File name:

tb-enable.exe

Full analysis: https://app.any.run/tasks/ba6054eb-f8fa-41ce-8183-d9f82d1bbe0f
Verdict: Malicious activity
Analysis date: March 09, 2025, 18:55:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (console) Intel 80386, for MS Windows, 16 sections
MD5:

0ED3E7B620CF65ACE6CB9AE1167C4D38

SHA1:

FC1BA84A65B8BF6D19356DF9A0061A731227A6FB

SHA256:

9C67F15C245139A6A909D34B137B70152B8D4D15F6A50B7F30143EABF03CA8BD

SSDEEP:

49152:8ivsZFSfKzKpN/vxh+psQ4tZdPETGUjUzb9pQYf6R0PlO5cqy4QNqxEHytwkMtbA:QTwz409ujMtbA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Working with threads in the GNU C Compiler (GCC) libraries related mutex has been found

      • tb-enable.exe (PID: 2692)

  • INFO

    • Checks supported languages

      • tb-enable.exe (PID: 2692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.3)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:05:18 22:39:59+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, 32-bit
PEType: PE32
LinkerVersion: 2.24
CodeSize: 524288
InitializedDataSize: 593408
UninitializedDataSize: 4096
EntryPoint: 0x14e0
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows command line
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start tb-enable.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2692"C:\Users\admin\AppData\Local\Temp\tb-enable.exe" C:\Users\admin\AppData\Local\Temp\tb-enable.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\tb-enable.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
Total events
6
Read events
6
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tb-enable.exe