File name: | cdbxp_setup_4.5.8.7041.exe |
Full analysis: | https://app.any.run/tasks/94c827d2-bde0-4557-bca6-11fc3fb23b57 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 17:12:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | F6E56C84638042C513B8BB8D77647F6C |
SHA1: | 1206EEBC96BF11157A3ACC9575C5CF93BC8C028B |
SHA256: | 4DA9FA41288872253A25058079693936D1A9DFA4A45FF752DC5974711543472F |
SSDEEP: | 98304:umdr8fO7Znan7q+mvD6VatDha2UyuElidmVuRmzC3KQJxbIOXIsaImHX:uffOhdv+8tDhaFEId+4xJNPIjIm3 |
.exe | | | Win32 Executable Delphi generic (57.2) |
---|---|---|
.exe | | | Win32 Executable (generic) (18.2) |
.exe | | | Win16/32 Executable Delphi generic (8.3) |
.exe | | | Generic Win/DOS Executable (8) |
.exe | | | DOS Executable Generic (8) |
ProductVersion: | 4.5.8.7041 |
---|---|
ProductName: | CDBurnerXP |
LegalCopyright: | 2001-2014 Canneverbe Limited |
FileVersion: | 4.5.8.7041 |
FileDescription: | CDBurnerXP |
CompanyName: | Canneverbe Limited |
Comments: | This installation was built with Inno Setup. |
CharacterSet: | Unicode |
LanguageCode: | Neutral |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 4.5.8.7041 |
FileVersionNumber: | 4.5.8.7041 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | 6 |
OSVersion: | 5 |
EntryPoint: | 0x113bc |
UninitializedDataSize: | - |
InitializedDataSize: | 436224 |
CodeSize: | 65024 |
LinkerVersion: | 2.25 |
PEType: | PE32 |
TimeStamp: | 2014:07:09 09:58:13+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 09-Jul-2014 07:58:13 |
Detected languages: |
|
Comments: | This installation was built with Inno Setup. |
CompanyName: | Canneverbe Limited |
FileDescription: | CDBurnerXP |
FileVersion: | 4.5.8.7041 |
LegalCopyright: | 2001-2014 Canneverbe Limited |
ProductName: | CDBurnerXP |
ProductVersion: | 4.5.8.7041 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0050 |
Pages in file: | 0x0002 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x000F |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x001A |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000100 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 8 |
Time date stamp: | 09-Jul-2014 07:58:13 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0000F12C | 0x0000F200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.39148 |
.itext | 0x00011000 | 0x00000B44 | 0x00000C00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.73207 |
.data | 0x00012000 | 0x00000C88 | 0x00000E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.24631 |
.bss | 0x00013000 | 0x000056B4 | 0x00000000 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.idata | 0x00019000 | 0x00000DD0 | 0x00000E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.97188 |
.tls | 0x0001A000 | 0x00000008 | 0x00000000 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rdata | 0x0001B000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.204488 |
.rsrc | 0x0001C000 | 0x00068958 | 0x00068A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.60268 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.11919 | 1512 | Latin 1 / Western European | English - United States | RT_MANIFEST |
2 | 4.31324 | 488 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 4.31051 | 744 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 3.94228 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 5.27966 | 19496 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 5.20258 | 1384 | Latin 1 / Western European | English - United States | RT_ICON |
7 | 5.88053 | 1736 | Latin 1 / Western European | English - United States | RT_ICON |
8 | 5.80126 | 2216 | Latin 1 / Western European | English - United States | RT_ICON |
9 | 5.65578 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
10 | 4.84627 | 2440 | Latin 1 / Western European | English - United States | RT_ICON |
advapi32.dll |
comctl32.dll |
kernel32.dll |
oleaut32.dll |
user32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3248 | "C:\Users\admin\AppData\Local\Temp\cdbxp_setup_4.5.8.7041.exe" | C:\Users\admin\AppData\Local\Temp\cdbxp_setup_4.5.8.7041.exe | explorer.exe | |
User: admin Company: Canneverbe Limited Integrity Level: MEDIUM Description: CDBurnerXP Version: 4.5.8.7041 | ||||
3944 | "C:\Users\admin\AppData\Local\Temp\is-J99HM.tmp\cdbxp_setup_4.5.8.7041.tmp" /SL5="$2011C,5844475,502272,C:\Users\admin\AppData\Local\Temp\cdbxp_setup_4.5.8.7041.exe" | C:\Users\admin\AppData\Local\Temp\is-J99HM.tmp\cdbxp_setup_4.5.8.7041.tmp | — | cdbxp_setup_4.5.8.7041.exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Version: 51.1052.0.0 | ||||
3692 | "C:\Users\admin\AppData\Local\Temp\cdbxp_setup_4.5.8.7041.exe" /SPAWNWND=$20116 /NOTIFYWND=$2011C | C:\Users\admin\AppData\Local\Temp\cdbxp_setup_4.5.8.7041.exe | cdbxp_setup_4.5.8.7041.tmp | |
User: admin Company: Canneverbe Limited Integrity Level: HIGH Description: CDBurnerXP Version: 4.5.8.7041 | ||||
4076 | "C:\Users\admin\AppData\Local\Temp\is-DV4QC.tmp\cdbxp_setup_4.5.8.7041.tmp" /SL5="$20122,5844475,502272,C:\Users\admin\AppData\Local\Temp\cdbxp_setup_4.5.8.7041.exe" /SPAWNWND=$20116 /NOTIFYWND=$2011C | C:\Users\admin\AppData\Local\Temp\is-DV4QC.tmp\cdbxp_setup_4.5.8.7041.tmp | cdbxp_setup_4.5.8.7041.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Version: 51.1052.0.0 | ||||
3320 | "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\CDBurnerXP\StarBurnX15.dll" | C:\Windows\system32\regsvr32.exe | cdbxp_setup_4.5.8.7041.tmp | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3904 | "Reg.exe" Copy HKCU\SOFTWARE\CDBurnerXP "HKCU\SOFTWARE\Canneverbe Limited\CDBurnerXP" /s /f | C:\Windows\system32\Reg.exe | — | cdbxp_setup_4.5.8.7041.tmp |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2528 | "Reg.exe" Delete HKCU\SOFTWARE\CDBurnerXP /f | C:\Windows\system32\Reg.exe | — | cdbxp_setup_4.5.8.7041.tmp |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3276 | "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\CDBurnerXP\StarBurnX15.dll" | C:\Windows\system32\regsvr32.exe | cdbxp_setup_4.5.8.7041.tmp | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-63SK5.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-ANE30.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-KFDEE.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-VVQDS.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-PQKA8.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-8JQKF.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-RLQKR.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-A94OU.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-G2HOM.tmp | — | |
MD5:— | SHA256:— | |||
4076 | cdbxp_setup_4.5.8.7041.tmp | C:\Program Files\CDBurnerXP\is-MGUFJ.tmp | — | |
MD5:— | SHA256:— |
Process | Message |
---|---|
regsvr32.exe | HKCR
{
NoRemove AppID
{
'{3DD7EA49-B5E1-4493-895D-C73562138FC0}' = s 'StarBurnXLib'
'StarBurnX12.DLL'
{
val AppID = s '{3DD7EA49-B5E1-4493-895D-C73562138FC0}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.DriveSpeed.15 = s 'DriveSpeed Class'
{
CLSID = s '{E0EEE430-80D8-42D7-8D83-F046AECD7536}'
}
StarBurnX.DriveSpeed = s 'DriveSpeed Class'
{
CLSID = s '{E0EEE430-80D8-42D7-8D83-F046AECD7536}'
CurVer = s 'StarBurnX.DriveSpeed.15'
}
NoRemove CLSID
{
ForceRemove {E0EEE430-80D8-42D7-8D83-F046AECD7536} = s 'DriveSpeed Class'
{
ProgID = s 'StarBurnX.DriveSpeed.15'
VersionIndependentProgID = s 'StarBurnX.DriveSpeed'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.DriveSpeeds.15 = s 'DriveSpeeds Class'
{
CLSID = s '{7169A231-64EC-4702-98AB-05ABB6D882A9}'
}
StarBurnX.DriveSpeeds = s 'DriveSpeeds Class'
{
CLSID = s '{7169A231-64EC-4702-98AB-05ABB6D882A9}'
CurVer = s 'StarBurnX.DriveSpeeds.15'
}
NoRemove CLSID
{
ForceRemove {7169A231-64EC-4702-98AB-05ABB6D882A9} = s 'DriveSpeeds Class'
{
ProgID = s 'StarBurnX.DriveSpeeds.15'
VersionIndependentProgID = s 'StarBurnX.DriveSpeeds'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.DriveInfo.15 = s 'DriveInfo Class'
{
CLSID = s '{996C8DFD-8CE6-43B2-9414-CB6132485363}'
}
StarBurnX.DriveInfo = s 'DriveInfo Class'
{
CLSID = s '{996C8DFD-8CE6-43B2-9414-CB6132485363}'
CurVer = s 'StarBurnX.DriveInfo.15'
}
NoRemove CLSID
{
ForceRemove {996C8DFD-8CE6-43B2-9414-CB6132485363} = s 'DriveInfo Class'
{
ProgID = s 'StarBurnX.DriveInfo.15'
VersionIndependentProgID = s 'StarBurnX.DriveInfo'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.Track.15 = s 'Track Class'
{
CLSID = s '{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}'
}
StarBurnX.Track = s 'Track Class'
{
CLSID = s '{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}'
CurVer = s 'StarBurnX.Track.15'
}
NoRemove CLSID
{
ForceRemove {F750BC9F-72CE-45C6-9D1F-BFEFB0765918} = s 'Track Class'
{
ProgID = s 'StarBurnX.Track.15'
VersionIndependentProgID = s 'StarBurnX.Track'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.Tracks.15 = s 'Tracks Class'
{
CLSID = s '{AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF}'
}
StarBurnX.Tracks = s 'Tracks Class'
{
CLSID = s '{AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF}'
CurVer = s 'StarBurnX.Tracks.15'
}
NoRemove CLSID
{
ForceRemove {AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF} = s 'Tracks Class'
{
ProgID = s 'StarBurnX.Tracks.15'
VersionIndependentProgID = s 'StarBurnX.Tracks'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.Session.15 = s 'Session Class'
{
CLSID = s '{80E026F0-CE90-4F15-986A-45317268AB5A}'
}
StarBurnX.Session = s 'Session Class'
{
CLSID = s '{80E026F0-CE90-4F15-986A-45317268AB5A}'
CurVer = s 'StarBurnX.Session.15'
}
NoRemove CLSID
{
ForceRemove {80E026F0-CE90-4F15-986A-45317268AB5A} = s 'Session Class'
{
ProgID = s 'StarBurnX.Session.15'
VersionIndependentProgID = s 'StarBurnX.Session'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.Sessions.15 = s 'Sessions Class'
{
CLSID = s '{4EE12AA6-A781-490F-96DA-783969C58A1A}'
}
StarBurnX.Sessions = s 'Sessions Class'
{
CLSID = s '{4EE12AA6-A781-490F-96DA-783969C58A1A}'
CurVer = s 'StarBurnX.Sessions.15'
}
NoRemove CLSID
{
ForceRemove {4EE12AA6-A781-490F-96DA-783969C58A1A} = s 'Sessions Class'
{
ProgID = s 'StarBurnX.Sessions.15'
VersionIndependentProgID = s 'StarBurnX.Sessions'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.DiscInfo.15 = s 'DiscInfo Class'
{
CLSID = s '{DE9B465F-0405-41B9-8C20-B6F0CACCC713}'
}
StarBurnX.DiscInfo = s 'DiscInfo Class'
{
CLSID = s '{DE9B465F-0405-41B9-8C20-B6F0CACCC713}'
CurVer = s 'StarBurnX.DiscInfo.15'
}
NoRemove CLSID
{
ForceRemove {DE9B465F-0405-41B9-8C20-B6F0CACCC713} = s 'DiscInfo Class'
{
ProgID = s 'StarBurnX.DiscInfo.15'
VersionIndependentProgID = s 'StarBurnX.DiscInfo'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|
regsvr32.exe | HKCR
{
StarBurnX.Drive.15 = s 'Drive Class'
{
CLSID = s '{102C6E30-5702-48C1-A492-A3F3EFB1958C}'
}
StarBurnX.Drive = s 'Drive Class'
{
CLSID = s '{102C6E30-5702-48C1-A492-A3F3EFB1958C}'
CurVer = s 'StarBurnX.Drive.15'
}
NoRemove CLSID
{
ForceRemove {102C6E30-5702-48C1-A492-A3F3EFB1958C} = s 'Drive Class'
{
ProgID = s 'StarBurnX.Drive.15'
VersionIndependentProgID = s 'StarBurnX.Drive'
ForceRemove 'Programmable'
InprocServer32 = s 'C:\Program Files\CDBurnerXP\StarBurnX15.dll'
{
val ThreadingModel = s 'Free'
}
'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}'
'Version' = s '15.7'
}
}
}
|