File name:

ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe

Full analysis: https://app.any.run/tasks/db781376-b93a-49f9-8bb0-c6f0340e51ba
Verdict: Malicious activity
Analysis date: December 01, 2023, 09:20:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5:

FCF30401EEBC3334DA32E8387530AEF2

SHA1:

02DED3DFC3D4F0A65487E45EA1531794837120F6

SHA256:

B9A846E9F22D548A4E1B35CFC60E97C558730DDAE06BA1CA33A5D61C4891395A

SSDEEP:

98304:5v3x4chV+1Lrnl3+LnjHpYjtSV+l4e3uQno2BqNA3kriSxZkX77y640iRkMNeOU9:BmLl92Ef

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe (PID: 1996)
      • Setup.exe (PID: 1864)
      • IKernel.exe (PID: 1116)
      • Fiber_TraceViewer.exe (PID: 3832)

  • SUSPICIOUS

    • Creates/Modifies COM task schedule object

      • IKernel.exe (PID: 1116)

    • Application launched itself

      • IKernel.exe (PID: 1116)
      • Fiber_TraceViewer.exe (PID: 3832)

    • Searches for installed software

      • IKernel.exe (PID: 1116)

    • Reads the Windows owner or organization settings

      • IKernel.exe (PID: 1116)

  • INFO

    • Create files in a temporary directory

      • ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe (PID: 1996)
      • IKernel.exe (PID: 1116)

    • Checks supported languages

      • Setup.exe (PID: 1864)
      • ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe (PID: 1996)
      • IKernel.exe (PID: 3592)
      • IKernel.exe (PID: 1116)
      • IKernel.exe (PID: 604)
      • Fiber_TraceViewer.exe (PID: 2424)
      • Fiber_TraceViewer.exe (PID: 3832)
      • Fiber_TraceViewer.exe (PID: 1860)

    • Creates files in the program directory

      • Setup.exe (PID: 1864)
      • IKernel.exe (PID: 1116)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 1864)
      • IKernel.exe (PID: 1116)
      • Fiber_TraceViewer.exe (PID: 3832)
      • Fiber_TraceViewer.exe (PID: 1860)
      • Fiber_TraceViewer.exe (PID: 2424)

    • Reads the computer name

      • IKernel.exe (PID: 3592)
      • Setup.exe (PID: 1864)
      • IKernel.exe (PID: 604)
      • IKernel.exe (PID: 1116)
      • Fiber_TraceViewer.exe (PID: 2424)
      • Fiber_TraceViewer.exe (PID: 3832)
      • Fiber_TraceViewer.exe (PID: 1860)

    • Reads Environment values

      • IKernel.exe (PID: 1116)

    • Creates files or folders in the user directory

      • Fiber_TraceViewer.exe (PID: 3832)
      • Fiber_TraceViewer.exe (PID: 2424)

    • Manual execution by a user

      • Fiber_TraceViewer.exe (PID: 3832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2000:03:27 20:09:58+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 69632
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x83f7
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.11.15.0
ProductVersionNumber: 2.11.15.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: -
CompanyName: JDSU
FileDescription: -
FileVersion: 6.9
InternalName: stub32i.exe
LegalCopyright: Copyright JDSU 1993-2012
OriginalFileName: stub32i.exe
ProductName: OFS-110 Optical Fiber Trace Viewer 6.90 Software
ProductVersion: 6.9
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
9
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe setup.exe no specs ikernel.exe no specs ikernel.exe no specs ikernel.exe no specs fiber_traceviewer.exe no specs fiber_traceviewer.exe no specs fiber_traceviewer.exe no specs ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
604"C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVERC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exeIKernel.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield (R) Setup Engine
Exit code:
0
Version:
6, 31, 100, 1190
Modules
Images
c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1116C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\IKernel.exe -EmbeddingC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exesvchost.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield (R) Setup Engine
Exit code:
0
Version:
6, 31, 100, 1190
Modules
Images
c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1860"C:\Program Files\JDSU\Fiber Trace Viewer\Fiber_TraceViewer.exe"C:\Program Files\JDSU\Fiber Trace Viewer\Fiber_TraceViewer.exeFiber_TraceViewer.exe
User:
admin
Company:
JDSU
Integrity Level:
MEDIUM
Description:
JDSU Fiber Trace Application
Exit code:
0
Version:
6,90,22024,17
Modules
Images
c:\program files\jdsu\fiber trace viewer\fiber_traceviewer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1864"C:\Users\admin\AppData\Local\Temp\pft699D~tmp\Setup.exe"C:\Users\admin\AppData\Local\Temp\pft699D~tmp\Setup.exeofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield (R) Setup Launcher
Exit code:
0
Version:
6, 11, 100, 1300
Modules
Images
c:\users\admin\appdata\local\temp\pft699d~tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1996"C:\Users\admin\AppData\Local\Temp\ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe" C:\Users\admin\AppData\Local\Temp\ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe
explorer.exe
User:
admin
Company:
JDSU
Integrity Level:
HIGH
Exit code:
0
Version:
6.90
Modules
Images
c:\users\admin\appdata\local\temp\ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2424"C:\Program Files\JDSU\Fiber Trace Viewer\Fiber_TraceViewer.exe" /registeronlyC:\Program Files\JDSU\Fiber Trace Viewer\Fiber_TraceViewer.exeIKernel.exe
User:
admin
Company:
JDSU
Integrity Level:
HIGH
Description:
JDSU Fiber Trace Application
Exit code:
0
Version:
6,90,22024,17
Modules
Images
c:\program files\jdsu\fiber trace viewer\fiber_traceviewer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2740"C:\Users\admin\AppData\Local\Temp\ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe" C:\Users\admin\AppData\Local\Temp\ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeexplorer.exe
User:
admin
Company:
JDSU
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
6.90
Modules
Images
c:\users\admin\appdata\local\temp\ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe
c:\windows\system32\ntdll.dll
3592"C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe" -RegServerC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exeSetup.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
InstallShield (R) Setup Engine
Exit code:
0
Version:
6, 31, 100, 1190
Modules
Images
c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3832"C:\Program Files\JDSU\Fiber Trace Viewer\Fiber_TraceViewer.exe" C:\Program Files\JDSU\Fiber Trace Viewer\Fiber_TraceViewer.exeexplorer.exe
User:
admin
Company:
JDSU
Integrity Level:
MEDIUM
Description:
JDSU Fiber Trace Application
Exit code:
0
Version:
6,90,22024,17
Modules
Images
c:\program files\jdsu\fiber trace viewer\fiber_traceviewer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
2 453
Read events
2 366
Write events
86
Delete events
1

Modification events

(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\corecomp.ini
Value:
1
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
Value:
1
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
Value:
1
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
Value:
1
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3c1b17-e59d-11d2-b40b-00a024b9dddd}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
Value:
1
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
Value:
2
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\IScript\IScript.dll
Value:
1
(PID) Process:(1116) IKernel.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe
Value:
1
(PID) Process:(1860) Fiber_TraceViewer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
Executable files
77
Suspicious files
23
Text files
9
Unknown types
1

Dropped files

PID
Process
Filename
Type
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\ikernel.ex_binary
MD5:4D63BBFF28AFC7A69B6DEFAF048306A7
SHA256:4EB9A6A4C0B1147290C74D2160533E49E043335255BE9A60B6C83638D83E5590
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\data1.cabcompressed
MD5:7063B9D8D71CE23DA8ED51F34508FAC9
SHA256:7EAE1D17C173EC622EC954DD7C8C51814DC07A4AB06372781F128FFCA04D42AB
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\Setup.initext
MD5:100310EC68AD4BBC2944E64F4FEC730F
SHA256:49EC299BCD60B009B5F3BBA9792B373E249A6E78D1B4126EEF2F28E4E5C6BD60
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\data1.hdrbinary
MD5:D864847A5785D43402D87C87EBA25299
SHA256:DD827C29CC04F531FBFAFDD24AFECF59C56C74FE8FF395EE8F8202C2B6B39D49
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\layout.binbinary
MD5:7FF96F8D03A4E4A070D2B08669F5CD94
SHA256:3F0D09748ECDCEF928B5924FC9E0415360D70622DE4C64FE427A0F460F4A99DA
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\Setup.exeexecutable
MD5:0B929426E840491050452228344113A7
SHA256:83C3DAF637D5F94F2C064360E3469E6FB46DFF7DD96B603FC208F329A53FDAE6
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\setup.inxbinary
MD5:0F61F278E37A103200155B9B53BD3FBA
SHA256:AD40689BD904FC2879309B3ACD49F8FA601BD0D050436FBB5C684F93841AB24F
1116IKernel.exeC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ILog7fa4.rraexecutable
MD5:A2B4718BB69D081202AF2AA317DC0C0B
SHA256:69D84C8FE49021C1FD4E3E1678090C0517D753176AD74DBEE25C053528373FB0
1996ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exeC:\Users\admin\AppData\Local\Temp\pft699D~tmp\data2.cabcompressed
MD5:7A930F5B3CB72F590EDD9AB727E4D948
SHA256:7C61D8E3AFF4D49CE1229A487282E70DE2E8AA366DD9D05430BE48ED93884142
1864Setup.exeC:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exeexecutable
MD5:BF25EB6A1E0AA2FFF0CB190270B95418
SHA256:4535320C5B9596A6210109F68C647DBDBD0289BA63286FD389DEA910855491F1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ofs-110_optical_fiber_trace_viewer_software_setup_v6_90.exe