File name:

FastShare_v2.4.0.exe

Full analysis: https://app.any.run/tasks/37a41cd7-919d-4c22-ad96-b90d7a367a6c
Verdict: Malicious activity
Analysis date: October 06, 2024, 15:04:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0353C554A836BAB61C4D4A217FE5A373

SHA1:

682850DF48FB5397F7E7612F53C56C722DDE7349

SHA256:

4B9C198D4B8D53ED8755647A3F571C8AB5CD79EB76BFCD203B1071E9FCFA5796

SSDEEP:

98304:Zz44vSGAE7NQKlsnQ2c81UnNqwB+L0wVZF4ttImH67cEbmMc8wv8Zdvmhg+dYaW+:GXeH0VH5aD1I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • FastShare_v2.4.0.exe (PID: 1608)
      • FastShare_v2.4.0.tmp (PID: 3184)
      • FastShare_v2.4.0.exe (PID: 2356)

    • Reads security settings of Internet Explorer

      • FastShare_v2.4.0.tmp (PID: 6048)

    • Process drops legitimate windows executable

      • FastShare_v2.4.0.tmp (PID: 3184)

  • INFO

    • Checks supported languages

      • FastShare_v2.4.0.exe (PID: 1608)
      • FastShare_v2.4.0.exe (PID: 2356)
      • FastShare_v2.4.0.tmp (PID: 6048)

    • Create files in a temporary directory

      • FastShare_v2.4.0.exe (PID: 2356)
      • FastShare_v2.4.0.exe (PID: 1608)

    • Process checks computer location settings

      • FastShare_v2.4.0.tmp (PID: 6048)

    • Reads the computer name

      • FastShare_v2.4.0.tmp (PID: 6048)

    • Creates files in the program directory

      • FastShare_v2.4.0.tmp (PID: 3184)

    • Creates a software uninstall entry

      • FastShare_v2.4.0.tmp (PID: 3184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (45.2)
.dll | Win32 Dynamic Link Library (generic) (20.9)
.exe | Win32 Executable (generic) (14.3)
.exe | Win16/32 Executable Delphi generic (6.6)
.exe | Generic Win/DOS Executable (6.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:02:04 18:24:57+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 27648
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: FastShare.cz Setup
FileVersion:
LegalCopyright:
ProductName: FastShare.cz
ProductVersion: 2.4.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start fastshare_v2.4.0.exe fastshare_v2.4.0.tmp no specs fastshare_v2.4.0.exe fastshare_v2.4.0.tmp fastshare.exe

Process information

PID
CMD
Path
Indicators
Parent process
1608"C:\Users\admin\Desktop\FastShare_v2.4.0.exe" C:\Users\admin\Desktop\FastShare_v2.4.0.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
FastShare.cz Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\fastshare_v2.4.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2016"C:\Program Files (x86)\FastShare\FastShare.exe"C:\Program Files (x86)\FastShare\FastShare.exe
FastShare_v2.4.0.tmp
User:
admin
Integrity Level:
MEDIUM
Version:
0.0.0.0
Modules
Images
c:\program files (x86)\fastshare\fastshare.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2356"C:\Users\admin\Desktop\FastShare_v2.4.0.exe" /SPAWNWND=$150346 /NOTIFYWND=$1C0226 C:\Users\admin\Desktop\FastShare_v2.4.0.exe
FastShare_v2.4.0.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
FastShare.cz Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\fastshare_v2.4.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
3184"C:\Users\admin\AppData\Local\Temp\is-0E1DH.tmp\FastShare_v2.4.0.tmp" /SL5="$703FE,8987157,93696,C:\Users\admin\Desktop\FastShare_v2.4.0.exe" /SPAWNWND=$150346 /NOTIFYWND=$1C0226 C:\Users\admin\AppData\Local\Temp\is-0E1DH.tmp\FastShare_v2.4.0.tmp
FastShare_v2.4.0.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\explorerframe.dll
c:\windows\syswow64\sfc.dll
c:\windows\syswow64\sfc_os.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\linkinfo.dll
c:\windows\syswow64\ntshrui.dll
c:\windows\syswow64\srvcli.dll
6048"C:\Users\admin\AppData\Local\Temp\is-M4IOD.tmp\FastShare_v2.4.0.tmp" /SL5="$1C0226,8987157,93696,C:\Users\admin\Desktop\FastShare_v2.4.0.exe" C:\Users\admin\AppData\Local\Temp\is-M4IOD.tmp\FastShare_v2.4.0.tmpFastShare_v2.4.0.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-m4iod.tmp\fastshare_v2.4.0.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
704
Read events
687
Write events
17
Delete events
0

Modification events

(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_CURRENT_USER\SOFTWARE\FastShare
Operation:writeName:Language
Value:
en
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.3 (u)
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\FastShare
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\FastShare\
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:Inno Setup: Icon Group
Value:
FastShare
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:Inno Setup: Language
Value:
en
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:DisplayName
Value:
FastShare.cz version 2.4.0
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\FastShare\unins000.exe"
(PID) Process:(3184) FastShare_v2.4.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastShare.cz_is1
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files (x86)\FastShare\unins000.exe" /SILENT
Executable files
28
Suspicious files
30
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1608FastShare_v2.4.0.exeC:\Users\admin\AppData\Local\Temp\is-M4IOD.tmp\FastShare_v2.4.0.tmpexecutable
MD5:03898F0FFD1797C2CC676346C182A5E5
SHA256:422E0DD0F5E39F29D72C7C6A7F0576EE3A708646BD0F8E98BB0CC80907D57A21
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\libwinpthread-1.dllexecutable
MD5:1F4411C1F66C9CDF96CA9D7F9CAF52D9
SHA256:B5FE4D6408EF2BAABDD168F4C7250900606468E9AEB24C71E0C833D3D715AE65
2356FastShare_v2.4.0.exeC:\Users\admin\AppData\Local\Temp\is-0E1DH.tmp\FastShare_v2.4.0.tmpexecutable
MD5:03898F0FFD1797C2CC676346C182A5E5
SHA256:422E0DD0F5E39F29D72C7C6A7F0576EE3A708646BD0F8E98BB0CC80907D57A21
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\unins000.exeexecutable
MD5:A377F77D5C585CD54448D8F4F6AB63B9
SHA256:1BEA956C6E0A46BA6BE5D6F947697DA25D7B36347D7FC25C9DE3EF2BC94ABA36
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\FastShare.exeexecutable
MD5:B523D14159573EDF2E09A168891C2620
SHA256:AFE4A54D6146C99178BE11D2AF2A307F71AD00E08191A4B15CE3A6A06594BAC5
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\is-QEV3J.tmpexecutable
MD5:A377F77D5C585CD54448D8F4F6AB63B9
SHA256:1BEA956C6E0A46BA6BE5D6F947697DA25D7B36347D7FC25C9DE3EF2BC94ABA36
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\is-PGGO7.tmpexecutable
MD5:B523D14159573EDF2E09A168891C2620
SHA256:AFE4A54D6146C99178BE11D2AF2A307F71AD00E08191A4B15CE3A6A06594BAC5
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\is-E5OVJ.tmpexecutable
MD5:1F4411C1F66C9CDF96CA9D7F9CAF52D9
SHA256:B5FE4D6408EF2BAABDD168F4C7250900606468E9AEB24C71E0C833D3D715AE65
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\Qt5Core.dllexecutable
MD5:FACF07A0E5742F3EA147843F3B2F5509
SHA256:B9D5B7F486CEAF8927A72F2529A625B509F17D5CA5B9E055EDF39BED0B8193F6
3184FastShare_v2.4.0.tmpC:\Program Files (x86)\FastShare\libstdc++-6.dllexecutable
MD5:DFF338824EDEA7E20C7F7B2690045090
SHA256:79622396DC4C7AFBBCECA03E69F727BF1862735EE3AD671AA3EE7ADA8AA446C3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
123
TCP/UDP connections
34
DNS requests
9
Threats
144

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1708074353_8327299a7b9906598e3b6652e39c2158_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1727906722_689cf19fe054eb18e802239282c4b510_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1726050740_63832a7aad7ad1b818e20b890e8f1ec4_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1728050552_80207b0aca8971aa868596a719d2ecad_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
104.26.0.13:80
http://fastshare.cz/api/api_v2.php?process=top
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1727906722_689cf19fe054eb18e802239282c4b510_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1710292004_0f1a329c6bb2002d1564e2427e37cc28_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1728012404_8506ec6a5469ac08875346948c2505cd_1_tn.jpg
unknown
whitelisted
2016
FastShare.exe
GET
200
188.114.97.3:80
http://img.fastshare.cloud/upload/tn/202410/1728144629_412ce00e45c24c498e4507de581ce545_1_tn.jpg
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3916
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
23.218.209.163:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3916
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5336
SearchApp.exe
20.42.73.30:443
browser.pipe.aria.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2016
FastShare.exe
104.26.0.13:80
fastshare.cz
CLOUDFLARENET
US
whitelisted
2016
FastShare.exe
188.114.97.3:80
img.fastshare.cloud
CLOUDFLARENET
NL
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.174
whitelisted
www.microsoft.com
  • 23.218.209.163
whitelisted
browser.pipe.aria.microsoft.com
  • 20.42.73.30
whitelisted
fastshare.cz
  • 104.26.0.13
  • 104.26.1.13
  • 172.67.72.30
whitelisted
img.fastshare.cloud
  • 188.114.97.3
  • 188.114.96.3
unknown

Threats

Found threats are available for the paid subscriptions
144 ETPRO signatures available at the full report
Process
Message
FastShare.exe
DB has to be renewed.
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
FastShare.exe
QPixmap::scaled: Pixmap is a null pixmap
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FastShare_v2.4.0.exe