File name:

lime3ds-2119-windows-msys2-installer.exe

Full analysis: https://app.any.run/tasks/001fb3ba-87cd-498d-8172-7dcaa540d2f5
Verdict: Malicious activity
Analysis date: November 03, 2024, 15:02:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D08E816587FA342B829A4F3E98916C35

SHA1:

D7FFCD5C053CC09D2C5EA5ADC376505BBFD757F2

SHA256:

55431481E69FAFAB69B7B749F9293226D4D97103E11FA232EC6BDC99AC0830CC

SSDEEP:

196608:cXuT4ZAh7c7wVV/fXFAfZthBGnTCdbnpX8/Y3OegX/WETberigZ3qCWSi3tnY600:c5ZcVHXqLGTAbpXaeGOMQikSFY60wl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Executable content was dropped or overwritten

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • The process creates files with name similar to system file names

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Creates a software uninstall entry

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

  • INFO

    • Checks supported languages

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Creates files in the program directory

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Reads the computer name

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Create files in a temporary directory

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:19+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3665
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start lime3ds-2119-windows-msys2-installer.exe lime3ds-2119-windows-msys2-installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6772"C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exe" C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\lime3ds-2119-windows-msys2-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6848"C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exe" C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\lime3ds-2119-windows-msys2-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
212
Read events
203
Write events
9
Delete events
0

Modification events

(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:DisplayName
Value:
Lime3DS
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:UninstallString
Value:
C:\Program Files\Lime3DS\uninst.exe /AllUsers
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Lime3DS\lime3ds.exe
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:DisplayVersion
Value:
2119
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:URLInfoAbout
Value:
https://lime3ds.github.io/
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:Publisher
Value:
Lime3DS Emulator Developers
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:InstallLocation
Value:
C:\Program Files\Lime3DS
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:EstimatedSize
Value:
140872
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:Comments
Value:
3DS emulator based on Citra
Executable files
52
Suspicious files
3
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
6772lime3ds-2119-windows-msys2-installer.exeC:\Users\admin\AppData\Local\Temp\nszEB07.tmp\UserInfo.dllexecutable
MD5:F8B6DD1F9620BE4EF2AD1E81FB6B79FA
SHA256:A921CC9CC4AF332BE96186D60D2539CB413DFA44CFD73E85687F9338505FF85E
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\avutil-59.dllexecutable
MD5:2B5AA2072A6D7C99A93758994791EA2F
SHA256:F27E23B67A4A9A5219A2D8E9AF9C5978C96CAF62127E793B1336FEBD9EFDE066
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\avformat-61.dllexecutable
MD5:E35945D444789688C407716162C72821
SHA256:E669FE554B0BBD29C3B71C9EA8D0D4BD50F8E0110A936306E4C5922A81F6F52C
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Gui.dllexecutable
MD5:9A6FF4EB05E15D2DDD74D857D8F5158A
SHA256:2E322C9A11AC65BFB7C5445CE415DC778E24DFCA95EE9B777F2E26DE099EA998
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\avcodec-61.dllexecutable
MD5:65F3A94CA7CAB86EA9E8ACDACEA0D1CF
SHA256:A13EBB72823ECC1115BD2B178F7995C5D97D441958C777CFD3F82F7AFF3298E0
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Concurrent.dllexecutable
MD5:B6BF167FD4B40BD23F89B194EEAD8BD2
SHA256:EA206686A25FC6541CC3B614423F845B42105FE7089EF4C60561C88FA741C8CB
6772lime3ds-2119-windows-msys2-installer.exeC:\Users\admin\AppData\Local\Temp\nszEB07.tmp\LangDLL.dllexecutable
MD5:549EE11198143574F4D9953198A09FE8
SHA256:131AA0DF90C08DCE2EECEE46CCE8759E9AFFF04BF15B7B0002C2A53AE5E92C36
6772lime3ds-2119-windows-msys2-installer.exeC:\Users\admin\AppData\Local\Temp\nszEB07.tmp\nsDialogs.dllexecutable
MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\README.mdhtml
MD5:7486D59FE1453EAA12397E10899CB3DB
SHA256:11D6214AB8F9B973D3930D7A8962EFEEA6F39900C708DD5193ED523BCDDA6602
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Multimedia.dllexecutable
MD5:14970A3E39A68232B61D9116126980C1
SHA256:165302856D38F1B668F5B3E30FE4E9284F29FC05DDF38DD684BEE474D2D693E8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
23
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
204
23.212.110.137:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
POST
204
23.212.110.171:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
6944
svchost.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 23.32.185.131
whitelisted
www.bing.com
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.182
  • 2.23.209.177
  • 2.23.209.179
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.140
  • 2.23.209.185
whitelisted
self.events.data.microsoft.com
  • 104.208.16.89
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
lime3ds-2119-windows-msys2-installer.exe