File name:

Setup.exe.zip

Full analysis: https://app.any.run/tasks/22d4279d-6389-46ec-9b03-4e85707cc171
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 23, 2023, 16:46:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

6D10BFC07E5510CBAAAF1640DA86FF4C

SHA1:

0988B37087B1BD021E825AEE321A69D65A46A6AD

SHA256:

38F6120A9759663BC363FB1A43C555F174F49273BDC492F29CA8401129D07E3D

SSDEEP:

12288:e5Imi+DBLUg43k7olAcahW+zytlb4qn5DuDgmQ:fjcBLUg43Zl0jYS8H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 3536)
      • WebCompanionInstaller.exe (PID: 2160)
      • csc.exe (PID: 3472)

    • Application was dropped or rewritten from another process

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • Setup.exe (PID: 3536)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Loads dropped or rewritten executable

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • ADAWARE was detected

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

    • Starts Visual C# compiler

      • WebCompanion.exe (PID: 4028)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 3800)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Checks Windows Trust Settings

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Reads settings of System Certificates

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Reads the Internet Settings

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Searches for installed software

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Executes as Windows Service

      • PresentationFontCache.exe (PID: 2540)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 2160)

    • Drops 7-zip archiver for unpacking

      • WebCompanionInstaller.exe (PID: 2160)

    • Process drops legitimate windows executable

      • WebCompanionInstaller.exe (PID: 2160)

    • The process drops C-runtime libraries

      • WebCompanionInstaller.exe (PID: 2160)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3768)

    • Starts CMD.EXE for commands execution

      • WebCompanionInstaller.exe (PID: 2160)

    • Uses .NET C# to load dll

      • WebCompanion.exe (PID: 4028)

    • The process verifies whether the antivirus software is installed

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

  • INFO

    • Checks supported languages

      • Setup.exe (PID: 3536)
      • WebCompanionInstaller.exe (PID: 2160)
      • PresentationFontCache.exe (PID: 2540)
      • WebCompanion.exe (PID: 4028)
      • csc.exe (PID: 3472)
      • cvtres.exe (PID: 2732)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 556)
      • chrome.exe (PID: 1408)

    • Reads the machine GUID from the registry

      • WebCompanionInstaller.exe (PID: 2160)
      • PresentationFontCache.exe (PID: 2540)
      • WebCompanion.exe (PID: 4028)
      • csc.exe (PID: 3472)
      • cvtres.exe (PID: 2732)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Reads the computer name

      • WebCompanionInstaller.exe (PID: 2160)
      • PresentationFontCache.exe (PID: 2540)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Create files in a temporary directory

      • WebCompanionInstaller.exe (PID: 2160)
      • Setup.exe (PID: 3536)
      • WebCompanion.exe (PID: 4028)
      • cvtres.exe (PID: 2732)
      • csc.exe (PID: 3472)

    • Reads Environment values

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Creates files or folders in the user directory

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 4028)

    • Application launched itself

      • chrome.exe (PID: 2064)

    • Reads product name

      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 4028)

    • The process uses the downloaded file

      • chrome.exe (PID: 3468)
      • chrome.exe (PID: 2816)
      • chrome.exe (PID: 2860)

    • Manual execution by a user

      • WebCompanion.exe (PID: 3620)
      • control.exe (PID: 584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Setup.exe
ZipUncompressedSize: 566584
ZipCompressedSize: 477822
ZipCRC: 0xdd60ab68
ZipModifyDate: 2023:10:23 00:59:08
ZipCompression: Deflated
ZipBitFlag: 0x0009
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
31
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start winrar.exe no specs setup.exe no specs #ADAWARE webcompanioninstaller.exe presentationfontcache.exe no specs cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe csc.exe no specs cvtres.exe no specs webcompanion.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs control.exe no specs webcompanion.exe chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x60258b38,0x60258b48,0x60258b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
556"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Setup.exe.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
584"C:\Windows\System32\control.exe" C:\Windows\System32\control.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Control Panel
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\control.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
1044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3704 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1408"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1548 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1928"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1956"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2064"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=20398348972C:\Program Files\Google\Chrome\Application\chrome.exe
WebCompanionInstaller.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
36 724
Read events
36 520
Write events
204
Delete events
0

Modification events

(PID) Process:(556) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
87
Suspicious files
144
Text files
97
Unknown types
0

Dropped files

PID
Process
Filename
Type
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\en-US\WebCompanionInstaller.resources.dllexecutable
MD5:D3105E9DB5AAC25193D6C6D2D99349F6
SHA256:86B3513221F9D1EDAC50AFB7A43CDEEE1599CDC69F37D6C52BE7F2A0BF014E66
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\de-DE\WebCompanionInstaller.resources.dllexecutable
MD5:383BA01583DD7FEEE5B749AE4C0A058B
SHA256:ECBE3D8661D6495A47182DDB0C2099EDD1E1B3BE1F14449A10F3F47DDD62539D
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\WebCompanionInstaller.exe.configxml
MD5:EBACEC1E9929BD429C709A9FD0C210AC
SHA256:AE0E80F5549F5AD5EF0996882A2E0F997FF3724E63A35C9BCA9001B10F58DEE6
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\fr-CA\WebCompanionInstaller.resources.dllexecutable
MD5:F818537B70C4CB6ABC4949FA6A1AA4A8
SHA256:8D14E0B8847D9C5D71EAB73115F0FBE89798B4B0E84FBC2AD81C411AC2F5AFEC
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\it-IT\WebCompanionInstaller.resources.dllexecutable
MD5:F2822BA70932056918186EE7AB5EE46A
SHA256:E7FF822CD0E0EE4E9BEFC016EA815AC5835F09C24502A18F6727E579BADCC7B4
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\es-ES\WebCompanionInstaller.resources.dllexecutable
MD5:09681EF51303E2E6CD5E6713FF294435
SHA256:38EB66E04D8EEF91D6EBF0808D76E55DE1F347D4D464BBD5BF545E11900DE6C6
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\WebCompanionInstaller.exeexecutable
MD5:4A5B051EDBC60C58D0FA08810AB2FA0A
SHA256:4F388B54E9BA62572013722783938E1603FE3E76B5B02031ED33DF09C1C73EAA
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\ICSharpCode.SharpZipLib.dllexecutable
MD5:1E16BAD4F6A563C46161BB4FB0CFEC4F
SHA256:C7B5080EA8B2753751CB6252A3E9EDD2A292D8A141DE9E65CD3D0005EBE041E9
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\ja-JP\WebCompanionInstaller.resources.dllexecutable
MD5:C93DB8A30F016DDC963592B9EC8DB51A
SHA256:48C6F0C8E5323ACD383BFF4B9407854B1ABE3B7CD88F81E7B41139C88167D73D
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\ru-RU\WebCompanionInstaller.resources.dllexecutable
MD5:A8EB23DA5A7A026FC40FC80D45773930
SHA256:4CF40997858BC1919BF704B322642A7024D71EB41CD9339D9C62F583CB7B3713
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
67
TCP/UDP connections
70
DNS requests
82
Threats
33

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
GET
200
104.17.8.52:80
http://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanion-10.1.2.519-prod.zip
unknown
compressed
10.6 Mb
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2160
WebCompanionInstaller.exe
104.17.8.52:80
flow.lavasoft.com
CLOUDFLARENET
shared
4028
WebCompanion.exe
104.17.8.52:443
flow.lavasoft.com
CLOUDFLARENET
shared
4028
WebCompanion.exe
64.18.87.82:80
wc-partners.lavasoft.com
MTO
CA
malicious
4028
WebCompanion.exe
104.17.8.52:80
flow.lavasoft.com
CLOUDFLARENET
shared
4028
WebCompanion.exe
64.18.87.4:80
wsgeoip.lavasoft.com
MTO
CA
unknown
4028
WebCompanion.exe
104.18.212.25:80
webcompanion.com
CLOUDFLARENET
unknown
3800
WebCompanion.exe
104.17.8.52:443
flow.lavasoft.com
CLOUDFLARENET
shared
1956
chrome.exe
104.18.211.25:443
webcompanion.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
flow.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
whitelisted
wcdownloadercdn.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
whitelisted
featureflags.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
unknown
wc-partners.lavasoft.com
  • 64.18.87.82
  • 64.18.87.81
whitelisted
wsgeoip.lavasoft.com
  • 64.18.87.4
whitelisted
webcompanion.com
  • 104.18.212.25
  • 104.18.211.25
malicious
accounts.google.com
  • 142.250.187.141
shared
clientservices.googleapis.com
  • 142.250.187.99
whitelisted
sg-bitmask.adaware.com
  • 104.18.67.73
  • 104.18.68.73
unknown
fonts.googleapis.com
  • 172.217.169.138
whitelisted

Threats

PID
Process
Class
Message
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Potentially Bad Traffic
ET HUNTING Terse Request for Zip File (GET)
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3 ETPRO signatures available at the full report
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
10/23/2023 5:46:59 PM :-> Starting installer 10.901.2.519 with: .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=20398348972 --version=10.901.2.519, Run as admin: False
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Checking prerequisites ...
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Antivirus not detected
WebCompanionInstaller.exe
10/23/2023 5:47:03 PM :-> vm_check False
WebCompanionInstaller.exe
10/23/2023 5:47:03 PM :-> reg_check :False
WebCompanionInstaller.exe
10/23/2023 5:47:03 PM :-> Installed .Net framework is V40
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe.zip