Malware analysis https://www.tenorshare.net/products/reiboot-for-android.html Malicious activity

Add for printing

URL:	https://www.tenorshare.net/products/reiboot-for-android.html
Full analysis:	https://app.any.run/tasks/07a3ba85-88e0-4583-acc9-4afac7c4cccf
Verdict:	Malicious activity
Analysis date:	January 01, 2024, 09:50:03
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	evasion
Indicators:
MD5:	3BFE5329ED4A1D258A7F44B09B787B7A
SHA1:	69BF81CB35D76538CD3046FA33EAD7C4BE7E9130
SHA256:	A41845D5BD9357A6C28F0B1555FB6B5D34E7DBB9115DC4F6DFA1CB203FCD9380
SSDEEP:	3:N8DSLbXILLz9aQGRWMNIDMDRwJn:2OLELMTRWnQDR8n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Creates a writable file in the system directory
  - drvinst.exe (PID: 3424)
  - drvinst.exe (PID: 2740)
  - drvinst.exe (PID: 3360)
  - drvinst.exe (PID: 3860)
  - drvinst.exe (PID: 3532)
SUSPICIOUS
- Reads security settings of Internet Explorer
  - reiboot-for-android.exe (PID: 2572)
  - ReibootForAndroid.exe (PID: 2824)
  - ReibootForAndroid.exe (PID: 1832)
- Reads settings of System Certificates
  - reiboot-for-android.exe (PID: 2572)
  - rundll32.exe (PID: 3520)
  - ReibootForAndroid.exe (PID: 2824)
  - rundll32.exe (PID: 3484)
  - ReibootForAndroid.exe (PID: 1832)
- Reads the Windows owner or organization settings
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
- Drops a system driver (possible attempt to evade defenses)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - drvinst.exe (PID: 3860)
  - DPInst32.exe (PID: 3364)
  - drvinst.exe (PID: 3532)
- Reads the Internet Settings
  - Start.exe (PID: 2356)
  - ReibootForAndroid.exe (PID: 2824)
  - reiboot-for-android.exe (PID: 2572)
  - Start.exe (PID: 1820)
  - ReibootForAndroid.exe (PID: 1832)
- Creates a software uninstall entry
  - ReibootForAndroid.exe (PID: 2824)
  - ReibootForAndroid.exe (PID: 1832)
- Searches for installed software
  - ReibootForAndroid.exe (PID: 2824)
  - ReibootForAndroid.exe (PID: 1832)
- Starts CMD.EXE for commands execution
  - ReibootForAndroid.exe (PID: 2824)
  - ReibootForAndroid.exe (PID: 1832)
- Checks Windows Trust Settings
  - drvinst.exe (PID: 3424)
  - ReibootForAndroid.exe (PID: 2824)
  - reiboot-for-android.exe (PID: 2572)
  - drvinst.exe (PID: 2740)
  - drvinst.exe (PID: 3860)
  - drvinst.exe (PID: 3532)
  - drvinst.exe (PID: 3360)
  - ReibootForAndroid.exe (PID: 1832)
- Creates files in the driver directory
  - drvinst.exe (PID: 3424)
  - drvinst.exe (PID: 2740)
  - drvinst.exe (PID: 3360)
  - drvinst.exe (PID: 3532)
  - drvinst.exe (PID: 3860)
- Uses TASKKILL.EXE to kill process
  - cmd.exe (PID: 3732)
  - cmd.exe (PID: 3740)
  - cmd.exe (PID: 3960)
  - cmd.exe (PID: 2944)
- Changes Internet Explorer settings (feature browser emulation)
  - ReibootForAndroid.exe (PID: 1832)
INFO
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 2032)
  - iexplore.exe (PID: 116)
  - reibootforandroid_net_2.1.19.exe (PID: 2360)
  - ReibootForAndroid.exe (PID: 2824)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - drvinst.exe (PID: 3424)
  - DPInst32.exe (PID: 3364)
  - drvinst.exe (PID: 2740)
  - drvinst.exe (PID: 3360)
  - drvinst.exe (PID: 3532)
  - drvinst.exe (PID: 3860)
- Application launched itself
  - iexplore.exe (PID: 116)
  - msedge.exe (PID: 3792)
  - msedge.exe (PID: 2016)
  - adb.exe (PID: 3816)
  - adb.exe (PID: 1796)
- Checks for external IP
  - reiboot-for-android.exe (PID: 2572)
- Creates files in the program directory
  - reiboot-for-android.exe (PID: 2572)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - ReibootForAndroid.exe (PID: 2824)
  - Start.exe (PID: 2356)
- Connects to the CnC server
  - reiboot-for-android.exe (PID: 2572)
- Checks supported languages
  - reibootforandroid_net_2.1.19.exe (PID: 2360)
  - reiboot-for-android.exe (PID: 2572)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - Start.exe (PID: 2356)
  - ReibootForAndroid.exe (PID: 2824)
  - fastboot.exe (PID: 3260)
  - InstallAndDriver.exe (PID: 3232)
  - fastboot.exe (PID: 3300)
  - DPInst32.exe (PID: 3364)
  - repair.exe (PID: 3276)
  - drvinst.exe (PID: 3424)
  - fastboot.exe (PID: 3388)
  - fastboot.exe (PID: 188)
  - fastboot.exe (PID: 2376)
  - fastboot.exe (PID: 1900)
  - fastboot.exe (PID: 3872)
  - fastboot.exe (PID: 3012)
  - fastboot.exe (PID: 2840)
  - fastboot.exe (PID: 3088)
  - fastboot.exe (PID: 1020)
  - drvinst.exe (PID: 2740)
  - fastboot.exe (PID: 2748)
  - fastboot.exe (PID: 3776)
  - fastboot.exe (PID: 2504)
  - fastboot.exe (PID: 3468)
  - fastboot.exe (PID: 1044)
  - fastboot.exe (PID: 568)
  - drvinst.exe (PID: 3360)
  - drvinst.exe (PID: 3860)
  - fastboot.exe (PID: 3424)
  - adb.exe (PID: 1804)
  - adb.exe (PID: 1796)
  - fastboot.exe (PID: 3328)
  - drvinst.exe (PID: 3532)
  - adb.exe (PID: 3816)
  - fastboot.exe (PID: 2948)
  - adb.exe (PID: 2492)
  - adb.exe (PID: 2152)
  - fastboot.exe (PID: 908)
  - adb.exe (PID: 3780)
  - fastboot.exe (PID: 2168)
  - adb.exe (PID: 3464)
  - adb.exe (PID: 1600)
  - fastboot.exe (PID: 996)
  - fastboot.exe (PID: 568)
  - fastboot.exe (PID: 3064)
  - fastboot.exe (PID: 2452)
  - fastboot.exe (PID: 3864)
  - fastboot.exe (PID: 3704)
  - fastboot.exe (PID: 452)
  - fastboot.exe (PID: 3628)
  - fastboot.exe (PID: 3488)
  - adb.exe (PID: 4040)
  - fastboot.exe (PID: 2296)
  - fastboot.exe (PID: 2756)
  - fastboot.exe (PID: 1344)
  - fastboot.exe (PID: 2852)
  - fastboot.exe (PID: 3652)
  - fastboot.exe (PID: 2356)
  - fastboot.exe (PID: 2816)
  - fastboot.exe (PID: 240)
  - fastboot.exe (PID: 1036)
  - fastboot.exe (PID: 1924)
  - fastboot.exe (PID: 1840)
  - fastboot.exe (PID: 1992)
  - fastboot.exe (PID: 1844)
  - fastboot.exe (PID: 1804)
  - fastboot.exe (PID: 2496)
  - fastboot.exe (PID: 3932)
  - fastboot.exe (PID: 3208)
  - fastboot.exe (PID: 1268)
  - Start.exe (PID: 1820)
  - ReibootForAndroid.exe (PID: 1832)
  - InstallAndDriver.exe (PID: 3388)
  - repair.exe (PID: 3864)
  - fastboot.exe (PID: 3424)
  - fastboot.exe (PID: 3876)
  - fastboot.exe (PID: 3768)
  - fastboot.exe (PID: 3328)
  - DPInst32.exe (PID: 3916)
  - fastboot.exe (PID: 3872)
  - fastboot.exe (PID: 1784)
  - fastboot.exe (PID: 2764)
  - fastboot.exe (PID: 1528)
  - fastboot.exe (PID: 2888)
  - fastboot.exe (PID: 2856)
  - fastboot.exe (PID: 2788)
  - fastboot.exe (PID: 2928)
  - fastboot.exe (PID: 1636)
  - fastboot.exe (PID: 2328)
  - fastboot.exe (PID: 2256)
  - fastboot.exe (PID: 2952)
  - fastboot.exe (PID: 3644)
  - fastboot.exe (PID: 2368)
  - fastboot.exe (PID: 2448)
- Create files in a temporary directory
  - reibootforandroid_net_2.1.19.exe (PID: 2360)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - ReibootForAndroid.exe (PID: 2824)
  - DPInst32.exe (PID: 3364)
  - reiboot-for-android.exe (PID: 2572)
  - adb.exe (PID: 2152)
  - ReibootForAndroid.exe (PID: 1832)
- Reads the computer name
  - reiboot-for-android.exe (PID: 2572)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - Start.exe (PID: 2356)
  - ReibootForAndroid.exe (PID: 2824)
  - fastboot.exe (PID: 3260)
  - fastboot.exe (PID: 3300)
  - DPInst32.exe (PID: 3364)
  - drvinst.exe (PID: 3424)
  - fastboot.exe (PID: 3388)
  - fastboot.exe (PID: 3872)
  - fastboot.exe (PID: 188)
  - fastboot.exe (PID: 2376)
  - fastboot.exe (PID: 3012)
  - fastboot.exe (PID: 2840)
  - fastboot.exe (PID: 3088)
  - fastboot.exe (PID: 1020)
  - fastboot.exe (PID: 1900)
  - drvinst.exe (PID: 2740)
  - fastboot.exe (PID: 3776)
  - fastboot.exe (PID: 2748)
  - fastboot.exe (PID: 2504)
  - fastboot.exe (PID: 3468)
  - fastboot.exe (PID: 1044)
  - fastboot.exe (PID: 568)
  - drvinst.exe (PID: 3360)
  - fastboot.exe (PID: 3328)
  - fastboot.exe (PID: 3424)
  - drvinst.exe (PID: 3860)
  - drvinst.exe (PID: 3532)
  - adb.exe (PID: 2492)
  - adb.exe (PID: 2152)
  - fastboot.exe (PID: 908)
  - fastboot.exe (PID: 2168)
  - fastboot.exe (PID: 2948)
  - fastboot.exe (PID: 996)
  - fastboot.exe (PID: 568)
  - fastboot.exe (PID: 3704)
  - fastboot.exe (PID: 2452)
  - fastboot.exe (PID: 3064)
  - fastboot.exe (PID: 3864)
  - fastboot.exe (PID: 452)
  - fastboot.exe (PID: 3488)
  - fastboot.exe (PID: 2816)
  - fastboot.exe (PID: 2296)
  - fastboot.exe (PID: 2756)
  - fastboot.exe (PID: 240)
  - fastboot.exe (PID: 1344)
  - fastboot.exe (PID: 3208)
  - fastboot.exe (PID: 3652)
  - fastboot.exe (PID: 2852)
  - fastboot.exe (PID: 3628)
  - fastboot.exe (PID: 2356)
  - fastboot.exe (PID: 1268)
  - fastboot.exe (PID: 1840)
  - fastboot.exe (PID: 1036)
  - fastboot.exe (PID: 1924)
  - fastboot.exe (PID: 1844)
  - fastboot.exe (PID: 1992)
  - fastboot.exe (PID: 2496)
  - fastboot.exe (PID: 1804)
  - fastboot.exe (PID: 3932)
  - Start.exe (PID: 1820)
  - ReibootForAndroid.exe (PID: 1832)
  - fastboot.exe (PID: 3328)
  - fastboot.exe (PID: 3424)
  - DPInst32.exe (PID: 3916)
  - fastboot.exe (PID: 3876)
  - fastboot.exe (PID: 3872)
  - fastboot.exe (PID: 1784)
  - fastboot.exe (PID: 1528)
  - fastboot.exe (PID: 2888)
  - fastboot.exe (PID: 2788)
  - fastboot.exe (PID: 2764)
  - fastboot.exe (PID: 2856)
  - fastboot.exe (PID: 3768)
  - fastboot.exe (PID: 2928)
  - fastboot.exe (PID: 1636)
  - fastboot.exe (PID: 2328)
  - fastboot.exe (PID: 2256)
  - fastboot.exe (PID: 2952)
  - fastboot.exe (PID: 2368)
  - fastboot.exe (PID: 3644)
  - fastboot.exe (PID: 2448)
- The process uses the downloaded file
  - iexplore.exe (PID: 116)
- Checks proxy server information
  - reiboot-for-android.exe (PID: 2572)
  - ReibootForAndroid.exe (PID: 2824)
  - ReibootForAndroid.exe (PID: 1832)
- The process drops C-runtime libraries
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
- Process drops legitimate windows executable
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - DPInst32.exe (PID: 3364)
  - drvinst.exe (PID: 3424)
  - drvinst.exe (PID: 2740)
  - drvinst.exe (PID: 3360)
- Process drops legitimate windows executable (CertUtil.exe)
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
- Drops 7-zip archiver for unpacking
  - reibootforandroid_net_2.1.19.tmp (PID: 2844)
  - ReibootForAndroid.exe (PID: 2824)
- Reads the machine GUID from the registry
  - ReibootForAndroid.exe (PID: 2824)
  - DPInst32.exe (PID: 3364)
  - drvinst.exe (PID: 3424)
  - reiboot-for-android.exe (PID: 2572)
  - drvinst.exe (PID: 2740)
  - drvinst.exe (PID: 3360)
  - drvinst.exe (PID: 3532)
  - drvinst.exe (PID: 3860)
  - adb.exe (PID: 2492)
  - adb.exe (PID: 2152)
  - ReibootForAndroid.exe (PID: 1832)
  - DPInst32.exe (PID: 3916)
- Reads Environment values
  - ReibootForAndroid.exe (PID: 2824)
  - reiboot-for-android.exe (PID: 2572)
  - ReibootForAndroid.exe (PID: 1832)
- Reads security settings of Internet Explorer
  - rundll32.exe (PID: 3520)
  - rundll32.exe (PID: 3484)
- Executes as Windows Service
  - VSSVC.exe (PID: 3696)
- Manual execution by a user
  - msedge.exe (PID: 2016)
  - Start.exe (PID: 2128)
  - Start.exe (PID: 1820)
  - notepad++.exe (PID: 568)
- Creates files or folders in the user directory
  - ReibootForAndroid.exe (PID: 2824)
  - reiboot-for-android.exe (PID: 2572)
  - ReibootForAndroid.exe (PID: 1832)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

335

Monitored processes

204

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

116

"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.tenorshare.net/products/reiboot-for-android.html"

C:\Program Files\Internet Explorer\iexplore.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Internet Explorer

Exit code:

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll

124

"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devices

C:\Windows\System32\cmd.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

188

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

240

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

240

"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devices

C:\Windows\System32\cmd.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

452

"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devices

C:\Windows\System32\cmd.exe

—

ReibootForAndroid.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

452

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

568

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

568

C:\tenorshare\adb\fastboot.exe devices

C:\tenorshare\adb\fastboot.exe

—

cmd.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll

568

"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Tenorshare\ReiBoot for Android\Start.exe"

C:\Program Files\Notepad++\notepad++.exe

explorer.exe

User:

admin

Company:

Don HO don.h@free.fr

Integrity Level:

MEDIUM

Description:

Notepad++ : a free (GNU) source code editor

Exit code:

Version:

7.91

Modules

Images
c:\program files\notepad++\notepad++.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

Add for printing

Total events

61 571

Read events

60 996

Write events

566

Delete events

Modification events


(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(116) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

332

Suspicious files

314

Text files

237

Unknown types

Dropped files

PID	Process	Filename		Type
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464		binary
		MD5:2282A4BDC3A4F23DFA1C2899086E824C	SHA256:9F8FCFA95025D3C306EC846103CB6CA423BD234684EB9D3D370211E0716FB9D5
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA		binary
		MD5:B686D1C4DECB96BEBD5F5E8D782A8CEF	SHA256:7870C6592639AF694DCFB12DAF05D546321B9D2B914E36482045F101EBB0347B
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA		binary
		MD5:F6F8B4B0F1271AD09BE8ECD9728BFEF6	SHA256:32E7864AD091668FFD0DB8CC47535C98DFF77F6BBD24C1F8D2BA676B7E2461E4
2032	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\reiboot-for-android[1].htm		html
		MD5:BD88999D7B6F3D77D55E17C9374C6F24	SHA256:0DF04DBB223CF51FB22F1FAC1833B89EF12E4133BB3988532BA4D5DA9789617D
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:8011B2CF326F8D352265EB14B9795E2A	SHA256:B69CAD1BC21E514C866E08CD3285D319EC6EBCEDAD9D6DB87297D38295BDEC75
2032	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNBG1FNU.txt		text
		MD5:FCFCBFD67A368A57E8CC748609BAA94A	SHA256:EEA0C1446657A71227EF18140C36239C2599C2B5543EA3499A5C8A62E3F7EF45
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		compressed
		MD5:1BFE591A4FE3D91B03CDF26EAACD8F89	SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464		binary
		MD5:8202A1CD02E7D69597995CABBE881A12	SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
2032	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\app.bundle[1].js		text
		MD5:54A942DB3467561955074AE54B9D0C7C	SHA256:4B8D342B06C72DEA82A33204835511A55702A23FACFD490536CEFACBFDF2DC80
2032	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F134D707C209C83E02D4485138FE5D48		binary
		MD5:BF09D7145A8D2B2AE40A62D6688E77A1	SHA256:213F854230F557B9D585336306240330E133C27B7DF439B6E9F77A8D7306583E

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

224

DNS requests

135

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2032	iexplore.exe	GET	200	23.32.238.242:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6b21170b0e7a1648	unknown	compressed	4.66 Kb	unknown
2032	iexplore.exe	GET	200	23.32.238.242:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?53bfb7cf8a6cf97e	unknown	compressed	4.66 Kb	unknown
2032	iexplore.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D	unknown	binary	1.41 Kb	unknown
2032	iexplore.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D	unknown	binary	724 b	unknown
2032	iexplore.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D	unknown	binary	724 b	unknown
2032	iexplore.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEA1uFYrLabZxEtE2U5X5DGM%3D	unknown	binary	471 b	unknown
2032	iexplore.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQClj3zJOwEs2AlR6v%2BfUXog	unknown	binary	472 b	unknown
2032	iexplore.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCZXmpIP%2Bo%2BHhJmodADfw%2Fc	unknown	binary	472 b	unknown
2032	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D	unknown	binary	471 b	unknown
2032	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D	unknown	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2032	iexplore.exe	104.18.11.138:443	www.tenorshare.net	CLOUDFLARENET	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2032	iexplore.exe	23.32.238.242:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
2032	iexplore.exe	142.250.186.131:80	ocsp.pki.goog	GOOGLE	US	whitelisted
2032	iexplore.exe	142.250.186.42:443	fonts.googleapis.com	GOOGLE	US	whitelisted
2032	iexplore.exe	104.18.24.249:443	images.tenorshare.com	CLOUDFLARENET	—	unknown
2032	iexplore.exe	104.18.10.138:443	www.tenorshare.net	CLOUDFLARENET	—	unknown
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2032	iexplore.exe	142.250.186.72:443	www.googletagmanager.com	GOOGLE	US	unknown

DNS requests

Domain	IP	Reputation
www.tenorshare.net	104.18.11.138 104.18.10.138	unknown
ctldl.windowsupdate.com	23.32.238.242 23.32.238.168 23.32.238.210 23.32.238.217 23.32.238.211 23.32.238.227 23.32.238.218 23.32.238.235 23.32.238.233 93.184.221.240	whitelisted
ocsp.pki.goog	142.250.186.131	whitelisted
fonts.googleapis.com	142.250.186.42	whitelisted
images.tenorshare.com	104.18.24.249 104.18.25.249	whitelisted
images.tenorshare.net	104.18.10.138 104.18.11.138	unknown
www.googletagmanager.com	142.250.186.72	whitelisted
fonts.gstatic.com	172.217.16.195	whitelisted
rpc.tenorshare.com	104.18.24.249 104.18.25.249	unknown
bat.bing.com	204.79.197.200 13.107.21.200	whitelisted

Threats

PID	Process	Class	Message
2572	reiboot-for-android.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0
2572	reiboot-for-android.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0
2572	reiboot-for-android.exe	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
2572	reiboot-for-android.exe	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com
2572	reiboot-for-android.exe	Possibly Unwanted Program Detected	ET ADWARE_PUP Tensorshare Google Analytics Checkin
2824	ReibootForAndroid.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0
1832	ReibootForAndroid.exe	Potential Corporate Privacy Violation	ET POLICY Unsupported/Fake Windows NT Version 5.0

4 ETPRO signatures available at the full report

Add for printing

Process	Message
ReibootForAndroid.exe	log4net:ERROR XmlHierarchyConfigurator: No appender named [ConsoleAppender] could be found.
ReibootForAndroid.exe	log4net:ERROR Appender named [ConsoleAppender] not found.
ReibootForAndroid.exe	Native library pre-loader is trying to load native SQLite library "C:\Program Files\Tenorshare\ReiBoot for Android\x86\SQLite.Interop.dll"...
notepad++.exe	VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe	VerifyLibrary: certificate revocation checking is disabled
notepad++.exe	ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe	VerifyLibrary: certificate revocation checking is disabled
notepad++.exe	VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe	ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe	VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll

General Info

https://www.tenorshare.net/products/reiboot-for-android.html

3BFE5329ED4A1D258A7F44B09B787B7A

69BF81CB35D76538CD3046FA33EAD7C4BE7E9130

A41845D5BD9357A6C28F0B1555FB6B5D34E7DBB9115DC4F6DFA1CB203FCD9380

3:N8DSLbXILLz9aQGRWMNIDMDRwJn:2OLELMTRWnQDR8n

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Creates a writable file in the system directory

SUSPICIOUS

Reads security settings of Internet Explorer

Reads settings of System Certificates

Reads the Windows owner or organization settings

Drops a system driver (possible attempt to evade defenses)

Reads the Internet Settings

Creates a software uninstall entry

Searches for installed software

Starts CMD.EXE for commands execution

Checks Windows Trust Settings

Creates files in the driver directory

Uses TASKKILL.EXE to kill process

Changes Internet Explorer settings (feature browser emulation)

INFO

Drops the executable file immediately after the start

Application launched itself

Checks for external IP

Creates files in the program directory

Connects to the CnC server

Checks supported languages

Create files in a temporary directory

Reads the computer name

The process uses the downloaded file

Checks proxy server information

The process drops C-runtime libraries

Process drops legitimate windows executable

Process drops legitimate windows executable (CertUtil.exe)

Drops 7-zip archiver for unpacking

Reads the machine GUID from the registry

Reads Environment values

Reads security settings of Internet Explorer

Executes as Windows Service

Manual execution by a user

Creates files or folders in the user directory

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections