File name: | Sandboxie.v5.30.exe |
Full analysis: | https://app.any.run/tasks/15f9c2bd-86c8-47ca-8c2a-87f75192afab |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 10:50:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | B683407B3DCDBE53EB7C72AA53419840 |
SHA1: | 1432E2151E1D9E9C1A1980A80CADCC43EF96C31C |
SHA256: | 92622500E31D5F103F96FAADF2A93C8E1F7F9C2EFD90FCE02794FD4EEFDC3142 |
SSDEEP: | 98304:HbVSoDLZWFpiY/kGoQT2JcLS5v6+MyoclvgD3F8yUNZWCRXdSVR+lSUs0ZG/0iRv:ZRL/qFgi+nopF8XZpXd0wlJ4aa39Mw |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
ProductName: | Sandboxie v5.30 |
---|---|
LegalCopyright: | © Sandboxie Holdings, LLC |
FileVersion: | 5.30.0.0 |
FileDescription: | Sandboxie v5.30 |
CompanyName: | Sandboxie Holdings, LLC |
Comments: | - |
CharacterSet: | Unicode |
LanguageCode: | Neutral |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 5.30.0.0 |
FileVersionNumber: | 5.30.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | 6 |
OSVersion: | 5 |
EntryPoint: | 0x39e3 |
UninitializedDataSize: | 16896 |
InitializedDataSize: | 445952 |
CodeSize: | 28672 |
LinkerVersion: | 10 |
PEType: | PE32 |
TimeStamp: | 2012:02:24 20:19:59+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 24-Feb-2012 19:19:59 |
Detected languages: |
|
Comments: | - |
CompanyName: | Sandboxie Holdings, LLC |
FileDescription: | Sandboxie v5.30 |
FileVersion: | 5.30.0.0 |
LegalCopyright: | © Sandboxie Holdings, LLC |
ProductName: | Sandboxie v5.30 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000D0 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 6 |
Time date stamp: | 24-Feb-2012 19:19:59 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00006F10 | 0x00007000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.49816 |
.rdata | 0x00008000 | 0x00002A92 | 0x00002C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.39389 |
.data | 0x0000B000 | 0x00067EBC | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.47278 |
.ndata | 0x00073000 | 0x000A1000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x00114000 | 0x00010E10 | 0x00011000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.93635 |
.reloc | 0x00125000 | 0x00000F8A | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 7.88751 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.22222 | 968 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 3.71741 | 9640 | UNKNOWN | English - United States | RT_ICON |
3 | 3.05563 | 4264 | UNKNOWN | English - United States | RT_ICON |
4 | 3.49446 | 2216 | UNKNOWN | English - United States | RT_ICON |
5 | 0 | 1128 | UNKNOWN | English - United States | RT_ICON |
6 | 0 | 744 | UNKNOWN | English - United States | RT_ICON |
7 | 0 | 296 | UNKNOWN | English - United States | RT_ICON |
103 | 2.89248 | 104 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.54849 | 244 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.88287 | 272 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
VERSION.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3336 | "C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe" | C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe | — | explorer.exe |
User: admin Company: Sandboxie Holdings, LLC Integrity Level: MEDIUM Description: Sandboxie v5.30 Version: 5.30.0.0 | ||||
1672 | "C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe" | C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe | explorer.exe | |
User: admin Company: Sandboxie Holdings, LLC Integrity Level: HIGH Description: Sandboxie v5.30 Exit code: 0 Version: 5.30.0.0 | ||||
2100 | C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie32inst.exe | Sandboxie.v5.30.exe | |
User: admin Company: Sandboxie Holdings, LLC Integrity Level: HIGH Description: Sandboxie Installer Exit code: 0 Version: 5.30 | ||||
796 | "C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 scandll | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3096 | "C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
936 | "C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1700 | "C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 install SbieDrv "C:\Program Files\Sandboxie\SbieDrv.sys" type=kernel start=demand "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" altitude=86900 | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2436 | "C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 install SbieSvc "\"C:\Program Files\Sandboxie\SbieSvc.exe"\" type=own start=auto "display=Sandboxie Service" group=UIGroup "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3496 | "C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 start SbieSvc | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2076 | "C:\Program Files\Sandboxie\SbieSvc.exe" | C:\Program Files\Sandboxie\SbieSvc.exe | — | services.exe |
User: SYSTEM Company: Sandboxie Holdings, LLC Integrity Level: SYSTEM Description: Sandboxie Service Version: 5.30 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2100 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\ioSpecial.ini | text | |
MD5:26689911522B87DD73234B59F59E55D9 | SHA256:D0825185C65BF250D2DF6B69C053228AA19471530128B2B43FB2654DF2DA5155 | |||
1672 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie32inst.exe | executable | |
MD5:13578BCBF82C867D31B08BC185DF8BC6 | SHA256:434C122E837A5914A88B80414E955CF5D20C99468713F593A7EF9DB89227964F | |||
2100 | sbie32inst.exe | C:\Program Files\Sandboxie\SbieMsg.dll | executable | |
MD5:B0C9A989ACF17E3E50788007E73C8087 | SHA256:1DA9DB646371ED6C71639F465DA333BD21071E28A5078938F3F9834E1CAC2489 | |||
1672 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\repackme.gif | image | |
MD5:23D3840ADB8F4F1EFC083A1F7E640191 | SHA256:82A1454402156D74F4F23C992D5D772B665546208EFF44790871B8DCB36D2304 | |||
1672 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbiekg.exe | executable | |
MD5:976724E9E191DC289D226EA7F2553837 | SHA256:7F530A9CD7246CFDC2D4BB3717A74FC7925DCDDA31F9F5E2E44ABFB19E7EC8E0 | |||
2100 | sbie32inst.exe | C:\Program Files\Sandboxie\SbieDrv.sys | executable | |
MD5:1DEA913C493FCA2862D575B37B91699B | SHA256:A9C459EEF7F065CB272FF1CEE73DBB8AC169D6291AE00CEDACBD8C77B93F6672 | |||
2100 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\System.dll | executable | |
MD5:0FF5120F1AFD0F295C2BAA0F7192D3F8 | SHA256:4CA5BF1BEB4B802914C4D3E2F37861F6BA5ECF969CFEADF5855EDF58F647A721 | |||
2100 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\modern-wizard.bmp | image | |
MD5:CBE40FD2B1EC96DAEDC65DA172D90022 | SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2 | |||
2100 | sbie32inst.exe | C:\Program Files\Sandboxie\SbieSvc.exe | executable | |
MD5:53E18D218C85F2B9ED95A921E93CFFEC | SHA256:5AC386F349AA6BDACCF194AC7C0895E11D2CC50B5DFAAECA84C2E53F162BC524 | |||
2100 | sbie32inst.exe | C:\Program Files\Sandboxie\SandboxieBITS.exe | executable | |
MD5:54AA32384C4C8856CBB86237A6DC07F0 | SHA256:481EF9F411AB93DE5A2E6A635D45EADEC27F3BAC93A0400E676FADACF6B925D9 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2100 | sbie32inst.exe | 143.204.101.109:443 | www.sandboxie.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.sandboxie.com |
| shared |