File name:

nada_164_046d-uipak_x32.exe

Full analysis: https://app.any.run/tasks/e216de29-8092-46df-8ef8-fe5aeda72de9
Verdict: Malicious activity
Analysis date: February 27, 2024, 14:27:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

391D2487595EF8E8368B9271ABC76799

SHA1:

BFA7D96B893CA7FEA349BA8D01A4F6AC17FBD968

SHA256:

85156B6391D646DFD0A9E8FBFBA5BF234E1F629C78F0844034330A862FD77C1C

SSDEEP:

6144:tzZZxgKlrEf08BCxkA6IGfA9TlM432wa7AfNgm2/xqHTi0zY108OiI:tzZz3wf0YWkIGoBMJ5QN3neVO/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • nada_164_046d-uipak_x32.exe (PID: 3864)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • The process creates files with name similar to system file names

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • nada_164_046d-uipak_x32.exe (PID: 3864)

  • INFO

    • Checks supported languages

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • Create files in a temporary directory

      • nada_164_046d-uipak_x32.exe (PID: 3864)

    • Reads the computer name

      • nada_164_046d-uipak_x32.exe (PID: 3864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:09:09 13:23:33+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 26624
InitializedDataSize: 475136
UninitializedDataSize: 16896
EntryPoint: 0x3415
OSVersion: 5
ImageVersion: 6.1
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.0.119.0
ProductVersionNumber: 2.0.119.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Logitech
CompanyWebsite: http://www.logitech.com
FileDescription: -
FileVersion: 2
LegalCopyright: -
ProductName: LogiUI Pak
ProductVersion: 2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start nada_164_046d-uipak_x32.exe

Process information

PID
CMD
Path
Indicators
Parent process
3864"C:\Users\admin\AppData\Local\Temp\nada_164_046d-uipak_x32.exe" C:\Users\admin\AppData\Local\Temp\nada_164_046d-uipak_x32.exe
explorer.exe
User:
admin
Company:
Logitech
Integrity Level:
MEDIUM
Exit code:
0
Version:
2.00
Modules
Images
c:\users\admin\appdata\local\temp\nada_164_046d-uipak_x32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 370
Read events
2 364
Write events
6
Delete events
0

Modification events

(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiShrd\DownloadAssistant
Operation:writeName:UIPath
Value:
C:\Users\admin\AppData\Local\Temp\LogiUI\Pak
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiShrd\DownloadAssistant
Operation:writeName:UIRemove
Value:
C:\Users\admin\AppData\Local\Temp\LogiUI\Pak\uninstall.exe
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak\Components
Operation:writeName:UI
Value:
1
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak
Operation:writeName:Path
Value:
C:\Users\admin\AppData\Local\Temp\LogiUI\Pak
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak
Operation:writeName:StartMenuGroup
Value:
LogiLang Pak
(PID) Process:(3864) nada_164_046d-uipak_x32.exeKey:HKEY_CURRENT_USER\Software\LogiUI Pak
Operation:writeName:InstallerLanguage
Value:
1033
Executable files
5
Suspicious files
1
Text files
65
Unknown types
0

Dropped files

PID
Process
Filename
Type
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\nsmF8A9.tmp\System.dllexecutable
MD5:B9F430F71C7144D8FF4AB94BE2785AA6
SHA256:B496E81A74CE871236ABCD096FB9A6B210B456BEBAA7464FA844B3241E51A655
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\css\basic-quickflips.csstext
MD5:F3856202AA9A07416089BA98AD01419E
SHA256:3502017550AF6C2E1BC08C5E0A5A55C1C48706BC10A51CF2212E3A6F687791DB
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\icon_error.pngimage
MD5:2FCD5ED873E72D95412A3AA11E04650F
SHA256:6F2DE92FDED990DEF91A02BA1F289C4FDE1121E3B01A6EF5888EB117B4118123
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\html\welcome.htmlhtml
MD5:CFCB0E546D9A5B527FCBD970D5285BC7
SHA256:2065BCFA62B410FFA2B79AFC102B78A5071301CF16F94D2D42C12BE8365AB253
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\icon_success.pngimage
MD5:AEF0C4009D5DAE2C1E8A94101B2C53E8
SHA256:DBBA6ABF7A5747E7C88F1F5238AAF89ABFF09ECF2EFCAACA445D5E1BEA7EE004
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\img\button_close_disabled.pngimage
MD5:B5F344C060C2A81EB9CFDF8FF56B776A
SHA256:9EE069E6F1C689AF4B21CA276BA7EFC117AE2D391894A03CA75E91B9D70E4F44
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\html\download.htmlhtml
MD5:8B9EB8DB472EBE5F0433AF26DC7D676F
SHA256:5B29978827B527001EDE12D08281C36CDCDF7C3D228B91166893285FCF7B4634
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\html\finish.htmlhtml
MD5:572FD27E56F1A964DD0D44350FBB0572
SHA256:B82DEA4689E45D9C1861D03AD7719CC17340EAC08225206769E3A7FC8817AFA6
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\LogiUI\Pak\css\smart.csstext
MD5:119E08845635C6B45D3AAAECE1801072
SHA256:98FCC4A906EC8E2534224EF834E8CB1A440BDA4D2C15044D434FDBE9BCC1E9D5
3864nada_164_046d-uipak_x32.exeC:\Users\admin\AppData\Local\Temp\nsmF8A9.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nada_164_046d-uipak_x32.exe