File name:

3dyd64_1.20.4.exe

Full analysis: https://app.any.run/tasks/1c110b50-d8cd-4f94-baab-0d4f0fbb72dc
Verdict: Malicious activity
Analysis date: June 14, 2024, 09:34:53
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

0B3D43C21DAFDFC9B673B6E883E96703

SHA1:

BD868B477EC2B0DBEEB863CD66DE59AA5CAA2106

SHA256:

75FA4A477112F405B253491995221741D6019B20D0C52AB62D4C22AD9362D16A

SSDEEP:

196608:Jjnm7PPjOAOrWspqcncB+Y53Its92J4VIBaY/VWs2imWJp:gnjO3rrc53cY2JAc/VWumWz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 3dyd64_1.20.4.exe (PID: 3592)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • 3dyd64.exe (PID: 3728)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • 3dyd64_1.20.4.exe (PID: 3592)

    • The process creates files with name similar to system file names

      • 3dyd64_1.20.4.exe (PID: 3592)

    • Node.exe was dropped

      • 3dyd64_1.20.4.exe (PID: 3592)

    • Executable content was dropped or overwritten

      • 3dyd64_1.20.4.exe (PID: 3592)

    • Creates a software uninstall entry

      • 3dyd64_1.20.4.exe (PID: 3592)

    • Write to the desktop.ini file (may be used to cloak folders)

      • 3dyd64.exe (PID: 3728)

    • Reads security settings of Internet Explorer

      • 3dyd64.exe (PID: 3728)

  • INFO

    • Create files in a temporary directory

      • 3dyd64_1.20.4.exe (PID: 3592)

    • Checks supported languages

      • 3dyd64_1.20.4.exe (PID: 3592)
      • 3dyd64.exe (PID: 3728)

    • Creates files or folders in the user directory

      • 3dyd64.exe (PID: 3728)
      • 3dyd64_1.20.4.exe (PID: 3592)

    • Reads the computer name

      • 3dyd64_1.20.4.exe (PID: 3592)
      • 3dyd64.exe (PID: 3728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.20.4.0
ProductVersionNumber: 1.20.4.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: https://3dyd.com
CompanyName: 3DYD Soft
FileDescription: 3D Youtube Downloader (x64) Installer
FileVersion: 1.20.4
LegalCopyright: Copyright (C) 2012-2024 3DYD Soft
OriginalFileName: 3dyd64_1.20.4.exe
ProductName: 3D Youtube Downloader (x64)
ProductVersion: 1.20.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
119
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 3dyd64_1.20.4.exe 3dyd64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3592"C:\Users\admin\Desktop\3dyd64_1.20.4.exe" C:\Users\admin\Desktop\3dyd64_1.20.4.exe
explorer.exe
User:
admin
Company:
3DYD Soft
Integrity Level:
MEDIUM
Description:
3D Youtube Downloader (x64) Installer
Exit code:
0
Version:
1.20.4
Modules
Images
c:\users\admin\desktop\3dyd64_1.20.4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3728"C:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\3dyd64.exe"C:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\3dyd64.exe3dyd64_1.20.4.exe
User:
admin
Company:
3DYD Soft
Integrity Level:
MEDIUM
Description:
3D Youtube Downloader (x64)
Version:
1.20.4
Modules
Images
c:\users\admin\appdata\local\programs\3d youtube downloader (x64)\3dyd64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
7 599
Read events
7 573
Write events
26
Delete events
0

Modification events

(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\3DYD Soft\3D Youtube Downloader (x64)
Operation:writeName:program_exe_name
Value:
3dyd64.exe
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\3DYD Soft\3D Youtube Downloader (x64)\Language
Operation:writeName:Current
Value:
en
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:DisplayName
Value:
3D Youtube Downloader (x64)
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\3dyd64.exe
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:DisplayVersion
Value:
1.20.4
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:Publisher
Value:
3DYD Soft
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:NoModify
Value:
1
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:NoRepair
Value:
1
(PID) Process:(3592) 3dyd64_1.20.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3D Youtube Downloader (x64)
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\uninstall.exe
Executable files
40
Suspicious files
6
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Temp\nse40E0.tmp\nsDialogs.dllexecutable
MD5:EC9640B70E07141FEBBE2CD4CC42510F
SHA256:C5BA017732597A82F695B084D1AA7FE3B356168CC66105B9392A9C5B06BE5188
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Temp\nse40E0.tmp\LangDLL.dllexecutable
MD5:109B201717AB5EF9B5628A9F3EFEF36F
SHA256:20E642707EF82852BCF153254CB94B629B93EE89A8E8A03F838EEF6CBB493319
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Temp\nse40E0.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\ffmpeg64\avcodec-57.dllexecutable
MD5:CFD4CB7363A7D2C0C82D0EB4D78F7B38
SHA256:3ADB91DC7A0C2512FA49433E87D643E9F6415FAE457F0209C0120CCFC90B6A8F
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\help_map.xmlxml
MD5:539B9EDAC5962E1E535475AB44B6B023
SHA256:375AEB6CD0F674B66C41AC46F08FCDD02E99794C3F9114EECCE7CBA952734F56
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\node-LICENSEtext
MD5:8BA3B6EB6223C7C67B0ED800A9804900
SHA256:DEEF3DB25C04F2E739A607CF69B278216DCA31FE0133231E907920BD09328D35
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\ffmpeg64\swresample-2.dllexecutable
MD5:1FA7C882D239341CD1E27A693BBAA400
SHA256:3B3DC9E3036EB0F365B44B97226C04D4379D3D9C2B343F3115478B9ABE2504BD
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\node.exeexecutable
MD5:241F6915CB24FD7A96899DD336346FDC
SHA256:92C22479607AB269EAE7C6040CB059757FD0A29DDC188D3A25E46EE485E6E221
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\eula.txttext
MD5:BD96F3157A0BA07915256CB5201A4751
SHA256:F3CA7F58AA347CF4CDC00C7030D3448CD534AD5BAA30EB5D47A29A12A9FAA83A
35923dyd64_1.20.4.exeC:\Users\admin\AppData\Local\Programs\3D Youtube Downloader (x64)\ffmpeg64\swscale-4.dllexecutable
MD5:27386D143989F01BEA765890FFA2B4EF
SHA256:C92BD52AD9D2B228440E5E649FF74EC20D59896B432CD8718DBF5BC8F2280C63
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
24
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5612
svchost.exe
GET
200
2.21.97.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
5612
svchost.exe
GET
200
23.37.13.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
4856
RUXIMICS.exe
GET
200
23.37.13.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.37.13.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
5140
MoUsoCoreWorker.exe
GET
200
2.21.97.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
GET
200
2.21.96.51:443
https://www.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DyIrb3t-gQF4cnWyAbUBK6UBK7gB&or=w
unknown
s
21.3 Kb
GET
200
2.21.96.51:443
https://www.bing.com/manifest/threshold.appcache
unknown
text
3.36 Kb
POST
200
20.189.173.26:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5612
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4856
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5140
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5612
svchost.exe
2.21.97.42:80
crl.microsoft.com
Akamai International B.V.
SE
unknown
239.255.255.250:1900
unknown
5140
MoUsoCoreWorker.exe
2.21.97.42:80
crl.microsoft.com
Akamai International B.V.
SE
unknown
5612
svchost.exe
23.37.13.218:80
www.microsoft.com
AKAMAI-AS
PH
unknown
4856
RUXIMICS.exe
23.37.13.218:80
www.microsoft.com
AKAMAI-AS
PH
unknown
5140
MoUsoCoreWorker.exe
23.37.13.218:80
www.microsoft.com
AKAMAI-AS
PH
unknown
5456
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.21.97.42
  • 2.21.97.24
unknown
www.microsoft.com
  • 23.37.13.218
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
unknown
www.bing.com
  • 2.21.96.51
  • 2.21.96.16
unknown
r.bing.com
  • 2.21.96.16
  • 2.21.96.51
unknown
self.events.data.microsoft.com
  • 52.168.117.175
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
3dyd64_1.20.4.exe