File name:

VCDS lite 1.2 Full (Registered Activated).exe

Full analysis: https://app.any.run/tasks/53f22ba9-59b2-4b99-8b8e-c2862c6ed917
Verdict: Malicious activity
Analysis date: May 28, 2024, 19:18:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

AD52FEFB38467045C1C7F109E2C5992D

SHA1:

BCFA87968A512E911D529E32890C917D5D50CD57

SHA256:

86071CA8E1253B1C55F60EC0EE76D69B747E489E1C057D8E2079294A6EAB92CB

SSDEEP:

98304:Pm7lOF26jeJd4YWJ2oyyFe24DpFGTXnLVNyc+h:e7EF9+d4YKXyG34FoTnLVNycm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)

    • The process creates files with name similar to system file names

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)

  • INFO

    • Reads the computer name

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)

    • Checks supported languages

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)

    • Create files in a temporary directory

      • VCDS lite 1.2 Full (Registered Activated).exe (PID: 3964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x323c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: Used to install VCDS-Lite 1.2
CompanyName: Ross-Tech, LLC
FileDescription: VCDS-Lite Installer
FileVersion: VCDS-Lite 1.2 Installer
LegalCopyright: Copyright (C) 2008 Ross-Tech, LLC
ProductName: VCDS-Lite
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vcds lite 1.2 full (registered activated).exe

Process information

PID
CMD
Path
Indicators
Parent process
3964"C:\Users\admin\AppData\Local\Temp\VCDS lite 1.2 Full (Registered Activated).exe" C:\Users\admin\AppData\Local\Temp\VCDS lite 1.2 Full (Registered Activated).exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS-Lite Installer
Version:
VCDS-Lite 1.2 Installer
Modules
Images
c:\users\admin\appdata\local\temp\vcds lite 1.2 full (registered activated).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 313
Read events
2 313
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3964VCDS lite 1.2 Full (Registered Activated).exeC:\Users\admin\AppData\Local\Temp\nsr3BB5.tmp\modern-header.bmpimage
MD5:AE878CB81589BCFBF5908B04D2890951
SHA256:7E742E1EF69AB17FE5F376220F87F1F5159A3965D4DC3D10DD8BE9264F8F7EE0
3964VCDS lite 1.2 Full (Registered Activated).exeC:\Users\admin\AppData\Local\Temp\nsr3BB5.tmp\modern-wizard.bmpimage
MD5:0FFD85E3F99B7037ADE07C678A125FD6
SHA256:8B625567E69B89D2E55D5BFA19AC3F7498179BA904C9C289E218BC4A528F7E58
3964VCDS lite 1.2 Full (Registered Activated).exeC:\Users\admin\AppData\Local\Temp\nsr3BB5.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
3964VCDS lite 1.2 Full (Registered Activated).exeC:\Users\admin\AppData\Local\Temp\nsr3BB5.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VCDS lite 1.2 Full (Registered Activated).exe