File name:

systeminformer-3.2.25011-release-setup.exe

Full analysis: https://app.any.run/tasks/0b986bbd-a116-4af1-be1a-e8d1a92cd278
Verdict: Malicious activity
Analysis date: February 11, 2025, 14:11:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
systeminformer
tool
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

979B20755DDF86EDDB3E2892003A2CA6

SHA1:

3A0B6F9EE4EE12872E733948465BE5ECE5B25629

SHA256:

7612D5E44A5A392AB9F0D1B5B8A79BDA3CDBE19848E8EE9EC23909AAF3DAAD45

SSDEEP:

196608:llq2QRccbSWeAo0UtjM4/JP8XrSNffsZJ0d1KAMqRT4t:/YicbmARs/JEmH0JX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)
      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Application launched itself

      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)

    • Drops a system driver (possible attempt to evade defenses)

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Process drops legitimate windows executable

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Executable content was dropped or overwritten

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • The process creates files with name similar to system file names

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Creates a software uninstall entry

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

  • INFO

    • SYSTEMINFORMER mutex has been found

      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)
      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • The sample compiled with english language support

      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)
      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Checks supported languages

      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)
      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)
      • SystemInformer.exe (PID: 5464)

    • Process checks computer location settings

      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)
      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Reads the computer name

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)
      • systeminformer-3.2.25011-release-setup.exe (PID: 3816)
      • SystemInformer.exe (PID: 5464)

    • Creates files in the program directory

      • systeminformer-3.2.25011-release-setup.exe (PID: 4668)

    • Reads the time zone

      • SystemInformer.exe (PID: 5464)

    • Reads CPU info

      • SystemInformer.exe (PID: 5464)

    • Checks proxy server information

      • SystemInformer.exe (PID: 5464)

    • Reads the software policy settings

      • SystemInformer.exe (PID: 5464)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2102:11:20 21:32:35+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.42
CodeSize: 266240
InitializedDataSize: 23269376
UninitializedDataSize: -
EntryPoint: 0x20a40
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.2.25011.2103
ProductVersionNumber: 3.2.25011.2103
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: System Informer
FileDescription: System Informer - Setup
FileVersion: 3.2.25011.2103
InternalName: systeminformer-setup.exe
LegalCopyright: Copyright (c) Winsider Seminars & Solutions, Inc. All rights reserved.
OriginalFileName: systeminformer-setup.exe
ProductName: System Informer
ProductVersion: 3.2.25011.2103
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start systeminformer-3.2.25011-release-setup.exe no specs systeminformer-3.2.25011-release-setup.exe systeminformer.exe

Process information

PID
CMD
Path
Indicators
Parent process
3816"C:\Users\admin\AppData\Local\Temp\systeminformer-3.2.25011-release-setup.exe" C:\Users\admin\AppData\Local\Temp\systeminformer-3.2.25011-release-setup.exeexplorer.exe
User:
admin
Company:
System Informer
Integrity Level:
MEDIUM
Description:
System Informer - Setup
Exit code:
0
Version:
3.2.25011.2103
Modules
Images
c:\users\admin\appdata\local\temp\systeminformer-3.2.25011-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4668"C:\Users\admin\AppData\Local\Temp\systeminformer-3.2.25011-release-setup.exe" "C:\Users\admin\AppData\Local\Temp\systeminformer-3.2.25011-release-setup.exe" C:\Users\admin\AppData\Local\Temp\systeminformer-3.2.25011-release-setup.exe
systeminformer-3.2.25011-release-setup.exe
User:
admin
Company:
System Informer
Integrity Level:
HIGH
Description:
System Informer - Setup
Exit code:
0
Version:
3.2.25011.2103
Modules
Images
c:\users\admin\appdata\local\temp\systeminformer-3.2.25011-release-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5464"C:\Program Files\SystemInformer\SystemInformer.exe" -channel releaseC:\Program Files\SystemInformer\SystemInformer.exe
systeminformer-3.2.25011-release-setup.exe
User:
admin
Company:
Winsider Seminars & Solutions, Inc.
Integrity Level:
HIGH
Description:
System Informer
Version:
3.2.25011.2103
Modules
Images
c:\program files\systeminformer\systeminformer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
1 965
Read events
1 956
Write events
9
Delete events
0

Modification events

(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayIcon
Value:
C:\Program Files\SystemInformer\systeminformer.exe,0
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayName
Value:
System Informer
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:DisplayVersion
Value:
3.2.25011.2103
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:HelpLink
Value:
https://system-informer.com/
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:InstallLocation
Value:
C:\Program Files\SystemInformer\
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:Publisher
Value:
Winsider Seminars & Solutions, Inc.
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:UninstallString
Value:
"C:\Program Files\SystemInformer\systeminformer-setup.exe" -uninstall
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoModify
Value:
1
(PID) Process:(4668) systeminformer-3.2.25011-release-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemInformer
Operation:writeName:NoRepair
Value:
1
Executable files
23
Suspicious files
22
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
4668systeminformer-3.2.25011-release-setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Informer.lnkbinary
MD5:2E2893D76C1802E3838C343D0ACC0044
SHA256:13562C787CEA59D09EBDE8FFC94A1A6D83AE01EA05465DEBFD1E717B27114633
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\dbgcore.dllexecutable
MD5:95973D82BA746E9375F5BC55D97950CE
SHA256:51D20D61818A4FA6A0A4178F99E5AB97D998CAA6B2DE96D1B312DCFEF095BA4C
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\README.txttext
MD5:0CCC7E76DA4E38CD2F73BD197DEA80C3
SHA256:29C068275F2B99405DFED86B2C6C6E0722944B743565796B76FBF74F42DA8039
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\LICENSE.txttext
MD5:00B5F3DE97978ECBFCAA88C3D9D87CE5
SHA256:E0CD000380F49907CB856B00AC44C436DF10E2B0AD24EA77576F8EF77F508BDD
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\dbghelp.dllexecutable
MD5:08219271A68C50CD39C74305E25D803C
SHA256:B6455531A84EE1CEB101CD14F0E2BE7750F4D5F958EC5A9460A09D011F14A3F8
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\ksidyn.binbinary
MD5:227A232CB943A8CF964D6D7ABC4648B1
SHA256:75A72ED16CB73B781E7522CAF63CEC3C35764F3290B61BA3683CFFCD57BB4B20
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\ksi.dllexecutable
MD5:675A983112140010D791F9CB75656815
SHA256:7B535E69D2AD35539A686C0BD902105A30BDB8F2FB3299B2CC7057D157107C9D
4668systeminformer-3.2.25011-release-setup.exeC:\Users\Public\Desktop\System Informer.lnkbinary
MD5:33ACAF16A48F662D62ACB2E0406DE152
SHA256:623E792ACD760E0B5E88BCA0A83EAFA9E88387BEC920F427D0B7E3F246FE34B1
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\systeminformer-setup.exeexecutable
MD5:979B20755DDF86EDDB3E2892003A2CA6
SHA256:7612D5E44A5A392AB9F0D1B5B8A79BDA3CDBE19848E8EE9EC23909AAF3DAAD45
4668systeminformer-3.2.25011-release-setup.exeC:\Program Files\SystemInformer\ksidyn.sigbinary
MD5:92754EB628818C59FED2D200B0C411E7
SHA256:EA198B7DD0C24A01F67B3E750F6F04B444D2157BEEA98FB2F6C29629C17862C1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
33
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
68
svchost.exe
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
68
svchost.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5992
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5992
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3172
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
68
svchost.exe
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
68
svchost.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.16.204.151:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.48.23.162
  • 23.48.23.178
  • 23.48.23.177
  • 23.48.23.170
  • 23.48.23.167
  • 23.48.23.175
  • 23.48.23.168
  • 23.48.23.179
  • 23.48.23.176
whitelisted
www.microsoft.com
  • 2.16.253.202
  • 23.219.150.101
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
www.bing.com
  • 2.16.204.151
  • 2.16.204.152
  • 2.16.204.136
  • 2.16.204.160
  • 2.16.204.161
  • 2.16.204.156
  • 2.16.204.135
  • 2.16.204.158
  • 2.16.204.157
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
login.live.com
  • 20.190.160.2
  • 20.190.160.67
  • 20.190.160.3
  • 20.190.160.128
  • 40.126.32.138
  • 20.190.160.130
  • 20.190.160.131
  • 20.190.160.20
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
systeminformer-3.2.25011-release-setup.exe