File name:

VCDSLoader.exe

Full analysis: https://app.any.run/tasks/7c59d10e-3f9f-4bbc-a2c3-83ed099464ef
Verdict: Malicious activity
Analysis date: November 20, 2023, 21:13:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A1E2879A10D20F2B72CB94204A2C1E9F

SHA1:

DA46A17C6CAC86E34B0134E32EF0074B538E6A0D

SHA256:

8F661F16C87169FEFC4DC7E612521AD8498C016A0153C51DAE67AF0B984ADAAC

SSDEEP:

98304:O0FphniMkYgqukBFu7AODbeL8kbhWKn6zmYMRrLuae/Xr7qdKzJdaCaKImVLB2cx:OO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Drops a system driver (possible attempt to evade defenses)

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Process drops legitimate windows executable

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

  • INFO

    • Manual execution by a user

      • VCDS-Release-23.11.0-Installer.exe (PID: 3404)
      • VCDS-Release-23.11.0-Installer.exe (PID: 2904)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3668)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3940)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3760)
      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)
      • explorer.exe (PID: 528)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3752)
      • VCDS-Release-23.11.0-Installer.exe (PID: 4056)

    • Checks supported languages

      • VCDSLoader.exe (PID: 3460)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3404)
      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3940)
      • VCDS-Release-23.11.0-Installer.exe (PID: 4056)

    • Reads the computer name

      • VCDSLoader.exe (PID: 3460)
      • VCDS-Release-23.11.0-Installer.exe (PID: 4056)
      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3404)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3940)

    • Reads Environment values

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Create files in a temporary directory

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (42.6)
.exe | Win16/32 Executable Delphi generic (19.5)
.exe | Generic Win/DOS Executable (18.9)
.exe | DOS Executable Generic (18.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:08:03 23:54:09+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 2310144
InitializedDataSize: 372736
UninitializedDataSize: 2195456
EntryPoint: 0x44c290
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
61
Monitored processes
10
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vcdsloader.exe no specs vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
528"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1628"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
0
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2904"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3404"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
2
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3460"C:\Users\admin\AppData\Local\Temp\VCDSLoader.exe" C:\Users\admin\AppData\Local\Temp\VCDSLoader.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\vcdsloader.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\gdi32.dll
3668"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3752"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3760"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3940"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
2
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
4056"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
2
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
457
Read events
457
Write events
0
Delete events
0

Modification events

No data
Executable files
1 200
Suspicious files
1 583
Text files
1 222
Unknown types
0

Dropped files

PID
Process
Filename
Type
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\InstallOptions.dllexecutable
MD5:05BF02DA51E717F79F6B5CBEA7BC0710
SHA256:CA092BA7F275B0C9000098CDD1A9876FE8DC050FCB40A0E8A1AB8335236E9DC5
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\modern-wizard.bmpimage
MD5:5A31C3EF5FD3CAD666C54463046CC9BA
SHA256:A8C457BFA8CCDC09F5D7D24455F122673862B901CF94C112DF4850E8F6130484
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\LCH-loc.txttext
MD5:837D4AD7890EB4B083BAA3F7388A49CE
SHA256:A44AAB3CCDB35B6088A012A2043A3E2343DCCF6E47F8085B1F20D871C426537F
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\HP196.binbinary
MD5:222DF6D9629B62421B98984A4DADA8D6
SHA256:EB6477E1314EC3506F1D70A66492583E2317F072FD2D8BA68FA5B4136A587838
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\HN121.binbinary
MD5:D5D15D2139DE42C8A1618D5B2130C05D
SHA256:9F1863701EA63B3A68B0B1329EA2DA62CC422226D110DDCEA2940BE3609FF469
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\Codes.datbinary
MD5:4286A040EE68498322E15279BFEA9C62
SHA256:0B69039AB22C8C283CE8269125AA6674FCB796E5E8857DD47ED39B617807EDFE
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\lcode-intro.txttext
MD5:ACFE3E08940389545C87AC271C469346
SHA256:07B4CE77CF5A999A3DC3DB99796F128AC5B5D5DA6A9CCB887095B62C13FAFF8A
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\AutoScan.txttext
MD5:5B3AD35F13E745FB379830B170BEFC99
SHA256:85DD57457E9374BD653CA877FEDEECC26946B973D6FBF95273E82C0E8DA67C5B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VCDSLoader.exe