File name:

clink.1.6.10.d5dce0_setup.exe

Full analysis: https://app.any.run/tasks/dc392306-494a-4c89-8d93-bdbcd358a9d5
Verdict: Malicious activity
Analysis date: March 25, 2024, 12:03:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F4199DC93F60A142C7D6A59DBE9A2C6C

SHA1:

20E9128BB77C8F8F23845BC49A9A31D48FE6348F

SHA256:

5347A59A53C4C1310E6C71D72A7A3CBBF1004F2AE9B82DE90A29EDA0AC36AD58

SSDEEP:

98304:4eFx34V4f5PQjcovUWCXXYhSDjHHDyP1Cr7t+0jFPcwhGFayIsAdo9V/UMXWT+Ng:RFNana

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • The process creates files with name similar to system file names

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Executable content was dropped or overwritten

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Reads the Internet Settings

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Creates a software uninstall entry

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Reads security settings of Internet Explorer

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

  • INFO

    • Reads the computer name

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Checks supported languages

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)
      • clink_x86.exe (PID: 3684)
      • clink_x86.exe (PID: 1928)

    • Creates files in the program directory

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)

    • Create files in a temporary directory

      • clink.1.6.10.d5dce0_setup.exe (PID: 2756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 02:44:18+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x35d8
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start clink.1.6.10.d5dce0_setup.exe clink_x86.exe no specs clink_x86.exe no specs clink.1.6.10.d5dce0_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1836"C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exe" C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\clink.1.6.10.d5dce0_setup.exe
c:\windows\system32\ntdll.dll
1928"C:\Program Files\clink\clink_x86.exe" autorun --allusers uninstallC:\Program Files\clink\clink_x86.execlink.1.6.10.d5dce0_setup.exe
User:
admin
Company:
Martin Ridgers, Christopher Antos
Integrity Level:
HIGH
Description:
Clink
Exit code:
0
Version:
1.6.10.d5dce0
Modules
Images
c:\program files\clink\clink_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\clink\clink_dll_x86.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2756"C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exe" C:\Users\admin\AppData\Local\Temp\clink.1.6.10.d5dce0_setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\clink.1.6.10.d5dce0_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3684"C:\Program Files\clink\clink_x86.exe" autorun install -- --profile "~\clink"C:\Program Files\clink\clink_x86.execlink.1.6.10.d5dce0_setup.exe
User:
admin
Company:
Martin Ridgers, Christopher Antos
Integrity Level:
HIGH
Description:
Clink
Exit code:
0
Version:
1.6.10.d5dce0
Modules
Images
c:\program files\clink\clink_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\clink\clink_dll_x86.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
2 704
Read events
2 679
Write events
25
Delete events
0

Modification events

(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:DisplayName
Value:
Clink v1.6.10
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:UninstallString
Value:
C:\Program Files\clink\clink_uninstall_1.6.10.d5dce0.exe
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:Publisher
Value:
Christopher Antos
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:DisplayIcon
Value:
C:\Windows\system32\cmd.exe,0
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:URLInfoAbout
Value:
http://chrisant996.github.io/clink
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:HelpLink
Value:
http://chrisant996.github.io/clink
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:InstallLocation
Value:
C:\Program Files\clink
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:DisplayVersion
Value:
1.6.10
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clink_chrisant996
Operation:writeName:EstimatedSize
Value:
7121
(PID) Process:(2756) clink.1.6.10.d5dce0_setup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
Operation:writeName:CLINK_DIR
Value:
C:\Program Files\clink
Executable files
6
Suspicious files
3
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink_x86.exeexecutable
MD5:9FF7EFB6E7E3E5BB21ED64C1D0A080E5
SHA256:2221AE3E9040DFADC42C71178B35939F4BFB89B61005DC5F0FC78097FA9939F7
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\default_settingstext
MD5:99F761B42B3518CBE0066E83F3394946
SHA256:6A7352FB89884A78BDB78F5327436C2DABD9438D39CC9E61C9ADB6340A497A45
2756clink.1.6.10.d5dce0_setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clink\Clink.lnkbinary
MD5:6E4349C6530413370D0D0AB8FEC394D1
SHA256:5AAE6C90FCD34621586CE8CCDABDD36BB3361B8396C44D28F15498B54DEA25E1
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\default_inputrctext
MD5:69F6152A31C1FCC2725B0F674EEDDFF6
SHA256:3A6A067A73B90F82FA0CC268292DB1FC8DCB42F7375E0B01C91D24B9F6B75B77
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink.icoimage
MD5:4224AAD900086608D923F50EF78F6F34
SHA256:D30A814738D1BC32C0C6F97B590F58B587A4FB486A3E9940904DDB14AEE91F5D
2756clink.1.6.10.d5dce0_setup.exeC:\Users\admin\AppData\Local\Temp\nsz3ECA.tmp
MD5:
SHA256:
2756clink.1.6.10.d5dce0_setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clink\Clink Documentation.lnkbinary
MD5:76FEA9523411E16CC4D5A6695DB7DAE4
SHA256:84C0D06C9CB17F1F2123989199B3B7AE020009B956A51C2DF697D6FFFBB82711
2756clink.1.6.10.d5dce0_setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clink\Uninstall Clink.lnkbinary
MD5:ABA49AC312D592AFBFF8528DB73D30E4
SHA256:88CA56EEB6213521AC73CE9254B9FE9A145AAF3C7A451736E9FDC91BB0D1F103
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\LICENSEtext
MD5:664AA96239B59B044722945D56F70200
SHA256:5F631FAE467C82B8CD28FD1EC425C816895A35F9D94E36BEE0E0164570E8E0F6
2756clink.1.6.10.d5dce0_setup.exeC:\Program Files\clink\clink.battext
MD5:E1E9977AEC29053C9334B6CE9B4DBEFC
SHA256:2F2D07152CCA3CF716BDB0C81A379F1111F97D45202043B8E4B9919F51F087D0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
clink.1.6.10.d5dce0_setup.exe