File name:

HandBrake-1.0.7-i686-Win_GUI.exe

Full analysis: https://app.any.run/tasks/9bf6f6fa-322b-4475-940c-69b9a79680b7
Verdict: Malicious activity
Analysis date: April 30, 2024, 08:38:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

E467DBD669AE9DB999E5A1516589042C

SHA1:

A3B5A28475CCF4D31A8D72E4DE49A2302859110F

SHA256:

B35000DF800B522BB48D0E8991FDA009015E9335835977513850E35EB777C9D5

SSDEEP:

98304:G5PM1xO6hn+sClPbBQfEvB40anuBR8V/E+CKLhhrRKS6G3cy8/xL8kjOpzlein/C:G5kO6ivy5kPMrEpcdb6840pfpl3sjd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Executable content was dropped or overwritten

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • The process creates files with name similar to system file names

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Process drops legitimate windows executable

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Creates a software uninstall entry

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Reads the Internet Settings

      • HandBrake.exe (PID: 2028)

  • INFO

    • Checks supported languages

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
      • HandBrake.exe (PID: 2028)

    • Reads the computer name

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
      • HandBrake.exe (PID: 2028)

    • Create files in a temporary directory

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Creates files in the program directory

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)

    • Creates files or folders in the user directory

      • HandBrake-1.0.7-i686-Win_GUI.exe (PID: 4080)
      • HandBrake.exe (PID: 2028)

    • Manual execution by a user

      • HandBrake.exe (PID: 2028)

    • Reads the machine GUID from the registry

      • HandBrake.exe (PID: 2028)

    • Reads CPU info

      • HandBrake.exe (PID: 2028)

    • Reads Environment values

      • HandBrake.exe (PID: 2028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:02 03:20:05+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 120320
UninitializedDataSize: 1024
EntryPoint: 0x30fb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start handbrake-1.0.7-i686-win_gui.exe handbrake.exe handbrake-1.0.7-i686-win_gui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2028"C:\Program Files\HandBrake\HandBrake.exe" C:\Program Files\HandBrake\HandBrake.exe
explorer.exe
User:
admin
Company:
HandBrake Team
Integrity Level:
MEDIUM
Description:
HandBrake
Version:
1.0.7.0
Modules
Images
c:\program files\handbrake\handbrake.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3976"C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exe" C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\handbrake-1.0.7-i686-win_gui.exe
c:\windows\system32\ntdll.dll
4080"C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exe" C:\Users\admin\AppData\Local\Temp\HandBrake-1.0.7-i686-Win_GUI.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\handbrake-1.0.7-i686-win_gui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
4 828
Read events
4 803
Write events
25
Delete events
0

Modification events

(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:DisplayName
Value:
HandBrake 1.0.7
(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:UninstallString
Value:
C:\Program Files\HandBrake\uninst.exe
(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:DisplayIcon
Value:
C:\Program Files\HandBrake\HandBrake.exe
(PID) Process:(4080) HandBrake-1.0.7-i686-Win_GUI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HandBrake
Operation:writeName:DisplayVersion
Value:
1.0.7
(PID) Process:(2028) HandBrake.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
HandBrake.exe
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2028) HandBrake.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HandBrake_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
Executable files
12
Suspicious files
5
Text files
10
Unknown types
2

Dropped files

PID
Process
Filename
Type
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Users\admin\AppData\Local\Temp\nsb4808.tmp\System.dllexecutable
MD5:56A321BD011112EC5D8A32B2F6FD3231
SHA256:BB6DF93369B498EAA638B0BCDC4BB89F45E9B02CA12D28BCEDF4629EA7F5E0F1
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Users\admin\AppData\Local\Temp\nsb4808.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Caliburn.Micro.Platform.dllexecutable
MD5:B43B175F1AA22931DD35926A8348736D
SHA256:85AB824A1FCB58573C9C0968D27021FB88349376C95802268C52C4CCB93BE6F8
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Users\admin\AppData\Local\Temp\nsb4808.tmp\InstallOptions.dllexecutable
MD5:D753362649AECD60FF434ADF171A4E7F
SHA256:8F24C6CF0B06D18F3C07E7BFCA4E92AFCE71834663746CFAA9DDF52A25D5C586
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\System.Windows.Interactivity.dllexecutable
MD5:580244BC805220253A87196913EB3E5E
SHA256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Users\admin\Desktop\HandBrake.lnklnk
MD5:98EAEB54F1A209979412EF8E484A6735
SHA256:2676765C002783A096CBCD7FA303CD3DBF2A09626683B4340640374156F16448
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\GongSolutions.Wpf.DragDrop.dllexecutable
MD5:3EAC1742885C04F486AC7D5BBBBBCBA1
SHA256:03DB23D2B0392A255BB8AE66A98E5ABEB9745306F8DE9BF0C3CEBE5867EC5852
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Caliburn.Micro.dllexecutable
MD5:E27F43AD09A9FF7D9DBED9FF0E6E6067
SHA256:41E31B2EFFB6EE393088030052FC8434CE184B73C50C3A6F2AD0DF4CBD4DBCF6
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Ookii.Dialogs.Wpf.dllexecutable
MD5:B0C3565E42FF81562E19A0FFCA18DA55
SHA256:46C45FF37E26CF1F2040E0BA7EB122BD261D1582981ADFA130F922E9C0E488D4
4080HandBrake-1.0.7-i686-Win_GUI.exeC:\Program Files\HandBrake\Newtonsoft.Json.dllexecutable
MD5:5716E0676A23F67398F629A3001A1CCC
SHA256:691CF2DA27552E60DDAFCD01C36ED3D353DDB9A5BFB0F17EF02DC8263C872C91
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
2028
HandBrake.exe
46.105.55.28:443
handbrake.fr
OVH SAS
FR
unknown

DNS requests

Domain
IP
Reputation
handbrake.fr
  • 46.105.55.28
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
HandBrake-1.0.7-i686-Win_GUI.exe