File name: | avg_driver_updater_online_setup.exe |
Full analysis: | https://app.any.run/tasks/b4d17300-e170-4554-88a7-d129ee5b92e0 |
Verdict: | Malicious activity |
Analysis date: | November 24, 2020, 03:44:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 1C5BF9A7BA798049418E33FC3123ECB8 |
SHA1: | C6DB14BFB50D316C3AFDF671A2E8B2FB9C4CDC95 |
SHA256: | 79391288CAE0894F4C8F6969B49EDBB6E1D9C5C42F5211F613C936318B7B0AC5 |
SSDEEP: | 24576:rXCBaHeByOvywM5LWDgggg89Cy+wlHF05D4vXIjItBcgPNX5PYp4Y0WrYN:U0eBCwgggg8l+YH5IjQBXNX5wp4Y0mYN |
.exe | | | Win64 Executable (generic) (76.4) |
---|---|---|
.exe | | | Win32 Executable (generic) (12.4) |
.exe | | | Generic Win/DOS Executable (5.5) |
.exe | | | DOS Executable Generic (5.5) |
duincluded: | 20.2.876.986 |
---|---|
ProductVersion: | 20.2.876.986 |
ProductName: | AVG Installer |
ProductId: | avg-icarus |
OriginalFileName: | icarus_sfx.exe |
LegalCopyright: | © 2020 AVG Technologies |
InternalName: | icarus_sfx |
FileVersion: | 20.6.1816.0 |
FileDescription: | AVG Self-Extract Package |
CompanyName: | AVG Technologies |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 20.2.876.986 |
FileVersionNumber: | 20.6.1816.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 6 |
ImageVersion: | - |
OSVersion: | 6 |
EntryPoint: | 0x28d80 |
UninitializedDataSize: | - |
InitializedDataSize: | 347648 |
CodeSize: | 800256 |
LinkerVersion: | 14.27 |
PEType: | PE32 |
TimeStamp: | 2020:10:21 15:50:16+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 21-Oct-2020 13:50:16 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | AVG Technologies |
FileDescription: | AVG Self-Extract Package |
FileVersion: | 20.6.1816.0 |
InternalName: | icarus_sfx |
LegalCopyright: | © 2020 AVG Technologies |
OriginalFilename: | icarus_sfx.exe |
ProductId: | avg-icarus |
ProductName: | AVG Installer |
ProductVersion: | 20.2.876.986 |
du included: | 20.2.876.986 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000138 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 6 |
Time date stamp: | 21-Oct-2020 13:50:16 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000C357A | 0x000C3600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.63263 |
.rdata | 0x000C5000 | 0x0002AD6C | 0x0002AE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.0872 |
.data | 0x000F0000 | 0x00008E48 | 0x00006800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.91589 |
.didat | 0x000F9000 | 0x0000004C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.832934 |
.rsrc | 0x000FA000 | 0x000241E0 | 0x00024200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.20686 |
.reloc | 0x0011F000 | 0x0000A530 | 0x0000A600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.6305 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.16939 | 2016 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 6.39469 | 1384 | UNKNOWN | English - United States | RT_ICON |
3 | 7.905 | 44458 | UNKNOWN | English - United States | RT_ICON |
4 | 6.35147 | 9640 | UNKNOWN | English - United States | RT_ICON |
5 | 6.53793 | 4264 | UNKNOWN | English - United States | RT_ICON |
6 | 5.7454 | 1128 | UNKNOWN | English - United States | RT_ICON |
7 | 7.96429 | 14654 | UNKNOWN | English - United States | RT_ICON |
8 | 2.79026 | 9640 | UNKNOWN | English - United States | RT_ICON |
9 | 2.98046 | 5220 | UNKNOWN | English - United States | RT_ICON |
10 | 2.74561 | 4264 | UNKNOWN | English - United States | RT_ICON |
ADVAPI32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
SHLWAPI.dll |
USER32.dll |
VERSION.dll (delay-loaded) |
gdiplus.dll |
ntdll.dll |
ole32.dll |
Title | Ordinal | Address |
---|---|---|
asw_process_storage_allocate_connector | 1 | 0x00027360 |
asw_process_storage_deallocate_connector | 2 | 0x00027380 |
on_avast_dll_unload | 3 | 0x00025620 |
onexit_register_connector_avast_2 | 4 | 0x000271E0 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2584 | "C:\Users\admin\AppData\Local\Temp\avg_driver_updater_online_setup.exe" | C:\Users\admin\AppData\Local\Temp\avg_driver_updater_online_setup.exe | — | explorer.exe | |||||||||||
User: admin Company: AVG Technologies Integrity Level: MEDIUM Description: AVG Self-Extract Package Exit code: 3221226540 Version: 20.6.1816.0 Modules
| |||||||||||||||
3708 | "C:\Users\admin\AppData\Local\Temp\avg_driver_updater_online_setup.exe" | C:\Users\admin\AppData\Local\Temp\avg_driver_updater_online_setup.exe | explorer.exe | ||||||||||||
User: admin Company: AVG Technologies Integrity Level: HIGH Description: AVG Self-Extract Package Version: 20.6.1816.0 Modules
| |||||||||||||||
2716 | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\icarus-info.xml /install /sssid:3708 | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\icarus.exe | avg_driver_updater_online_setup.exe | ||||||||||||
User: admin Company: AVG Technologies Integrity Level: HIGH Description: AVG Installer Version: 20.6.1816.0 Modules
| |||||||||||||||
396 | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\avg-du\icarus.exe /sssid:3708 /er_master:master_ep_acbeedbf-f21b-4d99-a0dd-9ee2d9a83120 /er_ui:ui_ep_54e7f0be-baf7-4e76-a071-4dede10fe75c /er_slave:avg-du_slave_ep_a6b00630-6c95-4c1a-beab-9e6d2fae3f3d /slave:avg-du | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\avg-du\icarus.exe | icarus.exe | ||||||||||||
User: admin Company: AVG Technologies Integrity Level: HIGH Description: AVG Installer Version: 20.6.1816.0 Modules
| |||||||||||||||
656 | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\icarus_ui.exe /sssid:3708 /er_master:master_ep_acbeedbf-f21b-4d99-a0dd-9ee2d9a83120 /er_ui:ui_ep_54e7f0be-baf7-4e76-a071-4dede10fe75c | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\icarus_ui.exe | — | icarus.exe | |||||||||||
User: admin Company: AVG Technologies Integrity Level: HIGH Description: AVG UI Version: 20.6.1816.0 Modules
|
(PID) Process: | (3708) avg_driver_updater_online_setup.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3708) avg_driver_updater_online_setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 |
Operation: | write | Name: | Blob |
Value: 040000000100000010000000D474DE575C39B2D39C8583C5C065498A0F0000000100000014000000E35EF08D884F0A0ADE2F75E96301CE6230F213A80300000001000000140000005FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC251D00000001000000100000008F76B981D528AD4770088245E2031B630B0000000100000012000000440069006700690043006500720074000000140000000100000014000000B13EC36903F8BF4701D498261A0802EF63642BC36200000001000000200000007431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF5300000001000000230000003021301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0090000000100000034000000303206082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B06010505070308190000000100000010000000BA4F3972E7AED9DCCDC210DB59DA13C92000000001000000C9030000308203C5308202ADA003020102021002AC5C266A0B409B8F0B79F2AE462577300D06092A864886F70D0101050500306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F74204341301E170D3036313131303030303030305A170D3331313131303030303030305A306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C6CCE573E6FBD4BBE52D2D32A6DFE5813FC9CD2549B6712AC3D5943467A20A1CB05F69A640B1C4B7B28FD098A4A941593AD3DC94D63CDB7438A44ACC4D2582F74AA5531238EEF3496D71917E63B6ABA65FC3A484F84F6251BEF8C5ECDB3892E306E508910CC4284155FBCB5A89157E71E835BF4D72093DBE3A38505B77311B8DB3C724459AA7AC6D00145A04B7BA13EB510A984141224E656187814150A6795C89DE194A57D52EE65D1C532C7E98CD1A0616A46873D03404135CA171D35A7C55DB5E64E13787305604E511B4298012F1793988A202117C2766B788B778F2CA0AA838AB0A64C2BF665D9584C1A1251E875D1A500B2012CC41BB6E0B5138B84BCB0203010001A3633061300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414B13EC36903F8BF4701D498261A0802EF63642BC3301F0603551D23041830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D010105050003820101001C1A0697DCD79C9F3C886606085721DB2147F82A67AABF183276401057C18AF37AD911658E35FA9EFC45B59ED94C314BB891E8432C8EB378CEDBE3537971D6E5219401DA55879A2464F68A66CCDE9C37CDA834B1699B23C89E78222B7043E35547316119EF58C5852F4E30F6A0311623C8E7E2651633CBBF1A1BA03DF8CA5E8B318B6008892D0C065C52B7C4F90A98D1155F9F12BE7C366338BD44A47FE4262B0AC497690DE98CE2C01057B8C876129155F24869D8BC2A025B0F44D42031DBF4BA70265D90609EBC4B17092FB4CB1E4368C90727C1D25CF7EA21B968129C3C9CBF9EFC805C9B63CDEC47AA252767A037F300827D54D7A9F8E92E13A377E81F4A | |||
(PID) Process: | (2716) icarus.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr |
Operation: | write | Name: | EnableCounterForIoctl |
Value: 1 | |||
(PID) Process: | (2716) icarus.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager |
Operation: | write | Name: | BootExecute |
Value: autocheck autochk * | |||
(PID) Process: | (2716) icarus.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\Software\AVG\Icarus |
Operation: | write | Name: | DataFolder |
Value: C:\ProgramData\AVG\Icarus |
PID | Process | Filename | Type | |
---|---|---|---|---|
3708 | avg_driver_updater_online_setup.exe | C:\ProgramData\AVG\Icarus\Logs\sfx.log | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\9aa47cf0-23ec-47af-92d8-ae582c982d2e | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\74d030b2-bf89-469d-8cfb-77fa511a33ac | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\58721a2b-55c0-4231-8705-8c3a59072320 | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\db50c548-f74d-4629-80d2-9dc4bbc21c70 | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\1103c96a-f0f1-4bb6-8757-b6be246e53d8 | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\9d3c7ad7-b017-4f51-9073-4de18ff214a0 | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\d8c35a18-9339-4e78-94eb-662c704ebdc0 | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\37402a63-e639-4f46-8f83-cc16c829ca8f | — | |
MD5:— | SHA256:— | |||
3708 | avg_driver_updater_online_setup.exe | C:\Windows\Temp\asw-cd976f07-452c-4c2e-b070-ce4b3ff740d1\common\f2ffe9c8-c384-4d92-91d3-c5053a8d0f1b | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 5.62.40.203:443 | analytics.ff.avast.com | AVAST Software s.r.o. | DE | unknown |
2716 | icarus.exe | 5.62.40.203:443 | analytics.ff.avast.com | AVAST Software s.r.o. | DE | unknown |
3708 | avg_driver_updater_online_setup.exe | 5.62.40.203:443 | analytics.ff.avast.com | AVAST Software s.r.o. | DE | unknown |
2716 | icarus.exe | 5.62.48.207:443 | shepherd.ff.avast.com | AVAST Software s.r.o. | US | unknown |
3708 | avg_driver_updater_online_setup.exe | 23.212.157.65:80 | honzik.avcdn.net | GTT Communications Inc. | US | malicious |
3708 | avg_driver_updater_online_setup.exe | 23.212.157.65:443 | honzik.avcdn.net | GTT Communications Inc. | US | malicious |
396 | icarus.exe | 2.18.232.133:443 | honzik.avcdn.net | Akamai International B.V. | — | whitelisted |
2716 | icarus.exe | 5.62.40.204:443 | analytics.ff.avast.com | AVAST Software s.r.o. | DE | malicious |
Domain | IP | Reputation |
---|---|---|
analytics.ff.avast.com |
| whitelisted |
honzik.avcdn.net |
| unknown |
shepherd.ff.avast.com |
| whitelisted |