File name: | Sandboxie.v5.30.exe |
Full analysis: | https://app.any.run/tasks/bf9102a6-90b3-4adf-96d3-bac0eae3cf0c |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 11:56:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | B683407B3DCDBE53EB7C72AA53419840 |
SHA1: | 1432E2151E1D9E9C1A1980A80CADCC43EF96C31C |
SHA256: | 92622500E31D5F103F96FAADF2A93C8E1F7F9C2EFD90FCE02794FD4EEFDC3142 |
SSDEEP: | 98304:HbVSoDLZWFpiY/kGoQT2JcLS5v6+MyoclvgD3F8yUNZWCRXdSVR+lSUs0ZG/0iRv:ZRL/qFgi+nopF8XZpXd0wlJ4aa39Mw |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
ProductName: | Sandboxie v5.30 |
---|---|
LegalCopyright: | © Sandboxie Holdings, LLC |
FileVersion: | 5.30.0.0 |
FileDescription: | Sandboxie v5.30 |
CompanyName: | Sandboxie Holdings, LLC |
Comments: | - |
CharacterSet: | Unicode |
LanguageCode: | Neutral |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 5.30.0.0 |
FileVersionNumber: | 5.30.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | 6 |
OSVersion: | 5 |
EntryPoint: | 0x39e3 |
UninitializedDataSize: | 16896 |
InitializedDataSize: | 445952 |
CodeSize: | 28672 |
LinkerVersion: | 10 |
PEType: | PE32 |
TimeStamp: | 2012:02:24 20:19:59+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 24-Feb-2012 19:19:59 |
Detected languages: |
|
Comments: | - |
CompanyName: | Sandboxie Holdings, LLC |
FileDescription: | Sandboxie v5.30 |
FileVersion: | 5.30.0.0 |
LegalCopyright: | © Sandboxie Holdings, LLC |
ProductName: | Sandboxie v5.30 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000D0 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 6 |
Time date stamp: | 24-Feb-2012 19:19:59 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00006F10 | 0x00007000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.49816 |
.rdata | 0x00008000 | 0x00002A92 | 0x00002C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.39389 |
.data | 0x0000B000 | 0x00067EBC | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.47278 |
.ndata | 0x00073000 | 0x000A1000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x00114000 | 0x00010E10 | 0x00011000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.93635 |
.reloc | 0x00125000 | 0x00000F8A | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 7.88751 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.22222 | 968 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 3.71741 | 9640 | UNKNOWN | English - United States | RT_ICON |
3 | 3.05563 | 4264 | UNKNOWN | English - United States | RT_ICON |
4 | 3.49446 | 2216 | UNKNOWN | English - United States | RT_ICON |
5 | 0 | 1128 | UNKNOWN | English - United States | RT_ICON |
6 | 0 | 744 | UNKNOWN | English - United States | RT_ICON |
7 | 0 | 296 | UNKNOWN | English - United States | RT_ICON |
103 | 2.89248 | 104 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.54849 | 244 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.88287 | 272 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
VERSION.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1336 | "C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe" | C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe | — | explorer.exe |
User: admin Company: Sandboxie Holdings, LLC Integrity Level: MEDIUM Description: Sandboxie v5.30 Exit code: 3221226540 Version: 5.30.0.0 | ||||
2772 | "C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe" | C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe | explorer.exe | |
User: admin Company: Sandboxie Holdings, LLC Integrity Level: HIGH Description: Sandboxie v5.30 Exit code: 0 Version: 5.30.0.0 | ||||
3044 | C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie32inst.exe | Sandboxie.v5.30.exe | |
User: admin Company: Sandboxie Holdings, LLC Integrity Level: HIGH Description: Sandboxie Installer Exit code: 0 Version: 5.30 | ||||
3144 | "C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 scandll | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1876 | "C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2160 | "C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3572 | "C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 install SbieDrv "C:\Program Files\Sandboxie\SbieDrv.sys" type=kernel start=demand "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" altitude=86900 | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3648 | "C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 install SbieSvc "\"C:\Program Files\Sandboxie\SbieSvc.exe"\" type=own start=auto "display=Sandboxie Service" group=UIGroup "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2588 | "C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 start SbieSvc | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe | — | sbie32inst.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2688 | "C:\Program Files\Sandboxie\SbieSvc.exe" | C:\Program Files\Sandboxie\SbieSvc.exe | — | services.exe |
User: SYSTEM Company: Sandboxie Holdings, LLC Integrity Level: SYSTEM Description: Sandboxie Service Version: 5.30 |
(PID) Process: | (2772) Sandboxie.v5.30.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2772) Sandboxie.v5.30.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32 |
Operation: | write | Name: | FileTracingMask |
Value: 4294901760 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32 |
Operation: | write | Name: | ConsoleTracingMask |
Value: 4294901760 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32 |
Operation: | write | Name: | MaxFileSize |
Value: 1048576 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32 |
Operation: | write | Name: | FileDirectory |
Value: %windir%\tracing | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (3044) sbie32inst.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2772 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbiekg.exe | executable | |
MD5:976724E9E191DC289D226EA7F2553837 | SHA256:7F530A9CD7246CFDC2D4BB3717A74FC7925DCDDA31F9F5E2E44ABFB19E7EC8E0 | |||
3044 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\SbieMsg.dll | executable | |
MD5:B0C9A989ACF17E3E50788007E73C8087 | SHA256:1DA9DB646371ED6C71639F465DA333BD21071E28A5078938F3F9834E1CAC2489 | |||
2772 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie32inst.exe | executable | |
MD5:13578BCBF82C867D31B08BC185DF8BC6 | SHA256:434C122E837A5914A88B80414E955CF5D20C99468713F593A7EF9DB89227964F | |||
3044 | sbie32inst.exe | C:\Program Files\Sandboxie\SbieSvc.exe | executable | |
MD5:53E18D218C85F2B9ED95A921E93CFFEC | SHA256:5AC386F349AA6BDACCF194AC7C0895E11D2CC50B5DFAAECA84C2E53F162BC524 | |||
3044 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\ioSpecial.ini | text | |
MD5:84A8D73D0C403B80CA335CB356EBA303 | SHA256:29379FEC9BEDDD168DD2224C9F6776551696FB67381C16502D985061FF83ACCB | |||
3044 | sbie32inst.exe | C:\Program Files\Sandboxie\SbieDll.dll | executable | |
MD5:9A610E3FCA86954885673026D17B4791 | SHA256:06C2E8A3A37077D191628A86082982F844B09A5F11A27A1B3FEA573433431B92 | |||
2772 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie64inst.exe | executable | |
MD5:4055456544821AEAFFA4F2C315F51EE9 | SHA256:AAFA2739C75E0C9172092E943F8B3520F2B95BEBE927760E68B70BECCCF99CC5 | |||
2772 | Sandboxie.v5.30.exe | C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\repackme.gif | image | |
MD5:23D3840ADB8F4F1EFC083A1F7E640191 | SHA256:82A1454402156D74F4F23C992D5D772B665546208EFF44790871B8DCB36D2304 | |||
3044 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\InstallType.ini | text | |
MD5:46D2E7E6D3D5EE061B5646DF6834AF33 | SHA256:A9A81CA9A2EBEC41663E1DA4E5D480E6EAF9BCBDE266ABB9A0770DC9118186B9 | |||
3044 | sbie32inst.exe | C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\Warning.ini | text | |
MD5:4D358B27A971751E0C517061C948D96A | SHA256:74EE005CEB920094D99AA274ED37429EFE439FBC10E9D238C78DB4C836018A17 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3044 | sbie32inst.exe | 13.35.253.44:443 | www.sandboxie.com | — | US | suspicious |
— | — | 13.35.253.44:443 | www.sandboxie.com | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.sandboxie.com |
| shared |