File name:

VIRUSfighter_web.exe

Full analysis: https://app.any.run/tasks/5adef739-ac2e-4afe-ab59-604865e9c015
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 21, 2023, 05:51:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A8AB6EC46B1845AA4C8339A5056451A8

SHA1:

415AC6711B9C398AD74FEA13E51E0A3901A8224D

SHA256:

523224E0C00FCB65F324C2914758F9CEC84EED87337EAF9CC0F9661E526DD6CB

SSDEEP:

98304:wJFkNi9IkTLlI8njk7jweIL+Pvm0gdNkQ1QCZ3psUqC5VFgMPFKu:LU/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • VIRUSfighter_web.exe (PID: 2732)
      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3516)
      • FightersTray.exe (PID: 1044)
      • AVScanningService.exe (PID: 2896)

    • Application was dropped or rewritten from another process

      • SWVFSetup_x32.exe (PID: 2960)
      • FighterSuiteService.exe (PID: 2380)
      • avdriversetup_x86.exe (PID: 3276)
      • AVWatchService.exe (PID: 4060)
      • AVScanningService.exe (PID: 3840)
      • FighterSuiteService.exe (PID: 2608)
      • FighterSuiteService.exe (PID: 2780)
      • machineid.exe (PID: 2564)
      • AVScanningService.exe (PID: 1808)
      • AVScanningService.exe (PID: 2896)
      • AVWatchService.exe (PID: 2920)
      • AVWatchService.exe (PID: 3600)
      • FighterLauncher.exe (PID: 4068)
      • FightersTray.exe (PID: 1044)
      • vfproTray.exe (PID: 3288)
      • FighterLauncher.exe (PID: 3380)
      • FighterLauncher.exe (PID: 3004)
      • vfproTray.exe (PID: 2468)

    • Loads dropped or rewritten executable

      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3180)
      • FighterSuiteService.exe (PID: 2380)
      • AVScanningService.exe (PID: 3840)
      • FighterSuiteService.exe (PID: 2608)
      • FighterSuiteService.exe (PID: 2780)
      • AVWatchService.exe (PID: 4060)
      • AVScanningService.exe (PID: 1808)
      • AVScanningService.exe (PID: 2896)
      • AVWatchService.exe (PID: 2920)
      • AVWatchService.exe (PID: 3600)
      • FighterLauncher.exe (PID: 4068)
      • FightersTray.exe (PID: 1044)
      • FighterLauncher.exe (PID: 3380)
      • FighterLauncher.exe (PID: 3004)
      • vfproTray.exe (PID: 3288)
      • vfproTray.exe (PID: 2468)

    • Creates a writable file the system directory

      • rundll32.exe (PID: 2856)
      • machineid.exe (PID: 2564)

    • Connects to the CnC server

      • FightersTray.exe (PID: 1044)

    • Registers / Runs the DLL via REGSVR32.EXE

      • AVScanningService.exe (PID: 2896)

  • SUSPICIOUS

    • Reads the Internet Settings

      • VIRUSfighter_web.exe (PID: 2732)
      • msiexec.exe (PID: 2232)
      • msiexec.exe (PID: 3180)
      • runonce.exe (PID: 1592)
      • FightersTray.exe (PID: 1044)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 3516)

    • Uses RUNDLL32.EXE to load library

      • avdriversetup_x86.exe (PID: 3276)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 3516)
      • rundll32.exe (PID: 2856)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 3516)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3652)
      • FighterSuiteService.exe (PID: 2780)
      • AVScanningService.exe (PID: 2896)
      • AVWatchService.exe (PID: 3600)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 2856)

    • Process requests binary or script from the Internet

      • FightersTray.exe (PID: 1044)
      • AVScanningService.exe (PID: 2896)

    • Application launched itself

      • FighterLauncher.exe (PID: 3380)

  • INFO

    • Checks supported languages

      • VIRUSfighter_web.exe (PID: 2732)
      • SWVFSetup_x32.exe (PID: 2960)
      • msiexec.exe (PID: 3516)
      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3180)
      • FighterSuiteService.exe (PID: 2380)
      • avdriversetup_x86.exe (PID: 3276)
      • AVScanningService.exe (PID: 3840)
      • AVWatchService.exe (PID: 4060)
      • FighterSuiteService.exe (PID: 2780)
      • machineid.exe (PID: 2564)
      • FighterSuiteService.exe (PID: 2608)
      • AVScanningService.exe (PID: 1808)
      • AVScanningService.exe (PID: 2896)
      • AVWatchService.exe (PID: 2920)
      • AVWatchService.exe (PID: 3600)
      • FighterLauncher.exe (PID: 4068)
      • FightersTray.exe (PID: 1044)
      • vfproTray.exe (PID: 3288)
      • FighterLauncher.exe (PID: 3380)
      • FighterLauncher.exe (PID: 3004)
      • vfproTray.exe (PID: 2468)

    • Reads the computer name

      • VIRUSfighter_web.exe (PID: 2732)
      • SWVFSetup_x32.exe (PID: 2960)
      • msiexec.exe (PID: 3516)
      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3180)
      • FighterSuiteService.exe (PID: 2380)
      • avdriversetup_x86.exe (PID: 3276)
      • AVScanningService.exe (PID: 3840)
      • FighterSuiteService.exe (PID: 2780)
      • FighterSuiteService.exe (PID: 2608)
      • machineid.exe (PID: 2564)
      • AVWatchService.exe (PID: 4060)
      • AVScanningService.exe (PID: 1808)
      • AVScanningService.exe (PID: 2896)
      • AVWatchService.exe (PID: 2920)
      • AVWatchService.exe (PID: 3600)
      • FighterLauncher.exe (PID: 4068)
      • FightersTray.exe (PID: 1044)
      • FighterLauncher.exe (PID: 3380)
      • FighterLauncher.exe (PID: 3004)
      • vfproTray.exe (PID: 2468)
      • vfproTray.exe (PID: 3288)

    • Create files in a temporary directory

      • VIRUSfighter_web.exe (PID: 2732)
      • SWVFSetup_x32.exe (PID: 2960)
      • msiexec.exe (PID: 2232)
      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3516)
      • rundll32.exe (PID: 2856)

    • Checks proxy server information

      • msiexec.exe (PID: 2232)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 3516)
      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3180)
      • machineid.exe (PID: 2564)
      • FighterSuiteService.exe (PID: 2780)
      • AVWatchService.exe (PID: 3600)
      • AVScanningService.exe (PID: 2896)

    • Application launched itself

      • msiexec.exe (PID: 3516)
      • msedge.exe (PID: 3908)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2232)
      • rundll32.exe (PID: 2856)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 576)
      • msiexec.exe (PID: 3180)

    • Creates files in the program directory

      • FighterSuiteService.exe (PID: 2380)
      • rundll32.exe (PID: 2856)
      • AVScanningService.exe (PID: 3840)
      • FighterSuiteService.exe (PID: 2780)
      • AVWatchService.exe (PID: 4060)
      • AVScanningService.exe (PID: 2896)
      • AVWatchService.exe (PID: 3600)

    • Creates files in the driver directory

      • rundll32.exe (PID: 2856)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 2856)

    • Reads the time zone

      • runonce.exe (PID: 1592)

    • Reads product name

      • FighterSuiteService.exe (PID: 2780)

    • Reads Environment values

      • FighterSuiteService.exe (PID: 2780)
      • AVScanningService.exe (PID: 2896)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3180)

    • Creates files or folders in the user directory

      • FighterLauncher.exe (PID: 4068)
      • FightersTray.exe (PID: 1044)
      • vfproTray.exe (PID: 3288)
      • FighterLauncher.exe (PID: 3380)

    • Manual execution by a user

      • FightersTray.exe (PID: 1044)
      • vfproTray.exe (PID: 3288)
      • msedge.exe (PID: 3908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:01:06 16:06:51+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 283136
InitializedDataSize: 235520
UninitializedDataSize: -
EntryPoint: 0x240d3
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 7.5.177.0
ProductVersionNumber: 7.5.177.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: SPAMfighter ApS
LegalCopyright: Copyright (C) 2011 SPAMfighter ApS
FileVersion: 7.5.177.0
ProductVersion: 7.5.177.0
ProductName: VIRUSfighter
InternalName: VIRUSfighter Setup
OriginalFileName: Setup.exe
FileDescription: VIRUSfighter Installation Package
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
96
Monitored processes
49
Malicious processes
17
Suspicious processes
6

Behavior graph

Click at the process to see the details
drop and start start drop and start virusfighter_web.exe swvfsetup_x32.exe no specs msiexec.exe msiexec.exe msiexec.exe vssvc.exe no specs msiexec.exe no specs fightersuiteservice.exe no specs avdriversetup_x86.exe no specs rundll32.exe no specs runonce.exe no specs grpconv.exe no specs avscanningservice.exe no specs avwatchservice.exe no specs fightersuiteservice.exe no specs fightersuiteservice.exe machineid.exe no specs avscanningservice.exe no specs avscanningservice.exe avwatchservice.exe no specs avwatchservice.exe fighterlauncher.exe no specs fighterstray.exe vfprotray.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs fighterlauncher.exe no specs fighterlauncher.exe no specs vfprotray.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs virusfighter_web.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2616 --field-trial-handle=1220,i,4983424556548969632,12441256761396335992,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
576C:\Windows\system32\MsiExec.exe -Embedding B6ADFCC0C0B2762E4E425EF1CE0303DC CC:\Windows\System32\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1044"C:\Program Files\Fighters\Tray\FightersTray.exe" C:\Program Files\Fighters\Tray\FightersTray.exe
explorer.exe
User:
admin
Company:
SPAMfighter ApS
Integrity Level:
MEDIUM
Description:
FIGHTERtools Update Manager
Exit code:
0
Version:
4.0.282.0
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
1176"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2472 --field-trial-handle=1220,i,4983424556548969632,12441256761396335992,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1592"C:\Windows\system32\runonce.exe" -rC:\Windows\System32\runonce.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Run Once Wrapper
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\runonce.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1808"C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\\AVScanningService.exe" /sC:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exemsiexec.exe
User:
admin
Company:
Security Software Limited
Integrity Level:
HIGH
Description:
Preventon AV Scanning Service
Exit code:
0
Version:
3.2.2
Modules
Images
c:\program files\common files\common toolkit suite\avengine\avscanningservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\common toolkit suite\avengine\qtcore4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
1908"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1220,i,4983424556548969632,12441256761396335992,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1912"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1220,i,4983424556548969632,12441256761396335992,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1928"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1220,i,4983424556548969632,12441256761396335992,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1940"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 --field-trial-handle=1220,i,4983424556548969632,12441256761396335992,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
15 189
Read events
15 035
Write events
140
Delete events
14

Modification events

(PID) Process:(2732) VIRUSfighter_web.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2732) VIRUSfighter_web.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2732) VIRUSfighter_web.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2732) VIRUSfighter_web.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2232) msiexec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2232) msiexec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2232) msiexec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2232) msiexec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2232) msiexec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2232) msiexec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000056010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
118
Suspicious files
1 258
Text files
694
Unknown types
0

Dropped files

PID
Process
Filename
Type
2732VIRUSfighter_web.exeC:\Users\admin\AppData\Local\Temp\VFSW1697867492\SWVFSetup_x32.exeexecutable
MD5:B4BE99340B5461423FF830F871A2C1DA
SHA256:CB7AEFEE1D31B3CFABC8650CCC01AA4C383C9B2761CC2594FB989095A833BCF8
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\_ISMSIDEL.INItext
MD5:2AB39784DC5C543DA3CCFF96FFC3CF6F
SHA256:3CFC957D0361A379817E9DB75DBA2ED48F328412F2D1F6CD3FCC831E9D7C2944
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\0x0408.initext
MD5:4D368F255C256FAA23D59172A4BA5CD3
SHA256:878BA297669CF123EAE71E771C4BCE0658C21DCE6D47D4F36D4294233E2C2C66
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\0x0406.initext
MD5:2934637BF3CCCDC7097C72044DE19F98
SHA256:47BF75B72EA1581B567F4517B9FD4E6F718E39FBB4C751E5213E94B5312942BB
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\0x040b.initext
MD5:37698FFF4F4D3392110353D3FEE3FA62
SHA256:D7C5B75D769218C3BD8E536182C5EAAC634A4BBE713527AEEE71C14ECB7F51D3
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\0x040c.initext
MD5:7BB5953630616D454F4F41329DE4EF12
SHA256:791823EE36F4F47BC0B2952CF07723EE021370D467C78ADFC99417F4868E3ED3
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\Setup.INItext
MD5:F9BDDEC4DF254B791B408A36EA007043
SHA256:10E8FCD93716209AF114D2EAC8991618AEFA3311F17C2A658C004F8C675D0BF5
2232msiexec.exeC:\Windows\Installer\MSIEB29.tmp
MD5:
SHA256:
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\0x0407.initext
MD5:C19F30CAAA751082474E2153F5124693
SHA256:AB9B5B21487355C975C975E6BA88C1EB881E27657D5CAABE9CCB2EF8421D459E
2960SWVFSetup_x32.exeC:\Users\admin\AppData\Local\Temp\{06C86627-2D91-4EDA-9132-602C4B0523DD}\0x0419.initext
MD5:1273A66A910B9C5CA329871D6F3FD6A8
SHA256:4FB33E1600F3323704446843D52623FB18DEAA211CF86A29B0DEE2428B8B4A58
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
610
TCP/UDP connections
69
DNS requests
71
Threats
39

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2780
FighterSuiteService.exe
GET
200
51.124.128.217:80
http://download.dk.spamfighter.com/TipofDay/VFPRO//TipOfDay_DA.xml
unknown
xml
971 b
unknown
2780
FighterSuiteService.exe
GET
200
51.124.128.217:80
http://download.dk.spamfighter.com/toolkit/programsbar/V4/programlist.css
unknown
text
2.55 Kb
unknown
576
msiexec.exe
GET
302
51.144.56.51:80
http://login.spamfighter.com/
unknown
html
147 b
unknown
2780
FighterSuiteService.exe
GET
200
51.124.128.217:80
http://download.dk.spamfighter.com/TipofDay/VFPRO//TipOfDay_DE.xml
unknown
xml
1.25 Kb
unknown
2780
FighterSuiteService.exe
GET
200
51.124.128.217:80
http://download.dk.spamfighter.com/TipofDay/VFPRO//TipOfDay_EL.xml
unknown
xml
1.17 Kb
unknown
2780
FighterSuiteService.exe
GET
200
51.124.128.217:80
http://download.dk.spamfighter.com/toolkit/programsbar/V4/programlist.html
unknown
text
1.26 Kb
unknown
576
msiexec.exe
GET
200
51.144.56.51:80
http://login.spamfighter.com/Loginsystem/EmailValidate/?Email=
unknown
text
129 b
unknown
3516
msiexec.exe
GET
200
13.107.246.64:80
http://redir.download.spamfighter.com/spywarefighter/web/4.5.177/Common.cab
unknown
compressed
2.51 Mb
unknown
576
msiexec.exe
GET
200
51.144.56.51:80
http://login.spamfighter.com/Loginsystem/EmailValidate/?Email=jsdnvbhd@gmail.com
unknown
text
147 b
unknown
2780
FighterSuiteService.exe
POST
200
51.144.56.51:80
http://update.spamfighter.com/Toolkit/Service.asmx
unknown
xml
393 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2232
msiexec.exe
13.107.246.64:80
redir.download.spamfighter.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4
System
192.168.100.255:138
whitelisted
576
msiexec.exe
51.144.56.51:80
login.spamfighter.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4
System
192.168.100.255:137
whitelisted
3516
msiexec.exe
13.107.246.64:80
redir.download.spamfighter.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2780
FighterSuiteService.exe
51.144.56.51:80
login.spamfighter.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
2780
FighterSuiteService.exe
51.124.128.217:80
download.dk.spamfighter.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
2896
AVScanningService.exe
3.64.163.50:80
sfxbvf8n.preventon.net
AMAZON-02
DE
unknown
2896
AVScanningService.exe
20.38.109.132:80
blobsfavdownload.blob.core.windows.net
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1044
FightersTray.exe
51.144.56.51:80
login.spamfighter.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown

DNS requests

Domain
IP
Reputation
redir.download.spamfighter.com
  • 13.107.246.64
  • 13.107.213.64
unknown
login.spamfighter.com
  • 51.144.56.51
unknown
update.spamfighter.com
  • 51.144.56.51
unknown
download.dk.spamfighter.com
  • 51.124.128.217
unknown
sfxbvf8n.preventon.net
  • 3.64.163.50
unknown
blobsfavdownload.blob.core.windows.net
  • 20.38.109.132
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.spamfighter.com
  • 51.144.56.51
unknown

Threats

PID
Process
Class
Message
2232
msiexec.exe
Potential Corporate Privacy Violation
ET POLICY Observed MSI Download
3516
msiexec.exe
Potential Corporate Privacy Violation
ET HUNTING Suspicious Windows Installer UA for non-MSI
3516
msiexec.exe
Potential Corporate Privacy Violation
ET HUNTING Suspicious Windows Installer UA for non-MSI
3516
msiexec.exe
Potential Corporate Privacy Violation
ET HUNTING Suspicious Windows Installer UA for non-MSI
1044
FightersTray.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PUP/SpamFighter CnC Request
1044
FightersTray.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PUP/SpamFighter CnC Request
1044
FightersTray.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PUP/SpamFighter CnC Request
1044
FightersTray.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PUP/SpamFighter CnC Request
1044
FightersTray.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PUP/SpamFighter CnC Request
1044
FightersTray.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PUP/SpamFighter CnC Request
Process
Message
AVWatchService.exe
QObject: Cannot create children for a parent that is in a different thread. (Parent is QCoreApplication(0x22f74c), parent's thread is QThread(0x6be0b8), current thread is QThread(0x6be1a8)
AVWatchService.exe
QObject: Cannot create children for a parent that is in a different thread. (Parent is QCoreApplication(0x22f74c), parent's thread is QThread(0x6be0b8), current thread is QThread(0x6be1a8)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VIRUSfighter_web.exe