File name:

mingw-get-setup.exe

Full analysis: https://app.any.run/tasks/d2eedf54-1b34-45a9-9d13-5154ac4b1255
Verdict: Malicious activity
Analysis date: July 06, 2024, 21:12:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
upx
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5:

92D905BDFE13C798A2CDA2BBACDAD932

SHA1:

66F1355F16AC1E328243E877880EB6E45E8B30E2

SHA256:

AAB27BD5547D35DC159288F3B5B8760F21B0CFEC86E8F0032B49DD0410F232BC

SSDEEP:

1536:+sE5jlwWrw6I3N8SFsngkZ4nJ9jHZN+4Ie6fFF6rS7cnouy8VAtY:tE5Rw6GN8wsngi4nJ7N+P7Foc8outyY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Gets path to any of the special folders (SCRIPT)

      • wscript.exe (PID: 940)
      • wscript.exe (PID: 2952)

    • Drops the executable file immediately after the start

      • mingw-get-setup.exe (PID: 3268)

  • SUSPICIOUS

    • Reads the Internet Settings

      • mingw-get-setup.exe (PID: 3268)

    • Reads security settings of Internet Explorer

      • mingw-get-setup.exe (PID: 3268)

    • Executable content was dropped or overwritten

      • mingw-get-setup.exe (PID: 3268)

    • The process executes JS scripts

      • mingw-get-setup.exe (PID: 3268)

    • Gets name of the script (SCRIPT)

      • wscript.exe (PID: 2952)
      • wscript.exe (PID: 940)

    • Accesses command line arguments (SCRIPT)

      • wscript.exe (PID: 2952)
      • wscript.exe (PID: 940)

  • INFO

    • UPX packer has been detected

      • mingw-get-setup.exe (PID: 3268)

    • Checks supported languages

      • mingw-get-setup.exe (PID: 3268)

    • Reads the computer name

      • mingw-get-setup.exe (PID: 3268)

    • Checks proxy server information

      • mingw-get-setup.exe (PID: 3268)

    • Reads the machine GUID from the registry

      • mingw-get-setup.exe (PID: 3268)

    • Creates files or folders in the user directory

      • mingw-get-setup.exe (PID: 3268)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (39.3)
.exe | Win32 EXE Yoda's Crypter (38.6)
.dll | Win32 Dynamic Link Library (generic) (9.5)
.exe | Win32 Executable (generic) (6.5)
.exe | Generic Win/DOS Executable (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:10:04 19:21:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.22
CodeSize: 77824
InitializedDataSize: 12288
UninitializedDataSize: 135168
EntryPoint: 0x33770
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.602.22340.1
ProductVersionNumber: 0.602.22340.1
FileFlagsMask: 0x003f
FileFlags: Pre-release
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Windows, Latin1
ProductName: mingw-get
ProductVersion: 0.6.2-beta-20131004-1
CompanyName: MinGW.org Project
LegalCopyright: Copyright © 2009-2013, MinGW.org Project
OriginalFileName: mingw-get-setup.exe
FileDescription: MinGW Installation Manager Setup Tool
FileVersion: 0.6.2-beta-20131004-1
InternalName: mingw-get-setup
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
3
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start THREAT mingw-get-setup.exe wscript.exe no specs wscript.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
940wscript -nologo C:\MinGW\libexec\mingw-get\shlink.js --desktop --description "MinGW Installation Manager" C:\MinGW\libexec\mingw-get\guimain.exe "MinGW Installer"C:\Windows\System32\wscript.exemingw-get-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2952wscript -nologo C:\MinGW\libexec\mingw-get\shlink.js --start-menu --description "MinGW Installation Manager" C:\MinGW\libexec\mingw-get\guimain.exe "MinGW Installation Manager"C:\Windows\System32\wscript.exemingw-get-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3268"C:\Users\admin\AppData\Local\Temp\mingw-get-setup.exe" C:\Users\admin\AppData\Local\Temp\mingw-get-setup.exe
explorer.exe
User:
admin
Company:
MinGW.org Project
Integrity Level:
MEDIUM
Description:
MinGW Installation Manager Setup Tool
Version:
0.6.2-beta-20131004-1
Modules
Images
c:\users\admin\appdata\local\temp\mingw-get-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
Total events
3 012
Read events
2 960
Write events
40
Delete events
12

Modification events

(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3268) mingw-get-setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
6
Suspicious files
46
Text files
275
Unknown types
0

Dropped files

PID
Process
Filename
Type
3268mingw-get-setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\mingw-get-0.6.2-mingw32-beta-20131004-1-bin.tar[1].xztext
MD5:A0C384686771C5E9CF2970C98846B53C
SHA256:557C0C3CF8B55527649B16ECCB850AF7CB6343978A7496093C77F64F6F96C894
3268mingw-get-setup.exeC:\MinGW\var\cache\mingw-get\packages\.in-transit\mingw-get-0.6.2-mingw32-beta-20131004-1-bin.tar.xzxz
MD5:6453E5E9A88511A599630013CA0F2871
SHA256:D199842BAD7373BC52CEC841D31ABF42C77FEBDDAA9E3D8A3CF3182523B23B01
3268mingw-get-setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\mingw-get-0.6.2-mingw32-beta-20131004-1-bin.tar[1].xzbinary
MD5:6453E5E9A88511A599630013CA0F2871
SHA256:D199842BAD7373BC52CEC841D31ABF42C77FEBDDAA9E3D8A3CF3182523B23B01
3268mingw-get-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\HWSY0IUC.txttext
MD5:BD8DF9E87B68F4ACC73B3D26EE60ACAA
SHA256:37A8740E3FE46E770E6369584640BEF35102E24F4F7E5DD9BC495D6371C1593F
3268mingw-get-setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar[1].xzbinary
MD5:5EC17E2F07D410F721E38BAFE544F3D6
SHA256:427887AAF995523083875599295D462F8F805FDE16CA7A770CA93CCF2C198A2C
3268mingw-get-setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar[1].xztext
MD5:29AD11701E94CA847B735EAD56900846
SHA256:B54DD765BDED945177A11B07A5923E25700A79C9EFC325AA80A93C6E5A46E401
3268mingw-get-setup.exeC:\MinGW\var\cache\mingw-get\packages\mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar.xzbinary
MD5:5EC17E2F07D410F721E38BAFE544F3D6
SHA256:427887AAF995523083875599295D462F8F805FDE16CA7A770CA93CCF2C198A2C
3268mingw-get-setup.exeC:\MinGW\var\cache\mingw-get\packages\.in-transit\mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar.xzbinary
MD5:5EC17E2F07D410F721E38BAFE544F3D6
SHA256:427887AAF995523083875599295D462F8F805FDE16CA7A770CA93CCF2C198A2C
3268mingw-get-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JI3GIRIJ.txttext
MD5:3E251EC29369AB355BE7242AF89B7759
SHA256:C7C3747F32ECF75C7EC4AF5C9A761C0C7AD2DD681CA29410BB601BA72B273FAF
3268mingw-get-setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\mingw-get-0.6.2-mingw32-beta-20131004-1-lic.tar[1].xztext
MD5:9C2132A11B7F89B0DE18250FE9F971A0
SHA256:3830171B834649248D333BE21807FA32AF73D45E7E433C184A2A00A509942CC7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
106
TCP/UDP connections
48
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3268
mingw-get-setup.exe
GET
301
204.68.111.105:80
http://prdownloads.sourceforge.net/mingw/mingw-get-0.6.2-mingw32-beta-20131004-1-bin.tar.xz?download
unknown
unknown
3268
mingw-get-setup.exe
GET
302
204.68.111.105:80
http://downloads.sourceforge.net/project/mingw/Installer/mingw-get/mingw-get-0.6.2-beta-20131004-1/mingw-get-0.6.2-mingw32-beta-20131004-1-bin.tar.xz?download=
unknown
unknown
3268
mingw-get-setup.exe
GET
200
89.111.52.100:80
http://deac-riga.dl.sourceforge.net/project/mingw/Installer/mingw-get/mingw-get-0.6.2-beta-20131004-1/mingw-get-0.6.2-mingw32-beta-20131004-1-bin.tar.xz?viasf=1
unknown
unknown
3268
mingw-get-setup.exe
GET
301
204.68.111.105:80
http://prdownloads.sourceforge.net/mingw/mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar.xz?download
unknown
unknown
1372
svchost.exe
GET
304
217.20.56.43:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
3268
mingw-get-setup.exe
GET
302
204.68.111.105:80
http://downloads.sourceforge.net/project/mingw/Installer/mingw-get/mingw-get-0.6.2-beta-20131004-1/mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar.xz?download=
unknown
unknown
3268
mingw-get-setup.exe
GET
200
185.119.90.247:80
http://unlimited.dl.sourceforge.net/project/mingw/Installer/mingw-get/mingw-get-0.6.2-beta-20131004-1/mingw-get-0.6.2-mingw32-beta-20131004-1-gui.tar.xz?viasf=1
unknown
unknown
3268
mingw-get-setup.exe
GET
301
204.68.111.105:80
http://prdownloads.sourceforge.net/mingw/mingw-get-0.6.2-mingw32-beta-20131004-1-lic.tar.xz?download
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3268
mingw-get-setup.exe
204.68.111.105:80
prdownloads.sourceforge.net
Cloudflare London, LLC
US
unknown
3268
mingw-get-setup.exe
89.111.52.100:80
deac-riga.dl.sourceforge.net
SIA Digitalas Ekonomikas Attistibas Centrs
LV
unknown
1372
svchost.exe
217.20.56.43:80
ctldl.windowsupdate.com
US
unknown
1372
svchost.exe
23.48.23.176:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
prdownloads.sourceforge.net
  • 204.68.111.105
unknown
downloads.sourceforge.net
  • 204.68.111.105
whitelisted
deac-riga.dl.sourceforge.net
  • 89.111.52.100
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 217.20.56.43
  • 217.20.58.100
  • 217.20.56.36
  • 217.20.58.101
  • 217.20.58.99
  • 217.20.58.98
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 23.48.23.176
  • 23.48.23.166
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
unlimited.dl.sourceforge.net
  • 185.119.90.247
unknown
netcologne.dl.sourceforge.net
  • 78.35.24.122
unknown
kumisystems.dl.sourceforge.net
  • 148.251.120.111
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mingw-get-setup.exe