analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://web.utorrent.com/update/

Full analysis: https://app.any.run/tasks/445c8cd6-92c5-45b5-b900-ac70bfd31189
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 20, 2019, 09:45:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
pua
lavasoft
loader
Indicators:
MD5:

AF35A32133F35D8F5C0D93DBCE07B233

SHA1:

467E30D1FA8094BFB564060BD19B8D1AD09D9A30

SHA256:

A23BC55FC4CEA6EDEC8239496F40B566E722FC822BA3E3879150120AC00359FE

SSDEEP:

3:N8RERKORLKUmK:2SBRL39

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • utweb_installer.exe (PID: 3496)
      • GenericSetup.exe (PID: 2744)
      • Carrier.exe (PID: 2524)
      • installer.exe (PID: 2128)
      • bwmnhjdu.34f.exe (PID: 4024)
      • bwmnhjdu.34f.exe (PID: 2748)
      • bwmnhjdu.34f.exe (PID: 2304)
      • bwmnhjdu.34f.exe (PID: 3060)
      • bwmnhjdu.34f.exe (PID: 3876)
      • of4dlk5r.fcr.exe (PID: 2944)
      • utweb.exe (PID: 2968)
      • WebCompanionInstaller.exe (PID: 2076)
      • Lavasoft.WCAssistant.WinService.exe (PID: 392)
      • WebCompanion.exe (PID: 2728)
      • _sfx.exe (PID: 1524)
      • assistant_installer.exe (PID: 2536)
      • utweb.exe (PID: 3424)
      • Ad-Aware Web Companion.exe (PID: 2648)
      • installer.exe (PID: 1892)
      • installer.exe (PID: 3792)
      • assistant_installer.exe (PID: 1364)
      • assistant_installer.exe (PID: 4080)
      • launcher.exe (PID: 3644)
      • opera.exe (PID: 3600)
      • browser_assistant.exe (PID: 3976)
      • launcher.exe (PID: 288)
      • opera_crashreporter.exe (PID: 3636)
      • opera.exe (PID: 3544)
      • opera.exe (PID: 3628)
      • opera_crashreporter.exe (PID: 596)
      • opera.exe (PID: 3720)
      • opera.exe (PID: 3240)
      • opera.exe (PID: 1456)
      • opera.exe (PID: 1224)
      • opera.exe (PID: 1700)
      • opera.exe (PID: 1572)
      • opera.exe (PID: 2696)
      • opera.exe (PID: 3144)
      • opera.exe (PID: 3476)
      • opera.exe (PID: 3848)
      • opera.exe (PID: 4068)
      • opera.exe (PID: 3532)
      • opera.exe (PID: 3800)
      • opera.exe (PID: 2432)
      • launcher.exe (PID: 328)
      • opera.exe (PID: 2884)
      • WebCompanion.exe (PID: 2368)
      • opera_autoupdate.exe (PID: 2576)
      • opera_autoupdate.exe (PID: 2848)
      • opera.exe (PID: 5068)
      • opera.exe (PID: 4820)
      • installer.exe (PID: 2688)
      • opera_autoupdate.exe (PID: 4240)
      • opera_autoupdate.exe (PID: 5164)

    • Changes settings of System certificates

      • GenericSetup.exe (PID: 2744)

    • Loads dropped or rewritten executable

      • GenericSetup.exe (PID: 2744)
      • Carrier.exe (PID: 2524)
      • bwmnhjdu.34f.exe (PID: 2748)
      • bwmnhjdu.34f.exe (PID: 3876)
      • bwmnhjdu.34f.exe (PID: 4024)
      • bwmnhjdu.34f.exe (PID: 2304)
      • bwmnhjdu.34f.exe (PID: 3060)
      • utweb.exe (PID: 2968)
      • WebCompanionInstaller.exe (PID: 2076)
      • WebCompanion.exe (PID: 2728)
      • installer.exe (PID: 3792)
      • installer.exe (PID: 1892)
      • Lavasoft.WCAssistant.WinService.exe (PID: 392)
      • utweb.exe (PID: 3424)
      • opera.exe (PID: 3600)
      • opera.exe (PID: 3720)
      • opera.exe (PID: 3628)
      • opera.exe (PID: 3544)
      • opera.exe (PID: 1700)
      • opera.exe (PID: 1572)
      • opera.exe (PID: 1456)
      • opera.exe (PID: 1224)
      • opera.exe (PID: 3240)
      • opera.exe (PID: 3144)
      • opera.exe (PID: 4068)
      • opera.exe (PID: 2696)
      • opera.exe (PID: 3476)
      • opera.exe (PID: 3800)
      • opera.exe (PID: 2432)
      • opera.exe (PID: 2884)
      • opera.exe (PID: 4820)
      • installer.exe (PID: 2688)
      • opera.exe (PID: 5068)
      • WebCompanion.exe (PID: 2368)

    • LAVASOFT was detected

      • installer.exe (PID: 2128)

    • Downloads executable files from the Internet

      • GenericSetup.exe (PID: 2744)

    • Loads the Task Scheduler COM API

      • GenericSetup.exe (PID: 2744)
      • installer.exe (PID: 3792)
      • assistant_installer.exe (PID: 1364)
      • opera.exe (PID: 3628)

    • Changes the autorun value in the registry

      • utweb.exe (PID: 2968)
      • WebCompanion.exe (PID: 2728)
      • assistant_installer.exe (PID: 1364)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 2076)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 3628)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • utweb_installer.exe (PID: 3496)
      • opera.exe (PID: 2568)
      • Carrier.exe (PID: 2524)
      • bwmnhjdu.34f.exe (PID: 2304)
      • bwmnhjdu.34f.exe (PID: 2748)
      • GenericSetup.exe (PID: 2744)
      • bwmnhjdu.34f.exe (PID: 3060)
      • bwmnhjdu.34f.exe (PID: 4024)
      • of4dlk5r.fcr.exe (PID: 2944)
      • WebCompanionInstaller.exe (PID: 2076)
      • _sfx.exe (PID: 1524)
      • installer.exe (PID: 1892)
      • installer.exe (PID: 3792)
      • assistant_installer.exe (PID: 1364)
      • launcher.exe (PID: 328)
      • installer.exe (PID: 2688)

    • Reads Environment values

      • GenericSetup.exe (PID: 2744)

    • Reads Windows owner or organization settings

      • GenericSetup.exe (PID: 2744)

    • Reads the Windows organization settings

      • GenericSetup.exe (PID: 2744)

    • Adds / modifies Windows certificates

      • GenericSetup.exe (PID: 2744)

    • Starts CMD.EXE for commands execution

      • GenericSetup.exe (PID: 2744)
      • WebCompanionInstaller.exe (PID: 2076)
      • Lavasoft.WCAssistant.WinService.exe (PID: 392)

    • Creates files in the user directory

      • bwmnhjdu.34f.exe (PID: 2748)
      • Carrier.exe (PID: 2524)
      • utweb.exe (PID: 2968)
      • WebCompanionInstaller.exe (PID: 2076)
      • WebCompanion.exe (PID: 2728)
      • installer.exe (PID: 3792)
      • browser_assistant.exe (PID: 3976)
      • opera.exe (PID: 3600)
      • opera.exe (PID: 3628)
      • opera_autoupdate.exe (PID: 2848)

    • Application launched itself

      • bwmnhjdu.34f.exe (PID: 2304)
      • opera.exe (PID: 3628)
      • opera.exe (PID: 3600)
      • opera_autoupdate.exe (PID: 2848)
      • opera_autoupdate.exe (PID: 5164)

    • Creates a software uninstall entry

      • Carrier.exe (PID: 2524)
      • WebCompanionInstaller.exe (PID: 2076)
      • installer.exe (PID: 3792)

    • Modifies the open verb of a shell class

      • Carrier.exe (PID: 2524)
      • installer.exe (PID: 3792)

    • Reads Internet Cache Settings

      • Carrier.exe (PID: 2524)
      • utweb.exe (PID: 2968)
      • bwmnhjdu.34f.exe (PID: 2304)

    • Executed via Task Scheduler

      • utweb.exe (PID: 2968)
      • launcher.exe (PID: 328)

    • Starts Internet Explorer

      • utweb.exe (PID: 2968)

    • Starts SC.EXE for service management

      • WebCompanionInstaller.exe (PID: 2076)

    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 2076)
      • WebCompanion.exe (PID: 2728)
      • Lavasoft.WCAssistant.WinService.exe (PID: 392)
      • installer.exe (PID: 3792)
      • bwmnhjdu.34f.exe (PID: 3060)
      • assistant_installer.exe (PID: 1364)
      • WebCompanion.exe (PID: 2368)

    • Uses NETSH.EXE for network configuration

      • cmd.exe (PID: 1708)
      • cmd.exe (PID: 944)

    • Executed as Windows Service

      • Lavasoft.WCAssistant.WinService.exe (PID: 392)
      • PresentationFontCache.exe (PID: 5916)

    • Searches for installed software

      • GenericSetup.exe (PID: 2744)

    • Creates files in the Windows directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 392)
      • WebCompanion.exe (PID: 2728)
      • WebCompanionInstaller.exe (PID: 2076)

    • Removes files from Windows directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 392)
      • WebCompanionInstaller.exe (PID: 2076)

    • Changes IE settings (feature browser emulation)

      • assistant_installer.exe (PID: 1364)

    • Executed via COM

      • unsecapp.exe (PID: 284)

    • Changes the started page of IE

      • WebCompanion.exe (PID: 2728)

    • Reads the machine GUID from the registry

      • opera.exe (PID: 3600)
      • opera.exe (PID: 3628)
      • opera_autoupdate.exe (PID: 2576)

  • INFO

    • Creates files in the user directory

      • opera.exe (PID: 2568)
      • iexplore.exe (PID: 4032)
      • iexplore.exe (PID: 2212)

    • Reads settings of System Certificates

      • GenericSetup.exe (PID: 2744)
      • bwmnhjdu.34f.exe (PID: 2304)

    • Application launched itself

      • iexplore.exe (PID: 2212)
      • iexplore.exe (PID: 3868)

    • Changes internet zones settings

      • iexplore.exe (PID: 2212)
      • iexplore.exe (PID: 3868)

    • Reads internet explorer settings

      • iexplore.exe (PID: 4032)
      • iexplore.exe (PID: 3572)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 4032)
      • iexplore.exe (PID: 2212)
      • iexplore.exe (PID: 3572)

    • Dropped object may contain Bitcoin addresses

      • WebCompanionInstaller.exe (PID: 2076)
      • bwmnhjdu.34f.exe (PID: 3060)
      • WebCompanion.exe (PID: 2728)

    • Manual execution by user

      • utweb.exe (PID: 3424)
      • assistant_installer.exe (PID: 4080)
      • opera.exe (PID: 3628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
73
Malicious processes
29
Suspicious processes
12

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start opera.exe utweb_installer.exe #LAVASOFT installer.exe genericsetup.exe cmd.exe no specs carrier.exe cmd.exe no specs bwmnhjdu.34f.exe bwmnhjdu.34f.exe bwmnhjdu.34f.exe no specs bwmnhjdu.34f.exe bwmnhjdu.34f.exe cmd.exe no specs of4dlk5r.fcr.exe utweb.exe webcompanioninstaller.exe iexplore.exe iexplore.exe sc.exe no specs sc.exe no specs sc.exe no specs cmd.exe no specs netsh.exe no specs webcompanion.exe lavasoft.wcassistant.winservice.exe _sfx.exe assistant_installer.exe installer.exe installer.exe cmd.exe no specs utweb.exe no specs csc.exe no specs netsh.exe no specs cvtres.exe no specs assistant_installer.exe ad-aware web companion.exe no specs assistant_installer.exe browser_assistant.exe launcher.exe no specs iexplore.exe unsecapp.exe no specs launcher.exe no specs opera.exe no specs iexplore.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe webcompanion.exe opera_autoupdate.exe no specs launcher.exe installer.exe opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe no specs opera.exe no specs presentationfontcache.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2568"C:\Program Files\Opera\opera.exe" https://web.utorrent.com/update/C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
3496"C:\Users\admin\AppData\Local\Opera\Opera\temporary_downloads\utweb_installer.exe" C:\Users\admin\AppData\Local\Opera\Opera\temporary_downloads\utweb_installer.exe
opera.exe
User:
admin
Company:
BitTorrent, Inc.
Integrity Level:
MEDIUM
Description:
uTorrent Web
Exit code:
0
Version:
0.22.0.1094
2128.\installer.exeC:\Users\admin\AppData\Local\Temp\7zS8AD21014\installer.exe
utweb_installer.exe
User:
admin
Company:
adaware
Integrity Level:
MEDIUM
Description:
uTorrent Web
Exit code:
0
Version:
2.8.3.1680
2744"C:\Users\admin\AppData\Local\Temp\7zS8AD21014\GenericSetup.exe" C:\Users\admin\AppData\Local\Temp\7zS8AD21014\GenericSetup.exe C:\Users\admin\AppData\Local\Temp\7zS8AD21014\GenericSetup.exe
installer.exe
User:
admin
Company:
adaware
Integrity Level:
HIGH
Description:
uTorrent Web
Exit code:
0
Version:
2.8.3.1680
2572"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\7zS8AD21014\Carrier.exe" /S "C:\Windows\system32\cmd.exeGenericSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2524"C:\Users\admin\AppData\Local\Temp\7zS8AD21014\Carrier.exe" /S C:\Users\admin\AppData\Local\Temp\7zS8AD21014\Carrier.exe
cmd.exe
User:
admin
Company:
BitTorrent, Inc.
Integrity Level:
HIGH
Description:
uTorrent Web
Exit code:
0
Version:
0.22.0.1094
2424"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\bwmnhjdu.34f.exe" --silent --otd="utm.medium:pb,utm.source:lavasoft,utm.campaign:VSW_Opera_5b9825e398faa4986df2423f""C:\Windows\system32\cmd.exeGenericSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2304"C:\Users\admin\AppData\Local\Temp\bwmnhjdu.34f.exe" --silent --otd="utm.medium:pb,utm.source:lavasoft,utm.campaign:VSW_Opera_5b9825e398faa4986df2423f"C:\Users\admin\AppData\Local\Temp\bwmnhjdu.34f.exe
cmd.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
60.0.3255.95
2748C:\Users\admin\AppData\Local\Temp\bwmnhjdu.34f.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=60.0.3255.95 --initial-client-data=0xdc,0xe4,0xe8,0xe0,0xec,0x6650ce60,0x6650ce70,0x6650ce7cC:\Users\admin\AppData\Local\Temp\bwmnhjdu.34f.exe
bwmnhjdu.34f.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
60.0.3255.95
3876"C:\Users\admin\AppData\Local\Temp\Opera Installer Temp\bwmnhjdu.34f.exe" --versionC:\Users\admin\AppData\Local\Temp\Opera Installer Temp\bwmnhjdu.34f.exebwmnhjdu.34f.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
60.0.3255.95
Total events
7 431
Read events
6 498
Write events
0
Delete events
0

Modification events

No data
Executable files
140
Suspicious files
147
Text files
806
Unknown types
92

Dropped files

PID
Process
Filename
Type
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr3897.tmp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opr38A8.tmp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opr38F7.tmp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TPU5LYQP5UV6Q3WZ4RGA.temp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr476F.tmp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr5981.tmp
MD5:
SHA256:
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:BE40B5A7AEF8C167271602A2B49D4E31
SHA256:22755800E796F0A02D002FFAA541C2043737DD190A8CEFC109AC143FBF5F4A13
2568opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:A6FCF1A2844A8002E20BA5B82E0158C0
SHA256:81102B5C66BC043AB6994FB8ABF4250524937FFC021481156CD4A3CC7169338C
2568opera.exeC:\Users\admin\AppData\Local\Opera\Opera\icons\web.utorrent.com.idxtext
MD5:014A8807E42CF41B059F255E9868426A
SHA256:E8382A5B0E809565BB78CED0FFC15DC2DDC823D995ACE5F0FC7388904BDBF911
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
282
DNS requests
87
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2568
opera.exe
GET
200
93.184.220.29:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
543 b
whitelisted
2568
opera.exe
GET
200
93.184.220.29:80
http://status.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFvn094QJ%2BcWGTwWWEy%2BBXPZkW8AQUo8heZVTlMHjBBeoHCmpZzLn%2B3loCEAp5FymMEbmBiJidWot7PQs%3D
US
der
471 b
whitelisted
2568
opera.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEBQZr8DeSFN%2FkpmVCws6msc%3D
US
der
471 b
whitelisted
2568
opera.exe
GET
200
172.217.18.163:80
http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDJ%2BbiZYJROiISCOfH68sRM%3D
US
der
471 b
whitelisted
2568
opera.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertGlobalRootCA.crl
US
der
581 b
whitelisted
2568
opera.exe
GET
200
172.217.18.163:80
http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEFGEgT%2BxPPudtuEfsn%2FMzeM%3D
US
der
471 b
whitelisted
2568
opera.exe
GET
200
151.139.128.14:80
http://crl.usertrust.com/AddTrustExternalCARoot.crl
US
der
673 b
whitelisted
2568
opera.exe
GET
200
172.217.16.131:80
http://crl.pki.goog/gsr2/gsr2.crl
US
der
546 b
whitelisted
2568
opera.exe
GET
200
151.139.128.14:80
http://crl.comodoca.com/COMODORSACertificationAuthority.crl
US
der
812 b
whitelisted
2568
opera.exe
GET
200
172.217.18.163:80
http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEB80oLaeU1vhpYbVfJsgxYg%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2568
opera.exe
205.185.208.52:443
code.jquery.com
Highwinds Network Group, Inc.
US
unknown
2568
opera.exe
185.26.182.112:443
sitecheck2.opera.com
Opera Software AS
malicious
2568
opera.exe
93.184.220.29:80
crl3.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2568
opera.exe
209.197.3.15:443
netdna.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
2568
opera.exe
54.230.93.234:443
web.utorrent.com
Amazon.com, Inc.
US
unknown
2568
opera.exe
185.26.182.94:443
sitecheck2.opera.com
Opera Software AS
whitelisted
2568
opera.exe
185.26.182.93:443
sitecheck2.opera.com
Opera Software AS
whitelisted
2568
opera.exe
87.248.222.180:443
www.utorrent.com
Limelight Networks, Inc.
IT
suspicious
2568
opera.exe
104.19.196.151:443
cdnjs.cloudflare.com
Cloudflare Inc
US
shared
2568
opera.exe
172.217.22.74:443
fonts.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
web.utorrent.com
  • 54.230.93.234
  • 54.230.93.15
  • 54.230.93.200
  • 54.230.93.198
shared
sitecheck2.opera.com
  • 185.26.182.112
  • 185.26.182.93
  • 185.26.182.94
  • 185.26.182.111
whitelisted
certs.opera.com
  • 185.26.182.93
  • 185.26.182.94
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
status.thawte.com
  • 93.184.220.29
whitelisted
crl4.digicert.com
  • 93.184.220.29
whitelisted
www.utorrent.com
  • 87.248.222.180
whitelisted
netdna.bootstrapcdn.com
  • 209.197.3.15
whitelisted
code.jquery.com
  • 205.185.208.52
whitelisted
fonts.googleapis.com
  • 172.217.22.74
whitelisted

Threats

PID
Process
Class
Message
2128
installer.exe
A Network Trojan was detected
ET MALWARE Lavasoft PUA/Adware Client Install
2744
GenericSetup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2744
GenericSetup.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2744
GenericSetup.exe
Misc activity
ET INFO EXE - Served Attached HTTP
2524
Carrier.exe
A Network Trojan was detected
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
2524
Carrier.exe
A Network Trojan was detected
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
2744
GenericSetup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2744
GenericSetup.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2744
GenericSetup.exe
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
2 ETPRO signatures available at the full report
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
5/20/2019 10:46:44 AM :-> Starting installer 4.7.1987.3881 with: .\WebCompanionInstaller.exe --partner=BT171001 --version=4.7.1987.3881 --prod --silent --homepage=1 --search=1 --partner=BT171001, Run as admin: True
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> Checking prerequisites ...
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> Antivirus not detected
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> vm_check False
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> reg_check :False
WebCompanionInstaller.exe
5/20/2019 10:46:46 AM :-> Installed .Net framework is V40
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://web.utorrent.com/update/