analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

google-chrome_msetup_[1244143].exe

Full analysis: https://app.any.run/tasks/c57b9d92-e027-40b9-821c-8d816f1c0aed
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 15, 2019, 13:38:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

C41DC6A580BC50AE0850587F20FB68BC

SHA1:

FE6E4D5D8BBC398A5E33A576AE108D7AFE4F62E2

SHA256:

B8C3866121B71C44FB52F965F6EE49188989850A4CDA6627DAE224AA71421218

SSDEEP:

6144:n0HjIpOcK9GK81fl2RrS8i5U/V260mZ3Gn9HK70z3p+PyqQS:nR7sRrS8iit26LW960zqQS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • google-chrome_msetup_[1244143].exe (PID: 3960)
      • GoogleUpdate.exe (PID: 2520)

    • Application was dropped or rewritten from another process

      • 2_ChromeSetup.exe (PID: 2284)
      • avast_free_antivirus_setup_online.exe (PID: 2612)
      • GoogleUpdate.exe (PID: 3636)
      • GoogleUpdate.exe (PID: 3884)
      • GoogleUpdate.exe (PID: 2520)
      • GoogleUpdate.exe (PID: 2680)
      • downloader.exe (PID: 3448)
      • avast_free_antivirus_setup_online.exe (PID: 2844)
      • instup.exe (PID: 3872)
      • downloader.exe (PID: 2340)
      • YandexPackSetup.exe (PID: 4080)
      • instup.exe (PID: 2428)
      • seederexe.exe (PID: 2320)
      • sbr.exe (PID: 2404)
      • sender.exe (PID: 2892)
      • Yandex.exe (PID: 2560)
      • lite_installer.exe (PID: 1744)

    • Downloads executable files from the Internet

      • google-chrome_msetup_[1244143].exe (PID: 3960)
      • avast_free_antivirus_setup_online.exe (PID: 2612)
      • downloader.exe (PID: 3448)

    • Loads dropped or rewritten executable

      • GoogleUpdate.exe (PID: 3636)
      • GoogleUpdate.exe (PID: 3884)
      • GoogleUpdate.exe (PID: 2680)
      • GoogleUpdate.exe (PID: 2520)
      • instup.exe (PID: 3872)

    • Changes the autorun value in the registry

      • instup.exe (PID: 2428)

  • SUSPICIOUS

    • Creates files in the user directory

      • google-chrome_msetup_[1244143].exe (PID: 3960)
      • MsiExec.exe (PID: 4044)
      • lite_installer.exe (PID: 1744)
      • seederexe.exe (PID: 2320)
      • Yandex.exe (PID: 2560)

    • Executable content was dropped or overwritten

      • google-chrome_msetup_[1244143].exe (PID: 3960)
      • 2_ChromeSetup.exe (PID: 2284)
      • avast_free_antivirus_setup_online.exe (PID: 2612)
      • avast_free_antivirus_setup_online.exe (PID: 2844)
      • instup.exe (PID: 3872)
      • downloader.exe (PID: 3448)
      • MsiExec.exe (PID: 4044)
      • Yandex.exe (PID: 2560)
      • msiexec.exe (PID: 3048)
      • instup.exe (PID: 2428)

    • Adds / modifies Windows certificates

      • google-chrome_msetup_[1244143].exe (PID: 3960)
      • GoogleUpdate.exe (PID: 2520)

    • Creates files in the program directory

      • 2_ChromeSetup.exe (PID: 2284)
      • avast_free_antivirus_setup_online.exe (PID: 2844)
      • instup.exe (PID: 3872)

    • Starts itself from another location

      • GoogleUpdate.exe (PID: 3636)
      • instup.exe (PID: 3872)

    • Creates files in the Windows directory

      • avast_free_antivirus_setup_online.exe (PID: 2612)
      • instup.exe (PID: 3872)
      • avast_free_antivirus_setup_online.exe (PID: 2844)
      • instup.exe (PID: 2428)

    • Low-level read access rights to disk partition

      • avast_free_antivirus_setup_online.exe (PID: 2612)
      • avast_free_antivirus_setup_online.exe (PID: 2844)
      • instup.exe (PID: 3872)
      • instup.exe (PID: 2428)

    • Removes files from Windows directory

      • instup.exe (PID: 3872)
      • instup.exe (PID: 2428)

    • Application launched itself

      • downloader.exe (PID: 3448)

    • Reads Environment values

      • MsiExec.exe (PID: 4044)

    • Creates a software uninstall entry

      • Yandex.exe (PID: 2560)

    • Changes the started page of IE

      • seederexe.exe (PID: 2320)

  • INFO

    • Application launched itself

      • msiexec.exe (PID: 3048)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

ProductVersion: 1.1.9.0
ProductName: MultiSetup
OriginalFileName: multisetup.exe
LegalCopyright: Copyright (C) 2019
InternalName: multisetup.exe
FileVersion: 1.1.9.0
FileDescription: MultiSetup
CompanyName: MultiSetup
CharacterSet: Unicode
LanguageCode: Russian
FileSubtype: -
ObjectFileType: Executable application
FileOS: Windows NT 32-bit
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 1.1.9.0
FileVersionNumber: 1.1.9.0
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x208dd
UninitializedDataSize: -
InitializedDataSize: 196608
CodeSize: 210432
LinkerVersion: 12
PEType: PE32
TimeStamp: 2019:05:07 19:20:03+02:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 07-May-2019 17:20:03
Detected languages:
  • Russian - Russia
Debug artifacts:
  • F:\Sources.Smartline\multi_install\Release\multi_setup.pdb
CompanyName: MultiSetup
FileDescription: MultiSetup
FileVersion: 1.1.9.0
InternalName: multisetup.exe
LegalCopyright: Copyright (C) 2019
OriginalFilename: multisetup.exe
ProductName: MultiSetup
ProductVersion: 1.1.9.0

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000100

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 07-May-2019 17:20:03
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x0003342A
0x00033600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.61199
.rdata
0x00035000
0x0000FA92
0x0000FC00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.75459
.data
0x00045000
0x00003FC8
0x00001C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.02182
.rsrc
0x00049000
0x00018F88
0x00019000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.52142
.reloc
0x00062000
0x0000332C
0x00003400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.54652

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.2212
1505
UNKNOWN
Russian - Russia
RT_MANIFEST
2
3.25755
296
UNKNOWN
Russian - Russia
RT_ICON
3
3.91366
2216
UNKNOWN
Russian - Russia
RT_ICON
4
3.47151
1384
UNKNOWN
Russian - Russia
RT_ICON
107
2.64576
62
UNKNOWN
Russian - Russia
RT_GROUP_ICON
129
3.89665
1976
UNKNOWN
Russian - Russia
RT_DIALOG
130
3.32958
264
UNKNOWN
Russian - Russia
RT_DIALOG
131
7.94117
5818
UNKNOWN
Russian - Russia
PNG
132
6.86434
572
UNKNOWN
Russian - Russia
PNG
134
2.64335
416
UNKNOWN
Russian - Russia
RT_DIALOG

Imports

ADVAPI32.dll
COMCTL32.dll
CRYPT32.dll
GDI32.dll
KERNEL32.dll
POWRPROF.dll
PSAPI.DLL
SHELL32.dll
SHLWAPI.dll
USER32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
21
Malicious processes
12
Suspicious processes
3

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start google-chrome_msetup_[1244143].exe no specs google-chrome_msetup_[1244143].exe 2_chromesetup.exe avast_free_antivirus_setup_online.exe googleupdate.exe no specs downloader.exe googleupdate.exe no specs googleupdate.exe googleupdate.exe avast_free_antivirus_setup_online.exe instup.exe yandexpacksetup.exe downloader.exe msiexec.exe msiexec.exe lite_installer.exe seederexe.exe yandex.exe instup.exe sbr.exe no specs sender.exe

Process information

PID
CMD
Path
Indicators
Parent process
3076"C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe" C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exeexplorer.exe
User:
admin
Company:
MultiSetup
Integrity Level:
MEDIUM
Description:
MultiSetup
Exit code:
3221226540
Version:
1.1.9.0
3960"C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe" C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe
explorer.exe
User:
admin
Company:
MultiSetup
Integrity Level:
HIGH
Description:
MultiSetup
Version:
1.1.9.0
2284"C:\Users\admin\Downloads\Downloads msetup\2_ChromeSetup.exe" C:\Users\admin\Downloads\Downloads msetup\2_ChromeSetup.exe
google-chrome_msetup_[1244143].exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Update Setup
Version:
1.3.33.23
2612"C:\Users\admin\AppData\Local\Temp\msetup\avast_free_antivirus_setup_online.exe" /silentC:\Users\admin\AppData\Local\Temp\msetup\avast_free_antivirus_setup_online.exe
google-chrome_msetup_[1244143].exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Version:
2.1.1279.0
3636"C:\Program Files\GUM41F4.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={C092240D-67D5-6EA5-F682-55125B75EF75}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"C:\Program Files\GUM41F4.tmp\GoogleUpdate.exe2_ChromeSetup.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Version:
1.3.33.23
3448"C:\Users\admin\AppData\Local\Temp\msetup\downloader.exe" --partner 8937 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y ILIGHT=1 VID=600"C:\Users\admin\AppData\Local\Temp\msetup\downloader.exe
google-chrome_msetup_[1244143].exe
User:
admin
Integrity Level:
HIGH
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.32
3884"C:\Program Files\Google\Update\GoogleUpdate.exe" /healthcheckC:\Program Files\Google\Update\GoogleUpdate.exeGoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
2520"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zMy4yMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjMzLjIzIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0ie0U4MkY1MUYzLTcyRTctNDBBOS1BM0RGLUZEMUJBODBDRkFEMX0iIHVzZXJpZD0iezYwQkIwMzQ0LThDMTYtNENERi1CMzI2LUUwODNCQTlFMDVCNH0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9InswQkVDQzk3RC1ENzZDLTQ4RkItQkREMC0wNkZFRDIyMjFENUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zMy4yMyIgbmV4dHZlcnNpb249IjEuMy4zMy4yMyIgbGFuZz0icnUiIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntDMDkyMjQwRC02N0Q1LTZFQTUtRjY4Mi01NTEyNUI3NUVGNzV9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM5MSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
2680"C:\Program Files\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={C092240D-67D5-6EA5-F682-55125B75EF75}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{E82F51F3-72E7-40A9-A3DF-FD1BA80CFAD1}"C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Version:
1.3.33.23
2844"C:\Windows\Temp\asw.cc55296d0fa91dd3\avast_free_antivirus_setup_online.exe" /silent /cookie:mmm_mrk_ppi_004_408_p /ga_clientid:f3a88f5a-e776-4b17-bf0d-65bc1f888443 /edat_dir:C:\Windows\Temp\asw.cc55296d0fa91dd3C:\Windows\Temp\asw.cc55296d0fa91dd3\avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Version:
19.4.4318.0
Total events
5 184
Read events
2 216
Write events
0
Delete events
0

Modification events

No data
Executable files
98
Suspicious files
25
Text files
448
Unknown types
5

Dropped files

PID
Process
Filename
Type
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\1[1]
MD5:
SHA256:
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\icos[1].cab
MD5:
SHA256:
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CDder
MD5:DB78CBD190952735D940BC80AC2432C0
SHA256:1A5174980A294A528A110726D5855650266C48D9883BEA692B67B6D726DA98C5
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CDbinary
MD5:50F2F769715C20E86A0F2E997AC4C259
SHA256:186B6AD1C086FE52528550FAA914B32793F942E8B6DD4B86F371C307A1397185
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Temp\msetup\5cd03116-96d41.cabcompressed
MD5:AD9AD56F59ADD09B473B33D8E4A31D7A
SHA256:3FBF8DF9B1DBEE402AD9709CB3B4ABCC2798F53D57BE52294DD4B6482CB197C2
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Temp\msetup\icons\ableton-live-suite.icoimage
MD5:BD4E92A26A3619EE1B25D3FC8F8B1D5F
SHA256:5928C85D0A294C01021296AB004E9E1B010BC6A40A3E22947B55DA4C671AF512
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Temp\msetup\icons\acronis-true-image.icoimage
MD5:D5B599CC91FCD24D1C6D00D069EF3577
SHA256:0F7C432D9DC5FC4736A986DA54D07A888E25C54815C69A984BF294FFAF053E7B
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Temp\msetup\icons\acdsee.icoimage
MD5:1DF99698FD039DB47DB5651FC234BFA6
SHA256:C51EB90A2F6D59A9BDB847EF7269B1C51D7AFA83072165F13C361E9B00F946B4
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Temp\msetup\icons\360-total-security.icoimage
MD5:E9E1AA21142A00CA0FE9F751BABE8556
SHA256:C3F1F6826F4EC96A78DE7EA00F5E35740F08F9390105E4B7481FD5BEC2AEA574
3960google-chrome_msetup_[1244143].exeC:\Users\admin\AppData\Local\Temp\msetup\icons\action.icoimage
MD5:7EB8248AF5E9BB063555B620B95F0777
SHA256:F9AE61D28EF6DD633AD7724757758855FA447AA84F6859B0036F304682EB90F0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
66
DNS requests
69
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2612
avast_free_antivirus_setup_online.exe
GET
200
2.16.186.50:80
http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
unknown
executable
7.38 Mb
whitelisted
HEAD
302
216.58.207.46:80
http://redirector.gvt1.com/edgedl/release2/chrome/AOEa5tQIt_05_74.0.3729.157/74.0.3729.157_chrome_installer.exe
US
whitelisted
3448
downloader.exe
GET
302
5.45.205.241:80
http://downloader.yandex.net/yandex-pack/downloader/info.rss
RU
whitelisted
GET
74.125.173.170:80
http://r5---sn-1gieen7e.gvt1.com/edgedl/release2/chrome/AOEa5tQIt_05_74.0.3729.157/74.0.3729.157_chrome_installer.exe?cms_redirect=yes&mip=185.212.170.83&mm=28&mn=sn-1gieen7e&ms=nvh&mt=1557927453&mv=m&pl=24&shardbypass=yes
US
whitelisted
3448
downloader.exe
GET
302
5.45.205.241:80
http://downloader.yandex.net/yandex-pack/8937/YandexPackSetup.exe
RU
whitelisted
3960
google-chrome_msetup_[1244143].exe
HEAD
200
213.174.135.2:80
http://static.msetup.download/ChromeSetup.exe
US
malicious
3872
instup.exe
GET
200
23.10.249.50:80
http://m9761227.iavs9x.u.avast.com/iavs9x/avbugreport_ais-946.vpx
NL
binary
758 Kb
whitelisted
2844
avast_free_antivirus_setup_online.exe
POST
204
5.62.40.204:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
DE
whitelisted
2612
avast_free_antivirus_setup_online.exe
POST
204
5.62.40.204:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
DE
whitelisted
3872
instup.exe
GET
200
23.10.249.50:80
http://m9761227.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx
NL
binary
603 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3960
google-chrome_msetup_[1244143].exe
5.45.205.243:443
download.yandex.ru
YANDEX LLC
RU
whitelisted
3960
google-chrome_msetup_[1244143].exe
88.208.5.115:443
api.msetup.pro
DataWeb Global Group B.V.
NL
malicious
3960
google-chrome_msetup_[1244143].exe
91.199.212.52:80
crt.usertrust.com
Comodo CA Ltd
GB
suspicious
23.58.216.135:443
bits.avcdn.net
Akamai Technologies, Inc.
US
whitelisted
2612
avast_free_antivirus_setup_online.exe
5.62.40.204:80
v7event.stats.avast.com
AVAST Software s.r.o.
DE
malicious
2612
avast_free_antivirus_setup_online.exe
172.217.16.206:80
www.google-analytics.com
Google Inc.
US
whitelisted
3960
google-chrome_msetup_[1244143].exe
213.174.135.2:80
static.msetup.download
DataWeb Global Group B.V.
US
suspicious
2612
avast_free_antivirus_setup_online.exe
2.16.186.50:80
iavs9x.u.avast.com
Akamai International B.V.
whitelisted
3960
google-chrome_msetup_[1244143].exe
37.140.166.229:443
cache-default05h.cdn.yandex.net
YANDEX LLC
RU
whitelisted
3960
google-chrome_msetup_[1244143].exe
23.58.216.135:443
bits.avcdn.net
Akamai Technologies, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
crt.usertrust.com
  • 91.199.212.52
whitelisted
api.msetup.pro
  • 88.208.5.115
malicious
static.msetup.download
  • 213.174.135.2
  • 213.174.135.1
malicious
bits.avcdn.net
  • 23.58.216.135
whitelisted
download.yandex.ru
  • 5.45.205.243
  • 5.45.205.244
  • 5.45.205.245
  • 5.45.205.242
  • 5.45.205.241
whitelisted
cache-default05h.cdn.yandex.net
  • 37.140.166.229
whitelisted
cache-default04h.cdn.yandex.net
  • 37.140.166.228
whitelisted
www.google-analytics.com
  • 172.217.16.206
whitelisted
iavs9x.u.avast.com
  • 2.16.186.50
  • 2.16.186.104
whitelisted
v7event.stats.avast.com
  • 5.62.40.204
  • 77.234.45.54
  • 77.234.45.53
  • 5.62.40.203
whitelisted

Threats

PID
Process
Class
Message
3960
google-chrome_msetup_[1244143].exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
3960
google-chrome_msetup_[1244143].exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
3960
google-chrome_msetup_[1244143].exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3960
google-chrome_msetup_[1244143].exe
Misc activity
ET INFO Possible EXE Download From Suspicious TLD
2612
avast_free_antivirus_setup_online.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3448
downloader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2340
downloader.exe
Attempted Information Leak
ET POLICY curl User-Agent Outbound
1744
lite_installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1744
lite_installer.exe
Misc activity
ET INFO EXE - Served Attached HTTP
Process
Message
YandexPackSetup.exe
IsAlreadyRun() In
YandexPackSetup.exe
IsAlreadyRun() Out : ret (BOOL) = 0
YandexPackSetup.exe
IsMSISrvFree() In
YandexPackSetup.exe
IsMSISrvFree() : OpenMutex() err ret = 2
YandexPackSetup.exe
IsMSISrvFree() Out ret = 1
YandexPackSetup.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
YandexPackSetup.exe
GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
YandexPackSetup.exe
GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
YandexPackSetup.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
YandexPackSetup.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
google-chrome_msetup_[1244143].exe