File name: | sample.exe |
Full analysis: | https://app.any.run/tasks/ab705029-8e92-4169-842f-0b205233776a |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 12:35:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 22EAB34E639CF9596F62CA063486CAEF |
SHA1: | 780A8BA70D7D62C4A3E6CF2DED8B03A367CAD309 |
SHA256: | 8C6616461292D2A426A775A6356B8D71312BE22A7B11FA1EC7E93F987147AF41 |
SSDEEP: | 24576:iEn801iV8mAeZTAwkSO/F9Jh0GHQ5uLwTRRuHd4YB/1mHa6JKtbAenU7Tif5G8MM:N8kia75h0GHQMSmd4k1wEtU85XMM |
.exe | | | Wise Installer executable (91.7) |
---|---|---|
.exe | | | Win64 Executable (generic) (5.3) |
.dll | | | Win32 Dynamic Link Library (generic) (1.2) |
.exe | | | Win32 Executable (generic) (0.8) |
.exe | | | Generic Win/DOS Executable (0.3) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2001:10:25 21:47:11+02:00 |
PEType: | PE32 |
LinkerVersion: | 6 |
CodeSize: | 8704 |
InitializedDataSize: | 5632 |
UninitializedDataSize: | - |
EntryPoint: | 0x21af |
OSVersion: | 4 |
ImageVersion: | 4 |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 2.5.0.77 |
ProductVersionNumber: | 2.5.0.77 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Windows 16-bit |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | English (U.S.) |
CharacterSet: | Windows, Latin1 |
CompanyName: | MagicISO, Inc. |
FileDescription: | MagicISO Virtual CD/DVD Manager |
FileVersion: | 2.5.0.77 |
LegalCopyright: | Copyright 2001-2007 MagicISO, Inc. |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3024 | "C:\Users\admin\AppData\Local\Temp\sample.exe" | C:\Users\admin\AppData\Local\Temp\sample.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
1664 | "C:\Users\admin\AppData\Local\Temp\sample.exe" | C:\Users\admin\AppData\Local\Temp\sample.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3824 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{77e7f6d5-361a-3d8b-950f-6b5f6637bb4f}\mcdbus.inf" "0" "6f7303647" "000005C4" "WinSta0\Default" "000004A8" "208" "c:\program files\magicdisc" | C:\Windows\system32\DrvInst.exe | svchost.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3148 | rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{756ff5aa-7125-5de5-e124-ba6973619171} Global\{13df25b0-09b1-3ab9-c525-7826b025df13} C:\Windows\System32\DriverStore\Temp\{557706c5-ef91-372a-7c51-7e4dbd376356}\mcdbus.inf | C:\Windows\system32\rundll32.exe | — | DrvInst.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2652 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2504 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005DC" "000005D8" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3408 | DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "mcdbus.inf:mcdbus_Mfg:mcdbus_Install_Control:2.7.106.0:*mcdbusdevice" "6f7303647" "000005C4" "000005D0" "000005DC" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2480 | rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{4f334574-9d4c-47f1-b878-e05522d9b5de} "(null)" | C:\Windows\system32\rundll32.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2180 | DrvInst.exe "1" "200" "SCSI\CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A\1&2afd7d61&0&0000" "" "" "60ba4bdbb" "00000000" "000005D4" "000005DC" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2140 | "C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification | C:\Windows\System32\dinotify.exe | — | rundll32.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Device Installation Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1664 | sample.exe | C:\Users\admin\AppData\Local\Temp\~GLH0000.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0001.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0002.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0003.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0004.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0005.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Windows\system32\Drivers\~GLH0006.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0007.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\~GLH0008.TMP | — | |
MD5:— | SHA256:— | |||
1664 | sample.exe | C:\Program Files\MagicDisc\muninst.exe | executable | |
MD5:3DCAD928C3BB2163F989110B4C9962A2 | SHA256:3029B6AF6BD16263FC7DF0C8EE42A672DB662B6A27F49C48DED2A918967705D7 |