File name:

ReMouseStandard-Setup.exe

Full analysis: https://app.any.run/tasks/232f0f26-ea9d-417b-8a5e-9f2f39427542
Verdict: Malicious activity
Analysis date: June 07, 2025, 01:22:19
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
autoit
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

60D463B942EB11EB141C0611BC3BC346

SHA1:

B5C64B01AC4AC4C8D42EF830ACB80729A0AED180

SHA256:

4EF4CAE28CA3CFE2C1571C6BA074351A1AD410FDDB53BDDA1A299F2B6578BBB5

SSDEEP:

98304:VrGQnAU+5lecFGCJm7p9s5I1lqI6cMatsleim+HtkuCGH83gbrUl8mY15PsEP5cv:z0hrU8MaeBfQaL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ReMouseStandard-Setup.exe (PID: 2652)
      • ReMouseStandard-Setup.tmp (PID: 3968)

    • Reads security settings of Internet Explorer

      • ReMouse.exe (PID: 6040)

    • Reads the Windows owner or organization settings

      • ReMouseStandard-Setup.tmp (PID: 3968)

    • There is functionality for taking screenshot (YARA)

      • ReMouse.exe (PID: 6040)

  • INFO

    • The sample compiled with english language support

      • ReMouseStandard-Setup.tmp (PID: 3968)

    • Create files in a temporary directory

      • ReMouseStandard-Setup.exe (PID: 2652)
      • ReMouseStandard-Setup.tmp (PID: 3968)
      • ReMouse.exe (PID: 6040)

    • Checks supported languages

      • ReMouseStandard-Setup.exe (PID: 2652)
      • ReMouseStandard-Setup.tmp (PID: 3968)
      • ReMouse.exe (PID: 6040)

    • Reads the computer name

      • ReMouseStandard-Setup.tmp (PID: 3968)
      • ReMouse.exe (PID: 6040)

    • Creates files or folders in the user directory

      • ReMouseStandard-Setup.tmp (PID: 3968)

    • Creates a software uninstall entry

      • ReMouseStandard-Setup.tmp (PID: 3968)

    • Reads mouse settings

      • ReMouse.exe (PID: 6040)

    • The process uses AutoIt

      • ReMouse.exe (PID: 6040)

    • Reads the software policy settings

      • slui.exe (PID: 1760)

    • Checks proxy server information

      • slui.exe (PID: 1760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41472
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0xaa98
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.6.0.0
ProductVersionNumber: 5.6.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: AutomaticSolution Software
FileDescription: ReMouse
FileVersion: ReMouse Standard V5.
LegalCopyright: AutomaticSolution Software
ProductName: ReMouse Standard
ProductVersion: Standard V5.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start remousestandard-setup.exe remousestandard-setup.tmp remouse.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1760C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2652"C:\Users\admin\Desktop\ReMouseStandard-Setup.exe" C:\Users\admin\Desktop\ReMouseStandard-Setup.exe
explorer.exe
User:
admin
Company:
AutomaticSolution Software
Integrity Level:
MEDIUM
Description:
ReMouse
Exit code:
0
Version:
ReMouse Standard V5.
Modules
Images
c:\users\admin\desktop\remousestandard-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3968"C:\Users\admin\AppData\Local\Temp\is-EUK45.tmp\ReMouseStandard-Setup.tmp" /SL5="$9031C,5411417,57856,C:\Users\admin\Desktop\ReMouseStandard-Setup.exe" C:\Users\admin\AppData\Local\Temp\is-EUK45.tmp\ReMouseStandard-Setup.tmp
ReMouseStandard-Setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-euk45.tmp\remousestandard-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6040"C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse.exe"C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse.exeReMouseStandard-Setup.tmp
User:
admin
Integrity Level:
MEDIUM
Description:
ReMouse Standard
Version:
5.6
Modules
Images
c:\users\admin\appdata\roaming\automaticsolution software\remouse standard\remouse.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
Total events
8 279
Read events
8 166
Write events
108
Delete events
5

Modification events

(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
800F0000F5226AA14AD7DB01
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
EBAE8E8F2839AE25E6C65409EB920BA8FDC63E037E1CE07A5A12DB98B88BA5B5
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.9 (a)
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:Inno Setup: Icon Group
Value:
ReMouse Standard
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:Inno Setup: Language
Value:
default
(PID) Process:(3968) ReMouseStandard-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Standard_is1
Operation:writeName:DisplayName
Value:
ReMouse Standard
Executable files
22
Suspicious files
14
Text files
11
Unknown types
0

Dropped files

PID
Process
Filename
Type
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Local\Temp\is-ANGB4.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\is-1UCBS.tmpexecutable
MD5:697D7FFC29417B81F4F2BBF8EACF2C7E
SHA256:D9D65769B6534CAD0FBC5E56412A76381929500B4B10E69B30A752D2F5E3B2BC
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\unins000.exeexecutable
MD5:95EDCB135FD8AE184FF9B604BEB77F13
SHA256:4C62259F8797612FD58E154FF9E5BA7FE114BCBF5FD310F2C9B2A013F2B84013
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouseEditor.exeexecutable
MD5:806FA8F8139A42BDB2DB874AAE80EEEB
SHA256:5580952DDC00BDA249DB0E718AFB09AB8C5AC828418A45766EA39ED941EC76D6
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\is-EPG2H.tmpexecutable
MD5:95EDCB135FD8AE184FF9B604BEB77F13
SHA256:4C62259F8797612FD58E154FF9E5BA7FE114BCBF5FD310F2C9B2A013F2B84013
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\is-0V3N8.tmpexecutable
MD5:71C9F982CABABE028BA53330EE2D0879
SHA256:971834A15706B6DFC6FC477401D6F817E48BD48A0CD7E871B0634278E816A31D
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse.exeexecutable
MD5:697D7FFC29417B81F4F2BBF8EACF2C7E
SHA256:D9D65769B6534CAD0FBC5E56412A76381929500B4B10E69B30A752D2F5E3B2BC
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\is-6TQTS.tmpexecutable
MD5:6FC61A2907F2E39A1E450D7801ECAE43
SHA256:4E31D3155A3408805C91D1714BB45DE7847E77780BF3D91F3405FEB3EF9AC15B
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\is-SF86D.tmpexecutable
MD5:52A8E46AEBCF8587D89ABB21CBE62DC7
SHA256:72AFE1063114BF0321513427808982AEA1ACBBCD3FAD78944EC1E68F7EACCBA1
3968ReMouseStandard-Setup.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse-Task.exeexecutable
MD5:52A8E46AEBCF8587D89ABB21CBE62DC7
SHA256:72AFE1063114BF0321513427808982AEA1ACBBCD3FAD78944EC1E68F7EACCBA1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
5260
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5260
RUXIMICS.exe
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5260
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5260
RUXIMICS.exe
23.216.77.20:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5260
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7448
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1760
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.216.77.20
  • 23.216.77.28
  • 23.216.77.42
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 20.42.65.93
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ReMouseStandard-Setup.exe