File name: | sample.exe |
Full analysis: | https://app.any.run/tasks/fd4de94a-758f-4b1e-9413-479a5351e82f |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 16:01:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 0B45F2BFE96D10FE21FE16CDA4E9C5EB |
SHA1: | C2751E72BD5A8593F4EB4EBD000ACE791DB0A9C7 |
SHA256: | 68ED565438E206E805F81980374E6439E6F4F60F63A3FCB6F0840C8A8DE189DA |
SSDEEP: | 49152:KCd6LaUWF/9jKxuB6kXlLp4by6GkixB/dShTKlH8m2gkc8ApOhgbEOWI:KCMmFVjKITXxp4by6Pi7Y4SvgEjkr |
.exe | | | InstallShield setup (49.2) |
---|---|---|
.exe | | | Win32 Executable Delphi generic (16.2) |
.scr | | | Windows screen saver (14.9) |
.dll | | | Win32 Dynamic Link Library (generic) (7.5) |
.exe | | | Win32 Executable (generic) (5.1) |
ProductVersion: | 11.0.0.1 |
---|---|
ProductName: | SuperOrca |
OriginalFileName: | SuperOrca.exe |
LegalCopyright: | Copyright © 2002-2008 Pantaray Research Ltd. |
InternalName: | SuperOrca |
FileVersion: | 11.0.0.1 |
FileDescription: | SuperOrca - Setup File |
CompanyName: | Pantaray Research Ltd. |
CharacterSet: | Windows, Latin1 |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | Pre-release |
FileFlagsMask: | 0x0002 |
ProductVersionNumber: | 11.0.0.1 |
FileVersionNumber: | 11.0.0.1 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x28a6c |
UninitializedDataSize: | - |
InitializedDataSize: | 31232 |
CodeSize: | 162816 |
LinkerVersion: | 2.25 |
PEType: | PE32 |
TimeStamp: | 1992:06:20 00:22:17+02:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3128 | "C:\Users\admin\AppData\Local\Temp\sample.exe" | C:\Users\admin\AppData\Local\Temp\sample.exe | — | explorer.exe |
User: admin Company: Pantaray Research Ltd. Integrity Level: MEDIUM Description: SuperOrca - Setup File Exit code: 3221226540 Version: 11.0.0.1 | ||||
3480 | "C:\Users\admin\AppData\Local\Temp\sample.exe" | C:\Users\admin\AppData\Local\Temp\sample.exe | explorer.exe | |
User: admin Company: Pantaray Research Ltd. Integrity Level: HIGH Description: SuperOrca - Setup File Exit code: 0 Version: 11.0.0.1 | ||||
2636 | C:\Users\admin\AppData\Local\Temp\SETUP_34866\Engine.exe /TH_ID=_3496 /OriginExe="C:\Users\admin\AppData\Local\Temp\sample.exe" | C:\Users\admin\AppData\Local\Temp\SETUP_34866\Engine.exe | sample.exe | |
User: admin Company: Pantaray Research Ltd. Integrity Level: HIGH Description: Setup/Uninstall Engine Exit code: 0 Version: 11.0.0.1 | ||||
2888 | C:\Windows\system32\cacls.exe "C:\Program Files\Pantaray\SuperOrcaSetup_21233.exe" /E /C /G Everyone:F | C:\Windows\system32\cacls.exe | — | Engine.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Control ACLs Program Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3984 | C:\Windows\regedit.exe /S "C:\Users\admin\AppData\Local\Temp\SETUP_34866\evalcom2.reg" | C:\Windows\regedit.exe | — | Engine.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Registry Editor Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3784 | C:\Windows\system32\cacls.exe "C:\Program Files\Pantaray" /T /E /C /G Everyone:F | C:\Windows\system32\cacls.exe | — | Engine.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Control ACLs Program Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2444 | C:\Windows\system32\cacls.exe "C:\Program Files\Common Files" /T /E /C /G Everyone:F | C:\Windows\system32\cacls.exe | — | Engine.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Control ACLs Program Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2832 | "C:\Program Files\Pantaray\SuperOrca\SuperOrca.exe" | C:\Program Files\Pantaray\SuperOrca\SuperOrca.exe | — | Engine.exe |
User: admin Company: Pantaray Research Ltd. Integrity Level: HIGH Description: SuperOrca Version: 11.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\SuperOrcaSetup.qsp | text | |
MD5:378D0B99027A4E9CFE6D76263D3F2232 | SHA256:97A1D9318607FCD13BC4BAE0EB912C565951EF73E4D1318E54C4E397F91D4EE0 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\Setup.txt | text | |
MD5:C63EA5E629A0E5B409E03822D7F16286 | SHA256:02E486C8152C187C529807D9DAC34F4B44885C9EED0194308B095951E8AB2FD1 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\folder_blue_small.bmp | image | |
MD5:A14A183CE820E0ED7FE33A91A5E4B7DF | SHA256:38DC136C999991E17E9F1B8E151AF1A0B04E660371CE879DC20582BECCB35AD4 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\LICENSE.RTF | text | |
MD5:7F07E198D42A545555871B44EF101048 | SHA256:C6D33EC7D400F6ECC6E63C9EF44301809C014061CC42976E1E53E1839594FC5A | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\00003#SuperOrca_Manual.pdf | ||
MD5:9502F533F49ADBF0A989F9027509F88D | SHA256:5E3FC5AFE15B102D29DF9425DF6C91C790F3D4C7C0B601A3D9BBB3AF676DB029 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\folder_blue_large.bmp | image | |
MD5:1C1C9CEEBF00CB863DA9787DA07404EC | SHA256:4F4B8717B45D7314100A7C3BCE5D4C6F98E56140F6BF696BEF1DE430F052B5A7 | |||
2636 | Engine.exe | C:\Program Files\Pantaray\SuperOrcaSetup_21233.txt | text | |
MD5:EEA89B82985AC908B8389575A44A456A | SHA256:C4381F59511297AF6E1E2B0626505CB186BC8CDEBA6616CD6A4BC22EC0662CA5 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\00000#evalcom2.dll | executable | |
MD5:A599901D5148CD4D310C6A825F832616 | SHA256:3B4FE00F15C39CE4C80B2A1B29C04A28D8722BADC32ABAB4EC1C0A7D0E32D986 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\Engine.exe | executable | |
MD5:254A70C60E89C7C71F624016D49110E6 | SHA256:FF546DBCF581B01F628B186598A62579A98D77DAFA1726B1E21A5374B53C70A4 | |||
3480 | sample.exe | C:\Users\admin\AppData\Local\Temp\SETUP_34866\evalcom2.reg | text | |
MD5:3AD7BF84AFF9AB8AED0B7E790E758F32 | SHA256:95D58DE1D93151258A3E2E33CAF10B3A79E5CE02C931495FFE69A82B0B1B20EA |