File name:

FlvPlayerSetup (1).exe

Full analysis: https://app.any.run/tasks/6f0324cd-b98a-4961-993b-c775a618772e
Verdict: Malicious activity
Analysis date: April 25, 2024, 14:06:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4C1B2B237F377C504A4B14D35EC44798

SHA1:

B9D28590BF6122E946C32202957C84A45710001C

SHA256:

88587B0DCEFBD65F6E6D4AE473F699CEB311C56D1249B1B25572F268FB3DCFF9

SSDEEP:

24576:E82KRd+GMEfCD3WDoPekdcq/EdFKPu6/+sQiNy8XT6ikfIPnG1e7rrLcuUav+Mo:E82KKdEfCD3AoPekdcq/E7KP1/+sQiY/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • FlvPlayerSetup (1).exe (PID: 3416)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Application launched itself

      • FlvPlayerSetup (1).exe (PID: 3416)

    • Reads the Internet Settings

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads Microsoft Outlook installation path

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads Internet Explorer settings

      • FlvPlayerSetup (1).exe (PID: 1424)

  • INFO

    • Process checks whether UAC notifications are on

      • FlvPlayerSetup (1).exe (PID: 3416)

    • Checks supported languages

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads the computer name

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Create files in a temporary directory

      • FlvPlayerSetup (1).exe (PID: 3416)
      • FlvPlayerSetup (1).exe (PID: 1424)

    • Checks proxy server information

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads the machine GUID from the registry

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Creates files or folders in the user directory

      • FlvPlayerSetup (1).exe (PID: 1424)

    • Reads CPU info

      • FlvPlayerSetup (1).exe (PID: 1424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37888
InitializedDataSize: 15360
UninitializedDataSize: -
EntryPoint: 0x9c40
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription:
FileVersion:
LegalCopyright:
ProductName:
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start flvplayersetup (1).exe no specs flvplayersetup (1).exe

Process information

PID
CMD
Path
Indicators
Parent process
1424"C:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exe" /RSFC:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exe
FlvPlayerSetup (1).exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Version:
Modules
Images
c:\users\admin\appdata\local\temp\flvplayersetup (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3416"C:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exe" C:\Users\admin\AppData\Local\Temp\FlvPlayerSetup (1).exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\flvplayersetup (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
Total events
5 152
Read events
4 808
Write events
284
Delete events
60

Modification events

(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3416) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1424) FlvPlayerSetup (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
0
Suspicious files
6
Text files
69
Unknown types
0

Dropped files

PID
Process
Filename
Type
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\001BDC62.logtext
MD5:2CCC75B134117585E755C548D02F073A
SHA256:CC35AA529B725B6672372A7C74087714051E1156CEBDF8CE2E93EEF515B89A98
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\images\progress-bg-corner.pngimage
MD5:608F1F20CD6CA9936EAA7E8C14F366BE
SHA256:86B6E6826BCDE2955D64D4600A4E01693522C1FDDF156CE31C4BA45B3653A7BD
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\browse.csstext
MD5:6009D6E864F60AEA980A9DF94C1F7E1C
SHA256:5EF48A8C8C3771B4F233314D50DD3B5AFDCD99DD4B74A9745C8FE7B22207056D
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\checkbox.csstext
MD5:64773C6B0E3413C81AEBC46CCE8C9318
SHA256:B09504C1BF0486D3EC46500592B178A3A6C39284672AF8815C3687CC3D29560D
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\images\progress-bg.pngimage
MD5:E9F12F92A9EEB8EBE911080721446687
SHA256:C1CF449536BC2778E27348E45F0F53D04C284109199FB7A9AF7A61016B91F8BC
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\images\button-bg.pngimage
MD5:98B1DE48DFA64DC2AA1E52FACFBEE3B0
SHA256:2693930C474FE640E2FE8D6EF98ABE2ECD303D2392C3D8B2E006E8942BA8F534
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\button.csstext
MD5:37E1FF96E084EC201F0D95FEEF4D5E94
SHA256:8E806F5B94FC294E918503C8053EF1284E4F4B1E02C7DA4F4635E33EC33E0534
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\ie6_main.csstext
MD5:B1F08F2E91E5873445192057D5B8925B
SHA256:87DDEB4F75EA86ED9943708C481767468F57E05EA16BFDD2E7E67413200302AE
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\css\sdk-ui\images\progress-bg2.pngimage
MD5:B582D9A67BFE77D523BA825FD0B9DAE3
SHA256:AB4EEB3EA1EEF4E84CB61ECCB0BA0998B32108D70B3902DF3619F4D9393F74C3
3416FlvPlayerSetup (1).exeC:\Users\admin\AppData\Local\Temp\ISH182~1\images\BG.jpgimage
MD5:F719B100453D490772A2EB9EAA3F807E
SHA256:A3357B1B14C5EFE4AFD0F218F45A3188F304C98D819952E2027037C1FE273488
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
14
DNS requests
8
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1424
FlvPlayerSetup (1).exe
49.13.77.253:80
os.free-filedownload.com
Hetzner Online GmbH
DE
unknown
1424
FlvPlayerSetup (1).exe
66.216.77.22:80
d.adapd.com
RMH-14
US
unknown

DNS requests

Domain
IP
Reputation
os.free-filedownload.com
  • 49.13.77.253
unknown
d3qor7nx9zb32s.cloudfront.net
unknown
dns.msftncsi.com
  • 131.107.255.255
shared
os2.free-filedownload.com
  • 49.13.77.253
unknown
d.adapd.com
  • 66.216.77.22
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FlvPlayerSetup (1).exe