File name:

CoutX-Setup.exe

Full analysis: https://app.any.run/tasks/60a52ae4-2aaa-47d0-973c-3d62057c9fd5
Verdict: Malicious activity
Analysis date: February 16, 2024, 21:11:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

77ECAC00DDE81444199DF34BCAA6BAFB

SHA1:

78E292FBD1AD9D2E8C78B3D75013B4EA1A09D3B8

SHA256:

6273033DDE31D56147096D50F235DA716B49878064B94A338F0B8C9D9BD67546

SSDEEP:

49152:0uqUGIi08Yc1PnKngGDEU3ylDlQN8E2ogqhmTTzgthmQKQ0tBnVrXPL+lGrdu5a6:0ar8l1PnKgKggN8E21TTzg2QsDjkGg57

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CoutX-Setup.exe (PID: 3772)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • CoutX-Setup.exe (PID: 3772)

    • Process drops legitimate windows executable

      • CoutX-Setup.exe (PID: 3772)

    • The process drops C-runtime libraries

      • CoutX-Setup.exe (PID: 3772)

    • Creates a software uninstall entry

      • CoutX-Setup.exe (PID: 3772)

    • The process creates files with name similar to system file names

      • CoutX-Setup.exe (PID: 3772)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • CoutX-Setup.exe (PID: 3772)

  • INFO

    • Checks supported languages

      • CoutX-Setup.exe (PID: 3772)

    • Creates files in the program directory

      • CoutX-Setup.exe (PID: 3772)

    • Reads the computer name

      • CoutX-Setup.exe (PID: 3772)

    • Create files in a temporary directory

      • CoutX-Setup.exe (PID: 3772)

    • Creates files or folders in the user directory

      • CoutX-Setup.exe (PID: 3772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.1.1.0
ProductVersionNumber: 2.1.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Aiden
FileDescription: Application
FileVersion: 2.1.1.0
LegalCopyright: © 2023
ProductName: CoutX
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start coutx-setup.exe coutx-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3668"C:\Users\admin\AppData\Local\Temp\CoutX-Setup.exe" C:\Users\admin\AppData\Local\Temp\CoutX-Setup.exeexplorer.exe
User:
admin
Company:
Aiden
Integrity Level:
MEDIUM
Description:
Application
Exit code:
3221226540
Version:
2.1.1.0
Modules
Images
c:\users\admin\appdata\local\temp\coutx-setup.exe
c:\windows\system32\ntdll.dll
3772"C:\Users\admin\AppData\Local\Temp\CoutX-Setup.exe" C:\Users\admin\AppData\Local\Temp\CoutX-Setup.exe
explorer.exe
User:
admin
Company:
Aiden
Integrity Level:
HIGH
Description:
Application
Exit code:
0
Version:
2.1.1.0
Modules
Images
c:\users\admin\appdata\local\temp\coutx-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
2 393
Read events
2 387
Write events
6
Delete events
0

Modification events

(PID) Process:(3772) CoutX-Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoutX
Operation:writeName:Start Menu Folder
Value:
CoutX
(PID) Process:(3772) CoutX-Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoutX
Operation:writeName:DisplayName
Value:
CoutX
(PID) Process:(3772) CoutX-Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoutX
Operation:writeName:UninstallString
Value:
C:\Program Files\CoutX\uninstall.exe
(PID) Process:(3772) CoutX-Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoutX
Operation:writeName:DisplayIcon
Value:
C:\Program Files\CoutX\CoutX.exe
(PID) Process:(3772) CoutX-Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoutX
Operation:writeName:DisplayVersion
Value:
2.1.1.0
(PID) Process:(3772) CoutX-Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoutX
Operation:writeName:Publisher
Value:
Aiden
Executable files
11
Suspicious files
2
Text files
3
Unknown types
1

Dropped files

PID
Process
Filename
Type
3772CoutX-Setup.exeC:\Program Files\CoutX\CoutX.exeexecutable
MD5:EBAE518666A71F94F9466E010BB5184C
SHA256:EB89FACB54C5C9716D1C20E18B7AD89A084F5295333B5576033E9B7129318C96
3772CoutX-Setup.exeC:\Users\admin\AppData\Local\Temp\nsjF28F.tmp\modern-wizard.bmpimage
MD5:9F10D1423488EAFC323B7B0E5256780F
SHA256:EA7326CB612B1728B6A05FBD891D8AACDC98F25BBFDAA07A3433B07B3AC9E6A2
3772CoutX-Setup.exeC:\Users\admin\AppData\Local\Temp\nsjF28F.tmp\InstallOptions.dllexecutable
MD5:D095B082B7C5BA4665D40D9C5042AF6D
SHA256:B2091205E225FC07DAF1101218C64CE62A4690CACAC9C3D0644D12E93E4C213C
3772CoutX-Setup.exeC:\Program Files\CoutX\MSVCP140.dllexecutable
MD5:CD0C37F1875B704F8EB08E397381AC16
SHA256:D86AC158123A245B927592C80CC020FEA29C8C4ADDC144466C4625A00CA9C77A
3772CoutX-Setup.exeC:\Users\admin\AppData\Local\Temp\nsjF28F.tmp\StartMenu.dllexecutable
MD5:A8C86996C4230C2209F5927F21321377
SHA256:110545415A59402635E1C9439ACBA15B44BAB268ED02AD2A262CE12604A47855
3772CoutX-Setup.exeC:\Users\admin\AppData\Local\Temp\nsjF28F.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
3772CoutX-Setup.exeC:\Program Files\CoutX\tools\MinSudo.exeexecutable
MD5:728996E6F507EE02D606CB9408BAA6C0
SHA256:5809182E27BC4145E890A6DBD998A29A24F3B8E161BF7D35CAC23160101D81E6
3772CoutX-Setup.exeC:\Program Files\CoutX\tools\nvidiaProfileInspector\nvidiaProfileInspector.exeexecutable
MD5:FF5F39370B67A274CB58BA7E2039D2E2
SHA256:1233487EA4DB928EE062F12B00A6EDA01445D001AB55566107234DEA4DC65872
3772CoutX-Setup.exeC:\Program Files\CoutX\VCRUNTIME140_1.dllexecutable
MD5:3B22B2EC303B0721827DD768C87DF6ED
SHA256:3B792DA47040C3B3E0804CDC5153EEF4E802B6975963029D8DC360CB824A7B62
3772CoutX-Setup.exeC:\Program Files\CoutX\tools\CoutX.battext
MD5:9D9DE233B39212EDD52F376BDABC2B9C
SHA256:F783D2390BA2B2755C6B2467630D1D2703920CB4D42D34FB789FAC9789E7BD18
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CoutX-Setup.exe