URL: | https://download3.showmypc.com/ShowMyPC3520.exe |
Full analysis: | https://app.any.run/tasks/38c27271-5b10-47f9-9d3f-5a51256177a9 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 13:50:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 3D417341C3AB73E4EBE46DCF437F0881 |
SHA1: | 2426FABE902DD9240BB3360151B3FBDCDEBFC9FD |
SHA256: | 8346A7938DA54F82B6337C21317A216FFD1AEFF022EFB18CC36073670F2A0BA9 |
SSDEEP: | 3:N8SE4LKJIquSB1Gb:2SeoTb |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3272 | "C:\Program Files\Internet Explorer\iexplore.exe" https://download3.showmypc.com/ShowMyPC3520.exe | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3096 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3272 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3044 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe | iexplore.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3036 | "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" | C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe | ShowMyPC3520[1].exe | |
User: admin Company: ShowMyPC Integrity Level: MEDIUM Description: ShowMyPC Exit code: 0 Version: 7.0.0.1 | ||||
3820 | "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" | C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe | SMPCSetup.exe | |
User: admin Company: ShowMyPC Integrity Level: HIGH Description: ShowMyPC Version: 7.0.0.1 | ||||
3228 | "C:\Windows\System32\net.exe" stop winvnc4 | C:\Windows\System32\net.exe | — | SMPCSetup.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2336 | "C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" | C:\Windows\System32\netsh.exe | — | SMPCSetup.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3428 | C:\Windows\system32\net1 stop winvnc4 | C:\Windows\system32\net1.exe | — | net.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2416 | "C:\Windows\System32\net.exe" stop uvnc_service | C:\Windows\System32\net.exe | — | SMPCSetup.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3124 | C:\Windows\system32\net1 stop uvnc_service | C:\Windows\system32\net1.exe | — | net.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3272 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFC4492A1A12EBCFB8.TMP | — | |
MD5:— | SHA256:— | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHNMSH6I\ShowMyPC3520[1].exe | executable | |
MD5:CBD6AFBA01E715B15FCEDD953F24A286 | SHA256:EA6AC32A9E4674B205D0F952848D72830E082E81CD9A811E93366FE4AC3C2040 | |||
3044 | ShowMyPC3520[1].exe | C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe | executable | |
MD5:885DE0364B125E3AA85005EA8222B06C | SHA256:30C4485C4ECA05E41EADF0C3E49DBF8EA8441F1334B7B8C7AD644B3C63824E4D | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:68372A8E2683B40AA9761209006951CC | SHA256:FFE93E1DFC50D9C71B5ADB4EEB235A23A12C9B2BD4374459D4B7B8630D16B0F5 | |||
3272 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe | executable | |
MD5:CBD6AFBA01E715B15FCEDD953F24A286 | SHA256:EA6AC32A9E4674B205D0F952848D72830E082E81CD9A811E93366FE4AC3C2040 | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHNMSH6I\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3272 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{6283C3DA-7718-11E9-A09E-5254004A04AF}.dat | binary | |
MD5:99492F4F3A337951E6E7E1BD967EBC10 | SHA256:0DC36C2BB8A4DDF57E3294E90B7C32E11A0471A31BA50E13F67BF11E4800C6D0 | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:D8FE4F57F29442B8F0A36C4CEBDEFF5C | SHA256:19609177EA43A759B704C9EC3A01A50B3AB779B817359A0E1EECB346F724D519 | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00G3HUBI\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3044 | ShowMyPC3520[1].exe | C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\settings.ini | text | |
MD5:64D3A6D1366F2864599D904E01C6CC9D | SHA256:ADC989A4AB444C8153C1647FF8DC25CCCB73B0AD554951350FBAA5B67BD12495 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3036 | SMPCSetup.exe | GET | — | 35.239.221.136:80 | http://showmypc.com/app/about-us1.html?pv=3520 | US | — | — | malicious |
3820 | SMPCSetup.exe | GET | 200 | 35.239.221.136:80 | http://showmypc.com/app/about-us1.html?pv=3520 | US | html | 4.92 Kb | malicious |
3820 | SMPCSetup.exe | GET | 200 | 91.199.212.52:80 | http://crt.comodoca.com/COMODORSACodeSigningCA.crt | GB | der | 1.47 Kb | whitelisted |
3820 | SMPCSetup.exe | GET | 200 | 52.216.176.61:80 | http://s3.showmypc.com/js/themes/base/ui.all.css | US | text | 49 b | shared |
3820 | SMPCSetup.exe | GET | 200 | 52.216.176.61:80 | http://s3.showmypc.com/js/themes/base/ui.resizable.css | US | text | 1005 b | shared |
3036 | SMPCSetup.exe | GET | 200 | 67.27.234.126:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 56.1 Kb | whitelisted |
3820 | SMPCSetup.exe | GET | 200 | 172.217.16.130:80 | http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | US | text | 32.2 Kb | whitelisted |
3820 | SMPCSetup.exe | GET | 200 | 52.216.176.61:80 | http://s3.showmypc.com/js/themes/base/ui.accordion.css | US | text | 739 b | shared |
3820 | SMPCSetup.exe | GET | 200 | 52.216.176.61:80 | http://s3.showmypc.com/js/themes/base/ui.core.css | US | text | 1.35 Kb | shared |
3820 | SMPCSetup.exe | GET | 200 | 91.199.212.52:80 | http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3096 | iexplore.exe | 35.239.221.136:443 | download3.showmypc.com | — | US | suspicious |
3036 | SMPCSetup.exe | 91.199.212.52:80 | crt.comodoca.com | Comodo CA Ltd | GB | suspicious |
3036 | SMPCSetup.exe | 67.27.234.126:80 | www.download.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3036 | SMPCSetup.exe | 35.239.221.136:443 | download3.showmypc.com | — | US | suspicious |
— | — | 35.239.221.136:80 | download3.showmypc.com | — | US | suspicious |
3272 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3820 | SMPCSetup.exe | 91.199.212.52:80 | crt.comodoca.com | Comodo CA Ltd | GB | suspicious |
3820 | SMPCSetup.exe | 35.239.221.136:443 | download3.showmypc.com | — | US | suspicious |
3820 | SMPCSetup.exe | 35.239.221.136:80 | download3.showmypc.com | — | US | suspicious |
3820 | SMPCSetup.exe | 172.217.16.142:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
download3.showmypc.com |
| malicious |
www.bing.com |
| whitelisted |
crt.comodoca.com |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
showmypc.com |
| malicious |
s3.showmypc.com |
| shared |
pagead2.googlesyndication.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |