File name:

OLEACC.dll

Full analysis: https://app.any.run/tasks/77859719-612e-4aef-b58b-b660853216eb
Verdict: Malicious activity
Analysis date: April 24, 2025, 07:45:12
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections
MD5:

6127706E3971F61C4125CE2630781975

SHA1:

7DEEA453736BFBA95274759C164D4F773B6E3D82

SHA256:

5CFDA27455D0B6BCE9CF295BD56357DB4595EDD50AA4296CD5838335557EAE6C

SSDEEP:

24576:PkODICWaR7YkSKOh7JT6vpix/bVeu4KiCZ+icwXGTbElmmGSdiSdsu7Js:PkODICWaR7YkSzh7JT6hix/bVeu4KiCc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • cmd.exe (PID: 7976)
      • cmd.exe (PID: 8124)

    • Executable content was dropped or overwritten

      • cmd.exe (PID: 7976)
      • cmd.exe (PID: 8124)

    • The process creates files with name similar to system file names

      • cmd.exe (PID: 7976)

    • Lists all scheduled tasks

      • schtasks.exe (PID: 7316)
      • schtasks.exe (PID: 4424)
      • schtasks.exe (PID: 920)
      • schtasks.exe (PID: 1196)
      • schtasks.exe (PID: 1532)
      • schtasks.exe (PID: 7644)
      • schtasks.exe (PID: 7736)
      • schtasks.exe (PID: 904)
      • schtasks.exe (PID: 6652)
      • schtasks.exe (PID: 5972)
      • schtasks.exe (PID: 7932)
      • schtasks.exe (PID: 1056)
      • schtasks.exe (PID: 5260)

  • INFO

    • Manual execution by a user

      • CameraSettingsUIHost.exe (PID: 7960)
      • cmd.exe (PID: 7976)
      • cmd.exe (PID: 8124)
      • eudcedit.exe (PID: 8092)
      • schtasks.exe (PID: 6988)
      • sppsvc.exe (PID: 8108)
      • schtasks.exe (PID: 920)
      • schtasks.exe (PID: 7316)
      • schtasks.exe (PID: 4424)
      • schtasks.exe (PID: 1532)
      • schtasks.exe (PID: 1196)
      • schtasks.exe (PID: 7736)
      • schtasks.exe (PID: 7644)
      • schtasks.exe (PID: 904)
      • schtasks.exe (PID: 6652)
      • schtasks.exe (PID: 7932)
      • schtasks.exe (PID: 5972)
      • schtasks.exe (PID: 1056)
      • schtasks.exe (PID: 5260)

    • The sample compiled with english language support

      • cmd.exe (PID: 7976)
      • regsvr32.exe (PID: 7396)
      • cmd.exe (PID: 8124)

    • Reads the software policy settings

      • slui.exe (PID: 7532)
      • slui.exe (PID: 3020)

    • Checks proxy server information

      • slui.exe (PID: 3020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2019:06:17 09:59:09+00:00
ImageFileCharacteristics: Executable, Large address aware, DLL
PEType: PE32+
LinkerVersion: 6
CodeSize: 24576
InitializedDataSize: 647168
UninitializedDataSize: -
EntryPoint: 0x6640
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows command line
FileVersionNumber: 0.3.1536.1
ProductVersionNumber: 1.10.2.13
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Driver
FileSubtype: 1
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: CANON INC.
FileDescription: Canon Inkjet Printer Driver
FileVersion: 1.10.2.13 (fbl_dox_dev_ihvs.090312-0939)
InternalName: CNBxxx.DLL
LegalCopyright: Copyright CANON INC. 2008 All Rights Reserved
OriginalFileName: CNBxxx.DLL
ProductName: Canon Inkjet Printer Driver
ProductVersion: 1.10.2.13
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
39
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start regsvr32.exe no specs sppextcomobj.exe no specs slui.exe camerasettingsuihost.exe no specs cmd.exe conhost.exe no specs eudcedit.exe no specs sppsvc.exe no specs cmd.exe conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs slui.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
904schtasks.exe /Query /TN "Zqdycvlapvhd"C:\Windows\System32\schtasks.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
920schtasks.exe /Query /TN "Zqdycvlapvhd"C:\Windows\System32\schtasks.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1052\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1056schtasks.exe /Query /TN "Zqdycvlapvhd"C:\Windows\System32\schtasks.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1196schtasks.exe /Query /TN "Zqdycvlapvhd"C:\Windows\System32\schtasks.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1532schtasks.exe /Query /TN "Zqdycvlapvhd"C:\Windows\System32\schtasks.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1912\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3020C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4424schtasks.exe /Query /TN "Zqdycvlapvhd"C:\Windows\System32\schtasks.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4488\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
7 291
Read events
7 291
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
8124cmd.exeC:\Users\admin\AppData\Roaming\EpKV\sppsvc.exeexecutable
MD5:3C7855999D87B0FFCCE5F7ECAAACE687
SHA256:F3F9767E30DCD43EBFC57C05FE002204D4A2B80DCDA7BF5BF99E65D56260C3E9
7976cmd.exeC:\Users\admin\AppData\Roaming\9VUudS\CameraSettingsUIHost.exeexecutable
MD5:900C4611DAA2E1A0690659A0FB12F7A8
SHA256:7C231A74BBD924BDE1F7F9B0CFF93A90DE17D2522AA5CA69AC125226C8EF0B71
7976cmd.exeC:\Users\admin\AppData\Roaming\9VUudS\DUI70.dllexecutable
MD5:ECF0AE4D46302ED06D8046E1E65ACD5D
SHA256:57B721EDCB9730E0D729735922F80CE2E49360A47005AF693127298BB898C602
8124cmd.exeC:\Users\admin\AppData\Roaming\EpKV\XmlLite.dllexecutable
MD5:506DFB445C513D1B29E431CFBEAC460A
SHA256:262EF415E3B672ACAA5855915A87D07837FA8BD0BA7FD6A9305259E95CA0296D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
27
DNS requests
12
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7532
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3020
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6080
SIHClient.exe
172.202.163.200:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 20.42.65.84
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
  • 2603:1030:800:5::bfee:a08d
whitelisted
206.23.85.13.in-addr.arpa
unknown
d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OLEACC.dll