File name:

test-infection.exe

Full analysis: https://app.any.run/tasks/0fca05d0-2ebf-4331-8fa9-d0b976bb70aa
Verdict: No threats detected
Analysis date: October 14, 2020, 15:29:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

47F9FDC617F8C98A6732BE534D8DBE9A

SHA1:

1CE3656994FB2EF0D0F5E1805068EAF753C06CD1

SHA256:

B009F4C1B52CBE6DB873FD601B68735A05B0721556EEA73690B704F77F04B17E

SSDEEP:

384:e+EwwRaTpwPSUka8bCml+5mV+EczyvdYjW7XSbarCvliq6MCpbR:nEwIopwPaaMV+E8m7oDvlXClR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:05:12 12:44:34+02:00
PEType: PE32
LinkerVersion: 6
CodeSize: 16384
InitializedDataSize: 16384
UninitializedDataSize: -
EntryPoint: 0x126a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows command line

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date: 12-May-2010 10:44:34

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E0

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 12-May-2010 10:44:34
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00003F33
0x00004000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.57426
.rdata
0x00005000
0x00000982
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
3.74151
.data
0x00006000
0x00002348
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.97365

Imports

KERNEL32.dll
WINHTTP.dll
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start test-infection.exe

Process information

PID
CMD
Path
Indicators
Parent process
2240"C:\Users\admin\AppData\Local\Temp\test-infection.exe" C:\Users\admin\AppData\Local\Temp\test-infection.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\test-infection.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
16
Read events
16
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
3
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2240
test-infection.exe
GET
301
162.159.246.125:80
http://mil.fireeye.com/appliance-test/alert.html
unknown
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2240
test-infection.exe
162.159.246.125:80
mil.fireeye.com
Cloudflare Inc
suspicious
2240
test-infection.exe
162.159.246.125:443
mil.fireeye.com
Cloudflare Inc
suspicious
162.159.246.125:443
mil.fireeye.com
Cloudflare Inc
suspicious

DNS requests

Domain
IP
Reputation
mil.fireeye.com
  • 162.159.246.125
suspicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
test-infection.exe