File name:

systeminformer-3.1.24298-release-setup.exe

Full analysis: https://app.any.run/tasks/0186535b-73d4-4d2a-a246-bd609b01281f
Verdict: Malicious activity
Analysis date: November 16, 2024, 19:02:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

6730CA40D6606B4BC091D6C1852CEBEF

SHA1:

502F25501E1A0708530EFB6C2FDFD2C6EFF44096

SHA256:

35EC595325C1BDD74D5C412DC8CCDAF1F48E1AEA8959A4C21DF14488DED596E5

SSDEEP:

196608:UYulb6zEklM2q+yD1dbwvdySbhAQlb6RUfuv1:Uvb6zH3qXPlgAsb6Ac

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)
      • SystemInformer.exe (PID: 4904)

    • Application launched itself

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)

    • Process drops legitimate windows executable

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Executable content was dropped or overwritten

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Drops a system driver (possible attempt to evade defenses)

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Creates a software uninstall entry

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • The process creates files with name similar to system file names

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Checks Windows Trust Settings

      • SystemInformer.exe (PID: 4904)

  • INFO

    • Reads the computer name

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)
      • SystemInformer.exe (PID: 4904)

    • Checks supported languages

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)
      • SystemInformer.exe (PID: 4904)

    • Creates files in the program directory

      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Process checks computer location settings

      • systeminformer-3.1.24298-release-setup.exe (PID: 6308)
      • systeminformer-3.1.24298-release-setup.exe (PID: 3792)

    • Reads CPU info

      • SystemInformer.exe (PID: 4904)

    • Reads the time zone

      • SystemInformer.exe (PID: 4904)

    • Reads the software policy settings

      • SystemInformer.exe (PID: 4904)

    • Checks proxy server information

      • SystemInformer.exe (PID: 4904)

    • Reads the machine GUID from the registry

      • SystemInformer.exe (PID: 4904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:09:28 16:58:16+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.41
CodeSize: 266240
InitializedDataSize: 20398080
UninitializedDataSize: -
EntryPoint: 0x21b60
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.1.24298.0
ProductVersionNumber: 3.1.24298.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: System Informer
FileDescription: System Informer - Setup
FileVersion: 3.1.24298.0
InternalName: systeminformer-setup.exe
LegalCopyright: Copyright (c) Winsider Seminars & Solutions, Inc. All rights reserved.
OriginalFileName: systeminformer-setup.exe
ProductName: System Informer
ProductVersion: 3.1.24298.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start systeminformer-3.1.24298-release-setup.exe no specs systeminformer-3.1.24298-release-setup.exe systeminformer.exe

Process information

PID
CMD
Path
Indicators
Parent process
3792"C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe" "C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe" C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe
systeminformer-3.1.24298-release-setup.exe
User:
admin
Company:
System Informer
Integrity Level:
HIGH
Description:
System Informer - Setup
Exit code:
0
Version:
3.1.24298.0
Modules
Images
c:\users\admin\desktop\systeminformer-3.1.24298-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4904"C:\Program Files\SystemInformer\SystemInformer.exe" -channel releaseC:\Program Files\SystemInformer\SystemInformer.exe
systeminformer-3.1.24298-release-setup.exe
User:
admin
Company:
Winsider Seminars & Solutions
Integrity Level:
HIGH
Description:
Sуstеm Infоrmеr
Version:
3.1.24298.0
Modules
Images
c:\program files\systeminformer\systeminformer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6308"C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exe" C:\Users\admin\Desktop\systeminformer-3.1.24298-release-setup.exeexplorer.exe
User:
admin
Company:
System Informer
Integrity Level:
MEDIUM
Description:
System Informer - Setup
Exit code:
0
Version:
3.1.24298.0
Modules
Images
c:\users\admin\desktop\systeminformer-3.1.24298-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
6 317
Read events
6 308
Write events
9
Delete events
0

Modification events

(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayIcon
Value:
C:\Program Files\SystemInformer\systeminformer.exe,0
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayName
Value:
System Informer
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayVersion
Value:
3.1.24298.0
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:HelpLink
Value:
https://systeminformer.sourceforge.io/
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:InstallLocation
Value:
C:\Program Files\SystemInformer\
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:Publisher
Value:
Winsider Seminars & Solutions, Inc.
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:UninstallString
Value:
"C:\Program Files\SystemInformer\systeminformer-setup.exe" -uninstall
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoModify
Value:
1
(PID) Process:(3792) systeminformer-3.1.24298-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoRepair
Value:
1
Executable files
22
Suspicious files
22
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\systeminformer-setup.exeexecutable
MD5:6730CA40D6606B4BC091D6C1852CEBEF
SHA256:35EC595325C1BDD74D5C412DC8CCDAF1F48E1AEA8959A4C21DF14488DED596E5
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\LICENSE.txttext
MD5:00B5F3DE97978ECBFCAA88C3D9D87CE5
SHA256:E0CD000380F49907CB856B00AC44C436DF10E2B0AD24EA77576F8EF77F508BDD
3792systeminformer-3.1.24298-release-setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Viewer.lnklnk
MD5:B75ACE2E9E96CA66DC62C5B39C3FEEDD
SHA256:A69A368F43987E528B91C289FF036ABEC71AE131A5AEB2137D8892D1DF213299
3792systeminformer-3.1.24298-release-setup.exeC:\Users\Public\Desktop\System Informer.lnkbinary
MD5:33ACAF16A48F662D62ACB2E0406DE152
SHA256:623E792ACD760E0B5E88BCA0A83EAFA9E88387BEC920F427D0B7E3F246FE34B1
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\dbghelp.dllexecutable
MD5:1E67B71AC274A67D8EBD66939325517C
SHA256:F22A9B1BBF05E6EC18EFF99BFE561CA910B6D9DE6F46577F8E26C4AA7C0E9F3A
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\EtwGuids.txtini
MD5:E5350380E5A9E4DC1A9432A299B6D4DE
SHA256:43426A3FB94A44B5F4092547A1DE5D9A676064BBCC485BD9B6A79EA1CB1598C8
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\CapsList.txttext
MD5:397F7C66959A56EF89133733B56A9616
SHA256:D74FA0FF77E0FB81EE2A5B7211CBE7CC33F03EE1EB1AA488CDAFC45540A8FE5A
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\dbgcore.dllexecutable
MD5:80F42851C7833385823D2401CB99A8D6
SHA256:9E9735C0CE67F9152482A96C1E6D52212810D747278C3B1BFB407FEC392D6E30
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\icon.pngimage
MD5:5352EBD888E7E6C1DABD20C4D6B921C5
SHA256:46E1C3D45F5085FA4F97F6BCB2AD0197DABB0E1C7EFD2A6CBA1A0BD3461E2387
3792systeminformer-3.1.24298-release-setup.exeC:\Program Files\SystemInformer\ksidyn.binbinary
MD5:BF132EB14B3DA00C881E54C651DA3EB6
SHA256:43C0C643436CDB90F72774A916C56ADEBA1DD96D6460AE1350C1971CB1544730
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
30
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
104.18.11.31:443
https://systeminformer.sourceforge.io/update.php?channel=release
unknown
binary
859 b
whitelisted
POST
204
92.123.104.31:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
92.123.104.67:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
239.255.255.250:1900
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
www.bing.com
  • 92.123.104.67
  • 92.123.104.7
  • 92.123.104.6
  • 92.123.104.66
  • 92.123.104.5
  • 92.123.104.13
  • 92.123.104.64
  • 92.123.104.9
  • 92.123.104.63
  • 92.123.104.26
  • 92.123.104.19
  • 92.123.104.25
  • 92.123.104.17
  • 92.123.104.30
  • 92.123.104.21
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 184.24.77.37
  • 184.24.77.35
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
systeminformer.sourceforge.io
  • 104.18.11.31
  • 104.18.10.31
whitelisted
self.events.data.microsoft.com
  • 20.42.65.84
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
systeminformer-3.1.24298-release-setup.exe