File name:

iSignum.exe

Full analysis: https://app.any.run/tasks/a5ff084f-172a-4045-b9ec-e58689e19192
Verdict: Malicious activity
Analysis date: March 15, 2024, 15:17:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

17BF3B6BC668F7A906EEBC6CCF1812F7

SHA1:

35378FC064604F97002A0CF5A66E4FB125D7B8BE

SHA256:

809EC7FE8FE3A83F6A7823D01AEBB27243D3F69794FB081CADA7E73C9E0FE081

SSDEEP:

98304:Anr91gARfNGSif0/McntjNc407vyWMUudF5j/IGUu66GXUviFoqsNIF0sYze0zSM:czXVImJB8vX8cyD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • iSignum.exe (PID: 3500)

  • SUSPICIOUS

    • Reads the Internet Settings

      • iSignum.exe (PID: 3500)

    • Reads security settings of Internet Explorer

      • iSignum.exe (PID: 3500)

    • Executable content was dropped or overwritten

      • iSignum.exe (PID: 3500)

  • INFO

    • Reads the computer name

      • iSignum.exe (PID: 3500)
      • iSignum.exe (PID: 4044)

    • Checks supported languages

      • iSignum.exe (PID: 3500)
      • iSignum.exe (PID: 4044)

    • Checks proxy server information

      • iSignum.exe (PID: 3500)

    • Creates files or folders in the user directory

      • iSignum.exe (PID: 3500)

    • Create files in a temporary directory

      • iSignum.exe (PID: 3500)

    • Reads the machine GUID from the registry

      • iSignum.exe (PID: 3500)
      • iSignum.exe (PID: 4044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (45.2)
.exe | Win32 EXE PECompact compressed (generic) (43.6)
.exe | Win32 Executable (generic) (4.7)
.exe | Win16/32 Executable Delphi generic (2.1)
.exe | Generic Win/DOS Executable (2.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:03 13:25:16+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 3055616
InitializedDataSize: 6106624
UninitializedDataSize: -
EntryPoint: 0x2eb46c
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: iSignum
FileVersion: 1.0.0.0
ProductName: iSignum
ProductVersion: 1.0.0.0
ProgramID: iSignum
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start isignum.exe isignum.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3500"C:\Users\admin\AppData\Local\Temp\iSignum.exe" C:\Users\admin\AppData\Local\Temp\iSignum.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
iSignum
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\isignum.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
4044"C:\Users\admin\AppData\Local\Temp\iSignum\iSignum.exe" C:\Users\admin\AppData\Local\Temp\iSignum\iSignum.exeiSignum.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
0.9.0.725
Modules
Images
c:\users\admin\appdata\local\temp\isignum\isignum.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
Total events
11 744
Read events
11 666
Write events
65
Delete events
13

Modification events

(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3500) iSignum.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
3
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
3500iSignum.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\iSignum[1].vertext
MD5:D3DCD413F4283FF17175D27745AF3046
SHA256:339196BAE63497A209C5F87022B2C9C9594D33262E4E0AB7EF2D124C44A7D6BE
3500iSignum.exeC:\Users\admin\AppData\Local\Temp\iSignum\dist.zipcompressed
MD5:7E489EB5B75148B2709FDEEAB94C7308
SHA256:9B7F2D8126A0D0A0C35342E4F3B6E8BE07397877072B0ECD2943D08CEAF62D38
3500iSignum.exeC:\Users\admin\AppData\Local\Temp\iSignum\ssleay32.dllexecutable
MD5:D39C5952066D48E7767690AC4A3787C3
SHA256:3870BA43C56AD50EF2DA9F0E756DC9B81174AC192B613CE1B1143A8671CA334B
3500iSignum.exeC:\Users\admin\AppData\Local\Temp\iSignum\libeay32.dllexecutable
MD5:8569AB7398327C2F00FD219549D29531
SHA256:6F71CD118C5AF2C43C9AE74C9DFD04F97AEA430DA4F9296D64387A78B251BD38
3500iSignum.exeC:\Users\admin\AppData\Local\Temp\iSignum\iSignum.exeexecutable
MD5:8CD2BA51C41E560845FAA52C6FD02F5D
SHA256:51D57153E5D00074C2FE6CA0B971BEA4DA1D11B41DB4AE0A69E54A816D8700D6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3500
iSignum.exe
GET
200
193.150.24.50:80
http://www.postsignum.cz/files/isignum/iSignum.ver?random=357644_45366.6373987847
unknown
text
10 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
3500
iSignum.exe
193.150.24.50:80
www.postsignum.cz
Ceska Posta s.p.
CZ
unknown

DNS requests

Domain
IP
Reputation
www.postsignum.cz
  • 193.150.24.50
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iSignum.exe