File name:

HandBrake-1.0.7-i686-Win_GUI.exe

Full analysis: https://app.any.run/tasks/9bf6f6fa-322b-4475-940c-69b9a79680b7
Verdict: Malicious activity
Analysis date: April 30, 2024, 08:38:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

E467DBD669AE9DB999E5A1516589042C

SHA1:

A3B5A28475CCF4D31A8D72E4DE49A2302859110F

SHA256:

B35000DF800B522BB48D0E8991FDA009015E9335835977513850E35EB777C9D5

SSDEEP:

98304:G5PM1xO6hn+sClPbBQfEvB40anuBR8V/E+CKLhhrRKS6G3cy8/xL8kjOpzlein/C:G5kO6ivy5kPMrEpcdb6840pfpl3sjd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Creates a software uninstall entry

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Process drops legitimate windows executable

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Reads the Internet Settings

      • HandBrake.exe (PID: 2028)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • The process creates files with name similar to system file names

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

  • INFO

    • Checks supported languages

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
      • HandBrake.exe (PID: 2028)

    • Reads the computer name

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
      • HandBrake.exe (PID: 2028)

    • Manual execution by a user

      • HandBrake.exe (PID: 2028)

    • Creates files or folders in the user directory

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
      • HandBrake.exe (PID: 2028)

    • Reads the machine GUID from the registry

      • HandBrake.exe (PID: 2028)

    • Creates files in the program directory

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Reads Environment values

      • HandBrake.exe (PID: 2028)

    • Reads CPU info

      • HandBrake.exe (PID: 2028)

    • Create files in a temporary directory

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:02 03:20:05+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 120320
UninitializedDataSize: 1024
EntryPoint: 0x30fb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start handbrake-1.0.7-i686-win_gui.exe handbrake.exe handbrake-1.0.7-i686-win_gui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2028"C:\Program Files\HandBrake\HandBrake.exe" C:\Program Files\HandBrake\HandBrake.exe
explorer.exe
User:
admin
Company:
HandBrake Team
Integrity Level:
MEDIUM
Description:
HandBrake
Version:
1.0.7.0
Modules
Images
c:\program files\handbrake\handbrake.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3976"C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exe" C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\handbrake-1.0.7-i686-win_gui.exe
c:\windows\system32\ntdll.dll
4080"C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exe" C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\handbrake-1.0.7-i686-win_gui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
4 828
Read events
4 803
Write events
25
Delete events
0

Modification events

(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:DisplayName
Value:
HandBrake 1.0.7
(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:UninstallString
Value:
C:\Program Files\HandBrake\uninst.exe
(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:DisplayIcon
Value:
C:\Program Files\HandBrake\HandBrake.exe
(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:DisplayVersion
Value:
1.0.7
(PID) Process:(2028) HandBrake.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
HandBrake.exe
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
Executable files
12
Suspicious files
5
Text files
10
Unknown types
2

Dropped files

PID
Process
Filename
Type
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Caliburn.Micro.Platform.dllexecutable
MD5:B43B175F1AA22931DD35926A8348736D
SHA256:85AB824A1FCB58573C9C0968D27021FB88349376C95802268C52C4CCB93BE6F8
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\HandBrake.ApplicationServices.dllexecutable
MD5:365D8F7A9A63AD779F206C54A926E28E
SHA256:74F5824FAE6584926BE480A0081B26F6A2F81B66FAE48F925A14A18EFE17C32D
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Ookii.Dialogs.Wpf.dllexecutable
MD5:B0C3565E42FF81562E19A0FFCA18DA55
SHA256:46C45FF37E26CF1F2040E0BA7EB122BD261D1582981ADFA130F922E9C0E488D4
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Newtonsoft.Json.dllexecutable
MD5:5716E0676A23F67398F629A3001A1CCC
SHA256:691CF2DA27552E60DDAFCD01C36ED3D353DDB9A5BFB0F17EF02DC8263C872C91
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\HandBrake.exe.configxml
MD5:76F0C6FA13BD9C00921E2D8A840E2F09
SHA256:DA2963A766C5D00E81EBC4CAFF95BDDD6F782C719839B874DA30E512CF6F2D45
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\GongSolutions.Wpf.DragDrop.dllexecutable
MD5:3EAC1742885C04F486AC7D5BBBBBCBA1
SHA256:03DB23D2B0392A255BB8AE66A98E5ABEB9745306F8DE9BF0C3CEBE5867EC5852
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\hb.dllexecutable
MD5:5808667BE7036D5AE407B708F199965D
SHA256:FB418B1570392F429F722FF6925F0328A33BFCC534130BB575B4D901CCABA602
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Users\admin\Desktop\HandBrake.lnklnk
MD5:98EAEB54F1A209979412EF8E484A6735
SHA256:2676765C002783A096CBCD7FA303CD3DBF2A09626683B4340640374156F16448
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\HandBrake.exeexecutable
MD5:05554F4E1DE49AEF0A4829260A32F495
SHA256:C8C2C127A051CA515D35B8CBFD3924B81017EEF95C544AAD06146F9CA048498E
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\GongSolutions.Wpf.DragDrop.pdbpdb
MD5:4B762007BF6B50D6468DB4B3DA51687C
SHA256:A7A83B59F2829509BA761049FF032AEFB44567B39424BDC2B72D602F1FEB4A9D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
2028
HandBrake.exe
46.105.55.28:443
handbrake.fr
OVH SAS
FR
unknown

DNS requests

Domain
IP
Reputation
handbrake.fr
  • 46.105.55.28
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HandBrake-1.0.7-i686-Win_GUI.exe