File name:

Setup.exe

Full analysis: https://app.any.run/tasks/ea4ac7c6-2ae4-4e61-a397-5348cf684290
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 31, 2023, 16:21:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

87366F21EA44917719973D9BB3C5B321

SHA1:

483866F0DB9236B353182838DB06DD2149D4F3C4

SHA256:

A88681719795D5EF142DC07336717E54C47EF895A9FC886C6EEA65C7BCC562B4

SSDEEP:

24576:26VnvK6vNCRpBdV8IP+X+welQi2/Hcydn3o20Co4LSRZ:26VnvK2NCRLdV8IP+X+welQiEHc+3o2k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 4016)
      • csc.exe (PID: 612)
      • WebCompanionInstaller.exe (PID: 1024)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Starts Visual C# compiler

      • WebCompanion.exe (PID: 3172)

    • ADAWARE has been detected (SURICATA)

      • WebCompanion.exe (PID: 3172)
      • WebCompanionInstaller.exe (PID: 1024)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 2096)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Reads settings of System Certificates

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Searches for installed software

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Executes as Windows Service

      • PresentationFontCache.exe (PID: 1940)

    • Checks Windows Trust Settings

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Reads the Internet Settings

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Process drops legitimate windows executable

      • WebCompanionInstaller.exe (PID: 1024)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3696)

    • Starts CMD.EXE for commands execution

      • WebCompanionInstaller.exe (PID: 1024)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 1024)

    • The process drops C-runtime libraries

      • WebCompanionInstaller.exe (PID: 1024)

    • The process verifies whether the antivirus software is installed

      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Uses .NET C# to load dll

      • WebCompanion.exe (PID: 3172)

    • Drops 7-zip archiver for unpacking

      • WebCompanionInstaller.exe (PID: 1024)

  • INFO

    • Checks supported languages

      • WebCompanionInstaller.exe (PID: 1024)
      • Setup.exe (PID: 4016)
      • PresentationFontCache.exe (PID: 1940)
      • WebCompanion.exe (PID: 3172)
      • csc.exe (PID: 612)
      • cvtres.exe (PID: 3584)
      • WebCompanion.exe (PID: 2096)

    • Create files in a temporary directory

      • Setup.exe (PID: 4016)
      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • csc.exe (PID: 612)
      • cvtres.exe (PID: 3584)

    • Reads the computer name

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • PresentationFontCache.exe (PID: 1940)
      • WebCompanion.exe (PID: 2096)

    • Reads Environment values

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Reads the machine GUID from the registry

      • WebCompanionInstaller.exe (PID: 1024)
      • PresentationFontCache.exe (PID: 1940)
      • WebCompanion.exe (PID: 3172)
      • csc.exe (PID: 612)
      • cvtres.exe (PID: 3584)
      • WebCompanion.exe (PID: 2096)

    • Creates files or folders in the user directory

      • WebCompanionInstaller.exe (PID: 1024)
      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 3172)

    • Reads product name

      • WebCompanion.exe (PID: 3172)
      • WebCompanion.exe (PID: 2096)

    • Application launched itself

      • chrome.exe (PID: 1240)

    • The process uses the downloaded file

      • chrome.exe (PID: 3480)
      • chrome.exe (PID: 2604)
      • chrome.exe (PID: 3056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (33)
.exe | Win32 Executable MS Visual C++ (generic) (23.9)
.exe | Win64 Executable (generic) (21.2)
.scr | Windows screen saver (10)
.dll | Win32 Dynamic Link Library (generic) (5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:04:18 20:54:06+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 104448
InitializedDataSize: 60416
UninitializedDataSize: -
EntryPoint: 0x148d4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 10.901.2.519
ProductVersionNumber: 10.901.2.519
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 10.901.2.519
ProductVersion: 10.901.2.519
CompanyName: Lavasoft
FileDescription: Web Companion Installer
InternalName: Installer.exe
LegalCopyright: c Lavasoft Limited. All Rights Reserved.
OriginalFileName: Installer.exe
ProductName: Web Companion Installer
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
28
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start setup.exe no specs #ADAWARE webcompanioninstaller.exe presentationfontcache.exe no specs cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe csc.exe no specs cvtres.exe no specs webcompanion.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
612"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\yyrcv3i2.cmdline"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeWebCompanion.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Visual C# Command Line Compiler
Exit code:
0
Version:
8.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
812"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1192,i,2915499864212518809,8295446600625950609,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
820"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3808 --field-trial-handle=1192,i,2915499864212518809,8295446600625950609,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
892netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1024.\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18142067438 --version=10.901.2.519C:\Users\admin\AppData\Local\Temp\7zS0BF688DF\WebCompanionInstaller.exe
Setup.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
10.901.2.519
Modules
Images
c:\users\admin\appdata\local\temp\7zs0bf688df\webcompanioninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1176"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1192,i,2915499864212518809,8295446600625950609,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1240"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=18142067438C:\Program Files\Google\Chrome\Application\chrome.exe
WebCompanionInstaller.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1396"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6cc28b38,0x6cc28b48,0x6cc28b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1940C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
PresentationFontCache.exe
Exit code:
0
Version:
3.0.6920.4902 built by: NetFXw7
Modules
Images
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2096"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanionInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
10.1.2.519
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
28 184
Read events
28 010
Write events
174
Delete events
0

Modification events

(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1024) WebCompanionInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
Operation:writeName:2301
Value:
0
(PID) Process:(892) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3172) WebCompanion.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2096) WebCompanion.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
84
Suspicious files
110
Text files
80
Unknown types
0

Dropped files

PID
Process
Filename
Type
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\tr-TR\WebCompanionInstaller.resources.dllexecutable
MD5:D0B891BDD8A9CB2ECEF467043456B896
SHA256:B6876B549DB6AAACFA023DC9B26730DBA139B44203918CE98A633BF35E4BFA9F
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\it-IT\WebCompanionInstaller.resources.dllexecutable
MD5:F2822BA70932056918186EE7AB5EE46A
SHA256:E7FF822CD0E0EE4E9BEFC016EA815AC5835F09C24502A18F6727E579BADCC7B4
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\WebCompanionInstaller.exe.configxml
MD5:EBACEC1E9929BD429C709A9FD0C210AC
SHA256:AE0E80F5549F5AD5EF0996882A2E0F997FF3724E63A35C9BCA9001B10F58DEE6
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\fr-CA\WebCompanionInstaller.resources.dllexecutable
MD5:F818537B70C4CB6ABC4949FA6A1AA4A8
SHA256:8D14E0B8847D9C5D71EAB73115F0FBE89798B4B0E84FBC2AD81C411AC2F5AFEC
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\ru-RU\WebCompanionInstaller.resources.dllexecutable
MD5:A8EB23DA5A7A026FC40FC80D45773930
SHA256:4CF40997858BC1919BF704B322642A7024D71EB41CD9339D9C62F583CB7B3713
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\pt-BR\WebCompanionInstaller.resources.dllexecutable
MD5:0ADD586EA8B12D274D453BEF1DC09A4B
SHA256:59122B50D3C6CC5C9C3CB6548041F1A468717A44DF38EB8864D95F3B5837448B
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\ja-JP\WebCompanionInstaller.resources.dllexecutable
MD5:C93DB8A30F016DDC963592B9EC8DB51A
SHA256:48C6F0C8E5323ACD383BFF4B9407854B1ABE3B7CD88F81E7B41139C88167D73D
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\de-DE\WebCompanionInstaller.resources.dllexecutable
MD5:383BA01583DD7FEEE5B749AE4C0A058B
SHA256:ECBE3D8661D6495A47182DDB0C2099EDD1E1B3BE1F14449A10F3F47DDD62539D
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\zh-CHS\WebCompanionInstaller.resources.dllexecutable
MD5:581CC2E4A7B67F04B3736AFE592C3BA5
SHA256:EB2384F4871B5DBA83FD3F5B076442B4AEAD1E57ED10E9095C1E13B45AC8BCC5
4016Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0BF688DF\en-US\WebCompanionInstaller.resources.dllexecutable
MD5:D3105E9DB5AAC25193D6C6D2D99349F6
SHA256:86B3513221F9D1EDAC50AFB7A43CDEEE1599CDC69F37D6C52BE7F2A0BF014E66
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
37
TCP/UDP connections
60
DNS requests
65
Threats
32

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1024
WebCompanionInstaller.exe
POST
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
unknown
1024
WebCompanionInstaller.exe
GET
200
104.17.8.52:80
http://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanion-10.1.2.519-prod.zip
unknown
compressed
10.6 Mb
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
1024
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1024
WebCompanionInstaller.exe
104.17.8.52:80
flow.lavasoft.com
CLOUDFLARENET
shared
3172
WebCompanion.exe
104.17.8.52:443
flow.lavasoft.com
CLOUDFLARENET
shared
3172
WebCompanion.exe
64.18.87.81:80
wc-partners.lavasoft.com
MTO
CA
unknown
3172
WebCompanion.exe
104.17.8.52:80
flow.lavasoft.com
CLOUDFLARENET
shared
3172
WebCompanion.exe
64.18.87.4:80
wsgeoip.lavasoft.com
MTO
CA
unknown
3172
WebCompanion.exe
104.18.211.25:80
webcompanion.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
flow.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
whitelisted
wcdownloadercdn.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
whitelisted
featureflags.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
unknown
wc-partners.lavasoft.com
  • 64.18.87.81
  • 64.18.87.82
whitelisted
wsgeoip.lavasoft.com
  • 64.18.87.4
whitelisted
webcompanion.com
  • 104.18.211.25
  • 104.18.212.25
malicious
clientservices.googleapis.com
  • 172.217.17.99
whitelisted
accounts.google.com
  • 142.250.187.109
shared
sg-bitmask.adaware.com
  • 104.18.68.73
  • 104.18.67.73
unknown
fonts.googleapis.com
  • 172.217.17.138
whitelisted

Threats

PID
Process
Class
Message
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
1024
WebCompanionInstaller.exe
Potentially Bad Traffic
ET HUNTING Terse Request for Zip File (GET)
1024
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2 ETPRO signatures available at the full report
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
10/31/2023 4:21:17 PM :-> Starting installer 10.901.2.519 with: .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18142067438 --version=10.901.2.519, Run as admin: False
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
10/31/2023 4:21:26 PM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
10/31/2023 4:21:26 PM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
10/31/2023 4:21:26 PM :-> Checking prerequisites ...
WebCompanionInstaller.exe
10/31/2023 4:21:26 PM :-> Antivirus not detected
WebCompanionInstaller.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The operation has timed out at System.Net.HttpWebRequest.GetResponse() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanionInstaller.exe
10/31/2023 4:23:07 PM :-> vm_check False
WebCompanionInstaller.exe
10/31/2023 4:24:55 PM :-> reg_check :False
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe