File name:

SoundBoosterSetup.exe

Full analysis: https://app.any.run/tasks/2ec19253-53c0-4620-b241-544ad50bed11
Verdict: Malicious activity
Analysis date: July 12, 2024, 00:46:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
vmprotect
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

99AA185A295411F72303FA9B7A497795

SHA1:

04CBAB9197165B1648EF6FCBF0D1B60D2E0F7A95

SHA256:

4C00A2F66BB1D2470B17EF277F5F12A90FF2FC86A258CB82BF294835B87D4E02

SSDEEP:

98304:hgVrBdoUFz1tgDp5uw27QaYrvBX4+YgnFOt+s0y1m9MRVPCC+RJUrLO5nGj1ysQd:G/rXKWDFWolprO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SoundBoosterSetup.exe (PID: 3380)
      • SoundBoosterSetup.exe (PID: 3372)
      • SoundBoosterSetup.tmp (PID: 2752)

    • Registers / Runs the DLL via REGSVR32.EXE

      • SoundBoosterTaskHost.exe (PID: 2440)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SoundBoosterSetup.exe (PID: 3372)
      • SoundBoosterSetup.tmp (PID: 2752)
      • SoundBoosterSetup.exe (PID: 3380)

    • Reads the Windows owner or organization settings

      • SoundBoosterSetup.tmp (PID: 2752)

    • Reads the Internet Settings

      • SoundBoosterTaskHost.exe (PID: 2440)
      • SoundBoosterSetup.tmp (PID: 3400)
      • SoundBooster.exe (PID: 524)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1952)

    • Reads security settings of Internet Explorer

      • SoundBoosterTaskHost.exe (PID: 2440)
      • SoundBooster.exe (PID: 524)
      • SoundBoosterSetup.tmp (PID: 3400)

  • INFO

    • Checks supported languages

      • SoundBoosterSetup.tmp (PID: 3400)
      • SoundBoosterSetup.exe (PID: 3380)
      • SoundBoosterSetup.exe (PID: 3372)
      • SoundBoosterSetup.tmp (PID: 2752)
      • SoundBoosterTaskHost.exe (PID: 2440)
      • SoundBoosterService.exe (PID: 3672)
      • SoundBoosterTaskHost.exe (PID: 3852)
      • SoundBooster.exe (PID: 524)

    • Reads the computer name

      • SoundBoosterSetup.tmp (PID: 3400)
      • SoundBoosterTaskHost.exe (PID: 2440)
      • SoundBoosterService.exe (PID: 3672)
      • SoundBoosterTaskHost.exe (PID: 3852)
      • SoundBoosterSetup.tmp (PID: 2752)
      • SoundBooster.exe (PID: 524)

    • Create files in a temporary directory

      • SoundBoosterSetup.exe (PID: 3372)
      • SoundBoosterSetup.exe (PID: 3380)
      • SoundBoosterSetup.tmp (PID: 2752)

    • Creates files in the program directory

      • SoundBoosterSetup.tmp (PID: 2752)
      • SoundBoosterTaskHost.exe (PID: 3852)
      • SoundBooster.exe (PID: 524)

    • VMProtect protector has been detected

      • SoundBoosterSetup.tmp (PID: 2752)
      • SoundBooster.exe (PID: 524)

    • Creates a software uninstall entry

      • SoundBoosterSetup.tmp (PID: 2752)

    • Checks proxy server information

      • SoundBooster.exe (PID: 524)

    • Reads the machine GUID from the registry

      • SoundBooster.exe (PID: 524)

    • Manual execution by a user

      • taskmgr.exe (PID: 3404)

    • Creates files or folders in the user directory

      • SoundBooster.exe (PID: 524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 344576
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.12.0.538
ProductVersionNumber: 1.12.0.538
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Letasoft LLC
FileDescription: Letasoft Sound Booster Setup
FileVersion: 1.12.0.538
LegalCopyright: Copyright © Letasoft LLC
ProductName: Letasoft Sound Booster
ProductVersion: 1.12.0.538
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
11
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start soundboostersetup.exe soundboostersetup.tmp no specs soundboostersetup.exe THREAT soundboostersetup.tmp soundboostertaskhost.exe no specs regsvr32.exe no specs soundboosterservice.exe no specs soundboostertaskhost.exe no specs soundbooster.exe no specs THREAT soundbooster.exe taskmgr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
524"C:\Program Files\Letasoft Sound Booster\SoundBooster.exe" C:\Program Files\Letasoft Sound Booster\SoundBooster.exe
SoundBoosterSetup.tmp
User:
admin
Company:
Letasoft
Integrity Level:
HIGH
Description:
Sound Booster Application
Version:
1.12.0.538
Modules
Images
c:\program files\letasoft sound booster\soundbooster.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1952"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\Letasoft Sound Booster\Sbapo.dll"C:\Windows\System32\regsvr32.exeSoundBoosterTaskHost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2440"C:\Program Files\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPOC:\Program Files\Letasoft Sound Booster\SoundBoosterTaskHost.exeSoundBoosterSetup.tmp
User:
admin
Company:
Letasoft
Integrity Level:
HIGH
Description:
Sound Booster Task Host Application
Exit code:
0
Version:
1.12.0.538
Modules
Images
c:\program files\letasoft sound booster\soundboostertaskhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2752"C:\Users\admin\AppData\Local\Temp\is-POSG9.tmp\SoundBoosterSetup.tmp" /SL5="$5010A,6484768,412160,C:\Users\admin\AppData\Local\Temp\SoundBoosterSetup.exe" /SPAWNWND=$E0168 /NOTIFYWND=$160156 C:\Users\admin\AppData\Local\Temp\is-POSG9.tmp\SoundBoosterSetup.tmp
SoundBoosterSetup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-posg9.tmp\soundboostersetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3068"C:\Program Files\Letasoft Sound Booster\SoundBooster.exe" C:\Program Files\Letasoft Sound Booster\SoundBooster.exeSoundBoosterSetup.tmp
User:
admin
Company:
Letasoft
Integrity Level:
MEDIUM
Description:
Sound Booster Application
Exit code:
3221226540
Version:
1.12.0.538
Modules
Images
c:\program files\letasoft sound booster\soundbooster.exe
c:\windows\system32\ntdll.dll
3372"C:\Users\admin\AppData\Local\Temp\SoundBoosterSetup.exe" /SPAWNWND=$E0168 /NOTIFYWND=$160156 C:\Users\admin\AppData\Local\Temp\SoundBoosterSetup.exe
SoundBoosterSetup.tmp
User:
admin
Company:
Letasoft LLC
Integrity Level:
HIGH
Description:
Letasoft Sound Booster Setup
Exit code:
0
Version:
1.12.0.538
Modules
Images
c:\users\admin\appdata\local\temp\soundboostersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3380"C:\Users\admin\AppData\Local\Temp\SoundBoosterSetup.exe" C:\Users\admin\AppData\Local\Temp\SoundBoosterSetup.exe
explorer.exe
User:
admin
Company:
Letasoft LLC
Integrity Level:
MEDIUM
Description:
Letasoft Sound Booster Setup
Exit code:
0
Version:
1.12.0.538
Modules
Images
c:\users\admin\appdata\local\temp\soundboostersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3400"C:\Users\admin\AppData\Local\Temp\is-9C2VG.tmp\SoundBoosterSetup.tmp" /SL5="$160156,6484768,412160,C:\Users\admin\AppData\Local\Temp\SoundBoosterSetup.exe" C:\Users\admin\AppData\Local\Temp\is-9C2VG.tmp\SoundBoosterSetup.tmpSoundBoosterSetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-9c2vg.tmp\soundboostersetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3404"C:\Windows\system32\taskmgr.exe" /4C:\Windows\System32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3672"C:\Program Files\Letasoft Sound Booster\SoundBoosterService.exe" -installC:\Program Files\Letasoft Sound Booster\SoundBoosterService.exeSoundBoosterSetup.tmp
User:
admin
Company:
Letasoft
Integrity Level:
HIGH
Description:
Sound Booster Service
Exit code:
0
Version:
1.12.0.538
Modules
Images
c:\program files\letasoft sound booster\soundboosterservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
Total events
6 403
Read events
6 287
Write events
106
Delete events
10

Modification events

(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_CURRENT_USER\Software\Letasoft\Sound Booster
Operation:writeName:LangGUI
Value:
1033
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_CURRENT_USER\Software\Letasoft\Sound Booster\Options
Operation:writeName:SoundLevel
Value:
300
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_CURRENT_USER\Software\Letasoft\Sound Booster\Options
Operation:writeName:BoostIsEnabled
Value:
1
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_CURRENT_USER\Software\Letasoft\Sound Booster\Options
Operation:writeName:BoostMethod
Value:
1
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster
Operation:writeName:LangGUI
Value:
1033
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Operation:writeName:DisabledByDefault
Value:
0
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Operation:writeName:Enabled
Value:
1
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.9 (u)
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Letasoft Sound Booster
(PID) Process:(2752) SoundBoosterSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Letasoft Sound Booster\
Executable files
38
Suspicious files
8
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\SoundBooster.exeexecutable
MD5:73284BAC5AE39DDC8A67EFFE040A3349
SHA256:E0DD2F06DD96E8167168517CFB611456E3FBEA57A116916D4C4A1AA4D84D35CA
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\is-L0T1S.tmpexecutable
MD5:73284BAC5AE39DDC8A67EFFE040A3349
SHA256:E0DD2F06DD96E8167168517CFB611456E3FBEA57A116916D4C4A1AA4D84D35CA
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\Lang\is-3UQ00.tmpexecutable
MD5:56916EA3B9A10D00FEB9818C3068F4A8
SHA256:C64E4820A0B8A29ECC71B4EF43C318D7CF2682270D39C53CB3980BEF0E24D2CC
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\is-IO8TO.tmpexecutable
MD5:A5E43FF07BF378503CF45D6EE7778021
SHA256:48CC8C44E665CC3A24A1EF0807BCD87BDCC0AD9FF179C8D5C96924EBA48888F2
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\Lang\is-DLPNV.tmpexecutable
MD5:04836C4C3228B9E5FCD8A995D38030C5
SHA256:FAAA95455F9C516CBDB02E233533A7D44E7F6FFB3F850A2ED0482E553FF18E71
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\Lang\is-MFRO2.tmpxml
MD5:9D478BEA4276BF33D8556701E8E4045C
SHA256:70972039E093BD7201A01DC8D9EF315A788752E274D3F6DF433E4196AF1DC67C
3372SoundBoosterSetup.exeC:\Users\admin\AppData\Local\Temp\is-POSG9.tmp\SoundBoosterSetup.tmpexecutable
MD5:A5E43FF07BF378503CF45D6EE7778021
SHA256:48CC8C44E665CC3A24A1EF0807BCD87BDCC0AD9FF179C8D5C96924EBA48888F2
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\Lang\SoundBoosterRU.dllexecutable
MD5:56916EA3B9A10D00FEB9818C3068F4A8
SHA256:C64E4820A0B8A29ECC71B4EF43C318D7CF2682270D39C53CB3980BEF0E24D2CC
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\Lang\TurboActivateRU.xmlxml
MD5:9D478BEA4276BF33D8556701E8E4045C
SHA256:70972039E093BD7201A01DC8D9EF315A788752E274D3F6DF433E4196AF1DC67C
2752SoundBoosterSetup.tmpC:\Program Files\Letasoft Sound Booster\unins000.exeexecutable
MD5:A5E43FF07BF378503CF45D6EE7778021
SHA256:48CC8C44E665CC3A24A1EF0807BCD87BDCC0AD9FF179C8D5C96924EBA48888F2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
13
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
524
SoundBooster.exe
GET
200
70.32.23.76:80
http://files.letasoft.com/updates/soundbooster/appver
unknown
whitelisted
1372
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
524
SoundBooster.exe
GET
200
70.32.23.76:80
http://files.letasoft.com/updates/soundbooster/changelog
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1060
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fbe613066ac7852b
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
239.255.255.250:3702
whitelisted
1372
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
524
SoundBooster.exe
70.32.23.76:80
files.letasoft.com
A2HOSTING
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.174
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
files.letasoft.com
  • 70.32.23.76
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SoundBoosterSetup.exe