File name:

Paypal money adder.exe

Full analysis: https://app.any.run/tasks/9005ae5c-05fe-4211-986f-bcd741efef49
Verdict: Malicious activity
Analysis date: December 31, 2024, 15:48:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections
MD5:

BAA388D0EA07439496C775E18BB068DB

SHA1:

F5E8D1C59D8A23F706BAAF8D4EA788E52B6C1811

SHA256:

BD1955B4D576C05A83993AC32D1DD7CEF9DB00354B1D02A94212648F350FC1C1

SSDEEP:

384:Lokv7ocSKcVUo+OO0Sn7JLJ0SHpSscZHOS6qB+K9Lf45vgDQfxrHtk8n/f2nsIqE:BcVU0Q10SUFP62h5aNJf2nsTM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • Paypal money adder.exe (PID: 1984)

    • Connects to SMTP port

      • Paypal money adder.exe (PID: 1984)

  • INFO

    • Checks supported languages

      • Paypal money adder.exe (PID: 1984)
      • wmpnscfg.exe (PID: 1500)

    • Reads the machine GUID from the registry

      • Paypal money adder.exe (PID: 1984)

    • Reads Environment values

      • Paypal money adder.exe (PID: 1984)

    • Reads the computer name

      • Paypal money adder.exe (PID: 1984)
      • wmpnscfg.exe (PID: 1500)

    • Reads the software policy settings

      • Paypal money adder.exe (PID: 1984)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1500)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (55.8)
.exe | Win64 Executable (generic) (21)
.scr | Windows screen saver (9.9)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:01:18 05:59:17+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 12288
UninitializedDataSize: -
EntryPoint: 0x8cce
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Microsoft
FileDescription: Paypal money adder
FileVersion: 1.0.0.0
InternalName: Paypal money adder.exe
LegalCopyright: Copyright © Microsoft 2009
OriginalFileName: Paypal money adder.exe
ProductName: Paypal money adder
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start paypal money adder.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1500"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1984"C:\Users\admin\AppData\Local\Temp\Paypal money adder.exe" C:\Users\admin\AppData\Local\Temp\Paypal money adder.exe
explorer.exe
User:
admin
Company:
Microsoft
Integrity Level:
MEDIUM
Description:
Paypal money adder
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\paypal money adder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
3 597
Read events
3 583
Write events
14
Delete events
0

Modification events

(PID) Process:(1984) Paypal money adder.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
1108
svchost.exe
224.0.0.252:5355
whitelisted
1984
Paypal money adder.exe
142.250.153.108:587
smtp.gmail.com
GOOGLE
US
shared

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
smtp.gmail.com
  • 142.250.153.108
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Paypal money adder.exe