File name:

VirtualDesktop.Streamer.Setup.exe

Full analysis: https://app.any.run/tasks/958964d5-7a51-4ba5-83b8-f7a4b5dc5cae
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 28, 2025, 23:51:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
advancedinstaller
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

C7EB91D9C30373766D0F2E8A45C9CAB3

SHA1:

11697B2A3FFC37AA9481B5311AB77B8105160E9C

SHA256:

A7BD762CE9548FD861F5DEC0F26E88CFE701BF896C50E3B2D5823D56934CAEC6

SSDEEP:

393216:T/2rCetXN2mA1wlAfReTKNm1G4/8Cifz6Vv9+WkLN1ZL6Y8RbNYrRyYAZZqooD:Tee1wCEb/Fif4v9+5t6YeNYrRyXq/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADVANCEDINSTALLER has been detected (SURICATA)

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

  • SUSPICIOUS

    • ADVANCEDINSTALLER mutex has been found

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Reads security settings of Internet Explorer

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Access to an unwanted program domain was detected

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • There is functionality for taking screenshot (YARA)

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Detects AdvancedInstaller (YARA)

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

  • INFO

    • Checks supported languages

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Checks proxy server information

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)
      • slui.exe (PID: 5892)

    • The sample compiled with english language support

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Reads the computer name

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Reads the machine GUID from the registry

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Create files in a temporary directory

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)

    • Reads the software policy settings

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)
      • slui.exe (PID: 5892)

    • Reads Environment values

      • VirtualDesktop.Streamer.Setup.exe (PID: 4208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:05:23 12:03:58+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.32
CodeSize: 2313728
InitializedDataSize: 1012224
UninitializedDataSize: -
EntryPoint: 0x1b3174
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.30.1.0
ProductVersionNumber: 1.30.1.0
FileFlagsMask: 0x003f
FileFlags: Debug
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Virtual Desktop, Inc.
FileDescription: Virtual Desktop Streamer Installer
FileVersion: 1.30.1
InternalName: VirtualDesktop.Streamer.Setup
LegalCopyright: Copyright (C) 2024 Virtual Desktop, Inc.
OriginalFileName: VirtualDesktop.Streamer.Setup.exe
ProductName: Virtual Desktop Streamer
ProductVersion: 1.30.1
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #ADVANCEDINSTALLER virtualdesktop.streamer.setup.exe slui.exe virtualdesktop.streamer.setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4208"C:\Users\admin\Desktop\VirtualDesktop.Streamer.Setup.exe" C:\Users\admin\Desktop\VirtualDesktop.Streamer.Setup.exe
explorer.exe
User:
admin
Company:
Virtual Desktop, Inc.
Integrity Level:
HIGH
Description:
Virtual Desktop Streamer Installer
Version:
1.30.1
Modules
Images
c:\users\admin\desktop\virtualdesktop.streamer.setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5892C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7048"C:\Users\admin\Desktop\VirtualDesktop.Streamer.Setup.exe" C:\Users\admin\Desktop\VirtualDesktop.Streamer.Setup.exeexplorer.exe
User:
admin
Company:
Virtual Desktop, Inc.
Integrity Level:
MEDIUM
Description:
Virtual Desktop Streamer Installer
Exit code:
3221226540
Version:
1.30.1
Modules
Images
c:\users\admin\desktop\virtualdesktop.streamer.setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
6 819
Read events
6 819
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
4208VirtualDesktop.Streamer.Setup.exeC:\Users\admin\AppData\Local\Temp\updF07E.tmp.parttext
MD5:529B9667B75134A20DAAF8BEAD4A9F18
SHA256:7520CCCED27C757E5B5EA5D771A3208FFF81207F3F3DDC3C07CD95C12CC39CC6
4208VirtualDesktop.Streamer.Setup.exeC:\Users\admin\AppData\Local\Temp\TESEEF6.tmp\tinEEF7.tmphtml
MD5:3672EC2CE26AE71E0D57CBAB1F1C3E3F
SHA256:1A829A65142F13268F74273CEE89351AB26E34DB48C210DB183B81DFA7B13C2F
4208VirtualDesktop.Streamer.Setup.exeC:\Users\admin\AppData\Local\Temp\TESEEF6.tmp\tinEEF7.tmp.parthtml
MD5:3672EC2CE26AE71E0D57CBAB1F1C3E3F
SHA256:1A829A65142F13268F74273CEE89351AB26E34DB48C210DB183B81DFA7B13C2F
4208VirtualDesktop.Streamer.Setup.exeC:\Users\admin\AppData\Local\Temp\updF07E.tmptext
MD5:529B9667B75134A20DAAF8BEAD4A9F18
SHA256:7520CCCED27C757E5B5EA5D771A3208FFF81207F3F3DDC3C07CD95C12CC39CC6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
47
DNS requests
20
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5796
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5796
svchost.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
4208
VirtualDesktop.Streamer.Setup.exe
GET
200
142.250.186.164:80
http://www.google.com/
unknown
whitelisted
GET
13.107.246.45:443
https://download.vrdesktop.net/files/VirtualDesktop.Streamer.Setup.exe
unknown
GET
200
13.107.246.45:443
https://download.vrdesktop.net/files/updates.txt
unknown
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5796
svchost.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5796
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.166
  • 23.48.23.177
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.128
  • 20.190.159.68
  • 40.126.31.1
  • 40.126.31.130
  • 20.190.159.2
  • 20.190.159.4
  • 20.190.159.71
whitelisted
www.google.com
  • 142.250.186.164
whitelisted
download.vrdesktop.net
  • 13.107.246.45
unknown
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

PID
Process
Class
Message
4208
VirtualDesktop.Streamer.Setup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] AdvancedInstaller User-Agent
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] AdvancedInstaller User-Agent
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] AdvancedInstaller User-Agent
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VirtualDesktop.Streamer.Setup.exe