File name:

Your File Is Ready To Download.exe.danger

Full analysis: https://app.any.run/tasks/46f3f7c7-f169-4e12-800d-dbf0fc4dad77
Verdict: Malicious activity
Analysis date: December 09, 2023, 01:01:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4939CD1620712D37759293DE62C3A03D

SHA1:

C8D66C59A62C5D055D40096665EB5B9252FDB2CA

SHA256:

B6FD486840A14EF414238D38CDA7DF90D4ECAAE4D73FF3DDB870960E1857C631

SSDEEP:

98304:O6VnvKp9IxG+A+4CMP9jxFsTGxNWqzHeJTOuEYLoBRvSEjf7zvZgP6h/zhEuSuTq:DOXy2V664

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Your File Is Ready To Download.exe.danger.exe (PID: 2424)
      • GenericSetup.exe (PID: 2544)

    • Actions looks like stealing of personal data

      • GenericSetup.exe (PID: 2544)

  • SUSPICIOUS

    • Reads the Internet Settings

      • GenericSetup.exe (PID: 2544)

    • Checks Windows Trust Settings

      • GenericSetup.exe (PID: 2544)

    • Reads the Windows owner or organization settings

      • GenericSetup.exe (PID: 2544)

    • Reads security settings of Internet Explorer

      • GenericSetup.exe (PID: 2544)

    • Reads settings of System Certificates

      • GenericSetup.exe (PID: 2544)

    • Adds/modifies Windows certificates

      • GenericSetup.exe (PID: 2544)

    • Searches for installed software

      • GenericSetup.exe (PID: 2544)

  • INFO

    • Create files in a temporary directory

      • Your File Is Ready To Download.exe.danger.exe (PID: 2424)
      • GenericSetup.exe (PID: 2544)

    • Checks supported languages

      • Your File Is Ready To Download.exe.danger.exe (PID: 2424)
      • GenericSetup.exe (PID: 2544)
      • wmpnscfg.exe (PID: 3452)

    • Reads the computer name

      • GenericSetup.exe (PID: 2544)
      • wmpnscfg.exe (PID: 3452)

    • Reads the machine GUID from the registry

      • GenericSetup.exe (PID: 2544)

    • Reads Environment values

      • GenericSetup.exe (PID: 2544)

    • Creates files or folders in the user directory

      • GenericSetup.exe (PID: 2544)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3452)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:04:18 20:54:06+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 104448
InitializedDataSize: 35328
UninitializedDataSize: -
EntryPoint: 0x148d4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.91.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 6.91.0.0
ProductVersion: 1.0.0.0
CompanyName: IC001
FileDescription: Software Installation
InternalName: 7zS.sfx
LegalCopyright: Copyright © Adaware 2022
OriginalFileName: GenericSetup.exe
ProductName: InstallCapital
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start your file is ready to download.exe.danger.exe genericsetup.exe wmpnscfg.exe no specs your file is ready to download.exe.danger.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2424"C:\Users\admin\AppData\Local\Temp\Your File Is Ready To Download.exe.danger.exe" C:\Users\admin\AppData\Local\Temp\Your File Is Ready To Download.exe.danger.exe
explorer.exe
User:
admin
Company:
IC001
Integrity Level:
HIGH
Description:
Software Installation
Exit code:
0
Version:
6.91.0.0
2464"C:\Users\admin\AppData\Local\Temp\Your File Is Ready To Download.exe.danger.exe" C:\Users\admin\AppData\Local\Temp\Your File Is Ready To Download.exe.danger.exeexplorer.exe
User:
admin
Company:
IC001
Integrity Level:
MEDIUM
Description:
Software Installation
Exit code:
3221226540
Version:
6.91.0.0
2544.\GenericSetup.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\GenericSetup.exe
Your File Is Ready To Download.exe.danger.exe
User:
admin
Integrity Level:
HIGH
Description:
InstallCapital
Exit code:
0
Version:
1.4.3.5835
3452"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
9
Suspicious files
5
Text files
19
Unknown types
0

Dropped files

PID
Process
Filename
Type
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\es\GenericSetup.resources.dllexecutable
MD5:244CD3A33B0A6FE36AA0274C0C1211D1
SHA256:FA03335241496436583DFC1AFF605A61EB26E3CA84321B2334709C5F7ECDCBCC
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\GenericSetup.exeexecutable
MD5:FFFD5CC10B8005FB12C592D13FEAD02F
SHA256:246B1EE6E676D9E0012B5F9F5B68D98B4BB81597D6C739FF8377E1AF1FBEAFA4
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\fr\GenericSetup.resources.dllexecutable
MD5:7EDD12803F15A0180EF2663D39EBFB91
SHA256:8E707984083CA3C1319290A6B044F8D44EDEF2888C3FED49E67C8C9332C6B348
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\it\GenericSetup.resources.dllexecutable
MD5:9CE8CC807C8964A8D9577AC031378DC5
SHA256:250465CFD8FF147C0A145BEC949E55ACB9542F35794B1E9F0C56DE01265F094E
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\pt\GenericSetup.resources.dllexecutable
MD5:CFF7140936B8C88003ADB80A77F78627
SHA256:83AE59AB44D59356CCD25DE6AC04743230045917D80534AD6436409BBB19AD6E
2544GenericSetup.exeC:\Users\admin\AppData\Local\_\GenericSetup.exe_Url_ra1f3a3ni14bpjfcsy12b1gey2jhnlkq\1.4.3.5835\user.configxml
MD5:C76D70D8440A273C2B2A2764F33323B8
SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\de\GenericSetup.resources.dllexecutable
MD5:1F889DC2337F4AC07374DEB456B12E3B
SHA256:DD8E201A24AACF7420234D0882A40DB1734F099FEBBC4911888511B409489FDD
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\DynActsBLL.dllexecutable
MD5:2E189EB15BCF6989B86542FCA3A75D02
SHA256:A0FEA1E00F1A225EAE3EFBC4877F0D8F66D345F9B11CEF34355085B8165CC83B
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\ru\GenericSetup.resources.dllexecutable
MD5:EA1BE1735E2E7B5023C637D8E73A9DB8
SHA256:8ECD0F54CB9AC6CE0F571ABE4EEE453442DB16D766C16F536CA3383F1F225846
2424Your File Is Ready To Download.exe.danger.exeC:\Users\admin\AppData\Local\Temp\7zS879DBF01\GenericSetup.exe.configxml
MD5:FD63EE3928EDD99AFC5BDF17E4F1E7B6
SHA256:2A2DDBDC4600E829AD756FD5E84A79C0401FA846AD4F2F2FB235B410E82434A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
9
DNS requests
6
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2544
GenericSetup.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6e9c5f05352adef9
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
868
svchost.exe
23.35.228.137:80
AKAMAI-AS
DE
unknown
2544
GenericSetup.exe
104.18.68.73:443
h2oapi.adaware.com
CLOUDFLARENET
unknown
2544
GenericSetup.exe
104.17.9.52:443
flow.lavasoft.com
CLOUDFLARENET
shared
2544
GenericSetup.exe
104.18.67.73:443
h2oapi.adaware.com
CLOUDFLARENET
unknown
4
System
192.168.100.255:138
whitelisted
2544
GenericSetup.exe
185.31.172.243:443
kodi.mirror.liteserver.nl
The Infrastructure Group B.V.
NL
unknown
4
System
192.168.100.255:137
whitelisted
2544
GenericSetup.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
h2oapi.adaware.com
  • 104.18.68.73
  • 104.18.67.73
unknown
www.google.com
  • 142.250.185.164
whitelisted
flow.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
whitelisted
sos.adaware.com
  • 104.18.67.73
  • 104.18.68.73
whitelisted
kodi.mirror.liteserver.nl
  • 185.31.172.243
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted

Threats

Found threats are available for the paid subscriptions
2 ETPRO signatures available at the full report
Process
Message
GenericSetup.exe
GenericSetup.exe
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
Error: File not found - genericsetup.wrappers.sciter:console.tis
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
GenericSetup.exe
Error: File not found - genericsetup.wrappers.sciter:console.tis
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Your File Is Ready To Download.exe.danger