File name:

RocketDock-v1.3.5.exe

Full analysis: https://app.any.run/tasks/e63c336d-9517-4cb5-a06d-0a215a63009f
Verdict: Malicious activity
Analysis date: June 12, 2024, 14:16:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A79FB1A90FB3D92CF815F2C08D3ADE6D

SHA1:

25E5E553AF5E2D21B5CFC70BA41AFB65202F6FD5

SHA256:

43759B0C441FD4F71FE5EEB69F548CD2EB40AC0ABFA02EA3AFC44FBDDF28DC16

SSDEEP:

196608:wS1Nuitsw1fb2P/SyvpCwxDFNcSBXtikesEs:wQdtPIqyvpCwxJZXokeXs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RocketDock-v1.3.5.exe (PID: 4088)
      • is-NLVDJ.tmp (PID: 1200)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • RocketDock-v1.3.5.exe (PID: 4088)
      • is-NLVDJ.tmp (PID: 1200)

    • Reads the Windows owner or organization settings

      • is-NLVDJ.tmp (PID: 1200)

    • Process drops legitimate windows executable

      • is-NLVDJ.tmp (PID: 1200)

  • INFO

    • Create files in a temporary directory

      • is-NLVDJ.tmp (PID: 1200)
      • RocketDock-v1.3.5.exe (PID: 4088)

    • Checks supported languages

      • RocketDock-v1.3.5.exe (PID: 4088)
      • is-NLVDJ.tmp (PID: 1200)
      • wmpnscfg.exe (PID: 1940)

    • Reads the computer name

      • is-NLVDJ.tmp (PID: 1200)
      • wmpnscfg.exe (PID: 1940)

    • Creates files in the program directory

      • is-NLVDJ.tmp (PID: 1200)

    • Creates a software uninstall entry

      • is-NLVDJ.tmp (PID: 1200)

    • Manual execution by a user

      • chrome.exe (PID: 2116)
      • wmpnscfg.exe (PID: 1940)

    • Application launched itself

      • chrome.exe (PID: 2116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable PowerBASIC/Win 9.x (51.2)
.exe | Inno Setup installer (37.9)
.exe | Win32 Executable Delphi generic (4.9)
.dll | Win32 Dynamic Link Library (generic) (2.2)
.exe | Win32 Executable (generic) (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 36864
InitializedDataSize: 14848
UninitializedDataSize: -
EntryPoint: 0x98cc
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with Inno Setup.
CompanyName: Punk Software
FileDescription: RocketDock Setup
FileVersion:
LegalCopyright:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
15
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start rocketdock-v1.3.5.exe is-nlvdj.tmp chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs wmpnscfg.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs rocketdock-v1.3.5.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1352 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
728"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1056"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1316 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1200"C:\Users\admin\AppData\Local\Temp\is-FVLBV.tmp\is-NLVDJ.tmp" /SL4 $30138 "C:\Users\admin\AppData\Local\Temp\RocketDock-v1.3.5.exe" 6123423 52736 C:\Users\admin\AppData\Local\Temp\is-FVLBV.tmp\is-NLVDJ.tmp
RocketDock-v1.3.5.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.47.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-fvlbv.tmp\is-nlvdj.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1236"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1600 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1576"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3816 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1792"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1796"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1132,i,8720563812075833114,2243170308332696826,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1940"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e058b38,0x6e058b48,0x6e058b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
5 415
Read events
5 365
Write events
50
Delete events
0

Modification events

(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.1.14
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\RocketDock
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\RocketDock\
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:Inno Setup: Icon Group
Value:
RocketDock
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
desktopicon
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:DisplayName
Value:
RocketDock 1.3.5
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files\RocketDock\unins000.exe"
(PID) Process:(1200) is-NLVDJ.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\RocketDock\unins000.exe" /SILENT
Executable files
26
Suspicious files
40
Text files
736
Unknown types
0

Dropped files

PID
Process
Filename
Type
1200is-NLVDJ.tmpC:\Program Files\RocketDock\is-21D4Q.tmphtml
MD5:6327296A0A34639E9D18EFC25C8DC5C1
SHA256:68A24B17C8ADE2E585BFD6E54ADA7DAC25D3DBFF62FE566124B5E7A8205AF9D2
1200is-NLVDJ.tmpC:\Program Files\RocketDock\unins000.exeexecutable
MD5:8629C189B102EB23B1C7C70515AFF8D1
SHA256:886CA2CF518634DD1FF35A755BE9257C5398AD08FFDCC37424A674B6203CB1F5
1200is-NLVDJ.tmpC:\Program Files\RocketDock\Changelog.htmlhtml
MD5:79E9812DFEC8F0F91F5844ABAF40A40B
SHA256:1DB376FB7CE7E48F1133E2AEB0219B32521E995A8BADE43A7709499265C3249C
1200is-NLVDJ.tmpC:\Program Files\RocketDock\Credits.htmlhtml
MD5:6327296A0A34639E9D18EFC25C8DC5C1
SHA256:68A24B17C8ADE2E585BFD6E54ADA7DAC25D3DBFF62FE566124B5E7A8205AF9D2
1200is-NLVDJ.tmpC:\Program Files\RocketDock\is-T48L2.tmpexecutable
MD5:871C903A90C45CA08A9D42803916C3F7
SHA256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
1200is-NLVDJ.tmpC:\Program Files\RocketDock\is-54I2G.tmptext
MD5:0BCA7C097C14D3FD23C9D2D446DCA8A2
SHA256:B3178C7ED2826A1ABB669E34A0CC18BF94CE922D03FF73F2E61739C69CCFD53C
1200is-NLVDJ.tmpC:\Users\admin\AppData\Local\Temp\is-DG9JC.tmp\_isetup\_RegDLL.tmpexecutable
MD5:C594B792B9C556EA62A30DE541D2FB03
SHA256:5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
1200is-NLVDJ.tmpC:\Program Files\RocketDock\is-2J61E.tmphtml
MD5:79E9812DFEC8F0F91F5844ABAF40A40B
SHA256:1DB376FB7CE7E48F1133E2AEB0219B32521E995A8BADE43A7709499265C3249C
1200is-NLVDJ.tmpC:\Program Files\RocketDock\Data\is-EE3PK.tmpimage
MD5:90AA1895ACA47EC7DD3CC6EA84839F8D
SHA256:A1DC1F616040FA33BB6542557D718574F4928958F1A0B8CC2CFE7B163D4D6FA3
1200is-NLVDJ.tmpC:\Program Files\RocketDock\is-G48IV.tmpexecutable
MD5:4A2A05B25DF4385F5AEC6F07B1C1E93D
SHA256:66704CE3EB7E723BA20D1AB7036AD0BA9E0A94261B7E66636B01DC76DEFEDB9D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
10
DNS requests
8
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1056
chrome.exe
142.250.185.195:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
2116
chrome.exe
239.255.255.250:1900
unknown
1056
chrome.exe
108.177.127.84:443
accounts.google.com
GOOGLE
US
unknown
1056
chrome.exe
142.250.185.164:443
www.google.com
GOOGLE
US
whitelisted
1056
chrome.exe
142.250.184.195:443
update.googleapis.com
GOOGLE
US
whitelisted
2116
chrome.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 142.250.185.195
whitelisted
accounts.google.com
  • 108.177.127.84
shared
www.google.com
  • 142.250.185.164
whitelisted
update.googleapis.com
  • 142.250.184.195
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RocketDock-v1.3.5.exe