File name:

systeminformer-3.0.7578-release-setup.exe

Full analysis: https://app.any.run/tasks/fd167ffb-ae05-4737-b86b-6f60eb230aa5
Verdict: Malicious activity
Analysis date: June 05, 2024, 21:20:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E44B5F1DB3BA130C6FCE4256A44F1DA3

SHA1:

AE9B9FCDE4D874F5E447D6C9AEE89C06117D6F4B

SHA256:

3A8C73F6F0576225AADEBDC604C4C004EAC217C8BDA9839C1D521C7E4B1BFFC2

SSDEEP:

98304:pTrTK/fwEWuC5KHBk/We+CgxiccfHYK53IymXsrdpfxUE3/QK3+RzDzMnCI3bjdB:16LiCiuHeCW+9Z3pup3Wdx3A7tdlVHn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • systeminformer-3.0.7578-release-setup.exe (PID: 3972)
      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)

  • SUSPICIOUS

    • Application launched itself

      • systeminformer-3.0.7578-release-setup.exe (PID: 3972)

    • Creates a software uninstall entry

      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)

    • The process creates files with name similar to system file names

      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)

    • Executable content was dropped or overwritten

      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)

    • Checks Windows Trust Settings

      • SystemInformer.exe (PID: 116)

    • Reads settings of System Certificates

      • SystemInformer.exe (PID: 116)

    • Reads security settings of Internet Explorer

      • SystemInformer.exe (PID: 116)

  • INFO

    • Reads the computer name

      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)
      • systeminformer-3.0.7578-release-setup.exe (PID: 3972)
      • SystemInformer.exe (PID: 116)

    • Checks supported languages

      • systeminformer-3.0.7578-release-setup.exe (PID: 3972)
      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)
      • SystemInformer.exe (PID: 116)

    • Creates files in the program directory

      • systeminformer-3.0.7578-release-setup.exe (PID: 1020)

    • Reads the time zone

      • SystemInformer.exe (PID: 116)
      • perfmon.exe (PID: 764)

    • Reads CPU info

      • SystemInformer.exe (PID: 116)

    • Reads the machine GUID from the registry

      • SystemInformer.exe (PID: 116)

    • Reads the software policy settings

      • SystemInformer.exe (PID: 116)

    • Creates files or folders in the user directory

      • perfmon.exe (PID: 764)
      • SystemInformer.exe (PID: 116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1977:05:12 07:47:57+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.38
CodeSize: 258048
InitializedDataSize: 15450112
UninitializedDataSize: -
EntryPoint: 0x20960
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.0.12105.7578
ProductVersionNumber: 3.0.12105.7578
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: System Informer
FileDescription: System Informer - Setup
FileVersion: 3.0.12105.7578
InternalName: systeminformer-setup.exe
LegalCopyright: Copyright (c) Winsider Seminars & Solutions, Inc. All rights reserved.
OriginalFileName: systeminformer-setup.exe
ProductName: System Informer
ProductVersion: 3.0.12105.7578
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start systeminformer-3.0.7578-release-setup.exe no specs systeminformer-3.0.7578-release-setup.exe systeminformer.exe perfmon.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\SystemInformer\SystemInformer.exe" -channel releaseC:\Program Files\SystemInformer\SystemInformer.exe
systeminformer-3.0.7578-release-setup.exe
User:
admin
Company:
System Informer
Integrity Level:
HIGH
Description:
System Informer
Version:
3.0.12105.7578
Modules
Images
c:\program files\systeminformer\systeminformer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
764"C:\Windows\System32\perfmon.exe" /resC:\Windows\System32\perfmon.exeSystemInformer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Resource and Performance Monitor
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\perfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1020"C:\Users\admin\AppData\Local\Temp\systeminformer-3.0.7578-release-setup.exe" "C:\Users\admin\AppData\Local\Temp\systeminformer-3.0.7578-release-setup.exe" C:\Users\admin\AppData\Local\Temp\systeminformer-3.0.7578-release-setup.exe
systeminformer-3.0.7578-release-setup.exe
User:
admin
Company:
System Informer
Integrity Level:
HIGH
Description:
System Informer - Setup
Exit code:
0
Version:
3.0.12105.7578
Modules
Images
c:\users\admin\appdata\local\temp\systeminformer-3.0.7578-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3972"C:\Users\admin\AppData\Local\Temp\systeminformer-3.0.7578-release-setup.exe" C:\Users\admin\AppData\Local\Temp\systeminformer-3.0.7578-release-setup.exeexplorer.exe
User:
admin
Company:
System Informer
Integrity Level:
MEDIUM
Description:
System Informer - Setup
Exit code:
0
Version:
3.0.12105.7578
Modules
Images
c:\users\admin\appdata\local\temp\systeminformer-3.0.7578-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
15 427
Read events
15 397
Write events
27
Delete events
3

Modification events

(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayIcon
Value:
C:\Program Files\SystemInformer\systeminformer.exe,0
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayName
Value:
System Informer
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayVersion
Value:
3.0
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:HelpLink
Value:
https://systeminformer.sourceforge.io/
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:InstallLocation
Value:
C:\Program Files\SystemInformer\
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:Publisher
Value:
System Informer
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:UninstallString
Value:
"C:\Program Files\SystemInformer\systeminformer-setup.exe" -uninstall
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoModify
Value:
1
(PID) Process:(1020) systeminformer-3.0.7578-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoRepair
Value:
1
(PID) Process:(116) SystemInformer.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
15
Suspicious files
18
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\COPYRIGHT.txttext
MD5:D97229C38736F130D83B1C9BA9F68703
SHA256:6DEB8978832A3B5CB8B4AD79F33EFAAC9857AC539D771EEBB3C5680A12436D2C
1020systeminformer-3.0.7578-release-setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Viewer.lnkbinary
MD5:938A3C0758BFDB389AE6D5902D61833A
SHA256:2F192E73EE1B6D2519473EC1C4007279D4FE8D8107801B8F42595E4197452480
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\LICENSE.txttext
MD5:00B5F3DE97978ECBFCAA88C3D9D87CE5
SHA256:E0CD000380F49907CB856B00AC44C436DF10E2B0AD24EA77576F8EF77F508BDD
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\etwguids.txttext
MD5:E5350380E5A9E4DC1A9432A299B6D4DE
SHA256:43426A3FB94A44B5F4092547A1DE5D9A676064BBCC485BD9B6A79EA1CB1598C8
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\README.txttext
MD5:0CCC7E76DA4E38CD2F73BD197DEA80C3
SHA256:29C068275F2B99405DFED86B2C6C6E0722944B743565796B76FBF74F42DA8039
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\capslist.txttext
MD5:397F7C66959A56EF89133733B56A9616
SHA256:D74FA0FF77E0FB81EE2A5B7211CBE7CC33F03EE1EB1AA488CDAFC45540A8FE5A
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\icon.pngimage
MD5:5352EBD888E7E6C1DABD20C4D6B921C5
SHA256:46E1C3D45F5085FA4F97F6BCB2AD0197DABB0E1C7EFD2A6CBA1A0BD3461E2387
1020systeminformer-3.0.7578-release-setup.exeC:\Users\Public\Desktop\System Informer.lnkbinary
MD5:157633C39CD1692ADBA0AA1DF627DD82
SHA256:CC57872944CA459B79094CE2F550093F8D05F04341CFC48D6679E308A2377FB5
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\peview.exeexecutable
MD5:605122F5901F11A6862657C5361074AD
SHA256:35FC32829186CC862842A11943B2AAAB3ADF591F689CD05B7E80A2F86D27BFA5
1020systeminformer-3.0.7578-release-setup.exeC:\Program Files\SystemInformer\SystemInformer.exeexecutable
MD5:45FA83A1833D3543D711C9DFA5C8876A
SHA256:79E701DDE080502A93DB605F39EDD45D9F01A7DF231D67F6F82512EAA7F6179B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
10
DNS requests
5
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
116
SystemInformer.exe
104.18.37.173:443
systeminformer.sourceforge.io
CLOUDFLARENET
unknown
4
System
192.168.100.2:137
whitelisted

DNS requests

Domain
IP
Reputation
systeminformer.sourceforge.io
  • 104.18.37.173
  • 172.64.150.83
unknown
255.100.168.192.in-addr.arpa
unknown
252.0.0.224.in-addr.arpa
unknown
3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
unknown
2.100.168.192.in-addr.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
systeminformer-3.0.7578-release-setup.exe