File name:

BwE_PS5_Code_Reader.exe

Full analysis: https://app.any.run/tasks/2ec6283e-9e04-4322-99b9-77582663488e
Verdict: Malicious activity
Analysis date: May 17, 2025, 15:02:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 15 sections
MD5:

C31CBDBD4DD8EBB20A0A761B096EFC55

SHA1:

ADE6A24EF75DADCBFEE7120241B24A778C6A7AD9

SHA256:

4526BC463C9065F4A6B3A54AEB032F5222E80FD0ACFFE6CD417199D758FDAB9E

SSDEEP:

196608:BGB/xJUTLZSZe+q1K2vJV5xfJJ2lx2PnUaXNzuUpdojslk6J0h+bFnKOU+:BGFxJvcY2vT/2WvTJgXuFn8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the BIOS version

      • BwE_PS5_Code_Reader.exe (PID: 7396)

  • INFO

    • Checks supported languages

      • BwE_PS5_Code_Reader.exe (PID: 7396)

    • The sample compiled with english language support

      • BwE_PS5_Code_Reader.exe (PID: 7396)

    • Create files in a temporary directory

      • BwE_PS5_Code_Reader.exe (PID: 7396)

    • Reads the computer name

      • BwE_PS5_Code_Reader.exe (PID: 7396)

    • Creates files in the program directory

      • BwE_PS5_Code_Reader.exe (PID: 7396)

    • Reads the software policy settings

      • slui.exe (PID: 7700)

    • Checks proxy server information

      • slui.exe (PID: 7700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:04:02 12:10:28+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.36
CodeSize: 166400
InitializedDataSize: 123392
UninitializedDataSize: -
EntryPoint: 0x1eba058
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows command line
FileVersionNumber: 1.5.0.0
ProductVersionNumber: 1.5.0.0
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (Australian)
CharacterSet: Unicode
CompanyName: Better Way Electronics
FileDescription: BwE PS5 Code Reader
FileVersion: 1.5.0.0
InternalName: BwE.exe
LegalCopyright: Copyrights (C) 2025 Better Way Electronics
LegalTrademarks: Trademarks (R) 2025 Better Way Electronics
OriginalFileName: BwE.exe
ProductName: BwE
ProductVersion: 1337
Comments: https://betterwayelectronics.com.au/
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
121
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bwe_ps5_code_reader.exe no specs conhost.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
7396"C:\Users\admin\Desktop\BwE_PS5_Code_Reader.exe" C:\Users\admin\Desktop\BwE_PS5_Code_Reader.exeexplorer.exe
User:
admin
Company:
Better Way Electronics
Integrity Level:
MEDIUM
Description:
BwE PS5 Code Reader
Exit code:
0
Version:
1.5.0.0
Modules
Images
c:\users\admin\desktop\bwe_ps5_code_reader.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
7404\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeBwE_PS5_Code_Reader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7700C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
3 445
Read events
3 443
Write events
2
Delete events
0

Modification events

(PID) Process:(7396) BwE_PS5_Code_Reader.exeKey:HKEY_CLASSES_ROOT\CcFWSettg.Category\CLSID\{489e48e0-e242-e4bb-8618}
Operation:writeName:ProdID
Value:
2B0CF16950E548B497EB7318
(PID) Process:(7396) BwE_PS5_Code_Reader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Help
Operation:writeName:abw09fi.hlp
Value:
0B05816258F5C8909D898304
Executable files
0
Suspicious files
3
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7396BwE_PS5_Code_Reader.exeC:\ProgramData\yxoteiyk.ohjbinary
MD5:F10E1B5C96DFCA1C0DF1E1CA583D46CC
SHA256:0CA91F567BB198DDFEC0C90B46E1F39554037FDC61D380AFB844F6C6A7CA90A6
7396BwE_PS5_Code_Reader.exeC:\ProgramData\rtpesktbinary
MD5:B4CC30C35EDCA283F9C8E0023DDB68DF
SHA256:C096D074C8A2C3827B87E6D54F4021FA7A7B40457AF24C27C41C13DC6E8BD747
7396BwE_PS5_Code_Reader.exeC:\ProgramData\eyqbnbbn.skytext
MD5:BD9B92B76AEA8AF915BC139B3C3F5851
SHA256:D26ED108B21171522467A54DAD0C1ADD3FA11AE6626BF6973AEB33F6D1EB7C42
7396BwE_PS5_Code_Reader.exeC:\Users\admin\AppData\Local\Temp\~DFCC69F659873B896D.TMPbinary
MD5:FF9BB0664BCD12973A537F175D26B84A
SHA256:82BE974CFBC3AA510FB9E7029F8AE576C1C85814560D65E21B9F5E47D9191E69
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
20
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
7228
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7700
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 172.217.18.110
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BwE_PS5_Code_Reader.exe