File name:

systeminformer-3.1.24298-release-setup.exe

Full analysis: https://app.any.run/tasks/0186535b-73d4-4d2a-a246-bd609b01281f
Verdict: Malicious activity
Analysis date: November 16, 2024, 19:02:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

6730CA40D6606B4BC091D6C1852CEBEF

SHA1:

502F25501E1A0708530EFB6C2FDFD2C6EFF44096

SHA256:

35EC595325C1BDD74D5C412DC8CCDAF1F48E1AEA8959A4C21DF14488DED596E5

SSDEEP:

196608:UYulb6zEklM2q+yD1dbwvdySbhAQlb6RUfuv1:Uvb6zH3qXPlgAsb6Ac

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)
      • SystemInformer.exe (PID: 4904)

    • Application launched itself

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)

    • Drops a system driver (possible attempt to evade defenses)

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Process drops legitimate windows executable

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • The process creates files with name similar to system file names

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Executable content was dropped or overwritten

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Creates a software uninstall entry

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Checks Windows Trust Settings

      • SystemInformer.exe (PID: 4904)

  • INFO

    • Checks supported languages

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)
      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • SystemInformer.exe (PID: 4904)

    • Reads the computer name

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)
      • SystemInformer.exe (PID: 4904)

    • Creates files in the program directory

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Process checks computer location settings

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Reads CPU info

      • SystemInformer.exe (PID: 4904)

    • Reads the time zone

      • SystemInformer.exe (PID: 4904)

    • Checks proxy server information

      • SystemInformer.exe (PID: 4904)

    • Reads the software policy settings

      • SystemInformer.exe (PID: 4904)

    • Reads the machine GUID from the registry

      • SystemInformer.exe (PID: 4904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:09:28 16:58:16+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.41
CodeSize: 266240
InitializedDataSize: 20398080
UninitializedDataSize: -
EntryPoint: 0x21b60
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.1.24298.0
ProductVersionNumber: 3.1.24298.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: System Informer
FileDescription: System Informer - Setup
FileVersion: 3.1.24298.0
InternalName: systeminformer-setup.exe
LegalCopyright: Copyright (c) Winsider Seminars & Solutions, Inc. All rights reserved.
OriginalFileName: systeminformer-setup.exe
ProductName: System Informer
ProductVersion: 3.1.24298.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start systeminformer-3.1.24298-release-setup.exe no specs systeminformer-3.1.24298-release-setup.exe systeminformer.exe

Process information

PID
CMD
Path
Indicators
Parent process
3792"C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe" "C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe" C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe
systeminformer-3.1.24298-release-setup.exe
User:
admin
Company:
System Informer
Integrity Level:
HIGH
Description:
System Informer - Setup
Exit code:
0
Version:
3.1.24298.0
Modules
Images
c:\users\admin\desktop\systeminformer-3.1.24298-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4904"C:\Program Files\SystemInformer\SystemInformer.exe" -channel releaseC:\Program Files\SystemInformer\SystemInformer.exe
systeminformer-3.1.24298-release-setup.exe
User:
admin
Company:
Winsider Seminars & Solutions
Integrity Level:
HIGH
Description:
Sуstеm Infоrmеr
Version:
3.1.24298.0
Modules
Images
c:\program files\systeminformer\systeminformer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6308"C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe" C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exeexplorer.exe
User:
admin
Company:
System Informer
Integrity Level:
MEDIUM
Description:
System Informer - Setup
Exit code:
0
Version:
3.1.24298.0
Modules
Images
c:\users\admin\desktop\systeminformer-3.1.24298-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
6 317
Read events
6 308
Write events
9
Delete events
0

Modification events

(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayIcon
Value:
C:\Program Files\SystemInformer\systeminformer.exe,0
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayName
Value:
System Informer
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayVersion
Value:
3.1.24298.0
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:HelpLink
Value:
https://systeminformer.sourceforge.io/
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:InstallLocation
Value:
C:\Program Files\SystemInformer\
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:Publisher
Value:
Winsider Seminars & Solutions, Inc.
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:UninstallString
Value:
"C:\Program Files\SystemInformer\systeminformer-setup.exe" -uninstall
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoModify
Value:
1
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoRepair
Value:
1
Executable files
22
Suspicious files
22
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\CapsList.txttext
MD5:397F7C66959A56EF89133733B56A9616
SHA256:D74FA0FF77E0FB81EE2A5B7211CBE7CC33F03EE1EB1AA488CDAFC45540A8FE5A
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\COPYRIGHT.txttext
MD5:CA24EB3F2DEEB2DC58277A165712A4AC
SHA256:A48B54A4494300FF3D8F41F34AAFC74314ECCEADDE71BEB899C1231C3977BF1D
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\systeminformer-setup.exeexecutable
MD5:6730CA40D6606B4BC091D6C1852CEBEF
SHA256:35EC595325C1BDD74D5C412DC8CCDAF1F48E1AEA8959A4C21DF14488DED596E5
3792systeminformer-3.1.24298-release-setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Viewer.lnklnk
MD5:B75ACE2E9E96CA66DC62C5B39C3FEEDD
SHA256:A69A368F43987E528B91C289FF036ABEC71AE131A5AEB2137D8892D1DF213299
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\symsrv.dllexecutable
MD5:2C3DA601F703450E0B0E0AF4BEDFD46D
SHA256:AEB60A6CC63345789CB62FBE68831E270520F8E88A4768DA4C7BD72C997CBEEA
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\PoolTag.txttext
MD5:1C9549CE1C01BBC922CD21D1D5A324E6
SHA256:28D7902155B300414F4277BF212E4D9415810A7960CC67F5DA58A706BE6BD51E
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\ksidyn.sigbinary
MD5:0896EDA0B11B8D5960ED561CB85C38DC
SHA256:FBF634CBFD1C4D2C726E491897F73E237CF84EA1CFDE6CDAF96BECFF56FAE514
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\README.txttext
MD5:0CCC7E76DA4E38CD2F73BD197DEA80C3
SHA256:29C068275F2B99405DFED86B2C6C6E0722944B743565796B76FBF74F42DA8039
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\icon.pngimage
MD5:5352EBD888E7E6C1DABD20C4D6B921C5
SHA256:46E1C3D45F5085FA4F97F6BCB2AD0197DABB0E1C7EFD2A6CBA1A0BD3461E2387
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\ksi.dllexecutable
MD5:675A983112140010D791F9CB75656815
SHA256:7B535E69D2AD35539A686C0BD902105A30BDB8F2FB3299B2CC7057D157107C9D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
30
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
104.18.11.31:443
https://systeminformer.sourceforge.io/update.php?channel=release
unknown
binary
859 b
whitelisted
POST
204
92.123.104.31:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
92.123.104.67:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
239.255.255.250:1900
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
www.bing.com
  • 92.123.104.67
  • 92.123.104.7
  • 92.123.104.6
  • 92.123.104.66
  • 92.123.104.5
  • 92.123.104.13
  • 92.123.104.64
  • 92.123.104.9
  • 92.123.104.63
  • 92.123.104.26
  • 92.123.104.19
  • 92.123.104.25
  • 92.123.104.17
  • 92.123.104.30
  • 92.123.104.21
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 184.24.77.37
  • 184.24.77.35
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
systeminformer.sourceforge.io
  • 104.18.11.31
  • 104.18.10.31
whitelisted
self.events.data.microsoft.com
  • 20.42.65.84
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
systeminformer-3.1.24298-release-setup.exe