File name:

ASIO4ALL_2_15_English.exe

Full analysis: https://app.any.run/tasks/ac9312ba-2996-4f06-a444-2862d4c7f501
Verdict: Malicious activity
Analysis date: April 29, 2024, 01:30:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

505E46E8C99335B446F5CE6156A64E1B

SHA1:

3C8C2D58F8E1CD927BA6238DAE77B5E55E0A1816

SHA256:

B22282D5A2DAA646DEB624CF461BF4F1DFEDA541CC505A6781124275F8C2960D

SSDEEP:

12288:9p4bzEY8mFch3A8b65zS8ZSzYZJg/dKXngIbzz5H:9p4vEOch3db65zS8ZScZJgVK3gIv9H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ASIO4ALL_2_15_English.exe (PID: 1024)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Creates a software uninstall entry

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Creates/Modifies COM task schedule object

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • The process creates files with name similar to system file names

      • ASIO4ALL_2_15_English.exe (PID: 1024)

  • INFO

    • Checks supported languages

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Reads the computer name

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Create files in a temporary directory

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Creates files in the program directory

      • ASIO4ALL_2_15_English.exe (PID: 1024)

    • Creates files or folders in the user directory

      • ASIO4ALL_2_15_English.exe (PID: 1024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 02:45:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186880
UninitializedDataSize: 2048
EntryPoint: 0x34c5
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start asio4all_2_15_english.exe regsvr32.exe no specs asio4all_2_15_english.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1024"C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_15_English.exe" C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_15_English.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\asio4all_2_15_english.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1064"C:\Windows\system32\regsvr32.exe" -s "C:\Program Files\ASIO4ALL v2\asio4all64.dll"C:\Windows\System32\regsvr32.exeASIO4ALL_2_15_English.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3988"C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_15_English.exe" C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_15_English.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\asio4all_2_15_english.exe
c:\windows\system32\ntdll.dll
Total events
2 431
Read events
2 417
Write events
14
Delete events
0

Modification events

(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:DisplayName
Value:
ASIO4ALL
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:UninstallString
Value:
C:\Program Files\ASIO4ALL v2\uninstall.exe
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:DisplayVersion
Value:
2.15
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:DisplayIcon
Value:
C:\Program Files\ASIO4ALL v2\uninstall.exe
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:HelpLink
Value:
http://www.asio4all.com
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:Publisher
Value:
tippach engineering
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:URLInfoAbout
Value:
http://www.asio4all.com
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:URLUpdateInfo
Value:
http://www.asio4all.com
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:Comments
Value:
Universal Windows ASIO driver
(PID) Process:(1024) ASIO4ALL_2_15_English.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:Language
Value:
1033
Executable files
7
Suspicious files
3
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1024ASIO4ALL_2_15_English.exeC:\Users\admin\AppData\Local\Temp\nse420D.tmp\ioSpecial.initext
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
1024ASIO4ALL_2_15_English.exeC:\Program Files\ASIO4ALL v2\asio4all64.dllexecutable
MD5:8D524C6E483DB3938A3705CDC2B966F1
SHA256:E0328686C521A3559EBB32804EA07AF35E7FCACF7718421D4612875574EBC622
1024ASIO4ALL_2_15_English.exeC:\Program Files\ASIO4ALL v2\A4ARegFix.exeexecutable
MD5:A48BBDDCB6771A48A6F71258EC6D2371
SHA256:C3BBBC8C4B502F910C3613B614E159FFE407F343ABB2E208F4BB7BD6C7B4CA0F
1024ASIO4ALL_2_15_English.exeC:\Users\admin\AppData\Local\Temp\nse420D.tmp\InstallOptions.dllexecutable
MD5:0A9FB96A7579B685EC36B17FC354E6A3
SHA256:B34FB342F21D690AAC024B6F48A597E78D15791EF480AC55159CD585D0F64AF7
1024ASIO4ALL_2_15_English.exeC:\Users\admin\Desktop\ASIO4ALL Web Site.lnklnk
MD5:399C4487548B05BCFABB153C7F24E10C
SHA256:534CB241D377A5B24855A1177161C14A71FCD6E5D32C15B110F4CFB10046A20F
1024ASIO4ALL_2_15_English.exeC:\Program Files\ASIO4ALL v2\ASIO4ALL Web Site.urlbinary
MD5:15A5D95ED493BF090F5A9633943B775A
SHA256:007DF5B56AD9FFB83061019E3FBF9F7A8AF84A4EA8C65C38B0F02AB27C4E2546
1024ASIO4ALL_2_15_English.exeC:\Users\admin\AppData\Local\Temp\nse420D.tmp\modern-wizard.bmpimage
MD5:3FF1169A736D4C708AFFB0467E12B276
SHA256:E7AFC4C0FDA8B5CD5361C2EACE2FC9D9B26BEDEFF475F2D2DDB2E87A503FBF70
1024ASIO4ALL_2_15_English.exeC:\Program Files\ASIO4ALL v2\asio4all.dllexecutable
MD5:91C0DF8B243B3039766097C24AF5C0CF
SHA256:913553AA4F532B51481EF3A4681983131A8273A36A377547B4DD5789AF574376
1024ASIO4ALL_2_15_English.exeC:\Program Files\ASIO4ALL v2\uninstall.exeexecutable
MD5:C1DA4B479971100116741C930C762E4A
SHA256:72FDA17AA76F7616FB052BC203D9E99C65679C57EDF2160974D4F0DC948EE94E
1024ASIO4ALL_2_15_English.exeC:\Users\admin\AppData\Local\Temp\nse420D.tmp\System.dllexecutable
MD5:564BB0373067E1785CBA7E4C24AAB4BF
SHA256:7A9DDEE34562CD3703F1502B5C70E99CD5BBA15DE2B6845A3555033D7F6CB2A5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ASIO4ALL_2_15_English.exe