File name:

advbattoexeconverter.exe

Full analysis: https://app.any.run/tasks/73e028f0-c577-4a52-ba6a-9bb4398449bb
Verdict: Malicious activity
Analysis date: April 17, 2024, 19:41:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

83BB1B476C7143552853A2CF983C1142

SHA1:

8FF8ED5C533D70A7D933EC45264DD700145ACD8C

SHA256:

AF09248CB756488850F9E6F9A7A00149005BF47A9B2087B792FF6BD937297FFB

SSDEEP:

24576:mwEZo54ixhR4ox33t4rTdpdBXsuHqrACpGcaGGSL1EahRV3KCLPqTjqugyDPDTl4:mwEZoqixhR4U33t4r5pdBXsuHqrACpGY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • advbattoexeconverter.exe (PID: 2380)

    • Creates a writable file in the system directory

      • advbattoexeconverter.exe (PID: 2380)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • advbattoexeconverter.exe (PID: 2380)

    • The process creates files with name similar to system file names

      • advbattoexeconverter.exe (PID: 2380)

    • Executable content was dropped or overwritten

      • advbattoexeconverter.exe (PID: 2380)

    • Searches for installed software

      • advbattoexeconverter.exe (PID: 2380)

    • Creates a software uninstall entry

      • advbattoexeconverter.exe (PID: 2380)

    • Creates/Modifies COM task schedule object

      • advbattoexeconverter.exe (PID: 2380)

  • INFO

    • Create files in a temporary directory

      • advbattoexeconverter.exe (PID: 2380)
      • setupinf.exe (PID: 3244)

    • Reads the computer name

      • advbattoexeconverter.exe (PID: 2380)

    • Checks supported languages

      • advbattoexeconverter.exe (PID: 2380)
      • setupinf.exe (PID: 3244)

    • Creates files in the program directory

      • advbattoexeconverter.exe (PID: 2380)

    • Creates files or folders in the user directory

      • advbattoexeconverter.exe (PID: 2380)

    • Reads the machine GUID from the registry

      • setupinf.exe (PID: 3244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.3)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2006:04:05 08:55:39+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 3
CodeSize: 3584
InitializedDataSize: 94720
UninitializedDataSize: -
EntryPoint: 0x1226
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start advbattoexeconverter.exe setupinf.exe no specs advbattoexeconverter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2380"C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exe" C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\advbattoexeconverter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3040"C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exe" C:\Users\admin\AppData\Local\Temp\advbattoexeconverter.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\advbattoexeconverter.exe
c:\windows\system32\ntdll.dll
3244"C:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\setupinf.exe" C:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\setupinf.exeadvbattoexeconverter.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
HIGH
Exit code:
0
Version:
1.02.0003
Modules
Images
c:\program files\advanced bat to exe converter v4.61\ab2econv461\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
1 240
Read events
1 219
Write events
15
Delete events
6

Modification events

(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced BAT to EXE Converter v4.61
Operation:writeName:UninstallString
Value:
C:\Program Files\Advanced BAT to EXE Converter v4.61\uninstall.exe
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced BAT to EXE Converter v4.61
Operation:writeName:DisplayName
Value:
Advanced BAT to EXE Converter v4.61
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced BAT to EXE Converter v4.61
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Advanced BAT to EXE Converter v4.61\uninstall.exe
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}
Operation:delete keyName:(default)
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
Operation:delete keyName:(default)
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32
Operation:delete valueName:ThreadingModel
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
Operation:delete keyName:(default)
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32
Operation:delete valueName:ThreadingModel
Value:
(PID) Process:(2380) advbattoexeconverter.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
Operation:writeName:Version
Value:
1.2
Executable files
17
Suspicious files
8
Text files
45
Unknown types
4

Dropped files

PID
Process
Filename
Type
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\guig.dllexecutable
MD5:F78EE6369ADA1FB02B776498146CC903
SHA256:F1073319D4868D38E0AE983AD42A00CDC53BE93B31275B4B55AF676976C1AA3F
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\setup_temp.geabs
MD5:3DC143330890C13033E4E3F6E0EBA0A9
SHA256:3198B133043C225DAEE8BDDD1D77CD24D846BA53D03FBBB9245DA7DD45BC465D
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\aB2Econv.exeexecutable
MD5:4F5F276DF265153C6C3BDA4B10C838E5
SHA256:22B70FBDFE95B036540759EA2DA2C80D43E8B332E0E600BB867BEBCE8BFBAE04
2380advbattoexeconverter.exeC:\Users\admin\AppData\Local\Temp\gentee00\gentee.dllexecutable
MD5:30439E079A3D603C461D2C2F4F8CB064
SHA256:D6D0535175FB2302E5B5A498119823C37F6BDDFF4AB24F551AA7E038C343077A
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex12.battext
MD5:C80C479A65D8D67B2A7297E2DBC904A1
SHA256:BE86A962F60741B76980D354C3311264004A477151B8E1C01C653B20CF1EE261
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex10.battext
MD5:AA4032C2BD2BBB123112740B6EDD7EDB
SHA256:2758DE5C4570F7381DEF913123FCBCF264758B58C8A7E3B74660B74491B4A946
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex1.battext
MD5:A678100C8B4218AF6A4D62B8FAE8A484
SHA256:6A61239A5BA12C5183D4862E15E10170B34835C1AD557BC155E67E591BAA0A86
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex14.battext
MD5:8499704988EAB25BE5A16C37D7E2D519
SHA256:9D0632CD0920E9A0263519C69B43D187664A6AB0154B0464D1AD353E6E48C3AE
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex7.battext
MD5:1A36090F88917D755C2F41070D309F46
SHA256:61F5B7062340C85A2A66E3FFCB50C466AF415B5452DD5EB2B495A619A41FBA00
2380advbattoexeconverter.exeC:\Program Files\Advanced BAT to EXE Converter v4.61\ab2econv461\advex6.battext
MD5:EC1EE3BDE7E45680CEC5450EB3EC6A24
SHA256:8099095DD8A0AAEEE05BE5866A31113A107EF18D9499DC2AA065BF83F9D58D8B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
advbattoexeconverter.exe