File name:

BkavPro.exe

Full analysis: https://app.any.run/tasks/7033ce1b-5089-4d45-a43a-2283926c7aea
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: January 05, 2024, 17:56:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
miner
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

98515763D4C66B6D9DE9B7CD37B10B7D

SHA1:

F817174297A2873E9F1D16489A1F69FD8B31D735

SHA256:

38796C8954394C6672E6E9E1C3950CD1031CB39A5A15A8DA97796998FD23F040

SSDEEP:

24576:2BKGTQnph616I05Jjst88n8JUKu+J7xRzFeYbqp7iblM5ndvxeNq:2BKGTQnph616IgJjst88n86Ku+J7xRzu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • BkavPro.exe (PID: 1624)
      • Bk4v531up.exe (PID: 2576)
      • BkavSystemService.exe (PID: 3668)

    • Changes the autorun value in the registry

      • BkavService.exe (PID: 376)

    • Runs injected code in another process

      • BkavSystemUtil32.exe (PID: 2004)

    • Actions looks like stealing of personal data

      • BkavSystemService.exe (PID: 3668)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • BkavPro.exe (PID: 1624)
      • BluProService.exe (PID: 664)
      • BLuPro.exe (PID: 2884)
      • Bka.exe (PID: 3236)

    • Reads the Internet Settings

      • runonce.exe (PID: 1804)
      • Bk4v531up.exe (PID: 2576)
      • WMIC.exe (PID: 3036)
      • WMIC.exe (PID: 3904)
      • WMIC.exe (PID: 1072)
      • WMIC.exe (PID: 2028)
      • WMIC.exe (PID: 2876)
      • Bka.exe (PID: 3236)
      • WMIC.exe (PID: 2172)
      • WMIC.exe (PID: 2564)
      • WMIC.exe (PID: 3028)
      • WMIC.exe (PID: 3012)
      • WMIC.exe (PID: 3852)
      • WMIC.exe (PID: 3920)
      • WMIC.exe (PID: 3332)

    • Creates files in the driver directory

      • BkavPro.exe (PID: 1624)
      • Bk4v531up.exe (PID: 2576)
      • BkavSystemService.exe (PID: 3668)

    • Drops a system driver (possible attempt to evade defenses)

      • BkavPro.exe (PID: 1624)
      • Bk4v531up.exe (PID: 2576)
      • BkavSystemService.exe (PID: 3668)

    • Adds/modifies Windows certificates

      • BkavPro.exe (PID: 1624)

    • Reads settings of System Certificates

      • BkavPro.exe (PID: 1624)

    • Searches for installed software

      • SetupB.exe (PID: 2636)

    • Uses WMIC.EXE to obtain BIOS management information

      • cmd.exe (PID: 2532)
      • cmd.exe (PID: 1484)
      • cmd.exe (PID: 3312)
      • cmd.exe (PID: 3020)
      • cmd.exe (PID: 2228)
      • cmd.exe (PID: 1692)
      • cmd.exe (PID: 3872)
      • cmd.exe (PID: 3724)
      • cmd.exe (PID: 3456)
      • cmd.exe (PID: 3072)
      • cmd.exe (PID: 3000)
      • cmd.exe (PID: 4072)
      • cmd.exe (PID: 3580)
      • cmd.exe (PID: 712)
      • cmd.exe (PID: 1792)
      • cmd.exe (PID: 3472)
      • cmd.exe (PID: 452)
      • cmd.exe (PID: 2940)
      • cmd.exe (PID: 2984)
      • cmd.exe (PID: 4084)
      • cmd.exe (PID: 896)
      • cmd.exe (PID: 2744)
      • cmd.exe (PID: 2368)
      • cmd.exe (PID: 480)
      • cmd.exe (PID: 552)
      • cmd.exe (PID: 1408)
      • cmd.exe (PID: 3900)
      • cmd.exe (PID: 2812)

    • Creates or modifies Windows services

      • BkavService.exe (PID: 376)

    • Reads Internet Explorer settings

      • Bka.exe (PID: 3236)

    • Reads Microsoft Outlook installation path

      • Bka.exe (PID: 3236)

  • INFO

    • Reads the time zone

      • runonce.exe (PID: 1804)

    • Drops the executable file immediately after the start

      • BkavPro.exe (PID: 1624)
      • SetupB.exe (PID: 2636)
      • Bk4v531up.exe (PID: 2576)
      • BkavService.exe (PID: 376)
      • BkavSystemServer.exe (PID: 3300)
      • BkavSystemService.exe (PID: 3704)
      • BkavSystemService.exe (PID: 3668)

    • Checks supported languages

      • BkavPro.exe (PID: 1624)
      • Bk4v531up.exe (PID: 2576)
      • BkavService.exe (PID: 376)
      • BluProService.exe (PID: 664)
      • BkavSetup.exe (PID: 2396)
      • BLuPro.exe (PID: 2884)
      • wmpnscfg.exe (PID: 2260)
      • BkavSystemServer.exe (PID: 3300)
      • BkavSystemService.exe (PID: 2984)
      • Bka.exe (PID: 3236)
      • BkavSystemService.exe (PID: 3704)
      • BkavSystemService.exe (PID: 3668)
      • BkavSystemService.exe (PID: 3496)
      • bkavwsc.exe (PID: 1040)
      • bkavwsc.exe (PID: 1576)
      • bkavwsc.exe (PID: 2160)
      • bkavwsc.exe (PID: 1732)
      • bkavwsc.exe (PID: 1804)
      • SetupB.exe (PID: 2636)
      • BkavSystemUtil32.exe (PID: 2004)
      • bkavwsc.exe (PID: 2340)
      • bkavwsc.exe (PID: 1596)
      • bkavwsc.exe (PID: 1020)

    • Create files in a temporary directory

      • BkavPro.exe (PID: 1624)
      • SetupB.exe (PID: 2636)
      • Bk4v531up.exe (PID: 2576)
      • Bka.exe (PID: 3236)

    • Reads the computer name

      • BkavPro.exe (PID: 1624)
      • Bk4v531up.exe (PID: 2576)
      • BkavService.exe (PID: 376)
      • BluProService.exe (PID: 664)
      • wmpnscfg.exe (PID: 2260)
      • BLuPro.exe (PID: 2884)
      • Bka.exe (PID: 3236)
      • BkavSystemService.exe (PID: 2984)
      • BkavSystemServer.exe (PID: 3300)
      • BkavSystemService.exe (PID: 3496)
      • BkavSystemService.exe (PID: 3704)
      • BkavSystemService.exe (PID: 3668)
      • bkavwsc.exe (PID: 1040)
      • bkavwsc.exe (PID: 2160)
      • bkavwsc.exe (PID: 1576)
      • bkavwsc.exe (PID: 1804)
      • bkavwsc.exe (PID: 1732)
      • SetupB.exe (PID: 2636)
      • bkavwsc.exe (PID: 2340)
      • bkavwsc.exe (PID: 1596)
      • bkavwsc.exe (PID: 1020)
      • BkavSystemUtil32.exe (PID: 2004)

    • Reads the machine GUID from the registry

      • BkavPro.exe (PID: 1624)
      • BluProService.exe (PID: 664)
      • BLuPro.exe (PID: 2884)
      • Bka.exe (PID: 3236)
      • bkavwsc.exe (PID: 2160)
      • bkavwsc.exe (PID: 1040)
      • bkavwsc.exe (PID: 1576)
      • BkavSystemService.exe (PID: 3668)
      • bkavwsc.exe (PID: 1804)
      • bkavwsc.exe (PID: 1732)
      • SetupB.exe (PID: 2636)
      • bkavwsc.exe (PID: 2340)
      • bkavwsc.exe (PID: 1596)
      • bkavwsc.exe (PID: 1020)
      • BkavSystemServer.exe (PID: 3300)

    • Creates files in the program directory

      • Bk4v531up.exe (PID: 2576)
      • Bka.exe (PID: 3236)
      • BkavService.exe (PID: 376)
      • BkavSystemServer.exe (PID: 3300)
      • BkavSystemService.exe (PID: 2984)
      • BkavSystemService.exe (PID: 3668)
      • BkavSystemService.exe (PID: 3496)
      • BluProService.exe (PID: 664)

    • Executes as Windows Service

      • BkavService.exe (PID: 376)
      • BluProService.exe (PID: 664)
      • BkavSystemService.exe (PID: 3496)
      • BkavSystemService.exe (PID: 3668)

    • Dropped object may contain URLs of mainers pools

      • Bk4v531up.exe (PID: 2576)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2260)
      • msedge.exe (PID: 3888)

    • Creates files or folders in the user directory

      • Bka.exe (PID: 3236)

    • Starts itself from another location

      • BkavSystemService.exe (PID: 3496)

    • Process checks are UAC notifies on

      • BkavSystemService.exe (PID: 3668)

    • Application was injected by another process

      • explorer.exe (PID: 1164)

    • Checks proxy server information

      • Bka.exe (PID: 3236)

    • Application launched itself

      • msedge.exe (PID: 1820)
      • msedge.exe (PID: 3888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:09:14 12:28:46+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 199168
InitializedDataSize: 566784
UninitializedDataSize: -
EntryPoint: 0x1cb9d
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.0.0.109
ProductVersionNumber: 3.0.0.109
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Bkav Corporation
FileDescription: Bkav Online Setup
FileVersion: 3.0.0.109
InternalName: Bkav Online Setup
LegalCopyright: © Bkav Corporation. All rights reserved.
OriginalFileName: Bkav Pro.exe
ProductName: BkavPro
ProductVersion: 3.0.0.109
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
187
Monitored processes
102
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start inject bkavpro.exe runonce.exe no specs grpconv.exe no specs cmd.exe no specs fltmc.exe no specs setupb.exe bk4v531up.exe bkavservice.exe bluproservice.exe no specs bkavsetup.exe no specs wmpnscfg.exe no specs blupro.exe cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs bka.exe bkavsystemservice.exe no specs cmd.exe no specs bkavsystemserver.exe no specs wmic.exe no specs bkavsystemservice.exe no specs bkavsystemservice.exe no specs bkavsystemservice.exe cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs bkavwsc.exe no specs cmd.exe no specs fltmc.exe no specs wmic.exe no specs bkavwsc.exe no specs bkavwsc.exe no specs bkavwsc.exe no specs bkavwsc.exe no specs bkavwsc.exe no specs bkavwsc.exe no specs bkavwsc.exe no specs cmd.exe no specs wmic.exe no specs fltmc.exe no specs bkavsystemutil32.exe no specs cmd.exe no specs wmic.exe no specs explorer.exe cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs msedge.exe no specs msedge.exe no specs bkavpro.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\Desktop\BkavPro.exe" C:\Users\admin\Desktop\BkavPro.exeexplorer.exe
User:
admin
Company:
Bkav Corporation
Integrity Level:
MEDIUM
Description:
Bkav Online Setup
Exit code:
3221226540
Version:
3.0.0.109
Modules
Images
c:\users\admin\desktop\bkavpro.exe
c:\windows\system32\ntdll.dll
124fltmc load BkavSdFltC:\Windows\System32\fltMC.exeBkavSystemService.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Filter Manager Control Program
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\fltmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\fltlib.dll
376C:\Windows\system32\BkavService.exeC:\Windows\System32\BkavService.exe
services.exe
User:
SYSTEM
Company:
Bkav Corporation
Integrity Level:
SYSTEM
Description:
Bkav Service
Exit code:
0
Version:
5.0.0.17
Modules
Images
c:\windows\system32\bkavservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
452C:\Windows\system32\cmd.exe cmd /c wmic bios get serialnumber C:\Windows\System32\cmd.exeBka.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
480"C:\Windows\system32\cmd.exe"C:\Windows\System32\cmd.exeBluProService.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
552C:\Windows\system32\cmd.exe cmd /c wmic bios get serialnumber C:\Windows\System32\cmd.exeBka.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
664C:\Windows\system32\BluProService.exeC:\Windows\System32\BluProService.exeservices.exe
User:
SYSTEM
Company:
Bkav Corporation
Integrity Level:
SYSTEM
Description:
Bkav live update service
Exit code:
0
Version:
3.0.0.23
Modules
Images
c:\windows\system32\bluproservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
712C:\Windows\system32\cmd.exe cmd /c wmic bios get serialnumber C:\Windows\System32\cmd.exeBka.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
864wmic bios get serialnumberC:\Windows\System32\wbem\WMIC.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
896"C:\Windows\system32\cmd.exe"C:\Windows\System32\cmd.exeBluProService.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
25 791
Read events
25 438
Write events
342
Delete events
11

Modification events

(PID) Process:(1164) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:HRZR_PGYFRFFVBA
Value:
00000000CE01000044030000AAE6910141000000880000001E2D31007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000E0C3AF7591C4AF750000000000000000000000000000000048E93302CC0B590264EA33021368B475808B1E1BFEFFFFFF4EC4AF759819AF7500000000D1B449744C0001008202000002000000000000000000000000000000000000004C000100F4E93302BE19AF75D1B449744C0001008202000002000000000000000000000010EA33027FF44974D1B449744C00010082020000020000000000000074EA330220EA3302E3F6497430EC330274EA33023BF6497431F4497443F64974872E876C00000000688B380000000000000000000100000030EC330265F4497400000000D1B44974872E876C30EA3302525BAF7548EB33024E755974BB32FD1AFEFFFFFF43F64974DAF54974688B38004C000100820200000200000000000000581F6C0000000000DCEA33029FD961004C00010082020000020000001100000090523600885236000000000000000000ACEB330254EB330238EB0000EBA2826CE8EA33025E90B17638EB3302ECEA33020394B1760000000084C6460214EB3302A993B17684C64602C0EB3302F8C14602BD93B17600000000F8C14602C0EB33021CEB330241000000880000001E2D31007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000E0C3AF7591C4AF750000000000000000000000000000000048E93302CC0B590264EA33021368B475808B1E1BFEFFFFFF4EC4AF759819AF7500000000D1B449744C0001008202000002000000000000000000000000000000000000004C000100F4E93302BE19AF75D1B449744C0001008202000002000000000000000000000010EA33027FF44974D1B449744C00010082020000020000000000000074EA330220EA3302E3F6497430EC330274EA33023BF6497431F4497443F64974872E876C00000000688B380000000000000000000100000030EC330265F4497400000000D1B44974872E876C30EA3302525BAF7548EB33024E755974BB32FD1AFEFFFFFF43F64974DAF54974688B38004C000100820200000200000000000000581F6C0000000000DCEA33029FD961004C00010082020000020000001100000090523600885236000000000000000000ACEB330254EB330238EB0000EBA2826CE8EA33025E90B17638EB3302ECEA33020394B1760000000084C6460214EB3302A993B17684C64602C0EB3302F8C14602BD93B17600000000F8C14602C0EB33021CEB330241000000880000001E2D31007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000E0C3AF7591C4AF750000000000000000000000000000000048E93302CC0B590264EA33021368B475808B1E1BFEFFFFFF4EC4AF759819AF7500000000D1B449744C0001008202000002000000000000000000000000000000000000004C000100F4E93302BE19AF75D1B449744C0001008202000002000000000000000000000010EA33027FF44974D1B449744C00010082020000020000000000000074EA330220EA3302E3F6497430EC330274EA33023BF6497431F4497443F64974872E876C00000000688B380000000000000000000100000030EC330265F4497400000000D1B44974872E876C30EA3302525BAF7548EB33024E755974BB32FD1AFEFFFFFF43F64974DAF54974688B38004C000100820200000200000000000000581F6C0000000000DCEA33029FD961004C00010082020000020000001100000090523600885236000000000000000000ACEB330254EB330238EB0000EBA2826CE8EA33025E90B17638EB3302ECEA33020394B1760000000084C6460214EB3302A993B17684C64602C0EB3302F8C14602BD93B17600000000F8C14602C0EB33021CEB3302
(PID) Process:(1624) BkavPro.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
Operation:writeName:FSFilter Activity Monitor
Value:
0100000001000000
(PID) Process:(1804) runonce.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Operation:delete valueName:GrpConv
Value:
grpconv -o
(PID) Process:(1804) runonce.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1804) runonce.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1804) runonce.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1804) runonce.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1624) BkavPro.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
115
(PID) Process:(1164) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1624) BkavPro.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BkavSetupSd\Enum
Operation:delete keyName:(default)
Value:
Executable files
212
Suspicious files
124
Text files
77
Unknown types
1

Dropped files

PID
Process
Filename
Type
1624BkavPro.exeC:\Users\admin\AppData\Local\Temp\02C1D.tmp\Setup.dat
MD5:
SHA256:
1624BkavPro.exeC:\Users\admin\AppData\Local\Temp\02C1D.tmp\DeSetup.dat
MD5:
SHA256:
1624BkavPro.exeC:\Users\admin\AppData\Local\Temp\02C1D.tmp\SetupB.exe
MD5:
SHA256:
2636SetupB.exeC:\Users\admin\AppData\Local\Temp\_ISAD9F.tmp\bkavSetup.dat
MD5:
SHA256:
2636SetupB.exeC:\Users\admin\AppData\Local\Temp\_ISAD9F.tmp\Bk4v531up.exe
MD5:
SHA256:
1624BkavPro.exeC:\WinHTTPLib.logtext
MD5:557E4FDED6B309F028AD7A21BF6D4C32
SHA256:65BB1A257C12E95BAFD54F63CF64DCE7808971BD084C5C13BFE217F126D6AC22
1624BkavPro.exeC:\Users\admin\AppData\Local\Temp\Bka1875.tmp\BkavSetupSd.infbinary
MD5:86F2F22049779A534F8759DF07F30062
SHA256:03652D664843C788D34F5CFED34CA73C556D88A881F8602B609D1E6675799889
1624BkavPro.exeC:\Users\admin\AppData\Local\Temp\Bka1875.tmp\BkavSetupSd.sysexecutable
MD5:1B6ADD966F0F735F41D232825457208B
SHA256:B0BE4E98E5F96A21CF825B932D7C02DC5072BED77616F4F4C6217FD9B03CEF02
2636SetupB.exeC:\Users\admin\AppData\Local\Temp\sknAC54.tmpexecutable
MD5:207A657A90FD1F3C4C4E54FD226D7872
SHA256:8C31CCA572C3073BBDEEFBFD4C0981B52BF21DDC97DB7F0C6DAB1B9D4BCB9897
2576Bk4v531up.exeC:\Users\admin\AppData\Local\Temp\Bk413A.tmp\Bk4vSetupLanguageEng.dllexecutable
MD5:F748855166750570EF0D89E91B94E547
SHA256:A706264D48A241F68C31F7603F700E6C4E0A4F622DD498A8AED15D28430390AF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
30
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
488
lsass.exe
GET
200
104.110.191.154:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fa455765e490287c
unknown
compressed
4.66 Kb
unknown
488
lsass.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCcC8EC1HJSN5XzKllTnEF2
unknown
binary
472 b
unknown
488
lsass.exe
GET
200
172.64.149.23:80
http://crl.comodoca.com/AAACertificateServices.crl
unknown
binary
506 b
unknown
488
lsass.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1624
BkavPro.exe
103.237.97.110:443
update.bkav.com
VNPT Corp
VN
unknown
1624
BkavPro.exe
123.30.245.64:443
updatefile.bkav.com
VNPT Corp
VN
unknown
2884
BLuPro.exe
103.237.97.110:443
update.bkav.com
VNPT Corp
VN
unknown
488
lsass.exe
104.110.191.154:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
488
lsass.exe
172.64.149.23:80
crl.comodoca.com
CLOUDFLARENET
US
unknown
3236
Bka.exe
103.237.97.110:80
update.bkav.com
VNPT Corp
VN
unknown
3236
Bka.exe
103.237.97.110:443
update.bkav.com
VNPT Corp
VN
unknown

DNS requests

Domain
IP
Reputation
update.bkav.com
  • 103.237.97.110
unknown
updatefile.bkav.com
  • 123.30.245.64
unknown
ctldl.windowsupdate.com
  • 104.110.191.154
  • 104.110.191.134
whitelisted
crl.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.103.180.120
whitelisted
mybkav.bkav.com
  • 123.30.245.104
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted

Threats

No threats detected
Process
Message
BkavPro.exe
https://update.bkav.com/bkavpro/getsfile.aspx
BkavPro.exe
https://update.bkav.com/bkavpro/getsfile.aspx?id=2
BkavPro.exe
Download percent: 0
BkavPro.exe
szDirectoryDownload : C:\Users\admin\AppData\Local\Temp\02C1D.tmp
BkavPro.exe
szFileSavePath 3: C:\Users\admin\AppData\Local\Temp\02C1D.tmp
BkavPro.exe
szFileSavePath 4: C:\Users\admin\AppData\Local\Temp\02C1D.tmp
BkavPro.exe
szFileSavePath 1: C:\Users\admin\AppData\Local\Temp\
BkavPro.exe
szFileSavePath 2: C:\Users\admin\AppData\Local\Temp\
BkavPro.exe
Link https://updatefile.bkav.com/setup/setup.dat https://updatefile.bkav.com/setup/setup.dat
BkavPro.exe
szFileSavePath 5: C:\Users\admin\AppData\Local\Temp\02C1D.tmp\Setup.dat
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BkavPro.exe