File name:

15 Second ADB Installer v1.5.6.exe

Full analysis: https://app.any.run/tasks/114dae9d-3fca-48cd-b7f0-466a85b9ffea
Verdict: Malicious activity
Analysis date: November 28, 2023, 10:58:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

A4705082D17A2081A47F47A3D28711C7

SHA1:

037A52083E8634748224D224E6B068970EC7B6A4

SHA256:

6AEDB17D951F24FA20496EC01639AD54AA9B82968102CF5EBF2DB1426500A2E4

SSDEEP:

196608:GOQ7CgNq3j1nlwp8J3BoYzFeGjF/nwqLLkzJ1S1nRp+9H51j3qZLqNjHNpVAZCRm:cCc0j3KsFB5wqUzOf8ZNqxSJAZW2LcU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 15 Second ADB Installer v1.5.6.exe (PID: 1900)

  • SUSPICIOUS

    • Reads the Internet Settings

      • 15 Second ADB Installer v1.5.6.exe (PID: 2496)
      • 15 Second ADB Installer v1.5.6.exe (PID: 3056)

    • Process drops legitimate windows executable

      • 15 Second ADB Installer v1.5.6.exe (PID: 1900)

    • Executing commands from a ".bat" file

      • 15 Second ADB Installer v1.5.6.exe (PID: 3056)

    • Application launched itself

      • 15 Second ADB Installer v1.5.6.exe (PID: 2496)
      • 15 Second ADB Installer v1.5.6.exe (PID: 1900)

    • Starts CMD.EXE for commands execution

      • 15 Second ADB Installer v1.5.6.exe (PID: 3056)

  • INFO

    • Reads the computer name

      • 15 Second ADB Installer v1.5.6.exe (PID: 2496)
      • 15 Second ADB Installer v1.5.6.exe (PID: 3056)
      • wmpnscfg.exe (PID: 3136)

    • Checks supported languages

      • 15 Second ADB Installer v1.5.6.exe (PID: 2496)
      • 15 Second ADB Installer v1.5.6.exe (PID: 1900)
      • wmpnscfg.exe (PID: 3136)
      • 15 Second ADB Installer v1.5.6.exe (PID: 3056)

    • Create files in a temporary directory

      • 15 Second ADB Installer v1.5.6.exe (PID: 1900)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3136)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3136)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:12:31 01:38:38+01:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 57344
InitializedDataSize: 307200
UninitializedDataSize: 389120
EntryPoint: 0x6cad0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.4.3.0
ProductVersionNumber: 1.4.3.0
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Snoop05
FileDescription: 15 seconds ADB Installer
FileVersion: 1.4.3
InternalName: adb-installer
LegalCopyright: -
OriginalFileName: adb-installer-1.4.3.exe
PrivateBuild: December 30, 2012
ProductName: 15 seconds ADB Installer
ProductVersion: 1.4.3
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 15 second adb installer v1.5.6.exe no specs 15 second adb installer v1.5.6.exe 15 second adb installer v1.5.6.exe no specs cmd.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1900"C:\Users\admin\AppData\Local\Temp\15 Second ADB Installer v1.5.6.exe" -sfxelevation C:\Users\admin\AppData\Local\Temp\15 Second ADB Installer v1.5.6.exe
15 Second ADB Installer v1.5.6.exe
User:
admin
Company:
Snoop05
Integrity Level:
HIGH
Description:
15 seconds ADB Installer
Exit code:
0
Version:
1.4.3
Modules
Images
c:\users\admin\appdata\local\temp\15 second adb installer v1.5.6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
2496"C:\Users\admin\AppData\Local\Temp\15 Second ADB Installer v1.5.6.exe" C:\Users\admin\AppData\Local\Temp\15 Second ADB Installer v1.5.6.exeexplorer.exe
User:
admin
Company:
Snoop05
Integrity Level:
MEDIUM
Description:
15 seconds ADB Installer
Exit code:
0
Version:
1.4.3
Modules
Images
c:\users\admin\appdata\local\temp\15 second adb installer v1.5.6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
2820C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\install.bat" "C:\Windows\System32\cmd.exe15 Second ADB Installer v1.5.6.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3056"C:\Users\admin\AppData\Local\Temp\15 Second ADB Installer v1.5.6.exe" -sfxwaitall:0 "install.bat" C:\Users\admin\AppData\Local\Temp\15 Second ADB Installer v1.5.6.exe15 Second ADB Installer v1.5.6.exe
User:
admin
Company:
Snoop05
Integrity Level:
HIGH
Description:
15 seconds ADB Installer
Exit code:
0
Version:
1.4.3
Modules
Images
c:\users\admin\appdata\local\temp\15 second adb installer v1.5.6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
3136"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
1 886
Read events
1 865
Write events
16
Delete events
5

Modification events

(PID) Process:(2496) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2496) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2496) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2496) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3056) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3056) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3056) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3056) 15 Second ADB Installer v1.5.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3136) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{19A995EC-DD24-4100-BA5B-D925A56657A9}\{EBAD9665-5843-44A2-944B-1E14A043EC21}
Operation:delete keyName:(default)
Value:
(PID) Process:(3136) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{D558F9A1-FC60-4DE0-9C0C-5F2928D62120}\{EBAD9665-5843-44A2-944B-1E14A043EC21}
Operation:delete keyName:(default)
Value:
Executable files
21
Suspicious files
3
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\i386\NOTICE.txttext
MD5:EA7F2158B930BAF2C0FE799566489716
SHA256:A19B767B9DDDA7306C78232E4A223D0BA966471B74DCE3C0C995307CAB5BF7B7
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\amd64\NOTICE.txttext
MD5:EA7F2158B930BAF2C0FE799566489716
SHA256:A19B767B9DDDA7306C78232E4A223D0BA966471B74DCE3C0C995307CAB5BF7B7
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\androidwinusba64.catbinary
MD5:B83F9FA084F11007C7E6C668E6FA9E54
SHA256:8F3F15BAEAF50AE7388562BE0303F5AC7EE3CB255448A24E3D33E1F094E0680E
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\amd64\WdfCoInstaller01009.dllexecutable
MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
SHA256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\adb\mke2fs.conftext
MD5:699098CA95F87BA48BB94A3E848549B3
SHA256:AD58A58DCDD24D85055814CA9CAC67DB89D4E67C434E96774BDCE0D0A007D067
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\install.battext
MD5:6F6EDB4834BD4AFE36503A447BFFECCF
SHA256:151A3EA2B30720D1462109CA4563E42EC6A6709C502941AA533476858A6F3657
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\androidwinusb86.catbinary
MD5:76CFE751E17119F352C29F9FCE83D24F
SHA256:15A39B14E5FA4EC4BBE16632DBB19C7E0159649702BF98F9F77B2ABD7EBCC4DE
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\i386\WdfCoInstaller01009.dllexecutable
MD5:A9970042BE512C7981B36E689C5F3F9F
SHA256:7A6BF1F950684381205C717A51AF2D9C81B203CB1F3DB0006A4602E2DF675C77
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\adb\NOTICE.txttext
MD5:44968B93DCB7403A731E89ED14CAA252
SHA256:9652A7629CC5115B890759F7AA15A614F39CE7B4B76A5A299768351F2CBD0998
190015 Second ADB Installer v1.5.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\adb\source.propertiestext
MD5:6926A4FADAD84D753C1731CFF5FF29B1
SHA256:0BBDFC51086C50BDCCF263E5D103FF3ACD6560B04DCB6D03CBFFBA10059A06C1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
868
svchost.exe
95.101.148.135:80
armmf.adobe.com
Akamai International B.V.
NL
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
armmf.adobe.com
  • 95.101.148.135
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
15 Second ADB Installer v1.5.6.exe