File name:

FlvPlayerSetup (1).exe

Full analysis: https://app.any.run/tasks/6f0324cd-b98a-4961-993b-c775a618772e
Verdict: Malicious activity
Analysis date: April 25, 2024, 14:06:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4C1B2B237F377C504A4B14D35EC44798

SHA1:

B9D28590BF6122E946C32202957C84A45710001C

SHA256:

88587B0DCEFBD65F6E6D4AE473F699CEB311C56D1249B1B25572F268FB3DCFF9

SSDEEP:

24576:E82KRd+GMEfCD3WDoPekdcq/EdFKPu6/+sQiNy8XT6ikfIPnG1e7rrLcuUav+Mo:E82KKdEfCD3AoPekdcq/E7KP1/+sQiY/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • FlvPlayerSetup (1).exe (PID: 3416)

  • SUSPICIOUS

    • Reads the Internet Settings

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads security settings of Internet Explorer

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Application launched itself

      • FlvPlayerSetup (1).exe (PID: 3416)

    • Reads Microsoft Outlook installation path

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads Internet Explorer settings

      • FlvPlayerSetup (1).exe (PID: 1424)

  • INFO

    • Checks supported languages

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Create files in a temporary directory

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Process checks whether UAC notifications are on

      • FlvPlayerSetup (1).exe (PID: 3416)

    • Reads the computer name

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Checks proxy server information

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads the machine GUID from the registry

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Creates files or folders in the user directory

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads CPU info

      • FlvPlayerSetup (1).exe (PID: 1424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37888
InitializedDataSize: 15360
UninitializedDataSize: -
EntryPoint: 0x9c40
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription:
FileVersion:
LegalCopyright:
ProductName:
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start flvplayersetup (1).exe no specs flvplayersetup (1).exe

Process information

PID
CMD
Path
Indicators
Parent process
1424"C:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exe" /RSFC:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exe
FlvPlayerSetup (1).exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Version:
Modules
Images
c:\users\admin\appdata\local\temp\flvplayersetup (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3416"C:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exe" C:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\flvplayersetup (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
Total events
5 152
Read events
4 808
Write events
284
Delete events
60

Modification events

(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
0
Suspicious files
6
Text files
69
Unknown types
0

Dropped files

PID
Process
Filename
Type
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\001BDC62.logtext
MD5:2CCC75B134117585E755C548D02F073A
SHA256:CC35AA529B725B6672372A7C74087714051E1156CEBDF8CE2E93EEF515B89A98
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\main.csstext
MD5:71C4B9EEE86D2B6DEE2759F9D4599891
SHA256:4A0FB9191D25E0B38E33EA69D52DA7121322D2BAEA2F1071DA0C705FBF6C9AD6
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\button.csstext
MD5:37E1FF96E084EC201F0D95FEEF4D5E94
SHA256:8E806F5B94FC294E918503C8053EF1284E4F4B1E02C7DA4F4635E33EC33E0534
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\form.bmp.Maskbinary
MD5:D2FC989F9C2043CD32332EC0FAD69C70
SHA256:27DD029405CBFB0C3BF8BAC517BE5DB9AA83E981B1DC2BD5C5D6C549FA514101
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\csshover3.htcbinary
MD5:52FA0DA50BF4B27EE625C80D36C67941
SHA256:E37E99DDFC73AC7BA774E23736B2EF429D9A0CB8C906453C75B14C029BDD5493
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\images\progress-bg2.pngimage
MD5:B582D9A67BFE77D523BA825FD0B9DAE3
SHA256:AB4EEB3EA1EEF4E84CB61ECCB0BA0998B32108D70B3902DF3619F4D9393F74C3
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\images\progress-bg.pngimage
MD5:E9F12F92A9EEB8EBE911080721446687
SHA256:C1CF449536BC2778E27348E45F0F53D04C284109199FB7A9AF7A61016B91F8BC
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\dat\upd.DATbinary
MD5:F9233BD73D8A08DB4650810BA79EC384
SHA256:A2D1B12F92509C33A951AA8D0542CD3C4F7DD54F133872BA1C9D759E882099D3
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\images\Grey_Button.pngimage
MD5:94CFF096CAE7F90AF8DB4D4113E5DAFB
SHA256:E6D91D3BE5902FDB8F296D54631499DF31D8ADE6299DD78E902D7578B4D15E18
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\images\Color_Button_Hover.pngimage
MD5:97DCE4B9AC73486FEACECD8B4A3B9186
SHA256:72B1EA3E029A939C6FC0851C422787319C61D3B9A1945B82E193ED255FBCDAB2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
14
DNS requests
8
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1424
FlvPlayerSetup (1).exe
49.13.77.253:80
os.free-filedownload.com
Hetzner Online GmbH
DE
unknown
1424
FlvPlayerSetup (1).exe
66.216.77.22:80
d.adapd.com
RMH-14
US
unknown

DNS requests

Domain
IP
Reputation
os.free-filedownload.com
  • 49.13.77.253
unknown
d3qor7nx9zb32s.cloudfront.net
unknown
dns.msftncsi.com
  • 131.107.255.255
shared
os2.free-filedownload.com
  • 49.13.77.253
unknown
d.adapd.com
  • 66.216.77.22
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FlvPlayerSetup (1).exe