File name:

advbattoexeconverter.exe

Full analysis: https://app.any.run/tasks/73e028f0-c577-4a52-ba6a-9bb4398449bb
Verdict: Malicious activity
Analysis date: April 17, 2024, 19:41:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

83BB1B476C7143552853A2CF983C1142

SHA1:

8FF8ED5C533D70A7D933EC45264DD700145ACD8C

SHA256:

AF09248CB756488850F9E6F9A7A00149005BF47A9B2087B792FF6BD937297FFB

SSDEEP:

24576:mwEZo54ixhR4ox33t4rTdpdBXsuHqrACpGcaGGSL1EahRV3KCLPqTjqugyDPDTl4:mwEZoqixhR4U33t4r5pdBXsuHqrACpGY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • advbattoexeconverter.exe (PID: 2380)

    • Creates a writable file in the system directory

      • advbattoexeconverter.exe (PID: 2380)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • advbattoexeconverter.exe (PID: 2380)

    • Executable content was dropped or overwritten

      • advbattoexeconverter.exe (PID: 2380)

    • The process creates files with name similar to system file names

      • advbattoexeconverter.exe (PID: 2380)

    • Searches for installed software

      • advbattoexeconverter.exe (PID: 2380)

    • Creates a software uninstall entry

      • advbattoexeconverter.exe (PID: 2380)

    • Creates/Modifies COM task schedule object

      • advbattoexeconverter.exe (PID: 2380)

  • INFO

    • Creates files in the program directory

      • advbattoexeconverter.exe (PID: 2380)

    • Checks supported languages

      • advbattoexeconverter.exe (PID: 2380)
      • setupinf.exe (PID: 3244)

    • Create files in a temporary directory

      • advbattoexeconverter.exe (PID: 2380)
      • setupinf.exe (PID: 3244)

    • Reads the computer name

      • advbattoexeconverter.exe (PID: 2380)

    • Creates files or folders in the user directory

      • advbattoexeconverter.exe (PID: 2380)

    • Reads the machine GUID from the registry

      • setupinf.exe (PID: 3244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.3)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2006:04:05 08:55:39+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 3
CodeSize: 3584
InitializedDataSize: 94720
UninitializedDataSize: -
EntryPoint: 0x1226
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start advbattoexeconverter.exe setupinf.exe no specs advbattoexeconverter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2380"C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exe" C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\advbattoexeconverter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3040"C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exe" C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\advbattoexeconverter.exe
c:\windows\system32\ntdll.dll
3244"C:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\setupinf.exe" C:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\setupinf.exeadvbattoexeconverter.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
HIGH
Exit code:
0
Version:
1.02.0003
Modules
Images
c:\program files\advanced bat to exe converter v4.61\ab2econv461\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
1 240
Read events
1 219
Write events
15
Delete events
6

Modification events

(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced BAT to EXE Converter v4.61
Operation:writeName:UninstallString
Value:
C:\Program Files\Advanced BAT to EXE Converter v4.61\uninstall.exe
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced BAT to EXE Converter v4.61
Operation:writeName:DisplayName
Value:
Advanced BAT to EXE Converter v4.61
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced BAT to EXE Converter v4.61
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Advanced BAT to EXE Converter v4.61\uninstall.exe
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}
Operation:delete keyName:(default)
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
Operation:delete keyName:(default)
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32
Operation:delete valueName:ThreadingModel
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
Operation:delete keyName:(default)
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32
Operation:delete valueName:ThreadingModel
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
Operation:writeName:Version
Value:
1.2
Executable files
17
Suspicious files
8
Text files
45
Unknown types
4

Dropped files

PID
Process
Filename
Type
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\guig.dllexecutable
MD5:F78EE6369ADA1FB02B776498146CC903
SHA256:F1073319D4868D38E0AE983AD42A00CDC53BE93B31275B4B55AF676976C1AA3F
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex10.battext
MD5:AA4032C2BD2BBB123112740B6EDD7EDB
SHA256:2758DE5C4570F7381DEF913123FCBCF264758B58C8A7E3B74660B74491B4A946
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex15.battext
MD5:D7FA10992A23BEC2B50D03B3160BE9C5
SHA256:8E5C9880893C77CE0AD6691E660914A29B406F0B833EE440789B210F468AFF51
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\gentee.dllexecutable
MD5:30439E079A3D603C461D2C2F4F8CB064
SHA256:D6D0535175FB2302E5B5A498119823C37F6BDDFF4AB24F551AA7E038C343077A
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\1Default.bmpimage
MD5:0895D223FA59A94BED73D25D1CB5AF70
SHA256:53228A7C924889D300C7FFE9BAA1879EE94BD9B4286E84B7B29F870E9567B82D
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\aB2Econv.exeexecutable
MD5:4F5F276DF265153C6C3BDA4B10C838E5
SHA256:22B70FBDFE95B036540759EA2DA2C80D43E8B332E0E600BB867BEBCE8BFBAE04
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex12.battext
MD5:C80C479A65D8D67B2A7297E2DBC904A1
SHA256:BE86A962F60741B76980D354C3311264004A477151B8E1C01C653B20CF1EE261
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\setup_temp.geabs
MD5:3DC143330890C13033E4E3F6E0EBA0A9
SHA256:3198B133043C225DAEE8BDDD1D77CD24D846BA53D03FBBB9245DA7DD45BC465D
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex11.battext
MD5:E07DD8911576E961B581E772255B44A9
SHA256:AD42027347C23BA936F54B6156461CE013DAF0A6C00AB0924037F69F44477EEA
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex2.battext
MD5:4CBD7C0365E171071BD9690CD2BC0EAB
SHA256:3CC6B05A85D9D7901600786364C3C7C83DCC971A05E097628E827295E454C6DD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
advbattoexeconverter.exe