File name:

SUPERAntiSpyware.exe

Full analysis: https://app.any.run/tasks/f394a025-afcf-494d-b5d0-60c9e1b0751a
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: December 10, 2024, 21:51:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

CECF29885D73FFF8D90D880962275454

SHA1:

B33A5250E5FA95FBE4D6B67CD0877D56C8DC9849

SHA256:

BDABBDC7CE3F5F355D67C7B2DE252BB235DFBEC4F1E42D6F1DCB26046F77C9FC

SSDEEP:

393216:VVxk+j5k8QStrgWh6nN43EjCYgkEEGMnXotlxPnKAvq:vxk+jecgg6N0I1GuotHKAC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to the CnC server

      • SUPERAntiSpyware.exe (PID: 1876)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • SUPERAntiSpyware.exe (PID: 3988)
      • SUPERAntiSpyware.exe (PID: 1876)

    • Application launched itself

      • SUPERAntiSpyware.exe (PID: 3988)

    • Access to an unwanted program domain was detected

      • SUPERAntiSpyware.exe (PID: 1876)

  • INFO

    • Checks supported languages

      • SUPERAntiSpyware.exe (PID: 3988)
      • SUPERAntiSpyware.exe (PID: 1876)

    • The sample compiled with english language support

      • SUPERAntiSpyware.exe (PID: 3988)

    • Reads the computer name

      • SUPERAntiSpyware.exe (PID: 1876)
      • SUPERAntiSpyware.exe (PID: 3988)

    • Creates files in the program directory

      • SUPERAntiSpyware.exe (PID: 3988)
      • SUPERAntiSpyware.exe (PID: 1876)

    • Checks proxy server information

      • SUPERAntiSpyware.exe (PID: 1876)

    • Process checks computer location settings

      • SUPERAntiSpyware.exe (PID: 3988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:04 20:20:03+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 652800
InitializedDataSize: 291328
UninitializedDataSize: -
EntryPoint: 0x8e043
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 8.0.0.1052
ProductVersionNumber: 8.0.0.1052
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: SUPERAntiSpyware
FileDescription: SUPERAntiSpyware Free Edition Setup
FileVersion: 8, 0, 0, 1052
InternalName: SUPERAntiSpyware Free Edition Setup
LegalCopyright: Copyright (C) 2005-2020 by SUPERAntiSpyware
LegalTrademarks: SUPERAntiSpyware(tm)
OriginalFileName: SUPERAntiSpyware.exe
ProductName: SUPERAntiSpyware Free Edition Setup
ProductVersion: 8, 0, 0, 1052
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
111
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start superantispyware.exe no specs superantispyware.exe

Process information

PID
CMD
Path
Indicators
Parent process
1876"C:\Users\admin\Desktop\SUPERAntiSpyware.exe" /runasadmin C:\Users\admin\Desktop\SUPERAntiSpyware.exe
SUPERAntiSpyware.exe
User:
admin
Company:
SUPERAntiSpyware
Integrity Level:
HIGH
Description:
SUPERAntiSpyware Free Edition Setup
Exit code:
0
Version:
8, 0, 0, 1052
Modules
Images
c:\users\admin\desktop\superantispyware.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3988"C:\Users\admin\Desktop\SUPERAntiSpyware.exe" C:\Users\admin\Desktop\SUPERAntiSpyware.exeexplorer.exe
User:
admin
Company:
SUPERAntiSpyware
Integrity Level:
MEDIUM
Description:
SUPERAntiSpyware Free Edition Setup
Exit code:
0
Version:
8, 0, 0, 1052
Modules
Images
c:\users\admin\desktop\superantispyware.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
693
Read events
690
Write events
3
Delete events
0

Modification events

(PID) Process:(1876) SUPERAntiSpyware.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1876) SUPERAntiSpyware.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1876) SUPERAntiSpyware.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
0
Suspicious files
9
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1876SUPERAntiSpyware.exeC:\Uninstall.dat-journalbinary
MD5:5A9D2A05A929F98E52F06AB567341828
SHA256:8A1D9493CAD434078C89E6681EB701BB788ABED79B68EF054AAE7B130E2E0A5E
1876SUPERAntiSpyware.exeC:\ProgramData\SUPERSetup\setupvars-journalbinary
MD5:B07D9F8FE4EB32437F44A76D6C9E2CCF
SHA256:07608A1A896F524D1F6E316EED4EF47BD8BDC4DF8846499AC93D0D4C82A8A3E4
1876SUPERAntiSpyware.exeC:\Uninstall.datbinary
MD5:FF1F2E9BFB4D72DCC648E32D6F0BA308
SHA256:5A6D20D94848D85A4DFFB8527D440B08C8E9AE2C542FE6A31F0993001C2B4674
3988SUPERAntiSpyware.exeC:\ProgramData\SUPERSetup\setupvarsbinary
MD5:55C618D236989082BD54A3862F573CDF
SHA256:493A2F1B198FEBF194A9AD4292E038EC81FB3FAB0D56FBFC524F69D4857C7806
3988SUPERAntiSpyware.exeC:\ProgramData\SUPERSetup\setupvars-journalbinary
MD5:6DBD650E24A1CF740FBEFCED132C5123
SHA256:A439560FD86F218122A42F1D7AB857DEB51FDA54EF2776CA99C8C4C7227BD5E8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
8
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2548
svchost.exe
GET
200
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2548
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1876
SUPERAntiSpyware.exe
GET
404
35.167.101.147:80
http://events.webflowmetrics.com/metrics.asmx/RecordEvent?sEventName=SASRPI_Install&sEventData=tag:SUPERAntiSpyware.exe_NotShown:0|zo-sasref
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.126.37.161:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2548
svchost.exe
23.48.23.145:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.145:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2548
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1876
SUPERAntiSpyware.exe
35.167.101.147:80
events.webflowmetrics.com
AMAZON-02
US
suspicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
www.bing.com
  • 104.126.37.161
  • 104.126.37.155
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.137
  • 104.126.37.153
  • 104.126.37.131
  • 104.126.37.152
  • 104.126.37.146
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 23.48.23.145
  • 23.48.23.143
  • 23.48.23.156
  • 23.48.23.166
  • 23.48.23.173
  • 23.48.23.177
  • 23.48.23.167
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
events.webflowmetrics.com
  • 35.167.101.147
unknown
self.events.data.microsoft.com
  • 13.89.178.26
whitelisted

Threats

PID
Process
Class
Message
1876
SUPERAntiSpyware.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP SuperAntiSpyware Install Checkin
1876
SUPERAntiSpyware.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP SUPERAntiSpyware Install Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SUPERAntiSpyware.exe