File name:

iFRPFILE AIO v2.8.6.exe

Full analysis: https://app.any.run/tasks/f1555062-990f-4c08-9d0e-5e20d56f7ad2
Verdict: Malicious activity
Analysis date: November 11, 2023, 23:35:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

549C4D3E3B61E4FF254CBD91DBD68AC6

SHA1:

0EBB5D38ACF3644FF61652B0CE66454C162D1CE5

SHA256:

667F8C9BFB3FBBE9E22527CC4F4377397B75E0756876AF5824C2518E1A343805

SSDEEP:

98304:tH/nceJrEELjv3hOrIv8BS7zwb6BybZUEHvblMmjpOlFI5nZNcZoGqh7qecGAFtg:jwKHjIXEeFJuqlDy52u0z6e0c

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

  • SUSPICIOUS

    • Reads the BIOS version

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

    • Reads settings of System Certificates

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

    • Reads security settings of Internet Explorer

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

    • Checks Windows Trust Settings

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

    • Reads the Internet Settings

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

    • Reads Internet Explorer settings

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

  • INFO

    • Checks supported languages

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)
      • wmpnscfg.exe (PID: 2932)

    • Create files in a temporary directory

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)

    • Reads the computer name

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)
      • wmpnscfg.exe (PID: 2932)

    • Reads the machine GUID from the registry

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)
      • wmpnscfg.exe (PID: 2932)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2932)

    • Reads Environment values

      • iFRPFILE AIO v2.8.6.exe (PID: 3428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2092:07:03 00:28:13+02:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 10967552
InitializedDataSize: 10986496
UninitializedDataSize: -
EntryPoint: 0xa7785a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: FRPFILE AIO
FileVersion: 1.0.0.0
InternalName: iFRPFILE AIO v2.8.6.exe
LegalCopyright: Copyright © 2021
LegalTrademarks: -
OriginalFileName: iFRPFILE AIO v2.8.6.exe
ProductName: FRPFILE AIO
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ifrpfile aio v2.8.6.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2932"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
3428"C:\Users\admin\AppData\Local\Temp\iFRPFILE AIO v2.8.6.exe" C:\Users\admin\AppData\Local\Temp\iFRPFILE AIO v2.8.6.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
FRPFILE AIO
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\ifrpfile aio v2.8.6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
3 358
Read events
3 343
Write events
12
Delete events
3

Modification events

(PID) Process:(3428) iFRPFILE AIO v2.8.6.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2932) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{ECCCB60E-7FCA-4332-AB4E-8DD31D240FC5}\{94477C9F-681D-4556-9960-B90B00E6E9C7}
Operation:delete keyName:(default)
Value:
(PID) Process:(2932) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{ECCCB60E-7FCA-4332-AB4E-8DD31D240FC5}
Operation:delete keyName:(default)
Value:
(PID) Process:(2932) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{3613793F-F499-475C-8CCA-E02E6560410D}
Operation:delete keyName:(default)
Value:
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3428iFRPFILE AIO v2.8.6.exeC:\Users\admin\AppData\Local\Temp\a86bb849-070d-44b1-a95a-a705e8153629\AgileDotNetRT.dllexecutable
MD5:1E275530F75EC0222AD0A49117819936
SHA256:D8519A2A1F40BAEB1EE2E6EB1ACA27745E5DCAB7C046D65B27246E24AF57D2BB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
6
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3428
iFRPFILE AIO v2.8.6.exe
GET
200
167.179.69.45:80
http://frpfile.online/server-free/deviceActivation/find-Serial.php?SN=
unknown
text
7 b
unknown
3428
iFRPFILE AIO v2.8.6.exe
GET
200
167.179.69.45:80
http://frpfile.online/server-free/deviceActivation/version.php
unknown
text
5 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3428
iFRPFILE AIO v2.8.6.exe
167.179.69.45:80
frpfile.online
AS-CHOOPA
JP
unknown

DNS requests

Domain
IP
Reputation
www.google.com
  • 142.250.186.36
whitelisted
frpfile.online
  • 167.179.69.45
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iFRPFILE AIO v2.8.6.exe