScript "C:\Users\admin\AppData\Local\Temp\7z7C670568\svfx.a3x" C:\Users\admin\AppData\Local\Temp\7z7C670568\AutoItSC.binsvfx.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
3, 3, 8, 1
Modules
Images
c:\users\admin\appdata\local\temp\7z7c670568\autoitsc.bin
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
Total events
144
Read events
144
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1384svfx.exeC:\Users\admin\AppData\Local\Temp\7z7C670568\authors.txttext
MD5:C5C8E98CA18F9C5316F3B8C6943C828D
SHA256:AB01A5C66EA87EDCA829F4EAAC9DB26C77F5CF93653836A15275DCD665CB5DCF
1384svfx.exeC:\Users\admin\AppData\Local\Temp\7z7C670568\svfx_hash.a3xa3x
MD5:39695426F62986F059BDA90EF82E6657
SHA256:80A1E63A989E5A6CB10734F375325C8DEC07E696C98B61E346A2A659D1529B00
1384svfx.exeC:\Users\admin\AppData\Local\Temp\7z7C670568\svfx.a3xbinary
MD5:552E64B96C815611FBB9B4B471F6C544
SHA256:B2E72853110F761D20C4528794665F35B408978B7F0144628A8B8EBF0122ADAB
1384svfx.exeC:\Users\admin\AppData\Local\Temp\7z7C670568\smv.exeexecutable
MD5:8991B508BD60D3E1FDA091F224DDB82B
SHA256:0A122B7BAEAF725C85699C7E606AEE1FF70BF5EC87B2DC911F90C4BA056D6407
1384svfx.exeC:\Users\admin\AppData\Local\Temp\7z7C670568\AutoItSC.binexecutable
MD5:3EDCF50443AF194BF5131B0F35E3671D
SHA256:8378A324A838EF0AB3CEED73B8840D7B948C2607A35820A4D968894E1DFA2355
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
svfx.exe