File name:

NPS Nintendo Power.exe

Full analysis: https://app.any.run/tasks/8f9e40cf-b8fe-4727-a5ca-c002cfc569ff
Verdict: Malicious activity
Analysis date: February 11, 2024, 22:17:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5:

E43E5D068F1BDD6D48134476C9E5DE80

SHA1:

821FB7407CA206933019E5708879AD18E50AB7EC

SHA256:

494DB8E94DF24FFA99E582ECEAED64CA215FF924EB8F08AEB1D3EF36CE6ED633

SSDEEP:

98304:2NOzpIpxBxahtmX6zjvCsyyPPzV7BtU4uULNzwi6Z+Ucz1PWcYG+gra2Mls5yQ/W:VJzqpgM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • NPS Nintendo Power.exe (PID: 2852)
      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3460)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • NPS Nintendo Power.exe (PID: 2852)
      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3460)

    • Creates/Modifies COM task schedule object

      • IKernel.exe (PID: 3460)

    • Application launched itself

      • IKernel.exe (PID: 3460)

  • INFO

    • Checks supported languages

      • NPS Nintendo Power.exe (PID: 2852)
      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3944)
      • IKernel.exe (PID: 3460)
      • IKernel.exe (PID: 864)

    • Create files in a temporary directory

      • NPS Nintendo Power.exe (PID: 2852)
      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3460)

    • Reads the computer name

      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3460)
      • IKernel.exe (PID: 3944)
      • IKernel.exe (PID: 864)

    • Creates files in the program directory

      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3460)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 2840)
      • IKernel.exe (PID: 3460)

    • Reads Environment values

      • IKernel.exe (PID: 3460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2000:06:16 18:00:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 69632
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x84a7
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.11.15.0
ProductVersionNumber: 2.11.15.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: -
CompanyName: Mediabrowser
FileDescription: -
FileVersion: 3.3.0.0
InternalName: stub32i.exe
LegalCopyright: 2000
OriginalFileName: stub32i.exe
ProductName: Nintendo Power
ProductVersion: 3.3.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
6
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start nps nintendo power.exe setup.exe ikernel.exe no specs ikernel.exe ikernel.exe no specs nps nintendo power.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVERC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeIKernel.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield® Engine
Exit code:
0
Version:
6, 22, 100, 1511
Modules
Images
c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2840"C:\Users\admin\AppData\Local\Temp\pftF270~tmp\Disk1\Setup.exe"C:\Users\admin\AppData\Local\Temp\pftF270~tmp\Disk1\Setup.exe
NPS Nintendo Power.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield (R) Setup Launcher
Exit code:
0
Version:
6, 22, 100, 1441
Modules
Images
c:\users\admin\appdata\local\temp\pftf270~tmp\disk1\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2852"C:\Users\admin\AppData\Local\Temp\NPS Nintendo Power.exe" C:\Users\admin\AppData\Local\Temp\NPS Nintendo Power.exe
explorer.exe
User:
admin
Company:
Mediabrowser
Integrity Level:
HIGH
Exit code:
0
Version:
3.3.0.0
Modules
Images
c:\users\admin\appdata\local\temp\nps nintendo power.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3460C:\PROGRA~1\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -EmbeddingC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
svchost.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield® Engine
Exit code:
0
Version:
6, 22, 100, 1511
Modules
Images
c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3700"C:\Users\admin\AppData\Local\Temp\NPS Nintendo Power.exe" C:\Users\admin\AppData\Local\Temp\NPS Nintendo Power.exeexplorer.exe
User:
admin
Company:
Mediabrowser
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
3.3.0.0
Modules
Images
c:\users\admin\appdata\local\temp\nps nintendo power.exe
c:\windows\system32\ntdll.dll
3944"C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServerC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSetup.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield® Engine
Exit code:
0
Version:
6, 22, 100, 1511
Modules
Images
c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
Total events
1 050
Read events
967
Write events
83
Delete events
0

Modification events

(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3944) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\TypeLib
Operation:writeName:Version
Value:
1.0
Executable files
17
Suspicious files
10
Text files
8
Unknown types
2

Dropped files

PID
Process
Filename
Type
2852NPS Nintendo Power.exeC:\Users\admin\AppData\Local\Temp\plfF24F.tmpini
MD5:19A2283172165182D05BBD5745372F62
SHA256:379ADDFC2E4A0309EC0526507D564FC79EEB6635963C0E84F10CB8B103036C54
2852NPS Nintendo Power.exeC:\Users\admin\AppData\Local\Temp\extF250.tmpini
MD5:19A2283172165182D05BBD5745372F62
SHA256:379ADDFC2E4A0309EC0526507D564FC79EEB6635963C0E84F10CB8B103036C54
2840Setup.exeC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeexecutable
MD5:D46FBCAE81EA095814E518CD6EBDD681
SHA256:8FC3E417A63D236FABF34F8FD03BB6599520D9386A43094DD48E9C091E729EB7
2852NPS Nintendo Power.exeC:\Users\admin\AppData\Local\Temp\pftF270~tmp\Disk1\setup.inxinx
MD5:8FC15E5B4EB8649565E8CCF0B7566FAC
SHA256:FDCDB72B4FB637FA8DBFC83C1DC18ED8BF2BB15ACC60DF8AA0A1F83C348FF77A
2840Setup.exeC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\temp.000executable
MD5:D46FBCAE81EA095814E518CD6EBDD681
SHA256:8FC3E417A63D236FABF34F8FD03BB6599520D9386A43094DD48E9C091E729EB7
3460IKernel.exeC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\corecomp.initext
MD5:62D5F9827D867EB3E4AB9E6B338348A1
SHA256:5214789C08EE573E904990DCD29E9E03AAF5CF12E86FAE368005FD8F4E371BD5
3460IKernel.exeC:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dllexecutable
MD5:A40CA86B6761CBEE58A11CCCC74283BA
SHA256:73E0885FFACFEBB50BF39588BBFAC6E897E0CB4EB4ABC23B7FF5966B627A4D5A
3460IKernel.exeC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctorf666.rraexecutable
MD5:A40CA86B6761CBEE58A11CCCC74283BA
SHA256:73E0885FFACFEBB50BF39588BBFAC6E897E0CB4EB4ABC23B7FF5966B627A4D5A
3460IKernel.exeC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\objef6b4.rraexecutable
MD5:9D396EA94CFC6ACB3F036B9C89467A71
SHA256:1BBF964F27C554EB3830A13BC6226E5FC791C55A953AD10A2B6084047BDE8BF7
2852NPS Nintendo Power.exeC:\Users\admin\AppData\Local\Temp\pftF270~tmp\Disk1\ikernel.ex_ex_
MD5:E51E89D1D1967EB9BFD39D85638A8209
SHA256:9FB0AC49D19B44B438AD7F4E3316D8C190981B7B3329BB01CF0010E295F26D81
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
IKernel.exe
IUnknown
IKernel.exe
IKernel.exe
CMainWindow
IKernel.exe
-
IKernel.exe
IUnknown
IKernel.exe
IKernel.exe
CMainWindow
IKernel.exe
-
IKernel.exe
ISetupMainWindow
IKernel.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NPS Nintendo Power.exe