File name:

MSI APP Player.exe

Full analysis: https://app.any.run/tasks/705fe852-b0ae-43cb-bf9a-7c9ebc4b3528
Verdict: Malicious activity
Analysis date: April 11, 2024, 22:18:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

98341684249EDAE864B1ED61C1B0FD7C

SHA1:

788C46A8814F5F39E56AA408711179BAB5BE398F

SHA256:

AB28A0F279D19C9C0C507A677B74616971F3E443277F0709BB619FEFFE40DAF7

SSDEEP:

49152:anVAvdaFNAcrch0P5pUwt9ZX6Ao1xDuWpUtaCPr+sgLKNNWJxQNu9oVDPkn+3mmo:Wkeb6Ao1F7pUtRPr+sYKfbkoVYnwmG23

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MSI APP Player.exe (PID: 3956)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • MSI APP Player.exe (PID: 3956)

    • Reads the Internet Settings

      • MSI APP Player.exe (PID: 3956)
      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)

    • Reads security settings of Internet Explorer

      • MSI APP Player.exe (PID: 3956)
      • BlueStacksInstaller.exe (PID: 2856)

    • Reads settings of System Certificates

      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)

    • Application launched itself

      • BlueStacksInstaller.exe (PID: 2856)

  • INFO

    • Create files in a temporary directory

      • MSI APP Player.exe (PID: 3956)
      • BlueStacksInstaller.exe (PID: 796)

    • Checks supported languages

      • MSI APP Player.exe (PID: 3956)
      • BlueStacksInstaller.exe (PID: 2856)
      • HD-CheckCpu.exe (PID: 1992)
      • BlueStacksInstaller.exe (PID: 796)

    • Reads the computer name

      • MSI APP Player.exe (PID: 3956)
      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)

    • Reads the machine GUID from the registry

      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)

    • Reads Environment values

      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)

    • Creates files or folders in the user directory

      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)

    • Reads the software policy settings

      • BlueStacksInstaller.exe (PID: 2856)
      • BlueStacksInstaller.exe (PID: 796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:07:19 13:21:27+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 133632
InitializedDataSize: 168960
UninitializedDataSize: -
EntryPoint: 0x1a5b2
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 19.0.0.0
ProductVersionNumber: 19.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BlueStack Systems Inc.
FileDescription: MSI App Player Installer
FileVersion: 5
InternalName: MSI App Player Installer
LegalCopyright: Copyright (c) 2010-2021 BlueStack Systems Inc.
OriginalFileName: BlueStacksInstaller.exe
ProductName: MSI App Player Installer
ProductVersion: 5
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msi app player.exe bluestacksinstaller.exe bluestacksinstaller.exe hd-checkcpu.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
796"C:\Users\admin\AppData\Local\Temp\7zS47FF5438\BlueStacksInstaller.exe" "MSI APP Player.exe"C:\Users\admin\AppData\Local\Temp\7zS47FF5438\BlueStacksInstaller.exe
BlueStacksInstaller.exe
User:
admin
Company:
now.gg, Inc.
Integrity Level:
HIGH
Description:
MSI App Player Installer
Version:
5.12.120.6303
Modules
Images
c:\users\admin\appdata\local\temp\7zs47ff5438\bluestacksinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1992"C:\Users\admin\AppData\Local\Temp\7zS47FF5438\HD-CheckCpu.exe" --cmd checkSSE4C:\Users\admin\AppData\Local\Temp\7zS47FF5438\HD-CheckCpu.exeBlueStacksInstaller.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\7zs47ff5438\hd-checkcpu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2856"C:\Users\admin\AppData\Local\Temp\7zS47FF5438\BlueStacksInstaller.exe" C:\Users\admin\AppData\Local\Temp\7zS47FF5438\BlueStacksInstaller.exe
MSI APP Player.exe
User:
admin
Company:
now.gg, Inc.
Integrity Level:
MEDIUM
Description:
MSI App Player Installer
Version:
5.12.120.6303
Modules
Images
c:\users\admin\appdata\local\temp\7zs47ff5438\bluestacksinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3956"C:\Users\admin\AppData\Local\Temp\MSI APP Player.exe" C:\Users\admin\AppData\Local\Temp\MSI APP Player.exe
explorer.exe
User:
admin
Company:
BlueStack Systems Inc.
Integrity Level:
MEDIUM
Description:
MSI App Player Installer
Version:
5.0
Modules
Images
c:\users\admin\appdata\local\temp\msi app player.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
13 480
Read events
13 413
Write events
64
Delete events
3

Modification events

(PID) Process:(3956) MSI APP Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3956) MSI APP Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3956) MSI APP Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3956) MSI APP Player.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2856) BlueStacksInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlueStacksInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2856) BlueStacksInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlueStacksInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2856) BlueStacksInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlueStacksInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2856) BlueStacksInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlueStacksInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2856) BlueStacksInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlueStacksInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2856) BlueStacksInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlueStacksInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
3
Suspicious files
0
Text files
53
Unknown types
0

Dropped files

PID
Process
Filename
Type
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\backicon.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\checked_gray.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\checked_gray_hover.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\close_red.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\close_red_click.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\close_red_hover.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\custom.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\custom_click.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\custom_hover.pngimage
MD5:
SHA256:
3956MSI APP Player.exeC:\Users\admin\AppData\Local\Temp\7zS47FF5438\Assets\error_icon.pngimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
9
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2856
BlueStacksInstaller.exe
34.160.86.181:443
cloud.bluestacks.com
GOOGLE
US
unknown
796
BlueStacksInstaller.exe
34.160.86.181:443
cloud.bluestacks.com
GOOGLE
US
unknown
796
BlueStacksInstaller.exe
18.245.60.125:443
cdn3.bluestacks.com
US
unknown
796
BlueStacksInstaller.exe
23.48.23.5:443
ak-build.bluestacks.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
cloud.bluestacks.com
  • 34.160.86.181
whitelisted
cdn3.bluestacks.com
  • 18.245.60.125
  • 18.245.60.33
  • 18.245.60.7
  • 18.245.60.124
shared
ak-build.bluestacks.com
  • 23.48.23.5
  • 23.48.23.65
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MSI APP Player.exe