File name:

innosetup-6.2.2.exe

Full analysis: https://app.any.run/tasks/ff6535e2-fc47-4d31-8675-dbcc01540f12
Verdict: Malicious activity
Analysis date: May 06, 2024, 20:28:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2893B10C36FDDB20A38E9B8B9A44D647

SHA1:

9AB6A2F797D5EFC3C5C3985D48FC63C6A111F643

SHA256:

8117D10D00A2AD33A1390978EA3872861C330E087914410A6377B22C4C5B8563

SSDEEP:

98304:6kLsYMYXKk7jmHED1W+Q6zBcLOYCwOo5mympFVWkj6Z:VsoJ7SHElRcLFEo5yhWkj6Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • innosetup-6.2.2.exe (PID: 3960)
      • innosetup-6.2.2.exe (PID: 1200)
      • innosetup-6.2.2.tmp (PID: 928)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • innosetup-6.2.2.exe (PID: 3960)
      • innosetup-6.2.2.exe (PID: 1200)
      • innosetup-6.2.2.tmp (PID: 928)

    • Reads the Windows owner or organization settings

      • innosetup-6.2.2.tmp (PID: 928)

    • Reads the Internet Settings

      • Compil32.exe (PID: 316)

  • INFO

    • Checks supported languages

      • innosetup-6.2.2.exe (PID: 3960)
      • innosetup-6.2.2.tmp (PID: 3976)
      • innosetup-6.2.2.tmp (PID: 928)
      • innosetup-6.2.2.exe (PID: 1200)
      • Compil32.exe (PID: 1064)
      • Compil32.exe (PID: 1440)
      • Compil32.exe (PID: 316)

    • Reads the computer name

      • innosetup-6.2.2.tmp (PID: 3976)
      • innosetup-6.2.2.tmp (PID: 928)
      • Compil32.exe (PID: 1064)
      • Compil32.exe (PID: 316)
      • Compil32.exe (PID: 1440)

    • Create files in a temporary directory

      • innosetup-6.2.2.exe (PID: 1200)
      • innosetup-6.2.2.exe (PID: 3960)
      • innosetup-6.2.2.tmp (PID: 928)

    • Creates files in the program directory

      • innosetup-6.2.2.tmp (PID: 928)

    • Creates a software uninstall entry

      • innosetup-6.2.2.tmp (PID: 928)

    • Manual execution by a user

      • Compil32.exe (PID: 316)

    • Reads the machine GUID from the registry

      • Compil32.exe (PID: 316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: jrsoftware.org
FileDescription: Inno Setup Setup
FileVersion:
LegalCopyright: Copyright © 1997-2023 Jordan Russell. Portions Copyright © 2000-2023 Martijn Laan.
OriginalFileName:
ProductName: Inno Setup
ProductVersion: 6.2.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
7
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start innosetup-6.2.2.exe innosetup-6.2.2.tmp no specs innosetup-6.2.2.exe innosetup-6.2.2.tmp compil32.exe no specs compil32.exe no specs compil32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Inno Setup 6\Compil32.exe" C:\Program Files\Inno Setup 6\Compil32.exeexplorer.exe
User:
admin
Company:
Jordan Russell
Integrity Level:
MEDIUM
Description:
Inno Setup Compiler
Version:
0.0.0.0
Modules
Images
c:\program files\inno setup 6\compil32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
928"C:\Users\admin\AppData\Local\Temp\is-ATGTE.tmp\innosetup-6.2.2.tmp" /SL5="$2013A,3752627,832512,C:\Users\admin\AppData\Local\Temp\innosetup-6.2.2.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\is-ATGTE.tmp\innosetup-6.2.2.tmp
innosetup-6.2.2.exe
User:
admin
Company:
jrsoftware.org
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-atgte.tmp\innosetup-6.2.2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1064"C:\Program Files\Inno Setup 6\Compil32.exe" /ASSOCC:\Program Files\Inno Setup 6\Compil32.exeinnosetup-6.2.2.tmp
User:
admin
Company:
Jordan Russell
Integrity Level:
HIGH
Description:
Inno Setup Compiler
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\program files\inno setup 6\compil32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1200"C:\Users\admin\AppData\Local\Temp\innosetup-6.2.2.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\innosetup-6.2.2.exe
innosetup-6.2.2.tmp
User:
admin
Company:
jrsoftware.org
Integrity Level:
HIGH
Description:
Inno Setup Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\innosetup-6.2.2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1440"C:\Program Files\Inno Setup 6\Compil32.exe"C:\Program Files\Inno Setup 6\Compil32.exeinnosetup-6.2.2.tmp
User:
admin
Company:
Jordan Russell
Integrity Level:
MEDIUM
Description:
Inno Setup Compiler
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\program files\inno setup 6\compil32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3960"C:\Users\admin\AppData\Local\Temp\innosetup-6.2.2.exe" C:\Users\admin\AppData\Local\Temp\innosetup-6.2.2.exe
explorer.exe
User:
admin
Company:
jrsoftware.org
Integrity Level:
MEDIUM
Description:
Inno Setup Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\innosetup-6.2.2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3976"C:\Users\admin\AppData\Local\Temp\is-T6KL1.tmp\innosetup-6.2.2.tmp" /SL5="$20138,3752627,832512,C:\Users\admin\AppData\Local\Temp\innosetup-6.2.2.exe" C:\Users\admin\AppData\Local\Temp\is-T6KL1.tmp\innosetup-6.2.2.tmpinnosetup-6.2.2.exe
User:
admin
Company:
jrsoftware.org
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-t6kl1.tmp\innosetup-6.2.2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
10 075
Read events
9 949
Write events
115
Delete events
11

Modification events

(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
A0030000461931EBF39FDA01
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
EEBE9E1F8863509FF0C5D4699668B7FFBE322B980F3D594F4216C997FBADB623
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Inno Setup 6\ISetup.chm
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
C8254159A3B75EAD9BE4527DDE626DD99EE02F7BB3677E92531AF7550B5D37C6
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inno Setup 6_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inno Setup 6_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Inno Setup 6
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inno Setup 6_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Inno Setup 6\
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inno Setup 6_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Inno Setup 6
(PID) Process:(928) innosetup-6.2.2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inno Setup 6_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
40
Suspicious files
63
Text files
86
Unknown types
5

Dropped files

PID
Process
Filename
Type
3960innosetup-6.2.2.exeC:\Users\admin\AppData\Local\Temp\is-T6KL1.tmp\innosetup-6.2.2.tmpexecutable
MD5:1A860ADE3CF55B75DCA48E96E5A7FB65
SHA256:7D1AA4FA34882122AFE88FAB6B14B97EF75F26E41DCFEFD606F17444016B46AA
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\license.txttext
MD5:1FF29E2560A0FF39BFF09F2B1E813F9A
SHA256:63109A2493D8982EDEA6091C3CF5F4705CF46D6914C8732E756DB0A9974B6091
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\is-JBPCE.tmpbinary
MD5:7906A610CD4BC76BA16D004D0AAED074
SHA256:5D71782A0F67FED9CB0BC13DA76F7CB4A3CD32FB05722C4F95347E84CE7E29BA
928innosetup-6.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-U1BST.tmp\iscrypt.icoimage
MD5:548B563280F52CF8089392FABD0E0C90
SHA256:48F9A0E16A897F8B30FA3268C3C537CB68E771D71871F42E2D5D0A2742C8713A
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\ISetup.chmbinary
MD5:7906A610CD4BC76BA16D004D0AAED074
SHA256:5D71782A0F67FED9CB0BC13DA76F7CB4A3CD32FB05722C4F95347E84CE7E29BA
1200innosetup-6.2.2.exeC:\Users\admin\AppData\Local\Temp\is-ATGTE.tmp\innosetup-6.2.2.tmpexecutable
MD5:1A860ADE3CF55B75DCA48E96E5A7FB65
SHA256:7D1AA4FA34882122AFE88FAB6B14B97EF75F26E41DCFEFD606F17444016B46AA
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\unins000.exeexecutable
MD5:1A860ADE3CF55B75DCA48E96E5A7FB65
SHA256:7D1AA4FA34882122AFE88FAB6B14B97EF75F26E41DCFEFD606F17444016B46AA
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\Compil32.exeexecutable
MD5:9883F2B76A55BBA9AD696669845B7AEC
SHA256:F33E603734FDED7452D016E96097DBE144A7294FEA2A504C44693FF06AC8F014
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\is-UF4QD.tmpexecutable
MD5:9883F2B76A55BBA9AD696669845B7AEC
SHA256:F33E603734FDED7452D016E96097DBE144A7294FEA2A504C44693FF06AC8F014
928innosetup-6.2.2.tmpC:\Program Files\Inno Setup 6\is-248RA.tmptext
MD5:1FF29E2560A0FF39BFF09F2B1E813F9A
SHA256:63109A2493D8982EDEA6091C3CF5F4705CF46D6914C8732E756DB0A9974B6091
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
innosetup-6.2.2.exe