download:

DGSetup_w.exe

Full analysis: https://app.any.run/tasks/561bea18-67a2-4983-ab5e-fb0cd4ec50eb
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 11, 2020, 02:36:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

4F77C18D19944F470089ACC31B447550

SHA1:

9479E43735EE1ABE5C728C75A320697897B389AB

SHA256:

489300B7237FED98FD241678D1DE4A4CAFDEEC4A5AAB82CF223934E066D29A1C

SSDEEP:

786432:yP8yc/UQVsd0rzzd56YoFutSo16FxaGYm0+/jaZ:uc/UQWCjvboFutSbFxtz/jM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • a6ca1e.exe (PID: 3968)
      • dgservice.exe (PID: 2492)
      • drivergenius.exe (PID: 3400)
      • Khelper.exe (PID: 2564)

    • Application was dropped or rewritten from another process

      • a6ca1e.exe (PID: 3968)
      • dgservice.exe (PID: 3232)
      • dgservice.exe (PID: 1168)
      • dgservice.exe (PID: 2492)
      • dgservice.exe (PID: 1840)

    • Runs injected code in another process

      • drvinst32.exe (PID: 3884)

    • Application was injected by another process

      • explorer.exe (PID: 372)

    • Loads the Task Scheduler DLL interface

      • Khelper.exe (PID: 2564)

    • Connects to CnC server

      • dgservice.exe (PID: 2492)

    • Changes settings of System certificates

      • dgservice.exe (PID: 2492)

  • SUSPICIOUS

    • Creates files in the program directory

      • a6ca1e.exe (PID: 3968)
      • dgservice.exe (PID: 2492)
      • dgvuldect.exe (PID: 3828)
      • DGSetup_w.exe (PID: 3192)
      • Khelper.exe (PID: 2564)

    • Creates a software uninstall entry

      • DGSetup_w.exe (PID: 3192)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • DGSetup_w.exe (PID: 3192)

    • Creates files in the Windows directory

      • DGSetup_w.exe (PID: 3192)
      • dgservice.exe (PID: 2492)

    • Creates files in the driver directory

      • dgservice.exe (PID: 2492)
      • DGSetup_w.exe (PID: 3192)

    • Executed as Windows Service

      • dgservice.exe (PID: 2492)

    • Executable content was dropped or overwritten

      • dgservice.exe (PID: 2492)
      • DGSetup_w.exe (PID: 3192)

    • Application launched itself

      • dgservice.exe (PID: 2492)

    • Removes files from Windows directory

      • dgservice.exe (PID: 2492)

    • Low-level read access rights to disk partition

      • dgservice.exe (PID: 2492)

    • Creates or modifies windows services

      • dgservice.exe (PID: 2492)

    • Adds / modifies Windows certificates

      • dgservice.exe (PID: 2492)

  • INFO

    • Reads settings of System Certificates

      • dgservice.exe (PID: 2492)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (30.7)
.exe | UPX compressed Win32 Executable (30.1)
.exe | Win32 EXE Yoda's Crypter (29.5)
.exe | Win32 Executable (generic) (5)
.exe | Generic Win/DOS Executable (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1970:01:05 18:29:36+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 327680
InitializedDataSize: 86016
UninitializedDataSize: 536576
EntryPoint: 0xd2f40
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 9.61.3708.3054
ProductVersionNumber: 7.0.112.2000
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: 驱动之家
FileDescription: 驱动精灵
FileVersion: 2014,1,12,25
InternalName: kpacket
LegalCopyright: 版权所有 (C) 驱动之家
OriginalFileName: kpacket.exe
ProductName: 驱动精灵
ProductVersion: 2015

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 05-Jan-1970 17:29:36
Detected languages:
  • Chinese - PRC
  • English - United States
CompanyName: 驱动之家
FileDescription: 驱动精灵
FileVersion: 2014,1,12,25
InternalName: kpacket
LegalCopyright: 版权所有 (C) 驱动之家
OriginalFilename: kpacket.exe
ProductName: 驱动精灵
ProductVersion: 2015

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000F8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 05-Jan-1970 17:29:36
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x00083000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00084000
0x00050000
0x0004F200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.9321
.rsrc
0x000D4000
0x00015000
0x00014600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.62944

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.10735
1222
Latin 1 / Western European
English - United States
RT_MANIFEST
2
6.29261
2216
Latin 1 / Western European
Chinese - PRC
RT_ICON
3
4.43004
1384
Latin 1 / Western European
Chinese - PRC
RT_ICON
4
7.98162
54901
Latin 1 / Western European
Chinese - PRC
RT_ICON
5
6.62476
9640
Latin 1 / Western European
Chinese - PRC
RT_ICON
6
6.44896
4264
Latin 1 / Western European
Chinese - PRC
RT_ICON
7
6.32739
1128
Latin 1 / Western European
Chinese - PRC
RT_ICON
40
7.5859
701
Latin 1 / Western European
Chinese - PRC
PNG
41
7.74908
1022
Latin 1 / Western European
Chinese - PRC
PNG
42
7.10088
294
Latin 1 / Western European
Chinese - PRC
RT_BITMAP

Imports

ADVAPI32.dll
COMCTL32.dll
CRYPT32.dll
GDI32.dll
IPHLPAPI.DLL
KERNEL32.DLL
MSIMG32.dll
OLEAUT32.dll
RPCRT4.dll
SHELL32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
12
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start start inject dgsetup_w.exe a6ca1e.exe dgservice.exe dgservice.exe dgservice.exe drivergenius.exe no specs dgservice.exe no specs drvinst32.exe khelper.exe explorer.exe dgvuldect.exe dgsetup_w.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files\MyDrivers\DriverGenius\dgservice.exe" -ServiceC:\Program Files\MyDrivers\DriverGenius\dgservice.exe
DGSetup_w.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Device Driver Repair and Update Service
Exit code:
2
Version:
9.61.3750.3069
Modules
Images
c:\program files\mydrivers\drivergenius\dgservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1840"C:\Program Files\MyDrivers\DriverGenius\dgservice.exe" -/indghmpgC:\Program Files\MyDrivers\DriverGenius\dgservice.exedgservice.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
Device Driver Repair and Update Service
Exit code:
3221226540
Version:
9.61.3750.3069
Modules
Images
c:\program files\mydrivers\drivergenius\dgservice.exe
c:\systemroot\system32\ntdll.dll
2492"C:\Program Files\MyDrivers\DriverGenius\dgservice.exe"C:\Program Files\MyDrivers\DriverGenius\dgservice.exe
services.exe
User:
SYSTEM
Company:
Kingsoft Corporation
Integrity Level:
SYSTEM
Description:
Device Driver Repair and Update Service
Exit code:
0
Version:
9.61.3750.3069
Modules
Images
c:\program files\mydrivers\drivergenius\dgservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2564"C:\Program Files\MyDrivers\DriverGenius\ksoft\Khelper.exe" /GetAutoRunC:\Program Files\MyDrivers\DriverGenius\ksoft\Khelper.exe
dgservice.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
DriverGenius KHelper
Exit code:
1
Version:
9.61.3667.3035
Modules
Images
c:\program files\mydrivers\drivergenius\ksoft\khelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3192"C:\Users\admin\AppData\Local\Temp\DGSetup_w.exe" C:\Users\admin\AppData\Local\Temp\DGSetup_w.exe
explorer.exe
User:
admin
Company:
驱动之家
Integrity Level:
HIGH
Description:
驱动精灵
Exit code:
1
Version:
2014,1,12,25
Modules
Images
c:\users\admin\appdata\local\temp\dgsetup_w.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
3232"C:\Program Files\MyDrivers\DriverGenius\dgservice.exe" -RegServerC:\Program Files\MyDrivers\DriverGenius\dgservice.exe
DGSetup_w.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Device Driver Repair and Update Service
Exit code:
3221225547
Version:
9.61.3750.3069
Modules
Images
c:\program files\mydrivers\drivergenius\dgservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3400"C:\Program Files\MyDrivers\DriverGenius\drivergenius.exe" C:\Program Files\MyDrivers\DriverGenius\drivergenius.exeDGSetup_w.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
DriverGenius
Exit code:
0
Version:
9.61.4722.239
Modules
Images
c:\program files\mydrivers\drivergenius\drivergenius.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mydrivers\drivergenius\liblua.dll
c:\program files\mydrivers\drivergenius\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\program files\mydrivers\drivergenius\cactus.dll
c:\program files\mydrivers\drivergenius\libcurl.dll
c:\windows\system32\ws2_32.dll
3588"C:\Users\admin\AppData\Local\Temp\DGSetup_w.exe" C:\Users\admin\AppData\Local\Temp\DGSetup_w.exeexplorer.exe
User:
admin
Company:
驱动之家
Integrity Level:
MEDIUM
Description:
驱动精灵
Exit code:
3221226540
Version:
2014,1,12,25
Modules
Images
c:\users\admin\appdata\local\temp\dgsetup_w.exe
c:\systemroot\system32\ntdll.dll
3828"C:\Program Files\MyDrivers\DriverGenius\dgvuldect.exe" TskPinC:\Program Files\MyDrivers\DriverGenius\dgvuldect.exe
dgservice.exe
User:
admin
Company:
MyDrivers.com
Integrity Level:
HIGH
Description:
DriverGenius Dgvuldect
Exit code:
0
Version:
9.61.416.1421
Modules
Images
c:\program files\mydrivers\drivergenius\dgvuldect.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mydrivers\drivergenius\liblua.dll
c:\program files\mydrivers\drivergenius\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
3 140
Read events
1 864
Write events
1 273
Delete events
3

Modification events

(PID) Process:(372) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\QTFrghc_j.rkr
Value:
00000000000000000100000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
(PID) Process:(372) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:HRZR_PGYFRFFVBA
Value:
000000003F000000500000006EB825000A00000018000000868F0F007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000005CE9ED0100000000000000000000000000000000480B20020000000005000000D80B200200000000340C200270E9ED01C0E9ED010000000000000000C0DB2002050000002000000000000000000000000100000064666C7464666C7400000000400000000459A377AD0501A70000000000000000010000000000000000000000B02D0C08A82C0C08A4E9ED013DA9D27600000000FBFFFF7FC8E9ED01987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF000000000000000000000000371054065310540637105406000000000000000000000000080000002E006C006E006B0000006E006400200011000000483D3200403D32002E006C006E006B0000002F0080EA0000C85704AB34EAED018291D27680EAED01EC430000E45704AB48EAED01B69CD276F04311024C06000060EAED01603F11026CEAED0111000000483D3200403D320060EAED01803F1102D0EA0000BC5704AB80EAED018291D276D0EAED0184EAED012795D27600000000EC431102ACEAED01CD94D276EC43110258EBED01603F1102E194D27600000000603F110258EBED01B4EAED010A00000018000000868F0F007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000005CE9ED0100000000000000000000000000000000480B20020000000005000000D80B200200000000340C200270E9ED01C0E9ED010000000000000000C0DB2002050000002000000000000000000000000100000064666C7464666C7400000000400000000459A377AD0501A70000000000000000010000000000000000000000B02D0C08A82C0C08A4E9ED013DA9D27600000000FBFFFF7FC8E9ED01987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF000000000000000000000000371054065310540637105406000000000000000000000000080000002E006C006E006B0000006E006400200011000000483D3200403D32002E006C006E006B0000002F0080EA0000C85704AB34EAED018291D27680EAED01EC430000E45704AB48EAED01B69CD276F04311024C06000060EAED01603F11026CEAED0111000000483D3200403D320060EAED01803F1102D0EA0000BC5704AB80EAED018291D276D0EAED0184EAED012795D27600000000EC431102ACEAED01CD94D276EC43110258EBED01603F1102E194D27600000000603F110258EBED01B4EAED010A00000018000000868F0F007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000005CE9ED0100000000000000000000000000000000480B20020000000005000000D80B200200000000340C200270E9ED01C0E9ED010000000000000000C0DB2002050000002000000000000000000000000100000064666C7464666C7400000000400000000459A377AD0501A70000000000000000010000000000000000000000B02D0C08A82C0C08A4E9ED013DA9D27600000000FBFFFF7FC8E9ED01987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF000000000000000000000000371054065310540637105406000000000000000000000000080000002E006C006E006B0000006E006400200011000000483D3200403D32002E006C006E006B0000002F0080EA0000C85704AB34EAED018291D27680EAED01EC430000E45704AB48EAED01B69CD276F04311024C06000060EAED01603F11026CEAED0111000000483D3200403D320060EAED01803F1102D0EA0000BC5704AB80EAED018291D276D0EAED0184EAED012795D27600000000EC431102ACEAED01CD94D276EC43110258EBED01603F1102E194D27600000000603F110258EBED01B4EAED01
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius\flag
Operation:writeName:name
Value:
dgsetup.exe
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius\flag
Operation:writeName:installtype
Value:
0
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius
Operation:writeName:UUID
Value:
AD805DA4-778F-42CC-ACCD-6C050A36B2E1
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius
Operation:writeName:AppPath
Value:
C:\Program Files\MyDrivers\DriverGenius
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius
Operation:writeName:Publisher
Value:
驱动之家
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius
Operation:writeName:URLInfoAbout
Value:
http://www.mydrivers.com/
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius
Operation:writeName:WorkPath
Value:
C:\Program Files\MyDrivers\DriverGenius\
(PID) Process:(3192) DGSetup_w.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MyDrivers\DriverGenius
Operation:writeName:Udb
Value:
0
Executable files
14
Suspicious files
33
Text files
247
Unknown types
9

Dropped files

PID
Process
Filename
Type
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\kdgsetup.logtext
MD5:
SHA256:
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\401.pngimage
MD5:C4BA59151F17FC7F2E7086560C9A64C5
SHA256:63378CAA39C8D094A46456F3FB595A9C0CE0A026B6F1CC967EEE42D33D3E2A75
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\110.jpgimage
MD5:4FDDB6909555DE036579BCBF74A2EBA9
SHA256:A3D9794D8BFEC8D00C49AEE3FD242C4BC5EF37D7CBBC8BA45F3A10683EC26B00
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\405.pngimage
MD5:85CD3D3ECAC7CBE85696DDCA98FE0061
SHA256:5ECEF2E5F3EBB51F08F472FBABF1FAAC6FDF78E51854E5614BFA8D8D8862DCB2
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\183.pngimage
MD5:255AF5FDA132F8D36B91195327514711
SHA256:42E3FB75C569159741D8DC642E359A2E1DB9CB1916AD7E77EE20DFE08344CA19
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\184.pngimage
MD5:D2BF02FBBFC71ED4124D03EE3F527B61
SHA256:CBD483E7BFCC6FDF10C948AE02E90F7589FB1B3D02C304FC7B674A0B184AEC91
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\409.pngimage
MD5:68D1C22CD9A588B0AEA9499B994B3067
SHA256:FEB459C3DBBCEA346BE9FA761B0C22FEB33DF2F2DD6B654CBFACC6B196DCB62F
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\10002.PNGimage
MD5:F73AD1E20600E7E3ACB1E4DB32CD53FD
SHA256:06188001F8E4C82E4082F4F25ACAA993C5CCAB68CA63F3189D9D0A87011ABFEA
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\402.pngimage
MD5:C21B77AAF306BE9E4DD66CB1ED57A08F
SHA256:CE32DD4F7E53A91D4B7C0D21160279A348D30C701FBD0E74135C38E182EE3507
3192DGSetup_w.exeC:\Users\admin\AppData\Local\Temp\kdrivergenius\~a6a8bb\install_res\182_0.pngimage
MD5:4176B074088722EDFBC5CFE5487B895B
SHA256:8F87BEF9C5B62C9FC191DEE371403B09DAD86D25B8962F16A691204D2FC9296C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
33
DNS requests
21
Threats
27

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3968
a6ca1e.exe
GET
222.186.172.112:80
http://softdl.www.duba.net/softmgr/package/infoflow/package/IQIYIsetup_duba01.exe
CN
malicious
3192
DGSetup_w.exe
GET
200
111.230.127.157:80
http://weather2db.cmcm.com/ip/cityid
CN
text
60 b
suspicious
3192
DGSetup_w.exe
GET
200
101.89.100.243:80
http://www.drivergenius.com/inc/tgset2.txt
CN
text
2.13 Kb
malicious
2492
dgservice.exe
POST
120.92.32.253:80
http://cf.duba.net/query3
CN
suspicious
3192
DGSetup_w.exe
POST
200
211.159.130.103:80
http://infoc0.duba.net/c/
CN
text
36 b
whitelisted
2492
dgservice.exe
POST
200
211.159.130.103:80
http://infoc0.duba.net/c/
CN
binary
43 b
whitelisted
2492
dgservice.exe
POST
200
203.195.145.151:80
http://helpdubaclient.ksmobile.com/nep/v1/
CN
binary
93 b
malicious
2564
Khelper.exe
POST
114.112.93.166:8080
http://114.112.93.166:8080/kurl_query?10969562
CN
suspicious
2492
dgservice.exe
POST
200
203.195.145.151:80
http://helpdubaclient.ksmobile.com/nep/v1/
CN
binary
93 b
malicious
2492
dgservice.exe
POST
200
203.195.145.151:80
http://helpdubaclient.ksmobile.com/nep/v1/
CN
binary
93 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3192
DGSetup_w.exe
101.89.100.243:80
www.drivergenius.com
China Telecom (Group)
CN
unknown
3192
DGSetup_w.exe
111.230.127.157:80
weather2db.cmcm.com
Shenzhen Tencent Computer Systems Company Limited
CN
unknown
3968
a6ca1e.exe
222.186.172.112:80
softdl.www.duba.net
No.31,Jin-rong Street
CN
suspicious
3192
DGSetup_w.exe
49.51.10.138:80
liveupdate5.drivergenius.com
Tencent Building, Kejizhongyi Avenue
CN
malicious
3192
DGSetup_w.exe
211.159.130.103:80
infoc0.duba.net
Shenzhen Tencent Computer Systems Company Limited
CN
malicious
2492
dgservice.exe
110.43.89.7:80
rq.drcct.cloud.duba.net
CN
unknown
2492
dgservice.exe
218.24.18.18:80
cu004.www.duba.net
CHINA UNICOM China169 Backbone
CN
suspicious
2492
dgservice.exe
222.186.172.110:80
softdl.www.duba.net
No.31,Jin-rong Street
CN
unknown
2492
dgservice.exe
120.92.32.253:80
cf.duba.net
Beijing Kingsoft Cloud Internet Technology Co., Ltd
CN
suspicious
2492
dgservice.exe
211.159.130.103:80
infoc0.duba.net
Shenzhen Tencent Computer Systems Company Limited
CN
malicious

DNS requests

Domain
IP
Reputation
weather2db.cmcm.com
  • 111.230.127.157
suspicious
www.drivergenius.com
  • 101.89.100.243
  • 101.89.100.244
  • 101.89.100.248
  • 101.89.100.249
  • 101.89.100.250
  • 101.89.100.218
  • 101.89.100.219
  • 101.89.100.220
  • 101.89.100.221
  • 101.89.100.222
  • 101.89.100.223
  • 101.89.100.224
  • 101.89.100.225
  • 101.89.100.240
  • 101.89.100.241
  • 101.89.100.242
malicious
liveupdate5.drivergenius.com
  • 49.51.10.138
malicious
softdl.www.duba.net
  • 222.186.172.112
  • 218.92.152.25
  • 222.186.172.119
  • 218.92.152.31
  • 218.92.152.26
  • 222.186.172.116
  • 218.92.152.23
  • 222.186.172.113
  • 218.92.152.32
  • 222.186.172.110
malicious
infoc0.duba.net
  • 211.159.130.103
whitelisted
rq.drcct.cloud.duba.net
  • 110.43.89.7
unknown
cu004.www.duba.net
  • 218.24.18.18
  • 218.24.18.13
  • 218.24.18.20
  • 218.24.18.12
  • 218.24.18.21
malicious
fsigns.duba.net
  • 222.186.172.110
  • 218.92.152.29
  • 218.92.152.24
  • 222.186.172.117
  • 218.92.152.27
  • 222.186.172.112
  • 218.92.152.25
  • 222.186.172.119
  • 218.92.152.31
  • 218.92.152.26
malicious
2398.35go.net
  • 218.24.18.21
  • 218.24.18.18
  • 218.24.18.13
  • 218.24.18.20
  • 218.24.18.12
whitelisted
cf.duba.net
  • 120.92.32.253
suspicious

Threats

PID
Process
Class
Message
3968
a6ca1e.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3968
a6ca1e.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2492
dgservice.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2492
dgservice.exe
Misc activity
ADWARE [PTsecurity] W32/Kingsoft Checkin
2492
dgservice.exe
Misc activity
ADWARE [PTsecurity] W32/Kingsoft Response
2492
dgservice.exe
Misc activity
ADWARE [PTsecurity] W32/Kingsoft Response
2492
dgservice.exe
Misc activity
ADWARE [PTsecurity] W32/Kingsoft Response
2492
dgservice.exe
Misc activity
ADWARE [PTsecurity] W32/Kingsoft Response
2492
dgservice.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2492
dgservice.exe
Misc activity
ADWARE [PTsecurity] PUP.Win32/KingSoft.E
4 ETPRO signatures available at the full report
Process
Message
dgservice.exe
1_1
dgservice.exe
1_1
dgservice.exe
1_1
dgservice.exe
KSD_02
dgservice.exe
KSD_01
dgservice.exe
KSD_03
dgservice.exe
No IsSilent!!!!!!!!!!
dgservice.exe
C:\Program Files\MyDrivers\DriverGenius\cfg\netctrl.dat
dgservice.exe
DMT_0001
dgservice.exe
init_watch successful
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DGSetup_w.exe