File name: | aaa.exe |
Full analysis: | https://app.any.run/tasks/b4b9b504-88c9-48a2-81c4-12c2ecc34e24 |
Verdict: | No threats detected |
Analysis date: | June 20, 2019, 04:02:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 7397A01C220392444ED3B81D6A6C8FA3 |
SHA1: | A2EBA74447E336225E9A6DAE2A1C1B2B68FAA641 |
SHA256: | 9719D7CDD78794920A795C6BF8BC3797EC9DAABD6619899D0726E90E8DD2B42D |
SSDEEP: | 3072:kyUNJVPklZtkaV3BIyJHFMNbK0eg2RPEG8TX0pJyqb:kpNJVPwbhNdRi6bP62Q |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
ProductVersion: | 5.1.2600.2180 |
---|---|
ProductName: | Network QoS Provisioning Service |
OriginalFileName: | netqps.exe |
LegalCopyright: | © Ralink Technology Corporation. All rights reserved. |
InternalName: | netqps.exe |
FileVersion: | 5.1.2600.2180 |
FileDescription: | Network QoS Provisioning Service |
CompanyName: | Ralink Technology Corporation |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 5.1.2600.2180 |
FileVersionNumber: | 5.1.2600.2180 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | - |
OSVersion: | 5 |
EntryPoint: | 0x158ae |
UninitializedDataSize: | - |
InitializedDataSize: | 36864 |
CodeSize: | 91136 |
LinkerVersion: | 9 |
PEType: | PE32 |
TimeStamp: | 2011:10:18 21:52:48+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 18-Oct-2011 19:52:48 |
Detected languages: |
|
CompanyName: | Ralink Technology Corporation |
FileDescription: | Network QoS Provisioning Service |
FileVersion: | 5.1.2600.2180 |
InternalName: | netqps.exe |
LegalCopyright: | © Ralink Technology Corporation. All rights reserved. |
OriginalFilename: | netqps.exe |
ProductName: | Network QoS Provisioning Service |
ProductVersion: | 5.1.2600.2180 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000F8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 18-Oct-2011 19:52:48 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001635F | 0x00016400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.48166 |
.rdata | 0x00018000 | 0x00005288 | 0x00005400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.78389 |
.data | 0x0001E000 | 0x0000534C | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.22474 |
.rsrc | 0x00024000 | 0x000005B4 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.57774 |
.reloc | 0x00025000 | 0x00001F3E | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.98683 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.49335 | 908 | Latin 1 / Western European | English - United States | RT_VERSION |
ADVAPI32.dll (delay-loaded) |
KERNEL32.dll |
msvcrt.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2444 | "C:\Users\admin\AppData\Local\Temp\aaa.exe" | C:\Users\admin\AppData\Local\Temp\aaa.exe | explorer.exe | ||||||||||||
User: admin Company: Ralink Technology Corporation Integrity Level: MEDIUM Description: Network QoS Provisioning Service Version: 5.1.2600.2180 Modules
|
(PID) Process: | (2444) aaa.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Netqps |
Value: C:\Users\admin\AppData\Local\Temp\aaa.exe -run | |||
(PID) Process: | (2444) aaa.exe | Key: | HKEY_CLASSES_ROOT\CLSID\{731823ef-11b3-6c7f-dd21-d5763d265f9e3}\ShellFolder |
Operation: | write | Name: | ProgID |
Value: E72DBC964AC82D3C650129B648AD62C9E24E6ABC9EEBEF92AC2D077305 | |||
(PID) Process: | (2444) aaa.exe | Key: | HKEY_CLASSES_ROOT\CLSID\{731823ef-11b3-6c7f-dd21-d5763d265f9e3}\ShellFolder |
Operation: | write | Name: | ProgID |
Value: E72DBC964AC82D3C650129B648AD62C9E24E6ABC9E277AF540C698DE57655844A31DBAB7CFE1447DEE913DB7C60F1EBC7C151B82CC | |||
(PID) Process: | (2444) aaa.exe | Key: | HKEY_CLASSES_ROOT\CLSID\{731823ef-11b3-6c7f-dd21-d5763d265f9e3}\ShellFolder |
Operation: | write | Name: | |
Value: D99C457D82F05E820368EA0E4415540C0368EA0E4415540C0368EA0E4415540C295E4EFADCB36F810368EA0E4415540C0368EA0E4415540C0368EA0E4415540C54FB437DB6E491D7C66581961AEAB5EA0AC0D8722EA2678083B230316DF5006FF5702C6B2E02CF2D702CA602FAF2C4B0A6F5DA905DD40B500368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540CE72DBC964AC82D3C650129B648AD62C9E24E6ABC9E277AF53D4CBCFB9EAA04C40368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C86AD7ACDF17853CFEEDB041D9C9F858D0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C76EEC15A41221B5E821194E8D927C3C9608132D83032E7BECB3C311AC91BEEAFE4478BF6A4D03CF15670BBE3488C2AC2D2C35F6B29CAF77B46312F28D3EE40DBD3691D45F2956E09DF3751D50969B48E0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E4415540C0368EA0E44151CDB3A1BD2F8F7ED |