Malware analysis https://ime-sec.gtimg.com/202402031721/f9ceaa4470cf775d4027866180a110de/pc/dl/gzindex/1699884779/sogou_wubi_5.5e.exe Malicious activity

Add for printing

URL:	https://ime-sec.gtimg.com/202402031721/f9ceaa4470cf775d4027866180a110de/pc/dl/gzindex/1699884779/sogou_wubi_5.5e.exe
Full analysis:	https://app.any.run/tasks/961332aa-96fe-4429-89e3-9eb2337b2b5b
Verdict:	Malicious activity
Threats:	Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. Malware Trends Tracker >>>
Analysis date:	February 03, 2024, 09:26:11
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	adware sogou qrcode
Indicators:
MD5:	3C74F6F060F2AFB7279058FB6CD1F488
SHA1:	4D445E6D33E64DFD339C1734BEB664D2CB8470A9
SHA256:	8E4CE4B838CECC9E6666CA117B801F96FCBAFE1DE57010473B153980F5DAF4B0
SSDEEP:	3:N8RHcSJC2Kj3WQGjUhoXuTTrTVW4KKcCQUM7LQAJn:2KS1+mQGxufrTg4rcCrM7LL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Creates a writable file in the system directory
  - sogou_wubi_5.5e.exe (PID: 3820)
- Drops the executable file immediately after the start
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 2312)
  - ImeUtil.exe (PID: 948)
- Registers / Runs the DLL via REGSVR32.EXE
  - sogou_wubi_5.5e.exe (PID: 3820)
SUSPICIOUS
- The process creates files with name similar to system file names
  - sogou_wubi_5.5e.exe (PID: 3820)
- Executable content was dropped or overwritten
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ImeUtil.exe (PID: 3956)
  - ImeUtil.exe (PID: 4008)
  - ScdReg.exe (PID: 3072)
  - UserPage.exe (PID: 2064)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- Malware-specific behavior (creating "System.dll" in Temp)
  - sogou_wubi_5.5e.exe (PID: 3820)
- Reads settings of System Certificates
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- Reads security settings of Internet Explorer
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- Reads the Internet Settings
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ImeUtil.exe (PID: 3956)
  - WubiUp.exe (PID: 696)
  - UserPage.exe (PID: 2064)
  - ImeUtil.exe (PID: 2312)
- Checks Windows Trust Settings
  - ScdReg.exe (PID: 3948)
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 2304)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- Searches for installed software
  - ImeUtil.exe (PID: 3956)
- Reads Microsoft Outlook installation path
  - UserPage.exe (PID: 2064)
- Reads Internet Explorer settings
  - UserPage.exe (PID: 2064)
INFO
- Application launched itself
  - iexplore.exe (PID: 1652)
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 1172)
- Checks supported languages
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ImeUtil.exe (PID: 3860)
  - ConfigIE.exe (PID: 2948)
  - SogouWBImeBroker.exe (PID: 2532)
  - Install.exe (PID: 2540)
  - SkinReg.exe (PID: 2924)
  - SogouWBSvc.exe (PID: 3660)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ScdReg.exe (PID: 2752)
  - ConfigIE.exe (PID: 3212)
  - ConfigIE.exe (PID: 3992)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - WubiUp.exe (PID: 696)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- Create files in a temporary directory
  - sogou_wubi_5.5e.exe (PID: 3820)
- Reads the computer name
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ConfigIE.exe (PID: 2948)
  - ImeUtil.exe (PID: 3860)
  - Install.exe (PID: 2540)
  - ScdReg.exe (PID: 2752)
  - SogouWBSvc.exe (PID: 3660)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ConfigIE.exe (PID: 3212)
  - ConfigIE.exe (PID: 3992)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - WubiUp.exe (PID: 696)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 2312)
  - ImeUtil.exe (PID: 948)
- Creates files or folders in the user directory
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ConfigIE.exe (PID: 3992)
  - ImeUtil.exe (PID: 4008)
  - UserPage.exe (PID: 2064)
  - ImeUtil.exe (PID: 3956)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- The process uses the downloaded file
  - iexplore.exe (PID: 1652)
- Creates files in the program directory
  - sogou_wubi_5.5e.exe (PID: 3820)
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 1172)
- Reads the machine GUID from the registry
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ScdReg.exe (PID: 3948)
  - ScdReg.exe (PID: 2304)
  - ImeUtil.exe (PID: 4008)
  - ImeUtil.exe (PID: 3956)
  - UserPage.exe (PID: 2064)
  - WubiUp.exe (PID: 696)
  - ScdReg.exe (PID: 3072)
  - ImeUtil.exe (PID: 948)
  - ImeUtil.exe (PID: 2312)
- Checks proxy server information
  - sogou_wubi_5.5e.exe (PID: 3820)
  - ImeUtil.exe (PID: 3956)
  - WubiUp.exe (PID: 696)
  - UserPage.exe (PID: 2064)
  - ImeUtil.exe (PID: 2312)
- Process checks whether UAC notifications are on
  - UserPage.exe (PID: 2064)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

696

"C:\Program Files\SogouWBInput\5.5.0.2584\WubiUp.exe" /DS

C:\Program Files\SogouWBInput\5.5.0.2584\WubiUp.exe

ImeUtil.exe

User:

admin

Company:

Sogou.com Inc.

Integrity Level:

HIGH

Description:

搜狗五笔输入法网络更新程序

Exit code:

Version:

5.5.0.2584

Modules

Images
c:\program files\sogouwbinput\5.5.0.2584\wubiup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

948

"C:\Program Files\SogouWBInput\5.5.0.2584\ImeUtil.exe" 0 -os -sih -f -usa

C:\Program Files\SogouWBInput\5.5.0.2584\ImeUtil.exe

UserPage.exe

User:

admin

Company:

Sogou.com Inc.

Integrity Level:

HIGH

Description:

搜狗五笔输入法工具

Exit code:

Version:

5.5.0.2584

Modules

Images
c:\program files\sogouwbinput\5.5.0.2584\imeutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll

1172

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1652 CREDAT:267521 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Internet Explorer

Exit code:

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll

1220

regsvr32 /s /i "C:\Windows\system32\IME\SogouWB\SogouWBImeBrokerPS.dll"

C:\Windows\System32\regsvr32.exe

—

sogou_wubi_5.5e.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

1652

"C:\Program Files\Internet Explorer\iexplore.exe" "https://ime-sec.gtimg.com/202402031721/f9ceaa4470cf775d4027866180a110de/pc/dl/gzindex/1699884779/sogou_wubi_5.5e.exe"

C:\Program Files\Internet Explorer\iexplore.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Internet Explorer

Exit code:

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll

2064

"C:\Program Files\SogouWBInput\5.5.0.2584\UserPage.exe" -logonwizard=pcenter

C:\Program Files\SogouWBInput\5.5.0.2584\UserPage.exe

ImeUtil.exe

User:

admin

Company:

Sogou.com Inc.

Integrity Level:

HIGH

Description:

搜狗五笔输入法通行证

Exit code:

3221225547

Version:

5.5.0.2584

Modules

Images
c:\program files\sogouwbinput\5.5.0.2584\userpage.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

2304

"C:\Program Files\SogouWBInput\5.5.0.2584\ScdReg.exe" -SetupConvert

C:\Program Files\SogouWBInput\5.5.0.2584\ScdReg.exe

sogou_wubi_5.5e.exe

User:

admin

Company:

Sogou.com Inc.

Integrity Level:

HIGH

Description:

搜狗五笔输入法细胞词库安装程序

Exit code:

Version:

5.5.0.2584

Modules

Images
c:\program files\sogouwbinput\5.5.0.2584\scdreg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

2312

"C:\Program Files\SogouWBInput\5.5.0.2584\ImeUtil.exe" -wizard -wizardpingback

C:\Program Files\SogouWBInput\5.5.0.2584\ImeUtil.exe

UserPage.exe

User:

admin

Company:

Sogou.com Inc.

Integrity Level:

HIGH

Description:

搜狗五笔输入法工具

Exit code:

Version:

5.5.0.2584

Modules

Images
c:\program files\sogouwbinput\5.5.0.2584\imeutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll

2532

"C:\Windows\system32\IME\SogouWB\SogouWBImeBroker.exe" -RegServer

C:\Windows\System32\IME\SogouWB\SogouWBImeBroker.exe

—

sogou_wubi_5.5e.exe

User:

admin

Company:

Sogou.com Inc.

Integrity Level:

HIGH

Description:

搜狗五笔输入法 Metro代理程序

Exit code:

Version:

5.5.0.2584

Modules

Images
c:\windows\system32\ime\sogouwb\sogouwbimebroker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

2540

"C:\Program Files\SogouWBInput\5.5.0.2584\install.exe" -i -w

C:\Program Files\SogouWBInput\5.5.0.2584\Install.exe

—

sogou_wubi_5.5e.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\program files\sogouwbinput\5.5.0.2584\install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

Add for printing

Total events

51 306

Read events

50 944

Write events

340

Delete events

Modification events


(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1652) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

Suspicious files

158

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1172	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FE2BD01AB6BC312BF0DADE7F797388F_896832C6BC857CFAEA9E59E166B13E2C		binary
		MD5:B1B6DA0B9F41F6BF090C47B3DC8EF456	SHA256:15BCC8FB505C993C4F02143436C213B29F752C2DC3058DD634EDA36CD1BEDEC6
1172	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:DA0A42B953DF302D9B4F9C2CB02EF421	SHA256:974284E820CFF7FA7875B9129EB0F245E7B4BE24E245433FF3D53A0981BCF9FC
1172	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD5F118F7897046E8CA970AE6A6AB70B_70A7A3C90B65AF7035D7EE0876360EE3		binary
		MD5:7EB3B1BD65DA44598BECAF93D7AD3C90	SHA256:B56A9162B7C6B995A4EA1E707291D220593170A4CA9C3AB3D21038331BAE043D
1172	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sogou_wubi_5.5e[1].exe		executable
		MD5:59A8C955FF96FABB9F836682867373CB	SHA256:C69DE93EE018B1F2EBF6A813B16D9194BFD8420305E2A8A5D83B041DD271517E
1652	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verADE8.tmp		xml
		MD5:CBD0581678FA40F0EDCBC7C59E0CAD10	SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
1172	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FE2BD01AB6BC312BF0DADE7F797388F_896832C6BC857CFAEA9E59E166B13E2C		binary
		MD5:DFEF405DD7230B98C1DD20481304C1EE	SHA256:73F4771A6718FA19C48F060E6BB29E1B0AC432536B0FCBCA1812891419628D68
1652	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177		binary
		MD5:FA4F39F6143E6D07602FB22ECFA4A126	SHA256:6991F2A435EDFD0AD5355BF5EC91AE1AF8130B3FA94E71C357ADA172CBE693CF
1652	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\urlblockindex[1].bin		binary
		MD5:FA518E3DFAE8CA3A0E495460FD60C791	SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
1172	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD5F118F7897046E8CA970AE6A6AB70B_70A7A3C90B65AF7035D7EE0876360EE3		binary
		MD5:A0F8438188828278B89C2F0C17BE4E56	SHA256:2EFE05AF77DF2C656B3F58FE8CFD8E34433C7BC0AB32114AB30D5CB049BA8134
1652	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\6QRFB06O.txt		text
		MD5:2AB52188A15F0DAA334741EBE8F3F453	SHA256:342F0F198A0AAF51EBD895EBB806895A68769C2233A7327C93B3017F1FD66078

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1172	iexplore.exe	GET	304	23.32.238.217:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f324de6a56943962	unknown	—	—	unknown
3956	ImeUtil.exe	POST	200	129.226.102.244:80	http://get.sogou.com/q	unknown	text	24 b	unknown
696	WubiUp.exe	GET	200	43.129.115.16:80	http://config.pinyin.sogou.com/dict/upt_cell_dict.php?id=\|17960&scdv=\|1247730276&h=0923E3199566CF719B92C686B73BE6C5&v=5.5.0.2584&r=0000_sogou_wubi_5.5e	unknown	text	8 b	unknown
3956	ImeUtil.exe	GET	200	43.159.234.61:80	http://ping.wubi.sogou.com/wblogo.gif?h=0923E3199566CF719B92C686B73BE6C5&v=5.5.0.2584&r=0000_sogou_wubi_5.5e&wzd1=1&wzd2=0&wzd3=0&wzd4=1&wzd5=1&wzd6=1&wzd7=1&wzd8=1&wzd9=0&wzd10=0&wzd11=0&wzd12=1&wzd13=0&wzd14=0&wzd15=0&wzd16=1&wzd17=0&wzd18=0&wzd19=0&wzd20=0&wzd21=1&wzd22=0&wzd23=0&wzd24=0&wzd25=0&wzd26=0&wzd27=1&wzd28=1&wzd29=0&wzd30=0&wzd31=0&wzd32=1&wzd33=0&wzd34=0&wzd35=1&wzd36=0&wzd37=0&wzd38=0&wzd39=1&wzd40=0	unknown	—	—	unknown
2064	UserPage.exe	GET	200	104.18.20.226:80	http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkcHsQGaDFetObPhfan5	unknown	binary	1.41 Kb	unknown
1172	iexplore.exe	GET	304	23.32.238.217:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d7a4c83e7f191cf0	unknown	—	—	unknown
1172	iexplore.exe	GET	200	163.181.92.237:80	http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D	unknown	binary	471 b	unknown
1172	iexplore.exe	GET	200	163.181.92.237:80	http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEAc5kvrXN7VjRgrcUmvA63E%3D	unknown	binary	471 b	unknown
1652	iexplore.exe	GET	304	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a0c11919b816b106	unknown	—	—	unknown
1652	iexplore.exe	GET	304	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b574e85551a2ce80	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1172	iexplore.exe	42.177.83.78:443	ime-sec.gtimg.com	CHINA UNICOM China169 Backbone	CN	unknown
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
1172	iexplore.exe	23.32.238.217:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
1172	iexplore.exe	163.181.92.237:80	ocsp.digicert.cn	Zhejiang Taobao Network Co.,Ltd	DE	unknown
1652	iexplore.exe	152.199.19.161:443	iecvlist.microsoft.com	EDGECAST	US	whitelisted
1652	iexplore.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted
1652	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
1080	svchost.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted

DNS requests

Domain	IP	Reputation
ime-sec.gtimg.com	42.177.83.78 42.177.83.224 42.177.83.63 211.97.81.229 42.177.83.214 42.177.83.82 221.204.166.213 113.201.158.139 60.220.213.207 42.177.83.115 116.153.46.40 42.177.83.225 42.177.83.87	unknown
ctldl.windowsupdate.com	23.32.238.217 23.32.238.234 23.32.238.240 23.32.238.232 23.32.238.224 23.32.238.210 23.32.238.225 23.32.238.241 23.32.238.226 93.184.221.240 23.32.238.168 23.32.238.216 23.32.238.195 23.32.238.201 23.32.238.200 23.32.238.193	whitelisted
ocsp.digicert.cn	163.181.92.237 163.181.92.236 163.181.92.234 163.181.92.238 163.181.92.232 163.181.92.231 163.181.92.235 163.181.92.233	whitelisted
iecvlist.microsoft.com	152.199.19.161	whitelisted
r20swj13mr.microsoft.com	152.199.19.161	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
ieonline.microsoft.com	204.79.197.200	whitelisted
go.microsoft.com	184.30.17.189	whitelisted
www.msn.com	204.79.197.203	whitelisted
ime.sogou.com	43.129.2.69 43.159.233.95	unknown

Threats

No threats detected

Add for printing

Process	Message
UserPage.exe	1127, ToFilemap
UserPage.exe	1127, ToFilemap

General Info

https://ime-sec.gtimg.com/202402031721/f9ceaa4470cf775d4027866180a110de/pc/dl/gzindex/1699884779/sogou_wubi_5.5e.exe

3C74F6F060F2AFB7279058FB6CD1F488

4D445E6D33E64DFD339C1734BEB664D2CB8470A9

8E4CE4B838CECC9E6666CA117B801F96FCBAFE1DE57010473B153980F5DAF4B0

3:N8RHcSJC2Kj3WQGjUhoXuTTrTVW4KKcCQUM7LQAJn:2KS1+mQGxufrTg4rcCrM7LL

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Creates a writable file in the system directory

Drops the executable file immediately after the start

Registers / Runs the DLL via REGSVR32.EXE

SUSPICIOUS

The process creates files with name similar to system file names

Executable content was dropped or overwritten

Malware-specific behavior (creating "System.dll" in Temp)

Reads settings of System Certificates

Reads security settings of Internet Explorer

Reads the Internet Settings

Checks Windows Trust Settings

Searches for installed software

Reads Microsoft Outlook installation path

Reads Internet Explorer settings

INFO

Application launched itself

Drops the executable file immediately after the start

Checks supported languages

Create files in a temporary directory

Reads the computer name

Creates files or folders in the user directory

The process uses the downloaded file

Creates files in the program directory

Executable content was dropped or overwritten

Reads the machine GUID from the registry

Checks proxy server information

Process checks whether UAC notifications are on

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings