File name:

UC232A_Windows_Setup.exe

Full analysis: https://app.any.run/tasks/4d25c8c3-14ce-4b50-96dc-e8414dccfd49
Verdict: Malicious activity
Analysis date: September 05, 2023, 08:30:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5:

0103558B9FED9181743672113086A582

SHA1:

30BAB41C03642C74321C5F9425DB2CB867529424

SHA256:

6223AE28DBF5F5423C9674ED1497BAF725411092B27E18FDBD97ED2D9CF53B84

SSDEEP:

98304:KyIVlRwV1srFnQyDj6ATe6db3+uD9G8D:kwPs5nFj6g1rD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Win7_x86.exe (PID: 2160)

    • Application was dropped or rewritten from another process

      • Win7_x86.exe (PID: 2160)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • UC232A_Windows_Setup.exe (PID: 2736)
      • Win7_x86.exe (PID: 2160)

    • Reads the Internet Settings

      • UC232A_Windows_Setup.exe (PID: 2736)

  • INFO

    • Checks supported languages

      • UC232A_Windows_Setup.exe (PID: 2736)
      • Win7_x86.exe (PID: 2160)

    • Create files in a temporary directory

      • UC232A_Windows_Setup.exe (PID: 2736)
      • Win7_x86.exe (PID: 2160)

    • Reads the computer name

      • UC232A_Windows_Setup.exe (PID: 2736)
      • Win7_x86.exe (PID: 2160)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

ProductVersion: 1.0.078
ProductName: UC232A
OriginalFileName: UC232A_Windows_Setup
LegalCopyright: Copyright (R) 2010 Aten International Co., Ltd. All rights reserved.
InternalName: Win32
FileVersion: 1.0.078
FileDescription: UC232A_Windows_Setup
CompanyName: Aten International Co., Ltd.
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Unknown
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0017
ProductVersionNumber: 1.0.78.0
FileVersionNumber: 1.0.78.0
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: -
OSVersion: 4
EntryPoint: 0x25cb
UninitializedDataSize: -
InitializedDataSize: 35999744
CodeSize: 40960
LinkerVersion: 8
PEType: PE32
ImageFileCharacteristics: No relocs, Executable, 32-bit
TimeStamp: 2013:04:17 03:42:08+00:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 17-Apr-2013 03:42:08
Detected languages:
  • Chinese - Taiwan
  • English - United States
CompanyName: Aten International Co., Ltd.
FileDescription: UC232A_Windows_Setup
FileVersion: 1.0.078
InternalName: Win32
LegalCopyright: Copyright (R) 2010 Aten International Co., Ltd. All rights reserved.
OriginalFilename: UC232A_Windows_Setup
ProductName: UC232A
ProductVersion: 1.0.078

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E0

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 2
Time date stamp: 17-Apr-2013 03:42:08
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x02261000
0x003BB600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.99995
.rsrc
0x02262000
0x00002000
0x00002000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
6.46173

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.65542
86
Latin 1 / Western European
English - United States
RT_MANIFEST
2
0
2216
Latin 1 / Western European
Chinese - Taiwan
RT_ICON
7
0
52
Latin 1 / Western European
Chinese - Taiwan
RT_STRING
103
0
206
Latin 1 / Western European
Chinese - Taiwan
RT_DIALOG
107
1.81924
20
Latin 1 / Western European
Chinese - Taiwan
RT_GROUP_ICON
108
0
20
Latin 1 / Western European
Chinese - Taiwan
RT_GROUP_ICON
109
0
16
Latin 1 / Western European
Chinese - Taiwan
RT_ACCELERATOR
129
0
4462563
Latin 1 / Western European
Chinese - Taiwan
EXE
130
0
4468872
Latin 1 / Western European
Chinese - Taiwan
EXE
131
0
4460947
Latin 1 / Western European
Chinese - Taiwan
EXE

Imports

kernel32.dll
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start uc232a_windows_setup.exe win7_x86.exe uc232a_windows_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2160"C:\Users\admin\AppData\Local\Temp\Win7_x86.exe" C:\Users\admin\AppData\Local\Temp\Win7_x86.exe
UC232A_Windows_Setup.exe
User:
admin
Company:
Acresso Software Inc.
Integrity Level:
HIGH
Description:
Setup.exe
Exit code:
0
Version:
15.0.498
Modules
Images
c:\users\admin\appdata\local\temp\win7_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
2736"C:\Users\admin\AppData\Local\Temp\UC232A_Windows_Setup.exe" C:\Users\admin\AppData\Local\Temp\UC232A_Windows_Setup.exe
explorer.exe
User:
admin
Company:
Aten International Co., Ltd.
Integrity Level:
HIGH
Description:
UC232A_Windows_Setup
Exit code:
1
Version:
1.0.078
Modules
Images
c:\users\admin\appdata\local\temp\uc232a_windows_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
3352"C:\Users\admin\AppData\Local\Temp\UC232A_Windows_Setup.exe" C:\Users\admin\AppData\Local\Temp\UC232A_Windows_Setup.exeexplorer.exe
User:
admin
Company:
Aten International Co., Ltd.
Integrity Level:
MEDIUM
Description:
UC232A_Windows_Setup
Exit code:
3221226540
Version:
1.0.078
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\uc232a_windows_setup.exe
Total events
731
Read events
723
Write events
8
Delete events
0

Modification events

(PID) Process:(2736) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2736) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2736) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2736) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
5
Suspicious files
4
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\data1.cabcompressed
MD5:6AC0474C6E51FFF8D48A957A196EECAB
SHA256:C00224A6F9E5448975FF4AA65D64EA11C4AF9DC99B5C6B5F91E3D6133BE1ADC3
2736UC232A_Windows_Setup.exeC:\Users\admin\AppData\Local\Temp\Win7_x86.exeexecutable
MD5:0633209C5ED594E3B6856C59512AA5AC
SHA256:81B4C9D1213E70EBCDCCE252C76BBF26B0659BFB3DC87E57A18C95C6C71F0A10
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\setup.exeexecutable
MD5:8D699C26857440661FAD1AED839FFC79
SHA256:350E4CFC8A692FC8382571D64EF00F6F4D4F997B85BB687E67EA222CDB2556AC
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\setup.iniini
MD5:0435BE75957769DD251A4B471B3546A8
SHA256:F34D47198FC25AF951F33307367385201706C15D060709B45E789632B7F01C8C
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\data1.hdrcompressed
MD5:96867A5380DDCAC966A11BDD94D77C71
SHA256:8BF191DC7D189D0809E4EE93C34FD02AB754AB4A693A4A38EF4A79D4201BD344
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\ISSetup.dllexecutable
MD5:C5B13B3C260393E7D64506B7399A2A11
SHA256:508022BC8B0473AA960694FE4FE82BB98485DC9958A2BD2C7F6604BD60387213
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\setup.inxbinary
MD5:7D8BAD39A36E913B319FE51B27C5F439
SHA256:03C83E5A1D0F4A823C288222E3F4E31AE8E0139CADB452388C43B61BF4C41491
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\Disk1\layout.binbinary
MD5:3883FCFE5615A7599AB2FB6D3A61CE63
SHA256:714BBBA6EBDE2B3BD86642D8D3B56E92E2D6873888A173EB3D3A1B981BA7078D
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\setup.iniini
MD5:0435BE75957769DD251A4B471B3546A8
SHA256:F34D47198FC25AF951F33307367385201706C15D060709B45E789632B7F01C8C
2160Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{7F34CD04-61DA-4890-9256-EBED918C3CC7}\_Setup.dllexecutable
MD5:7DE2D19C870587B8FFC5A446E9B6E29A
SHA256:35EEF33D1890A6E34D647F86F24C730B4F741C9D33FCCE01CFB12D2B8E55B5D1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3284
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
UC232A_Windows_Setup.exe
PEC2DbgMsg: 0: LoaderStart
UC232A_Windows_Setup.exe
----- keyreturnvalue : 2 ----
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
UC232A_Windows_Setup.exe