File name:

YandexDisk30Setup.exe

Full analysis: https://app.any.run/tasks/3b3cbe96-c8ed-4ded-a168-70c734788cee
Verdict: Malicious activity
Analysis date: June 03, 2019, 07:58:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1647AE22B20348791E1C23F1375926EF

SHA1:

9CE8C6CB6F2C6F1E4B58E05B4718ED72EE35CD2A

SHA256:

88F457D7387BA3FCA5FDD851D50411CE62DCE289A5AA92E78D9FA0487692B2CA

SSDEEP:

49152:mlZtDRQZV1yqq5e28AheaHpOZ6ay/eTn276+/ijnBZc:mlZtDRQZV1yqqdDH0gL6+6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • YandexDisk2.exe (PID: 2068)
      • YandexDisk2.exe (PID: 1492)

    • Application was dropped or rewritten from another process

      • YandexDisk2.exe (PID: 2068)
      • 7za.exe (PID: 2464)
      • 7za.exe (PID: 3816)
      • YandexDisk2.exe (PID: 1492)
      • 7za.exe (PID: 408)
      • 7za.exe (PID: 3572)
      • 7za.exe (PID: 2076)
      • 7za.exe (PID: 2416)
      • 7za.exe (PID: 4048)
      • 7za.exe (PID: 3464)
      • 7za.exe (PID: 3424)
      • 7za.exe (PID: 1492)
      • 7za.exe (PID: 2572)
      • 7za.exe (PID: 3604)
      • 7za.exe (PID: 284)
      • 7za.exe (PID: 3256)
      • 7za.exe (PID: 2400)
      • 7za.exe (PID: 3388)
      • 7za.exe (PID: 2572)
      • 7za.exe (PID: 2500)
      • 7za.exe (PID: 2156)
      • 7za.exe (PID: 2984)
      • 7za.exe (PID: 1008)
      • 7za.exe (PID: 2936)
      • 7za.exe (PID: 2556)
      • 7za.exe (PID: 3848)

  • SUSPICIOUS

    • Creates files in the program directory

      • YandexDisk30Setup.exe (PID: 2576)
      • 7za.exe (PID: 3816)
      • 7za.exe (PID: 2464)
      • 7za.exe (PID: 2076)
      • 7za.exe (PID: 2416)
      • 7za.exe (PID: 4048)
      • 7za.exe (PID: 3464)
      • YandexDisk30Setup_x86.exe (PID: 928)
      • 7za.exe (PID: 3424)
      • 7za.exe (PID: 1492)
      • 7za.exe (PID: 2572)
      • 7za.exe (PID: 3604)
      • 7za.exe (PID: 3256)
      • 7za.exe (PID: 284)
      • 7za.exe (PID: 2400)
      • 7za.exe (PID: 3572)
      • 7za.exe (PID: 2572)
      • 7za.exe (PID: 1008)
      • 7za.exe (PID: 408)
      • 7za.exe (PID: 2156)
      • 7za.exe (PID: 2984)
      • 7za.exe (PID: 2936)
      • 7za.exe (PID: 2500)
      • 7za.exe (PID: 2556)
      • 7za.exe (PID: 3848)
      • 7za.exe (PID: 3388)

    • Modifies the open verb of a shell class

      • YandexDisk30Setup_x86.exe (PID: 3068)
      • YandexDisk30Setup_x86.exe (PID: 928)

    • Executable content was dropped or overwritten

      • YandexDisk30Setup_x86.exe (PID: 928)
      • 7za.exe (PID: 2464)

    • Application launched itself

      • YandexDisk30Setup_x86.exe (PID: 928)
      • YandexDisk30Setup.exe (PID: 2576)

    • Creates files in the user directory

      • YandexDisk30Setup_x86.exe (PID: 928)
      • YandexDisk30Setup.exe (PID: 2576)
      • YandexDisk2.exe (PID: 1492)

    • Creates COM task schedule object

      • YandexDisk30Setup_x86.exe (PID: 928)

    • Creates a software uninstall entry

      • YandexDisk30Setup_x86.exe (PID: 928)

    • Reads internet explorer settings

      • YandexDisk2.exe (PID: 1492)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:05:23 20:57:19+02:00
PEType: PE32
LinkerVersion: 14.16
CodeSize: 943616
InitializedDataSize: 998912
UninitializedDataSize: -
EntryPoint: 0x86f5f
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 3.1.4.2788
ProductVersionNumber: 3.1.4.2788
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Russian
CharacterSet: Unicode
CompanyName: Яндекс
FileDescription: YandexDiskSetup
FileVersion: 3.1.4.2788
InternalName: YandexDiskSetup
LegalCopyright: © 2016-2019 ООО "ЯНДЕКС"
OriginalFileName: YandexDiskSetup.exe
ProductName: Яндекс.Диск
ProductVersion: 3.1.4.2788
Tag040904B0: -
Tag041F04B0: -

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 23-May-2019 18:57:19
Detected languages:
  • English - United States
  • Russian - Russia
TLS Callbacks: 1 callback(s) detected.
Debug artifacts:
  • C:\BuildAgent\work\che-trunk-git-yandex-ru\win\YandexDiskUploaderSetup\Release\YandexDiskSetup.pdb
CompanyName: Яндекс
FileDescription: YandexDiskSetup
FileVersion: 3.1.4.2788
InternalName: YandexDiskSetup
LegalCopyright: © 2016-2019 ООО "ЯНДЕКС"
OriginalFilename: YandexDiskSetup.exe
ProductName: Яндекс.Диск
ProductVersion: 3.1.4.2788

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000128

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 23-May-2019 18:57:19
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x000E64CB
0x000E6600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.58552
.rdata
0x000E8000
0x0009A5A6
0x0009A600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.49317
.data
0x00183000
0x0000AA38
0x00007E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.95442
.rsrc
0x0018E000
0x0003D4F8
0x0003D600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.31058
.reloc
0x001CC000
0x000114DC
0x00011600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.5334

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.31658
1398
UNKNOWN
English - United States
RT_MANIFEST
2
4.07778
1128
UNKNOWN
UNKNOWN
RT_ICON
3
4.24219
1720
UNKNOWN
UNKNOWN
RT_ICON
4
4.05163
2440
UNKNOWN
UNKNOWN
RT_ICON
5
7.92983
24615
UNKNOWN
UNKNOWN
RT_ICON
6
4.05799
3288
UNKNOWN
UNKNOWN
RT_ICON
7
3.91869
4264
UNKNOWN
UNKNOWN
RT_ICON
8
3.62784
6760
UNKNOWN
UNKNOWN
RT_ICON
9
3.34877
9640
UNKNOWN
UNKNOWN
RT_ICON
10
3.30199
16936
UNKNOWN
UNKNOWN
RT_ICON

Imports

ADVAPI32.dll (delay-loaded)
COMCTL32.dll
CRYPT32.dll
GDI32.dll
KERNEL32.dll
OLEAUT32.dll
PSAPI.DLL
RPCRT4.dll
SHELL32.dll
SHLWAPI.dll

Exports

Title
Ordinal
Address
?$TSS0@?1??get_instance@?$singleton@V?$extended_type_info_typeid@Uactivity_item@core_utils@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@Uactivity_item@core_utils@@@34@XZ@4HA
1
0x0018D7C0
?$TSS0@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$list@Uactivity_item@core_utils@@V?$allocator@Uactivity_item@core_utils@@@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$list@Uactivity_item@core_utils@@V?$allocator@Uactivity_item@core_utils@@@std@@@std@@@34@XZ@4HA
2
0x0018D850
?$TSS0@?1??get_instance@?$singleton@V?$extended_type_info_typeid@Vtelemetry_chunk@core_utils@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@Vtelemetry_chunk@core_utils@@@34@XZ@4HA
3
0x0018D85C
?$TSS0@?1??get_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@Uactivity_item@core_utils@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_iarchive@archive@boost@@Uactivity_item@core_utils@@@detail@archive@4@XZ@4HA
4
0x0018D7C4
?$TSS0@?1??get_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@V?$list@Uactivity_item@core_utils@@V?$allocator@Uactivity_item@core_utils@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_iarchive@archive@boost@@V?$list@Uactivity_item@core_utils@@V?$allocator@Uactivity_item@core_utils@@@std@@@std@@@detail@archive@4@XZ@4HA
5
0x0018D7F0
?$TSS0@?1??get_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@Vtelemetry_chunk@core_utils@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_iarchive@archive@boost@@Vtelemetry_chunk@core_utils@@@detail@archive@4@XZ@4HA
6
0x0018D7DC
?$TSS0@?1??get_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4HA
7
0x0018B438
?$TSS0@?1??get_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4HA
8
0x0018B44C
?$TSS0@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4HA
9
0x0018B474
?$TSS0@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@4HA
10
0x0018B460
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
92
Monitored processes
32
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start yandexdisk30setup.exe yandexdisk30setup_x86.exe yandexdisk30setup_x86.exe 7za.exe 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs 7za.exe no specs yandexdisk2.exe yandexnotes.exe no specs yandexdisk30setup.exe no specs yandexdisk2.exe yandexnotes.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
284"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\YandexNotes.exe.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
408"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\snapshot_blob.bin.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
928"C:\ProgramData\Yandex\Yandex.Disk.2\{3FE0EF39-1462-4094-9A42-43B4EE3C383B}\YandexDisk30Setup_x86.exe" -install 0 "C:\Users\admin\YandexDisk2" -disablestartprogramC:\ProgramData\Yandex\Yandex.Disk.2\{3FE0EF39-1462-4094-9A42-43B4EE3C383B}\YandexDisk30Setup_x86.exe
YandexDisk30Setup.exe
User:
admin
Company:
Яндекс
Integrity Level:
MEDIUM
Description:
YandexDiskInstaller
Exit code:
0
Version:
3.1.4.2788
Modules
Images
c:\programdata\yandex\yandex.disk.2\{3fe0ef39-1462-4094-9a42-43b4ee3c383b}\yandexdisk30setup_x86.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
1008"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\tr.pak.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1492"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\libpng14-14.dll.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1492"C:\Users\admin\AppData\Roaming\Yandex\YandexDisk2\3.1.4.2788\YandexDisk2.exe" -aftersetupC:\Users\admin\AppData\Roaming\Yandex\YandexDisk2\3.1.4.2788\YandexDisk2.exe
YandexDisk30Setup.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
Yandex.Disk
Exit code:
0
Version:
3.1.4.2788
Modules
Images
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernel32.dll
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\users\admin\appdata\roaming\yandex\yandexdisk2\3.1.4.2788\yandexdisk2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
2068"C:\Users\admin\AppData\Roaming\Yandex\YandexDisk2\3.1.4.2788\YandexDisk2.exe" -installC:\Users\admin\AppData\Roaming\Yandex\YandexDisk2\3.1.4.2788\YandexDisk2.exe
YandexDisk30Setup_x86.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
Yandex.Disk
Exit code:
0
Version:
3.1.4.2788
Modules
Images
c:\users\admin\appdata\roaming\yandex\yandexdisk2\3.1.4.2788\yandexdisk2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
2076"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\dllyupdate.dll.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2156"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\en-US.pak.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\conhost.exe
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
2400"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exe" x "C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\libcef.dll.zip" -aoa -o"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}"C:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeYandexDisk30Setup_x86.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\yandex\yandex.disk.2\{758efac0-f7ae-43c9-92f9-c55e5afba222}\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
659
Read events
526
Write events
127
Delete events
6

Modification events

(PID) Process:(2576) YandexDisk30Setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(928) YandexDisk30Setup_x86.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(928) YandexDisk30Setup_x86.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Yandex\Yandex.Disk.2
Operation:writeName:MachineInstallPath
Value:
C:\Program Files\Yandex\YandexDisk2\bin\
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ YandexDisk1 SyncDone
Operation:writeName:
Value:
{C5F6CDD1-FB7B-4971-A53F-4B00757F756B}
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ YandexDisk2 SyncProgress
Operation:writeName:
Value:
{75EF3512-D401-4172-BA0F-00E000DCBCE4}
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ YandexDisk3 SyncDisabled
Operation:writeName:
Value:
{8EEE3CD5-1F70-4B63-B19D-A5F1457761DB}
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ YandexDisk4 SyncError
Operation:writeName:
Value:
{9CE04609-A360-4266-9937-9D799E8D2D5A}
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ YandexDisk5 SyncPart
Operation:writeName:
Value:
{63ADB0D1-6DA0-46A2-89D0-E0CE44536E32}
(PID) Process:(3068) YandexDisk30Setup_x86.exeKey:HKEY_CLASSES_ROOT\Yandex.ScreenshotEditor.2
Operation:writeName:AppUserModelID
Value:
Yandex.Disk.ScreenshotEditor
Executable files
2
Suspicious files
2
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2576YandexDisk30Setup.exeC:\ProgramData\Yandex\Yandex.Disk.2\{3FE0EF39-1462-4094-9A42-43B4EE3C383B}\YandexDisk30Setup_x86.exe
MD5:
SHA256:
1492YandexDisk2.exeC:\Users\admin\AppData\Local\Yandex\Yandex.Disk.2\~db_common333c9b5a-a15f-46bc-b92b-03ece3a1754b
MD5:
SHA256:
928YandexDisk30Setup_x86.exeC:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\YandexDisk2.exe.zipcompressed
MD5:
SHA256:
1492YandexDisk2.exeC:\Users\admin\AppData\LocalLow\Yandex\Updater\yupdate-exec-yadisk.logtext
MD5:
SHA256:
1492YandexDisk2.exeC:\Users\admin\AppData\Local\Yandex\Yandex.Disk.2\~db_common.bakbinary
MD5:
SHA256:
3068YandexDisk30Setup_x86.exeC:\Users\admin\AppData\Local\Yandex\Yandex.Disk.2\YandexDiskInstaller.logtext
MD5:
SHA256:
928YandexDisk30Setup_x86.exeC:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\7za.exeexecutable
MD5:42BADC1D2F03A8B1E4875740D3D49336
SHA256:C136B1467D669A725478A6110EBAAAB3CB88A3D389DFA688E06173C066B76FCF
24647za.exeC:\ProgramData\Yandex\Yandex.Disk.2\{758EFAC0-F7AE-43C9-92F9-C55E5AFBA222}\YandexDisk2.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
12
DNS requests
8
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2576
YandexDisk30Setup.exe
213.180.204.148:443
webdav.yandex.ru
YANDEX LLC
RU
whitelisted
2576
YandexDisk30Setup.exe
77.88.21.127:443
downloader.disk.yandex.ru
YANDEX LLC
RU
unknown
2576
YandexDisk30Setup.exe
5.255.243.229:443
downloader-default24h.disk.yandex.net
YANDEX LLC
RU
unknown
2576
YandexDisk30Setup.exe
87.250.251.14:443
clck.yandex.ru
YANDEX LLC
RU
whitelisted
87.250.250.33:443
soft.export.yandex.ru
YANDEX LLC
RU
whitelisted
1492
YandexDisk2.exe
213.180.204.244:443
startup.mobile.yandex.net
YANDEX LLC
RU
unknown
1492
YandexDisk2.exe
213.180.204.127:443
cloud-api.yandex.net
YANDEX LLC
RU
unknown
1492
YandexDisk2.exe
87.250.250.207:443
report.appmetrica.yandex.net
YANDEX LLC
RU
unknown

DNS requests

Domain
IP
Reputation
webdav.yandex.ru
  • 213.180.204.148
shared
downloader.disk.yandex.ru
  • 77.88.21.127
shared
downloader-default24h.disk.yandex.net
  • 5.255.243.229
whitelisted
clck.yandex.ru
  • 87.250.251.14
  • 93.158.134.14
  • 77.88.21.14
  • 213.180.204.14
  • 213.180.193.14
  • 87.250.250.14
whitelisted
soft.export.yandex.ru
  • 87.250.250.33
whitelisted
startup.mobile.yandex.net
  • 213.180.204.244
whitelisted
cloud-api.yandex.net
  • 213.180.204.127
whitelisted
report.appmetrica.yandex.net
  • 87.250.250.207
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
YandexDisk30Setup.exe