File name:

multicharts-crack-92_6c9011b-1139.exe

Full analysis: https://app.any.run/tasks/6f354f7a-8cb9-414e-9cf6-c7f2fb760c04
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 29, 2019, 09:31:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

A4B25F127DD316FD31B870F6E78C2DB5

SHA1:

E30A878E09350D22B41FF824FA2D8769ED765674

SHA256:

80A00714174616025D79C9E23548A06AB4A8D65896CDB70D44814C6B03F3ECF0

SSDEEP:

98304:eR2hlt/WcQvn4oSpqtW6xLSLdtYcBEIkpa2yZro7Dt20ZqqgTzepN/UKc5L/W+Nv:66bWcOSpqt7LJUEam9ZOvJY+Nv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by user

      • multicharts-crack-92_6c9011b-1139.exe (PID: 2436)
      • explorer.exe (PID: 3092)
      • multicharts-crack-92_6c9011b-1139.exe (PID: 2308)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.scr | Windows screen saver (60.5)
.exe | Win32 Executable (generic) (20.8)
.exe | Generic Win/DOS Executable (9.2)
.exe | DOS Executable Generic (9.2)
.vxd | VXD Driver (0.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:05:29 11:20:02+02:00
PEType: PE32
LinkerVersion: 5
CodeSize: 3694592
InitializedDataSize: 499200
UninitializedDataSize: -
EntryPoint: 0x66d0b0
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.4.13.5
ProductVersionNumber: 3.4.13.5
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: German
CharacterSet: Windows, Latin1
CompanyName: Cool Forpter GG
FileDescription: Pologantig
FileVersion: 3.4.13.5
ProductName: Pologantig
ProductVersion: 3.4.13.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start multicharts-crack-92_6c9011b-1139.exe explorer.exe no specs multicharts-crack-92_6c9011b-1139.exe no specs multicharts-crack-92_6c9011b-1139.exe multicharts-crack-92_6c9011b-1139.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2308"C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exe" C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exe
explorer.exe
User:
admin
Company:
Cool Forpter GG
Integrity Level:
HIGH
Description:
Pologantig
Exit code:
0
Version:
3.4.13.5
Modules
Images
c:\users\admin\downloads\multicharts-crack-92_6c9011b-1139.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
2436"C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exe" C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exeexplorer.exe
User:
admin
Company:
Cool Forpter GG
Integrity Level:
MEDIUM
Description:
Pologantig
Exit code:
3221226540
Version:
3.4.13.5
Modules
Images
c:\users\admin\downloads\multicharts-crack-92_6c9011b-1139.exe
c:\systemroot\system32\ntdll.dll
2520"C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exe" C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exe
explorer.exe
User:
admin
Company:
Cool Forpter GG
Integrity Level:
HIGH
Description:
Pologantig
Exit code:
0
Version:
3.4.13.5
Modules
Images
c:\users\admin\downloads\multicharts-crack-92_6c9011b-1139.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
3092"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3484"C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exe" C:\Users\admin\Downloads\multicharts-crack-92_6c9011b-1139.exeexplorer.exe
User:
admin
Company:
Cool Forpter GG
Integrity Level:
MEDIUM
Description:
Pologantig
Exit code:
3221226540
Version:
3.4.13.5
Modules
Images
c:\users\admin\downloads\multicharts-crack-92_6c9011b-1139.exe
c:\systemroot\system32\ntdll.dll
Total events
72
Read events
72
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
3
DNS requests
1
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2520
multicharts-crack-92_6c9011b-1139.exe
POST
200
104.27.134.41:80
http://ponorogu.live/v2/events
US
text
4 b
shared
2308
multicharts-crack-92_6c9011b-1139.exe
POST
200
104.27.134.41:80
http://ponorogu.live/v2/events
US
text
224 Kb
shared
2308
multicharts-crack-92_6c9011b-1139.exe
POST
200
104.27.134.41:80
http://ponorogu.live/v2/events
US
text
224 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2520
multicharts-crack-92_6c9011b-1139.exe
104.27.134.41:80
ponorogu.live
Cloudflare Inc
US
shared
2308
multicharts-crack-92_6c9011b-1139.exe
104.27.134.41:80
ponorogu.live
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
ponorogu.live
  • 104.27.134.41
  • 104.27.135.41
unknown

Threats

PID
Process
Class
Message
Misc activity
ADWARE [PTsecurity] Win32/DownloadAssistant.F
Misc activity
ADWARE [PTsecurity] Win32/DownloadAssistant.F
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
multicharts-crack-92_6c9011b-1139.exe