download:

MIWIFIRepairTool.x86.zip

Full analysis: https://app.any.run/tasks/fc5a0e81-3dda-4862-a56b-f7379a9c6e50
Verdict: Malicious activity
Analysis date: August 16, 2023, 12:18:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

2FE36EA173EAA37FB915C956CE30EC50

SHA1:

BDC7F127D318A27CEC7AB992430CBC22DE6CEE32

SHA256:

436E57A5E2DAF1C5B4ECE8851A7B7517C1FBC9E69ACBA8FAC3806AA160F251B5

SSDEEP:

24576:rdp/HgYq+SvVIOiyOW8p45sxaIPgUB4Lbj13REQcBuXgHVWd:rfHgY7SvVFy4ybTBOlREQ0Cgod

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • MIWIFIRepairTool.x86.exe (PID: 1824)
      • MIWIFIRepairTool.x86.exe (PID: 3844)
      • MIWIFIRepairTool.x86.exe (PID: 1548)
      • MIWIFIRepairTool.x86.exe (PID: 2724)
      • MIWIFIRepairTool.x86.exe (PID: 2612)

    • Loads dropped or rewritten executable

      • MIWIFIRepairTool.x86.exe (PID: 3844)
      • MIWIFIRepairTool.x86.exe (PID: 2724)
      • MIWIFIRepairTool.x86.exe (PID: 2612)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • explorer.exe (PID: 1024)

  • INFO

    • Manual execution by a user

      • MIWIFIRepairTool.x86.exe (PID: 1824)
      • MIWIFIRepairTool.x86.exe (PID: 1548)
      • MIWIFIRepairTool.x86.exe (PID: 3844)
      • MIWIFIRepairTool.x86.exe (PID: 2724)
      • MIWIFIRepairTool.x86.exe (PID: 2612)

    • Reads the computer name

      • MIWIFIRepairTool.x86.exe (PID: 3844)
      • MIWIFIRepairTool.x86.exe (PID: 2724)
      • MIWIFIRepairTool.x86.exe (PID: 2612)

    • Checks supported languages

      • MIWIFIRepairTool.x86.exe (PID: 3844)
      • MIWIFIRepairTool.x86.exe (PID: 2724)
      • MIWIFIRepairTool.x86.exe (PID: 2612)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3488)

    • Reads the Internet Settings

      • explorer.exe (PID: 1024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: libcurl.dll
ZipUncompressedSize: 302080
ZipCompressedSize: 160766
ZipCRC: 0xcee73f7d
ZipModifyDate: 2019:01:10 20:43:50
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
14
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs miwifirepairtool.x86.exe no specs miwifirepairtool.x86.exe miwifirepairtool.x86.exe no specs miwifirepairtool.x86.exe miwifirepairtool.x86.exe explorer.exe miwifirepairtool.x86.exe no specs miwifirepairtool.x86.exe miwifirepairtool.x86.exe no specs miwifirepairtool.x86.exe miwifirepairtool.x86.exe no specs miwifirepairtool.x86.exe

Process information

PID
CMD
Path
Indicators
Parent process
1024C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1548"C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exe" C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MIWIFIRepairTool
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\miwifirepairtool.x86.exe
c:\windows\system32\ntdll.dll
1824"C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exe" C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MIWIFIRepairTool
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\miwifirepairtool.x86.exe
c:\windows\system32\ntdll.dll
2424"C:\Users\admin\Desktop\New folder\MIWIFIRepairTool.x86.exe" C:\Users\admin\Desktop\New folder\MIWIFIRepairTool.x86.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
MIWIFIRepairTool
Exit code:
0
2452"C:\Users\admin\Desktop\New folder\MIWIFIRepairTool.x86.exe" C:\Users\admin\Desktop\New folder\MIWIFIRepairTool.x86.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MIWIFIRepairTool
Exit code:
3221226540
2612"C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exe" C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
MIWIFIRepairTool
Exit code:
0
Modules
Images
c:\users\admin\desktop\miwifirepairtool.x86.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
2680"C:\Users\admin\AppData\Local\Temp\Rar$EXa3488.38577\MIWIFIRepairTool.x86.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3488.38577\MIWIFIRepairTool.x86.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MIWIFIRepairTool
Exit code:
3221226540
2724"C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exe" C:\Users\admin\Desktop\MIWIFIRepairTool.x86.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
MIWIFIRepairTool
Exit code:
0
Modules
Images
c:\users\admin\desktop\miwifirepairtool.x86.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2940"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3480"C:\Users\admin\AppData\Local\Temp\Rar$EXa3488.38577\MIWIFIRepairTool.x86.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3488.38577\MIWIFIRepairTool.x86.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
MIWIFIRepairTool
Exit code:
0
Total events
4 502
Read events
4 450
Write events
50
Delete events
2

Modification events

(PID) Process:(1024) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F6D6788197A75D498472ACE88906AC8D0000000002000000000010660000000100002000000075B0D7E28E2E17B576E141128F731FE5320CCA30C35292A435B65D5E91F3150B000000000E80000000020000200000000C791686155A322F498D360901A0BC88A787D4ADF186758AE2D9BB16BE317ECD30000000E07A76BA5A881A8B5FF9F7A7FE5833EB2B96D7A240E8CDC394ED7C494DEC5BF8E13DB07B279185F24F9C8B497FA4E70A400000008D71222A7DB9FE2EAB90303DA35140A5A9A6780343B0FFB0C4B233499C2F0735FA041306AFACB24F5B397960A2D4CBA893F7FF12508B7C84A5AE9013C2C0A092
(PID) Process:(3488) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3488) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1024) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:MRUList
Value:
a
Executable files
20
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3488WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3488.33320\ucrtbased.dllexecutable
MD5:C90772D6E3F2A39DC47B970E2D5BC8D9
SHA256:354856AA5D8117EFCD5F7A643EBB4A28FCAC9D089AB52CF7E38EC63E3FB93F2A
1024explorer.exeC:\Users\admin\Desktop\New folder\vcruntime140d.dllexecutable
MD5:9FAA318E1AA934DBB06EC42A70643DBC
SHA256:9A67DAF983B21B54AF0039872003348BEBED9ECF72CA779D5475EFEEA0B628DE
1024explorer.exeC:\Users\admin\Desktop\MIWIFIRepairTool.x86.exeexecutable
MD5:D1EA5D47A9EE28656D5E742712DA733F
SHA256:86F257F7A37EBEFCD51E76A9C8EB188E8834A1F6CACF0D7D61EBFA1FAD3045BD
3488WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3488.33320\vcruntime140.dllexecutable
MD5:7587BF9CB4147022CD5681B015183046
SHA256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
1024explorer.exeC:\Users\admin\Desktop\New folder\vcruntime140.dllexecutable
MD5:7587BF9CB4147022CD5681B015183046
SHA256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
3488WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3488.33320\vcruntime140d.dllexecutable
MD5:9FAA318E1AA934DBB06EC42A70643DBC
SHA256:9A67DAF983B21B54AF0039872003348BEBED9ECF72CA779D5475EFEEA0B628DE
1024explorer.exeC:\Users\admin\Desktop\New folder\MIWIFIRepairTool.x86.exeexecutable
MD5:D1EA5D47A9EE28656D5E742712DA733F
SHA256:86F257F7A37EBEFCD51E76A9C8EB188E8834A1F6CACF0D7D61EBFA1FAD3045BD
1024explorer.exeC:\Users\admin\Desktop\vcruntime140d.dllexecutable
MD5:9FAA318E1AA934DBB06EC42A70643DBC
SHA256:9A67DAF983B21B54AF0039872003348BEBED9ECF72CA779D5475EFEEA0B628DE
1024explorer.exeC:\Users\admin\Desktop\vcruntime140.dllexecutable
MD5:7587BF9CB4147022CD5681B015183046
SHA256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
1024explorer.exeC:\Users\admin\Desktop\New folder\libcurl.dllexecutable
MD5:8CEC74959F8525CDDC1B26CEB97C00E7
SHA256:E74E8F50886A32638E735A884B4AC70D34D6C063FC1FB118050F2822D57A19D8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
3
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3844
MIWIFIRepairTool.x86.exe
GET
20.47.97.231:80
http://api.miwifi.com/data/tffp_rom_link_info
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3284
svchost.exe
239.255.255.250:1900
whitelisted
3844
MIWIFIRepairTool.x86.exe
20.47.97.231:80
api.miwifi.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown

DNS requests

Domain
IP
Reputation
api.miwifi.com
  • 20.47.97.231
unknown

Threats

No threats detected
Process
Message
MIWIFIRepairTool.x86.exe
Th 3756 :opening comm socket
MIWIFIRepairTool.x86.exe
Th 3756 :Console disconnected
MIWIFIRepairTool.x86.exe
Th 3768 :Port 17152 may be reused
MIWIFIRepairTool.x86.exe
Th 3756 :Version check OK
MIWIFIRepairTool.x86.exe
Th 3936 :GUI Version check OK
MIWIFIRepairTool.x86.exe
Th 3936 :connected to console
MIWIFIRepairTool.x86.exe
Th 3756 :Console connected
MIWIFIRepairTool.x86.exe
Th 3756 :Verify Console/GUI parameters
MIWIFIRepairTool.x86.exe
Th 3936 :GUI: new service 32 status 4
MIWIFIRepairTool.x86.exe
Th 1084 :Scheduler signal received
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MIWIFIRepairTool.x86.zip