File name:

avast_free_antivirus_setup_online.exe

Full analysis: https://app.any.run/tasks/984f09cb-8c97-483e-93f8-3ea444e39d3b
Verdict: Malicious activity
Analysis date: December 07, 2024, 22:54:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

1AC91AB0DC51CD0B8258945CDED565DB

SHA1:

E8B3FB540F70E695DEEC53E4741633AEAA0ECB1E

SHA256:

7EA883D91F36D26166751E05D734571A561312FBD078068787AD3EFAC2BCB0E6

SSDEEP:

98304:YgZ8Ufsw7sertCpXJBJID2asRKZOcKasz8GFEMQGS+44Dvq7LCZwW3D7M7qTFOvm:iTqzvG/i

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates or modifies Windows services

      • avast_free_antivirus_setup_online.exe (PID: 4076)

    • Executable content was dropped or overwritten

      • avast_free_antivirus_setup_online.exe (PID: 4076)

  • INFO

    • Creates files in the program directory

      • avast_free_antivirus_setup_online.exe (PID: 4076)

    • Checks supported languages

      • avast_free_antivirus_setup_online.exe (PID: 4076)

    • Reads the computer name

      • avast_free_antivirus_setup_online.exe (PID: 4076)

    • Create files in a temporary directory

      • avast_free_antivirus_setup_online.exe (PID: 4076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:11:06 12:50:45+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 490496
InitializedDataSize: 316928
UninitializedDataSize: -
EntryPoint: 0x496e1
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 10.0.2208.712
ProductVersionNumber: 10.0.2208.712
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: avast! Antivirus
CompanyName: AVAST Software
FileDescription: avast! Antivirus Installer
FileVersion: 10.0.2208.712
InternalName: SfxInst
LegalCopyright: Copyright (c) 2014 AVAST Software
OriginalFileName: SfxInst.exe
ProductName: Avast Antivirus
ProductVersion: 10.0.2208.712
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
121
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avast_free_antivirus_setup_online.exe instup.exe no specs pcaui.exe no specs avast_free_antivirus_setup_online.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1804"C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\instup.exe" /edition:1 /prod:ais /sfx:lite /sfxstorage:C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788 C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\instup.exeavast_free_antivirus_setup_online.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\_av_iup.tm~a05788\instup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\sechost.dll
4076"C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe" C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe
explorer.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
avast! Antivirus Installer
Exit code:
0
Version:
10.0.2208.712
Modules
Images
c:\users\admin\desktop\avast_free_antivirus_setup_online.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5320"C:\WINDOWS\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {5313d2fc-7e9c-4fb6-895c-3a229b317bcb} -a "Avast! Antivirus" -v "AVAST Software" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 2 -f 0 -k 0 -e "C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\instup.exe"C:\Windows\System32\pcaui.exeinstup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Program Compatibility Assistant User Interface
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\pcaui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
5652"C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exe" C:\Users\admin\Desktop\avast_free_antivirus_setup_online.exeexplorer.exe
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
avast! Antivirus Installer
Exit code:
3221226540
Version:
10.0.2208.712
Modules
Images
c:\users\admin\desktop\avast_free_antivirus_setup_online.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
147
Read events
122
Write events
20
Delete events
5

Modification events

(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
0
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
6
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
13
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
20
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
26
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
33
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
40
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
46
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
53
(PID) Process:(4076) avast_free_antivirus_setup_online.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
Operation:writeName:SfxInstProgress
Value:
60
Executable files
4
Suspicious files
14
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\ngiodriver_x64_ais-8a0.vpxbinary
MD5:98F545C04FDC5E43086331DAFF4BEA6D
SHA256:9375A7F13E320A1975C6702958D9DD97936F2FB06D8A903DBEE4612C7BDE81FC
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\avBugReport.exeexecutable
MD5:A4863513D9635256A1F9F40EF6E187C0
SHA256:F8D62BE4B40CBE348A7BB6F864CA1AA3C330CBBC13EF5A38F6D65B90B007C589
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\ngiodriver_x86_ais-8a0.vpxbinary
MD5:466217C657B101F35B18448B3F81AE2A
SHA256:4E1FC73C1D075352BA0F3A730165617D7FDC641F7BC99CC8D13F5B75EF994BDA
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\instup_ais-8a0.vpxbinary
MD5:136D3BE6694266D5A2CEACA074232233
SHA256:CD47B6D56C1838B7DF6125280EAB76FC7F5A686B8ECC11FC8E2E8BAA2FADA4B1
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\part-jrog2-bde.vpxbinary
MD5:B78F45F628A163A2209BB10D547F061D
SHA256:CCBD610967EF8C5AB55C8B47E05C2D30DFF077FAB863770DBC80948901E79AED
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\setgui_ais-8a0.vpxbinary
MD5:D57E68A9955AC807B53282D5CD53D183
SHA256:D09F7418F00125DC13EA47CEC40194EF3A89C2E383A08E5C0BC394895116236D
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\prod-ais.vpxbinary
MD5:701876D2184AA1A32BB331C1617E36D6
SHA256:6BBEC8789757D25C13173204E720076B861BF0C5CCF7470B30CF0819EE9C76B0
4076avast_free_antivirus_setup_online.exeC:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.logtext
MD5:4BD09C63877F8B3A3C03B11BD960EACE
SHA256:DE342271EBCD96DBE5BACFA5B4F51F6231E04AC18E08AB5CFD1C702DB49E3F3F
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\servers.def.vpxbinary
MD5:FBAFD80FF697E463B6B12FA3960BD7DD
SHA256:474774F14D7BA42165ADF7686E6A948FE1125860F9CC56973762B2CF7946D19D
4076avast_free_antivirus_setup_online.exeC:\Users\admin\AppData\Local\Temp\_av_iup.tm~a05788\HTMLayout.dllexecutable
MD5:67DCACDEA595375B6323F7C825BFE8DB
SHA256:3618700F2DEA6DCB0D033205AECB0CD0C2ADB3C99B787DEBDE86A5D49939816C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
21
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1852
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1852
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.23.209.133:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
1852
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
3976
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
www.bing.com
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.149
  • 2.23.209.140
  • 2.23.209.187
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
self.events.data.microsoft.com
  • 52.182.143.215
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
avast_free_antivirus_setup_online.exe