File name:

lime3ds-2119-windows-msys2-installer.exe

Full analysis: https://app.any.run/tasks/001fb3ba-87cd-498d-8172-7dcaa540d2f5
Verdict: Malicious activity
Analysis date: November 03, 2024, 15:02:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D08E816587FA342B829A4F3E98916C35

SHA1:

D7FFCD5C053CC09D2C5EA5ADC376505BBFD757F2

SHA256:

55431481E69FAFAB69B7B749F9293226D4D97103E11FA232EC6BDC99AC0830CC

SSDEEP:

196608:cXuT4ZAh7c7wVV/fXFAfZthBGnTCdbnpX8/Y3OegX/WETberigZ3qCWSi3tnY600:c5ZcVHXqLGTAbpXaeGOMQikSFY60wl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Creates a software uninstall entry

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • The process creates files with name similar to system file names

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

  • INFO

    • Create files in a temporary directory

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Creates files in the program directory

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Reads the computer name

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)

    • Checks supported languages

      • lime3ds-2119-windows-msys2-installer.exe (PID: 6772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:19+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3665
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start lime3ds-2119-windows-msys2-installer.exe lime3ds-2119-windows-msys2-installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6772"C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exe" C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\lime3ds-2119-windows-msys2-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6848"C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exe" C:\Users\admin\Desktop\lime3ds-2119-windows-msys2-installer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\lime3ds-2119-windows-msys2-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
212
Read events
203
Write events
9
Delete events
0

Modification events

(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:DisplayName
Value:
Lime3DS
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:UninstallString
Value:
C:\Program Files\Lime3DS\uninst.exe /AllUsers
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Lime3DS\lime3ds.exe
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:DisplayVersion
Value:
2119
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:URLInfoAbout
Value:
https://lime3ds.github.io/
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:Publisher
Value:
Lime3DS Emulator Developers
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:InstallLocation
Value:
C:\Program Files\Lime3DS
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:EstimatedSize
Value:
140872
(PID) Process:(6772) lime3ds-2119-windows-msys2-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lime3DS
Operation:writeName:Comments
Value:
3DS emulator based on Citra
Executable files
52
Suspicious files
3
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Core.dllexecutable
MD5:D307AF81D2CE159201735A0988D03A11
SHA256:0D054D947A77802133AE1EF60DB4F7D81391E2B507AB129A7003B5543DFF4CCC
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Concurrent.dllexecutable
MD5:B6BF167FD4B40BD23F89B194EEAD8BD2
SHA256:EA206686A25FC6541CC3B614423F845B42105FE7089EF4C60561C88FA741C8CB
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\README.mdhtml
MD5:7486D59FE1453EAA12397E10899CB3DB
SHA256:11D6214AB8F9B973D3930D7A8962EFEEA6F39900C708DD5193ED523BCDDA6602
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Widgets.dllexecutable
MD5:12A742EB3E9A8B3BD337462AE0ED0495
SHA256:2CC505FF16D6C3ED7F7C93E6120AED77747EFA7A65C492F8CE7DA22820EE517C
6772lime3ds-2119-windows-msys2-installer.exeC:\Users\admin\AppData\Local\Temp\nszEB07.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Multimedia.dllexecutable
MD5:14970A3E39A68232B61D9116126980C1
SHA256:165302856D38F1B668F5B3E30FE4E9284F29FC05DDF38DD684BEE474D2D693E8
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Gui.dllexecutable
MD5:9A6FF4EB05E15D2DDD74D857D8F5158A
SHA256:2E322C9A11AC65BFB7C5445CE415DC778E24DFCA95EE9B777F2E26DE099EA998
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\Qt6Network.dllexecutable
MD5:DBFCC8B0EE1FFC74D2C717E67D12795F
SHA256:3B0D49A3AE856F0AFDDEBDFABE1369099659F4BF08A3B7676E89EDE7B2BB8FA7
6772lime3ds-2119-windows-msys2-installer.exeC:\Program Files\Lime3DS\avformat-61.dllexecutable
MD5:E35945D444789688C407716162C72821
SHA256:E669FE554B0BBD29C3B71C9EA8D0D4BD50F8E0110A936306E4C5922A81F6F52C
6772lime3ds-2119-windows-msys2-installer.exeC:\Users\admin\AppData\Local\Temp\nszEB07.tmp\nsDialogs.dllexecutable
MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
23
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
204
23.212.110.171:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
POST
204
23.212.110.137:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
6944
svchost.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 23.32.185.131
whitelisted
www.bing.com
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.182
  • 2.23.209.177
  • 2.23.209.179
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.140
  • 2.23.209.185
whitelisted
self.events.data.microsoft.com
  • 104.208.16.89
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lime3ds-2119-windows-msys2-installer.exe