File name:

DeskPins-1.32-setup.exe

Full analysis: https://app.any.run/tasks/64efa9fc-53f4-44f3-9fb7-64cbde7fdda5
Verdict: Malicious activity
Analysis date: May 29, 2024, 13:45:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

5A669C5723F8E1E6ADC328B3869A8955

SHA1:

D41796CEBB9AA95DB10641C908B5C745A11C4990

SHA256:

70BFD44E774837E52BC83F2C128DE7D164251E513F6EBEA4A70E2073E28ECD2A

SSDEEP:

1536:IpgpHzb9dZVX9fHMvG0D3XJBkqf2VXcUDaeMYus/x6WsfwK2rUKxuj:+gXdZt9P6D3XJBkqOVMUWbJ2AKuj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Create files in the Startup directory

      • DeskPins-1.32-setup.exe (PID: 6540)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Executable content was dropped or overwritten

      • DeskPins-1.32-setup.exe (PID: 6540)

    • The process creates files with name similar to system file names

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Creates a software uninstall entry

      • DeskPins-1.32-setup.exe (PID: 6540)

  • INFO

    • Checks supported languages

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Reads the computer name

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Create files in a temporary directory

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Creates files in the program directory

      • DeskPins-1.32-setup.exe (PID: 6540)

    • Creates files or folders in the user directory

      • DeskPins-1.32-setup.exe (PID: 6540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:52+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.32.0.0
ProductVersionNumber: 1.32.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: Freeware
CompanyName: Elias Fotinis
FileDescription: DeskPins installer
FileVersion: {PRETTY_VER}
LegalCopyright: Copyright © 2002-2015 Elias Fotinis
ProductName: DeskPins
ProductVersion: {PRETTY_VER}
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
118
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start deskpins-1.32-setup.exe deskpins-1.32-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6480"C:\Users\admin\Desktop\DeskPins-1.32-setup.exe" C:\Users\admin\Desktop\DeskPins-1.32-setup.exeexplorer.exe
User:
admin
Company:
Elias Fotinis
Integrity Level:
MEDIUM
Description:
DeskPins installer
Exit code:
3221226540
Version:
{PRETTY_VER}
Modules
Images
c:\users\admin\desktop\deskpins-1.32-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6540"C:\Users\admin\Desktop\DeskPins-1.32-setup.exe" C:\Users\admin\Desktop\DeskPins-1.32-setup.exe
explorer.exe
User:
admin
Company:
Elias Fotinis
Integrity Level:
HIGH
Description:
DeskPins installer
Version:
{PRETTY_VER}
Modules
Images
c:\users\admin\desktop\deskpins-1.32-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
1 351
Read events
1 342
Write events
9
Delete events
0

Modification events

(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Elias Fotinis\DeskPins
Operation:writeName:Install_Dir
Value:
C:\Program Files (x86)\DeskPins
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:DisplayName
Value:
DeskPins
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\DeskPins\uninst.exe"
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\DeskPins\DeskPins.exe"
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:NoModify
Value:
1
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:NoRepair
Value:
1
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\DeskPins
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:Publisher
Value:
Elias Fotinis
(PID) Process:(6540) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:DisplayVersion
Value:
1.32
Executable files
3
Suspicious files
4
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
6540DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\Help.lnkbinary
MD5:7044633B378600B2E7AFA66055D35F2D
SHA256:32E467EDE2ED7F3DF985DF904D9E95931B67265A1BB411D8FB84335A259B36DA
6540DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\Uninstall.lnkbinary
MD5:D6697DC403E8BE46420601203E75AE3B
SHA256:24D0727AD1E3E6D0504E01E7274EA5EE63D8D437FBA42285D26FF43EC8B5CE12
6540DeskPins-1.32-setup.exeC:\Users\admin\AppData\Local\Temp\nso3E11.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
6540DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\DeskPins.lnkbinary
MD5:E77AB5555B33EF678BF1A14DD6E57CB3
SHA256:0C01C78314874B2325FA4535C96062A3F18CE8174184F202D57BDDA23C2170A8
6540DeskPins-1.32-setup.exeC:\Program Files (x86)\DeskPins\deskpins.exeexecutable
MD5:81230AC9DF74C3293387CC21B1B6D9BD
SHA256:5345EB31657FE41279BDC243149B3CD39486B776CA3A70B531F97982227CC73A
6540DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnkbinary
MD5:D18C1B644EBD288C2AD898938DFE356E
SHA256:A4E7B10BDA68FDFE9D33AC06725E28120C65F4A7BD6E8F0CAFE201E0EC3DB70A
6540DeskPins-1.32-setup.exeC:\Program Files (x86)\DeskPins\uninst.exeexecutable
MD5:DAE81921C510B98594DBFEB3BC22070C
SHA256:F30514EB9B5FF71D168659ECB159BDB12C00AE87A9CE7090989D06D4A161B68B
6540DeskPins-1.32-setup.exeC:\Program Files (x86)\DeskPins\DeskPins.chmchm
MD5:13DFE50C5FD09196EC5E08E688480E5B
SHA256:75AF28FA805A1EA57F9A70CB588DA6D55B670EBCCB13675AB28798E1A1EE6897
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
24
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2492
RUXIMICS.exe
GET
200
23.10.249.24:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
2492
RUXIMICS.exe
GET
200
23.40.125.183:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.10.249.24:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.40.125.183:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
POST
204
2.21.22.139:443
https://www.bing.com/threshold/xls.aspx
unknown
GET
200
2.21.22.138:443
https://www.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DyIrb3t-gQF4cnWyAbUBK6UBK7gB&or=w
unknown
s
21.3 Kb
GET
200
2.21.22.138:443
https://www.bing.com/manifest/threshold.appcache
unknown
text
3.36 Kb
GET
200
2.21.22.144:443
https://r.bing.com/rb/17/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DygxeIQBhwGKAYEBe369AcABMbABMcMB&or=w
unknown
s
21.3 Kb
POST
200
104.208.16.95:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
636
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2492
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5140
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
239.255.255.250:1900
unknown
5140
MoUsoCoreWorker.exe
23.10.249.24:80
crl.microsoft.com
Akamai International B.V.
CH
whitelisted
2492
RUXIMICS.exe
23.10.249.24:80
crl.microsoft.com
Akamai International B.V.
CH
whitelisted
2492
RUXIMICS.exe
23.40.125.183:80
www.microsoft.com
Telia Company AB
SE
unknown
5140
MoUsoCoreWorker.exe
23.40.125.183:80
www.microsoft.com
Telia Company AB
SE
unknown
5456
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4680
SearchApp.exe
2.21.22.131:443
www.bing.com
Akamai International B.V.
CH
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.10.249.24
  • 23.10.249.17
whitelisted
www.microsoft.com
  • 23.40.125.183
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.21.22.131
  • 2.21.22.98
  • 2.21.22.144
  • 2.21.22.138
whitelisted
r.bing.com
  • 2.21.22.131
  • 2.21.22.98
  • 2.21.22.144
  • 2.21.22.138
whitelisted
self.events.data.microsoft.com
  • 13.89.178.27
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DeskPins-1.32-setup.exe