File name:

VCDSLoader.exe

Full analysis: https://app.any.run/tasks/7c59d10e-3f9f-4bbc-a2c3-83ed099464ef
Verdict: Malicious activity
Analysis date: November 20, 2023, 21:13:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A1E2879A10D20F2B72CB94204A2C1E9F

SHA1:

DA46A17C6CAC86E34B0134E32EF0074B538E6A0D

SHA256:

8F661F16C87169FEFC4DC7E612521AD8498C016A0153C51DAE67AF0B984ADAAC

SSDEEP:

98304:O0FphniMkYgqukBFu7AODbeL8kbhWKn6zmYMRrLuae/Xr7qdKzJdaCaKImVLB2cx:OO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Process drops legitimate windows executable

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Drops a system driver (possible attempt to evade defenses)

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

  • INFO

    • Checks supported languages

      • VCDSLoader.exe (PID: 3460)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3404)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3940)
      • VCDS-Release-23.11.0-Installer.exe (PID: 4056)
      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Reads the computer name

      • VCDSLoader.exe (PID: 3460)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3404)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3940)
      • VCDS-Release-23.11.0-Installer.exe (PID: 4056)
      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Manual execution by a user

      • VCDS-Release-23.11.0-Installer.exe (PID: 2904)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3404)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3668)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3940)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3752)
      • VCDS-Release-23.11.0-Installer.exe (PID: 4056)
      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)
      • VCDS-Release-23.11.0-Installer.exe (PID: 3760)
      • explorer.exe (PID: 528)

    • Create files in a temporary directory

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)

    • Reads Environment values

      • VCDS-Release-23.11.0-Installer.exe (PID: 1628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (42.6)
.exe | Win16/32 Executable Delphi generic (19.5)
.exe | Generic Win/DOS Executable (18.9)
.exe | DOS Executable Generic (18.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:08:03 23:54:09+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 2310144
InitializedDataSize: 372736
UninitializedDataSize: 2195456
EntryPoint: 0x44c290
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
61
Monitored processes
10
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vcdsloader.exe no specs vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe vcds-release-23.11.0-installer.exe no specs vcds-release-23.11.0-installer.exe explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
528"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1628"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
0
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2904"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3404"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
2
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3460"C:\Users\admin\AppData\Local\Temp\VCDSLoader.exe" C:\Users\admin\AppData\Local\Temp\VCDSLoader.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\vcdsloader.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\gdi32.dll
3668"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3752"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3760"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exeexplorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
MEDIUM
Description:
VCDS Installer
Exit code:
3221226540
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
3940"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
2
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
4056"C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe" C:\Users\admin\Desktop\VCDS-Release-23.11.0-Installer.exe
explorer.exe
User:
admin
Company:
Ross-Tech, LLC
Integrity Level:
HIGH
Description:
VCDS Installer
Exit code:
2
Version:
Release 23.11.0
Modules
Images
c:\users\admin\desktop\vcds-release-23.11.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
457
Read events
457
Write events
0
Delete events
0

Modification events

No data
Executable files
1 200
Suspicious files
1 583
Text files
1 222
Unknown types
0

Dropped files

PID
Process
Filename
Type
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\AutoScan.txttext
MD5:5B3AD35F13E745FB379830B170BEFC99
SHA256:85DD57457E9374BD653CA877FEDEECC26946B973D6FBF95273E82C0E8DA67C5B
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\Codes.datbinary
MD5:4286A040EE68498322E15279BFEA9C62
SHA256:0B69039AB22C8C283CE8269125AA6674FCB796E5E8857DD47ED39B617807EDFE
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\HC196.binbinary
MD5:CFAEF6FBF25010BD32E83A0AB2DF7ADF
SHA256:A3A5A61DF69B3D33D074BC33EECB4EBCB0AA6BE262B83C1550829A3417549934
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\MyAutoScan.txttext
MD5:C88592659AB4E948A9DA1ADE78D23AB1
SHA256:EBA57DE71A0904AE957520EEDA8465F2955F0E24FA7E6114F7FD58C5215FFD8E
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\HP196.binbinary
MD5:222DF6D9629B62421B98984A4DADA8D6
SHA256:EB6477E1314EC3506F1D70A66492583E2317F072FD2D8BA68FA5B4136A587838
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\HCC196.binbinary
MD5:3B7BD526B4206FE802044AAF5BA66626
SHA256:C7FB14B2BCD1B97D2A4CFA4323F545AD0B0A51E10C6A849355A64AC427DF2A35
1628VCDS-Release-23.11.0-Installer.exeC:\Ross-Tech\VCDS\HN121.binbinary
MD5:D5D15D2139DE42C8A1618D5B2130C05D
SHA256:9F1863701EA63B3A68B0B1329EA2DA62CC422226D110DDCEA2940BE3609FF469
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\modern-wizard.bmpimage
MD5:5A31C3EF5FD3CAD666C54463046CC9BA
SHA256:A8C457BFA8CCDC09F5D7D24455F122673862B901CF94C112DF4850E8F6130484
1628VCDS-Release-23.11.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nsv69E7.tmp\modern-header.bmpimage
MD5:31310223416BEBDD6C572E80F084532E
SHA256:EE81CC63373AB1089822983815149FF0882162CBA9B120012F1E2352EA9641B8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VCDSLoader.exe