File name:

clink.1.6.10.d5dce0_setup.exe

Full analysis: https://app.any.run/tasks/dc392306-494a-4c89-8d93-bdbcd358a9d5
Verdict: Malicious activity
Analysis date: March 25, 2024, 12:03:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F4199DC93F60A142C7D6A59DBE9A2C6C

SHA1:

20E9128BB77C8F8F23845BC49A9A31D48FE6348F

SHA256:

5347A59A53C4C1310E6C71D72A7A3CBBF1004F2AE9B82DE90A29EDA0AC36AD58

SSDEEP:

98304:4eFx34V4f5PQjcovUWCXXYhSDjHHDyP1Cr7t+0jFPcwhGFayIsAdo9V/UMXWT+Ng:RFNana

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Reads security settings of Internet Explorer

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Reads the Internet Settings

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Creates a software uninstall entry

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Executable content was dropped or overwritten

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • The process creates files with name similar to system file names

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

  • INFO

    • Reads the computer name

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Checks supported languages

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)
      • clink_x86.exe (PID: 1928)
      • clink_x86.exe (PID: 3684)

    • Creates files in the program directory

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Create files in a temporary directory

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 02:44:18+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x35d8
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start clink.1.6.10.d5dce0_setup.exe clink_x86.exe no specs clink_x86.exe no specs clink.1.6.10.d5dce0_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1836"C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exe" C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\clink.1.6.10.d5dce0_setup.exe
c:\windows\system32\ntdll.dll
1928"C:\Program Files\clink\clink_x86.exe" autorun --allusers uninstallC:\Program Files\clink\clink_x86.execlink.1.6.10.d5dce0_setup.exe
User:
admin
Company:
Martin Ridgers, Christopher Antos
Integrity Level:
HIGH
Description:
Clink
Exit code:
0
Version:
1.6.10.d5dce0
Modules
Images
c:\program files\clink\clink_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\clink\clink_dll_x86.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2756"C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exe" C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\clink.1.6.10.d5dce0_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3684"C:\Program Files\clink\clink_x86.exe" autorun install -- --profile "~\clink"C:\Program Files\clink\clink_x86.execlink.1.6.10.d5dce0_setup.exe
User:
admin
Company:
Martin Ridgers, Christopher Antos
Integrity Level:
HIGH
Description:
Clink
Exit code:
0
Version:
1.6.10.d5dce0
Modules
Images
c:\program files\clink\clink_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\clink\clink_dll_x86.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
2 704
Read events
2 679
Write events
25
Delete events
0

Modification events

(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:DisplayName
Value:
Clink v1.6.10
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:UninstallString
Value:
C:\Program Files\clink\clink_uninstall_1.6.10.d5dce0.exe
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:Publisher
Value:
Christopher Antos
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:DisplayIcon
Value:
C:\Windows\system32\cmd.exe,0
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:URLInfoAbout
Value:
http://chrisant996.github.io/clink
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:HelpLink
Value:
http://chrisant996.github.io/clink
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:InstallLocation
Value:
C:\Program Files\clink
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:DisplayVersion
Value:
1.6.10
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:EstimatedSize
Value:
7121
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
Operation:writeName:CLINK_DIR
Value:
C:\Program Files\clink
Executable files
6
Suspicious files
3
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink_dll_x86.dllexecutable
MD5:7A50ADF03A0598C96C345B10DD455881
SHA256:33ED1E5891FDC071AEE25DE3ADE67E6763E88697792A0AAA82E62790AEE86737
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink_dll_x64.dllexecutable
MD5:7D4D8782004341C49564A6E7A9FC4DCC
SHA256:A89A76296F5E08BAC0AB114C5412AF8AECA4DAA076B5E6DA9DD3D394D6534E18
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\default_settingstext
MD5:99F761B42B3518CBE0066E83F3394946
SHA256:6A7352FB89884A78BDB78F5327436C2DABD9438D39CC9E61C9ADB6340A497A45
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\default_inputrctext
MD5:69F6152A31C1FCC2725B0F674EEDDFF6
SHA256:3A6A067A73B90F82FA0CC268292DB1FC8DCB42F7375E0B01C91D24B9F6B75B77
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink_uninstall_1.6.10.d5dce0.exeexecutable
MD5:269E133128425608913729FD061707A0
SHA256:F6DD0C7D6A1F5897A41FE6D2DE2BBBBCFA8607068AE49C9B2AA72492EE791139
2756clink.1.6.10.d5dce0_setup.exeC:\Users\admin\AppData\Local\Temp\nsz3ECA.tmp
MD5:
SHA256:
2756clink.1.6.10.d5dce0_setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clink\Clink Documentation.lnkbinary
MD5:76FEA9523411E16CC4D5A6695DB7DAE4
SHA256:84C0D06C9CB17F1F2123989199B3B7AE020009B956A51C2DF697D6FFFBB82711
2756clink.1.6.10.d5dce0_setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clink\Clink.lnkbinary
MD5:6E4349C6530413370D0D0AB8FEC394D1
SHA256:5AAE6C90FCD34621586CE8CCDABDD36BB3361B8396C44D28F15498B54DEA25E1
2756clink.1.6.10.d5dce0_setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clink\Uninstall Clink.lnkbinary
MD5:ABA49AC312D592AFBFF8528DB73D30E4
SHA256:88CA56EEB6213521AC73CE9254B9FE9A145AAF3C7A451736E9FDC91BB0D1F103
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink_red.icoimage
MD5:E53B97EEE5A8E9D5589B778ED2E42676
SHA256:5A709C7B800E42577DBF0004C21E3D5C1A895C86B0FD9D81688D80A11BB5F1E8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
clink.1.6.10.d5dce0_setup.exe