File name:

reiboot.exe

Full analysis: https://app.any.run/tasks/49bf868f-4fd3-45cb-b9bf-ec0e3deac6fe
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 31, 2024, 23:29:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

30E4F51325061EADEEA3EA7FAB74F49F

SHA1:

FCC4803FEA93CD89B0EA8087182F5EA2CDCE0310

SHA256:

B7C8D99F15C3F0BD9BF9FE76A0965F226B2CBD74700404F0D351B867F81BBB18

SSDEEP:

49152:BGIpewFyJnbJwyyW0h3BqXH5RWT/rMy7kOWuTySEmvLLo:BGWiJ70hx8rWT/4fOWSySEmvLLo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • reiboot.exe (PID: 4080)
      • reibootforios_ts_9.4.11.exe (PID: 1884)
      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Connects to the CnC server

      • reiboot.exe (PID: 4080)

  • SUSPICIOUS

    • Reads the Internet Settings

      • reiboot.exe (PID: 4080)
      • NetFrameCheck.exe (PID: 2616)
      • ReiBoot.exe (PID: 1280)

    • Reads security settings of Internet Explorer

      • reiboot.exe (PID: 4080)
      • NetFrameCheck.exe (PID: 2616)
      • ReiBoot.exe (PID: 1280)

    • Reads settings of System Certificates

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Checks Windows Trust Settings

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Access to an unwanted program domain was detected

      • reiboot.exe (PID: 4080)

    • Checks for external IP

      • reiboot.exe (PID: 4080)

    • Potential Corporate Privacy Violation

      • reiboot.exe (PID: 4080)
      • msedge.exe (PID: 3824)
      • ReiBoot.exe (PID: 1280)

    • Executable content was dropped or overwritten

      • reibootforios_ts_9.4.11.exe (PID: 1884)
      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Reads the Windows owner or organization settings

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Process drops legitimate windows executable

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Creates a software uninstall entry

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Drops 7-zip archiver for unpacking

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Drops a system driver (possible attempt to evade defenses)

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • The process drops C-runtime libraries

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Searches for installed software

      • ReiBoot.exe (PID: 1280)

    • Changes Internet Explorer settings (feature browser emulation)

      • ReiBoot.exe (PID: 1280)

  • INFO

    • Checks supported languages

      • reiboot.exe (PID: 4080)
      • wmpnscfg.exe (PID: 1292)
      • reibootforios_ts_9.4.11.exe (PID: 1884)
      • reibootforios_ts_9.4.11.tmp (PID: 2196)
      • NetFrameCheck.exe (PID: 2616)
      • ReiBoot.exe (PID: 1280)
      • Monitor.exe (PID: 1032)
      • AppleMobileDeviceProcess.exe (PID: 2888)
      • CheckErrorx86.exe (PID: 2784)
      • MsgSupportService.exe (PID: 3068)
      • mDNSResponder.exe (PID: 1664)

    • Reads the computer name

      • reiboot.exe (PID: 4080)
      • wmpnscfg.exe (PID: 1292)
      • reibootforios_ts_9.4.11.tmp (PID: 2196)
      • NetFrameCheck.exe (PID: 2616)
      • ReiBoot.exe (PID: 1280)
      • Monitor.exe (PID: 1032)
      • MsgSupportService.exe (PID: 3068)
      • AppleMobileDeviceProcess.exe (PID: 2888)
      • CheckErrorx86.exe (PID: 2784)
      • mDNSResponder.exe (PID: 1664)

    • Create files in a temporary directory

      • reiboot.exe (PID: 4080)
      • reibootforios_ts_9.4.11.exe (PID: 1884)
      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Reads Environment values

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Reads the software policy settings

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Checks proxy server information

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Reads the machine GUID from the registry

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)
      • MsgSupportService.exe (PID: 3068)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1292)
      • msedge.exe (PID: 3176)

    • Creates files or folders in the user directory

      • reiboot.exe (PID: 4080)
      • ReiBoot.exe (PID: 1280)

    • Creates files in the program directory

      • reiboot.exe (PID: 4080)
      • reibootforios_ts_9.4.11.tmp (PID: 2196)
      • NetFrameCheck.exe (PID: 2616)
      • ReiBoot.exe (PID: 1280)
      • AppleMobileDeviceProcess.exe (PID: 2888)
      • MsgSupportService.exe (PID: 3068)

    • Creates a software uninstall entry

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Dropped object may contain TOR URL's

      • reibootforios_ts_9.4.11.tmp (PID: 2196)

    • Disables trace logs

      • ReiBoot.exe (PID: 1280)

    • Application launched itself

      • msedge.exe (PID: 2776)
      • msedge.exe (PID: 3176)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:05:26 09:42:20+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1794048
InitializedDataSize: 122880
UninitializedDataSize: 2072576
EntryPoint: 0x3afe50
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.11.0
ProductVersionNumber: 2.7.11.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Tenorshare Co., Ltd.
FileDescription: Tenorshare ReiBoot
FileVersion: 2.7.11.0
LegalCopyright: Copyright © 2007-2023 Tenorshare Co.,Ltd.
ProductName: 20230526174151
ProductVersion: 2.7.11.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
90
Monitored processes
40
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start reiboot.exe wmpnscfg.exe no specs reibootforios_ts_9.4.11.exe reibootforios_ts_9.4.11.tmp netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netframecheck.exe no specs reiboot.exe monitor.exe msedge.exe no specs checkerrorx86.exe no specs applemobiledeviceprocess.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msgsupportservice.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs netstat.exe no specs netstat.exe no specs netstat.exe no specs netstat.exe no specs mdnsresponder.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs reiboot.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"netstat.exe" -a -n -oC:\Windows\System32\NETSTAT.EXEReiBoot.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Netstat Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netstat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
992"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Bonjour Service(ts)" program="C:\Program Files\Tenorshare\Tenorshare ReiBoot\Bonjour\mDNSResponder.exe" dir=in action=allow enable=yes protocol=tcp localport=anyC:\Windows\System32\netsh.exereibootforios_ts_9.4.11.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1012"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Bonjour Service(ts)" program="C:\Program Files\Tenorshare\Tenorshare ReiBoot\Bonjour\mDNSResponder.exe" dir=in action=allow enable=yes protocol=udp localport=anyC:\Windows\System32\netsh.exereibootforios_ts_9.4.11.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1032"C:\Program Files\Tenorshare\Tenorshare ReiBoot\Monitor\Monitor.exe" 1280(#-+)UA-113287545-3(#-+)Tenorshare ReiBoot(#-+)9.4.11.1(#-+)&cd1=9.4.11.1&cd2=unregister&cd3=ts&cd4=2.3.4.0&cd5=Other&cd6=en&cd7=32&cd9=86_Microsoft Windows NT 6.1.7601 Service Pack 1&cd10=NO&cd11=Null&cd12=Null&cd13=UnConnect(#-+)1C:\Program Files\Tenorshare\Tenorshare ReiBoot\Monitor\Monitor.exe
ReiBoot.exe
User:
admin
Company:
TS
Integrity Level:
HIGH
Description:
Monitor_20230420
Version:
1.0.5.0
Modules
Images
c:\program files\tenorshare\tenorshare reiboot\monitor\monitor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1280"C:\Program Files\Tenorshare\Tenorshare ReiBoot\ReiBoot.exe" C:\Program Files\Tenorshare\Tenorshare ReiBoot\ReiBoot.exe
NetFrameCheck.exe
User:
admin
Company:
Tenorshare
Integrity Level:
HIGH
Description:
ReiBoot
Version:
9.4.11.1
Modules
Images
c:\program files\tenorshare\tenorshare reiboot\reiboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1292"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1368"netstat.exe" -a -n -oC:\Windows\System32\NETSTAT.EXEReiBoot.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Netstat Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netstat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
1664"C:\Program Files\Tenorshare\Tenorshare ReiBoot\Bonjour\mDNSResponder.exe" -serverC:\Program Files\Tenorshare\Tenorshare ReiBoot\Bonjour\mDNSResponder.exe
ReiBoot.exe
User:
admin
Company:
Apple Inc.
Integrity Level:
HIGH
Description:
Bonjour Service
Version:
3,1,0,1
Modules
Images
c:\program files\tenorshare\tenorshare reiboot\bonjour\mdnsresponder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
1848"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Bonjour Service(ts)" program="C:\Program Files\Tenorshare\Tenorshare ReiBoot\Bonjour\mDNSResponder.exe" dir=out action=allow enable=yes protocol=udp localport=anyC:\Windows\System32\netsh.exereibootforios_ts_9.4.11.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1884 /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files\Tenorshare\Tenorshare ReiBoot\" /LANG=en /LOG="C:\Users\admin\AppData\Local\Temp\Tenorshare ReiBoot_Setup_20240601003010.log" /sptrack nullC:\Users\admin\AppData\Local\Temp\reibootforios_ts\reibootforios_ts_9.4.11.exe
reiboot.exe
User:
admin
Company:
Tenorshare
Integrity Level:
HIGH
Description:
Tenorshare ReiBoot Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\reibootforios_ts\reibootforios_ts_9.4.11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
30 325
Read events
29 910
Write events
385
Delete events
30

Modification events

(PID) Process:(4080) reiboot.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tenorshare\Downloader2.5.0
Operation:writeName:GA_PC
Value:
1
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4080) reiboot.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
658
Suspicious files
153
Text files
79
Unknown types
0

Dropped files

PID
Process
Filename
Type
4080reiboot.exeC:\Users\admin\AppData\Local\Temp\reibootforios_ts\reibootforios_ts_9.4.11.exe
MD5:
SHA256:
4080reiboot.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\27QM642E.txttext
MD5:E29FB5130F9F86043FCDEBD8EDCD1D38
SHA256:2BE4369D746F38ABBED5372344FC15142E5ED3775A2B6021294C1295FE89A744
4080reiboot.exeC:\Users\admin\AppData\Local\Temp\reibootforios_ts\reibootforios_ts_9.4.11.exe.xmltext
MD5:7E7296C5ECD3B268D07DDCE57F9DAD3A
SHA256:3A2B86803A61547D86532575D3C5FD6357CEFC38C3E91CEF350AC636AAB0A3EE
2196reibootforios_ts_9.4.11.tmpC:\Program Files\Tenorshare\Tenorshare ReiBoot\is-L8PO2.tmpexecutable
MD5:415E9EA3ADBFB5F9DC4390AE13974DDC
SHA256:7B89FFE9570EB02815975EC4E0AD86237A14EAD63EC0BBEB2F19456D058BF09D
4080reiboot.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\7SHS9NMR.txttext
MD5:4A86D1C1DBC057D0E13BDBD467218214
SHA256:B71B1FDE81E41A78A28B4AB2DC1537A5149F8B0ECF105AD6F0AA8291FDAAF6EF
4080reiboot.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cbinary
MD5:A94A1BDF6E6B3B95482069020CF13973
SHA256:D7F65E7196C5333769BD74F39D5B85664D296089BC4CB9D6204AECAAFB7379FB
4080reiboot.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cbinary
MD5:3DF814EE277225F35124544CA74D60AA
SHA256:58340F4ADF3F167FF6B3CF4A1523992D64C5734F49C9736DA001911A93D24BCA
4080reiboot.exeC:\Users\admin\AppData\Local\Temp\reibootforios_ts\reibootforios_ts_9.4.11.exe.dbtext
MD5:BF4930DEEAF1E05B81268F99A4064F12
SHA256:0C8EEE2C4E75A437076E7EED6CDBCD3BBAD768C1BEBBC3A4177FD6FE57DC9067
2196reibootforios_ts_9.4.11.tmpC:\Program Files\Tenorshare\Tenorshare ReiBoot\is-MOGEN.tmpexecutable
MD5:E1E909E83750768912841D0BDFC683D7
SHA256:417009068C5DAD78D7C77BAFAE5581B9A26C1008D4F439041A1B3F5D73DA4EA1
4080reiboot.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_234E9B04AA8520A2E6CE0C38C9A1AE0Dbinary
MD5:48C020F93D81896A7CA9E986B93A4188
SHA256:76EBE16684F988DAF90A7BA4BBCD3C31D5A76016DE451A81A43AE4365802DE94
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
52
TCP/UDP connections
174
DNS requests
89
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4080
reiboot.exe
GET
301
104.17.207.155:80
http://www.tenorshare.com/downloads/service/softwarelog.txt
unknown
unknown
4080
reiboot.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cfe0a7f8e7962138
unknown
unknown
4080
reiboot.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
unknown
4080
reiboot.exe
GET
200
208.95.112.1:80
http://ip-api.com/csv
unknown
unknown
4080
reiboot.exe
POST
200
216.239.36.178:80
http://www.google-analytics.com/collect
unknown
unknown
4080
reiboot.exe
POST
200
216.239.36.178:80
http://www.google-analytics.com/collect
unknown
unknown
4080
reiboot.exe
POST
200
216.239.36.178:80
http://www.google-analytics.com/collect
unknown
unknown
4080
reiboot.exe
POST
200
216.239.36.178:80
http://www.google-analytics.com/collect
unknown
unknown
4080
reiboot.exe
POST
200
216.239.36.178:80
http://www.google-analytics.com/collect
unknown
unknown
4080
reiboot.exe
POST
200
216.239.36.178:80
http://www.google-analytics.com/collect
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4080
reiboot.exe
104.17.207.155:80
www.tenorshare.com
CLOUDFLARENET
unknown
4080
reiboot.exe
104.17.207.155:443
www.tenorshare.com
CLOUDFLARENET
unknown
4080
reiboot.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4080
reiboot.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4080
reiboot.exe
104.18.24.249:443
update.tenorshare.com
CLOUDFLARENET
unknown
4080
reiboot.exe
208.95.112.1:80
ip-api.com
TUT-AS
US
unknown

DNS requests

Domain
IP
Reputation
www.tenorshare.com
  • 104.17.207.155
  • 104.17.192.141
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.216
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
update.tenorshare.com
  • 104.18.24.249
  • 104.18.25.249
unknown
ip-api.com
  • 208.95.112.1
shared
www.google-analytics.com
  • 216.239.36.178
  • 216.239.34.178
  • 216.239.32.178
  • 216.239.38.178
whitelisted
download.tenorshare.com
  • 104.18.24.249
  • 104.18.25.249
unknown
campagin-web.afirstsoft.com
  • 104.18.16.57
  • 104.18.17.57
unknown
config.edge.skype.com
  • 52.123.243.194
  • 52.123.224.72
  • 52.123.243.193
  • 52.123.243.198
whitelisted
cbs.tenorshare.com
  • 104.18.24.249
  • 104.18.25.249
unknown

Threats

PID
Process
Class
Message
4080
reiboot.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
4080
reiboot.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
4080
reiboot.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
4080
reiboot.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Tenorshare Google Analytics Checkin
1280
ReiBoot.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
3824
msedge.exe
Potential Corporate Privacy Violation
POLICY [ANY.RUN] External IP Check (pro.ip-api.com)
3824
msedge.exe
Potential Corporate Privacy Violation
POLICY [ANY.RUN] External IP Check (pro.ip-api.com)
3 ETPRO signatures available at the full report
Process
Message
ReiBoot.exe
log4net:ERROR XmlHierarchyConfigurator: No appender named [ConsoleAppender] could be found.
ReiBoot.exe
log4net:ERROR Appender named [ConsoleAppender] not found.
AppleMobileDeviceProcess.exe
ASL checking for logging parameters in environment variable "asl.log"
AppleMobileDeviceProcess.exe
ASL checking for logging parameters in environment variable "AppleMobileDeviceProcess.exe.log"
ReiBoot.exe
Couldn't load our private device map. Device identification will be limited.
ReiBoot.exe
ReiBoot.exe
DeviceMap argument is empty. Skipping appending of deprecated devices.
ReiBoot.exe
ReiBoot.exe
ASL checking for logging parameters in environment variable "ReiBoot.exe.log"
ReiBoot.exe
ASL checking for logging parameters in environment variable "asl.log"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
reiboot.exe