File name:

nada_164_046d-uipak_x32.exe

Full analysis: https://app.any.run/tasks/e216de29-8092-46df-8ef8-fe5aeda72de9
Verdict: Malicious activity
Analysis date: February 27, 2024, 14:27:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

391D2487595EF8E8368B9271ABC76799

SHA1:

BFA7D96B893CA7FEA349BA8D01A4F6AC17FBD968

SHA256:

85156B6391D646DFD0A9E8FBFBA5BF234E1F629C78F0844034330A862FD77C1C

SSDEEP:

6144:tzZZxgKlrEf08BCxkA6IGfA9TlM432wa7AfNgm2/xqHTi0zY108OiI:tzZz3wf0YWkIGoBMJ5QN3neVO/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • nada_164_046d-uipak_x32.exe (PID: 3864)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • The process creates files with name similar to system file names

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • Executable content was dropped or overwritten

      • nada_164_046d-uipak_x32.exe (PID: 3864)

  • INFO

    • Reads the computer name

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • Checks supported languages

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • Create files in a temporary directory

      • nada_164_046d-uipak_x32.exe (PID: 3864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:09:09 13:23:33+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 26624
InitializedDataSize: 475136
UninitializedDataSize: 16896
EntryPoint: 0x3415
OSVersion: 5
ImageVersion: 6.1
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.0.119.0
ProductVersionNumber: 2.0.119.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Logitech
CompanyWebsite: http://www.logitech.com
FileDescription: -
FileVersion: 2
LegalCopyright: -
ProductName: LogiUI Pak
ProductVersion: 2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start nada_164_046d-uipak_x32.exe

Process information

PID
CMD
Path
Indicators
Parent process
3864"C:\Users\admin\AppData\Local\Temp\nada_164_046d-uipak_x32.exe" C:\Users\admin\AppData\Local\Temp\nada_164_046d-uipak_x32.exe
explorer.exe
User:
admin
Company:
Logitech
Integrity Level:
MEDIUM
Exit code:
0
Version:
2.00
Modules
Images
c:\users\admin\appdata\local\temp\nada_164_046d-uipak_x32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 370
Read events
2 364
Write events
6
Delete events
0

Modification events

(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiShrd\DownloadAssistant
Operation:writeName:UIPath
Value:
C:\Users\admin\AppData\Local\Temp\LogiUI\Pak
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiShrd\DownloadAssistant
Operation:writeName:UIRemove
Value:
C:\Users\admin\AppData\Local\Temp\LogiUI\Pak\uninstall.exe
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak\Components
Operation:writeName:UI
Value:
1
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak
Operation:writeName:Path
Value:
C:\Users\admin\AppData\Local\Temp\LogiUI\Pak
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak
Operation:writeName:StartMenuGroup
Value:
LogiLang Pak
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak
Operation:writeName:InstallerLanguage
Value:
1033
Executable files
5
Suspicious files
1
Text files
65
Unknown types
0

Dropped files

PID
Process
Filename
Type
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\nsmF8A9.tmp\System.dllexecutable
MD5:B9F430F71C7144D8FF4AB94BE2785AA6
SHA256:B496E81A74CE871236ABCD096FB9A6B210B456BEBAA7464FA844B3241E51A655
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\nsmF8A9.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\nsmF8A9.tmp\nsDialogs.dllexecutable
MD5:7823FC560926DCD8741DE6F0B900083F
SHA256:CA869D6C6752AA4A8A6C874A694B543442992D7E854D0C48A1B60BCA01A8C8C6
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\nsmF8A9.tmp\LangDLL.dllexecutable
MD5:8E806EA2E205DC508A2FB5ADDA3419DB
SHA256:86A55734B8802051BBBD0E8C9C506D0CA985BC5C99113E99B309469046133937
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\device_jpn.pngimage
MD5:FA577E93317FB1F59D2CB28B31A27540
SHA256:BF3614803858CA25F80A5DFBD08907787CCF02888D9256A8361841DDC6C64E29
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\button_close_disabled.pngimage
MD5:B5F344C060C2A81EB9CFDF8FF56B776A
SHA256:9EE069E6F1C689AF4B21CA276BA7EFC117AE2D391894A03CA75E91B9D70E4F44
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\device.pngimage
MD5:FA577E93317FB1F59D2CB28B31A27540
SHA256:BF3614803858CA25F80A5DFBD08907787CCF02888D9256A8361841DDC6C64E29
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\icon_error.pngimage
MD5:2FCD5ED873E72D95412A3AA11E04650F
SHA256:6F2DE92FDED990DEF91A02BA1F289C4FDE1121E3B01A6EF5888EB117B4118123
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\logo.pngimage
MD5:9F06CA5B2F3A8777D742C7494679905B
SHA256:5992638A5C0BB07CEBD61F48BC56029808B5B5A1E6403DC0DFB42037A2771441
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\icon_success.pngimage
MD5:AEF0C4009D5DAE2C1E8A94101B2C53E8
SHA256:DBBA6ABF7A5747E7C88F1F5238AAF89ABFF09ECF2EFCAACA445D5E1BEA7EE004
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nada_164_046d-uipak_x32.exe