File name:

updf-9010200000-win-installer.exe

Full analysis: https://app.any.run/tasks/99362aa7-5688-4cae-ba51-df6764b01160
Verdict: Malicious activity
Analysis date: February 01, 2024, 23:56:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

81064F4AB4F86C76BA244F411B9E2FE8

SHA1:

90A847E77D6DEA04B22205A1F4E414439484841D

SHA256:

C407A496CA3A5EAE9EDF76B4A56AAA17E99A4D072B85D2FC732B150D2888FFC7

SSDEEP:

196608:NzCrssBZaQzQ6WVwoGWpk5WEXAZ0W2vEWFX:clJzHW5qqZJ2vEmX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • updf-9010200000-win-installer.exe (PID: 3472)
      • updf-9010200000-win-installer.tmp (PID: 324)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • updf-9010200000-win-installer.exe (PID: 3472)
      • updf-9010200000-win-installer.tmp (PID: 324)

    • Starts CMD.EXE for commands execution

      • updf-9010200000-win-installer.tmp (PID: 324)

    • Get information on the list of running processes

      • updf-9010200000-win-installer.tmp (PID: 324)
      • cmd.exe (PID: 2868)

    • Reads the Windows owner or organization settings

      • updf-9010200000-win-installer.tmp (PID: 324)

    • Reads the Internet Settings

      • updf-9010200000-win-installer.tmp (PID: 324)

    • Drops 7-zip archiver for unpacking

      • updf-9010200000-win-installer.tmp (PID: 324)

    • Process drops legitimate windows executable

      • updf-9010200000-win-installer.tmp (PID: 324)

    • The process drops C-runtime libraries

      • updf-9010200000-win-installer.tmp (PID: 324)

  • INFO

    • Checks supported languages

      • updf-9010200000-win-installer.exe (PID: 3472)
      • updf-9010200000-win-installer.tmp (PID: 324)

    • Create files in a temporary directory

      • updf-9010200000-win-installer.exe (PID: 3472)

    • Reads the computer name

      • updf-9010200000-win-installer.tmp (PID: 324)

    • Creates files in the program directory

      • updf-9010200000-win-installer.tmp (PID: 324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 18:10:23+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 476160
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.7.0
ProductVersionNumber: 1.0.7.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Superace Software Technology Co., Ltd.
FileDescription: UPDF_Win Setup
FileVersion: 1.0.7.0
LegalCopyright: Copyright © 2023 Superace Software Technology Co., Ltd.
OriginalFileName:
ProductName: UPDF_Win
ProductVersion: 1.0.7.0
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start updf-9010200000-win-installer.exe updf-9010200000-win-installer.tmp cmd.exe no specs tasklist.exe no specs find.exe no specs updf-9010200000-win-installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
324"C:\Users\admin\AppData\Local\Temp\is-OJDNK.tmp\updf-9010200000-win-installer.tmp" /SL5="$100184,14284455,1219072,C:\Users\admin\AppData\Local\Temp\updf-9010200000-win-installer.exe" C:\Users\admin\AppData\Local\Temp\is-OJDNK.tmp\updf-9010200000-win-installer.tmp
updf-9010200000-win-installer.exe
User:
admin
Company:
Superace Software Technology Co., Ltd.
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ojdnk.tmp\updf-9010200000-win-installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1392"C:\Users\admin\AppData\Local\Temp\updf-9010200000-win-installer.exe" C:\Users\admin\AppData\Local\Temp\updf-9010200000-win-installer.exeexplorer.exe
User:
admin
Company:
Superace Software Technology Co., Ltd.
Integrity Level:
MEDIUM
Description:
UPDF_Win Setup
Exit code:
3221226540
Version:
1.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\updf-9010200000-win-installer.exe
c:\windows\system32\ntdll.dll
2868"C:\Windows\system32\cmd.exe" /c tasklist /nh|find /c /i "UPDFSetup.exe" > "C:\Users\admin\AppData\Local\Temp\findSoftRes.txt"C:\Windows\System32\cmd.exeupdf-9010200000-win-installer.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3136find /c /i "UPDFSetup.exe" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3244tasklist /nhC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Lists the current running tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3472"C:\Users\admin\AppData\Local\Temp\updf-9010200000-win-installer.exe" C:\Users\admin\AppData\Local\Temp\updf-9010200000-win-installer.exe
explorer.exe
User:
admin
Company:
Superace Software Technology Co., Ltd.
Integrity Level:
HIGH
Description:
UPDF_Win Setup
Exit code:
0
Version:
1.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\updf-9010200000-win-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
269
Read events
255
Write events
8
Delete events
6

Modification events

(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFilesHash
Value:
E75BDDEAB49054F141F78F99F974475702AB7734F8F6158280C75BC38301F490
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFiles0000
Value:
C:\Program Files\UPDF_Win\UPDFSetup.exe
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
F10BB9F939CBE7A6D3B5DB87A46E15D6DBE951EDE2B2D37B77B6C2B05E239EE0
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
44010000E4259B5A6A55DA01
(PID) Process:(324) updf-9010200000-win-installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete keyName:(default)
Value:
Executable files
156
Suspicious files
1
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\is-PK7HM.tmpexecutable
MD5:56C1CA85D1E016BA6511AB5610377510
SHA256:1CC832DBD17514E3E3AD5A43D4AAE35D085358B03F04C7EE7427FE28A5E29AD5
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\unins000.exeexecutable
MD5:0BB8AC3BCD6574EA1D38897762B5D900
SHA256:E07BFA624D997C9FE395566133258DF3D8A2024DA49BFEA1990D1867401F64CD
3472updf-9010200000-win-installer.exeC:\Users\admin\AppData\Local\Temp\is-OJDNK.tmp\updf-9010200000-win-installer.tmpexecutable
MD5:1D20CD05BAD951EB76A4399FF44141D6
SHA256:27415BCD062F4A74428DD6D9C0485EC7E55CE03E7940C5B8695785B3E963D4C5
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:7435C7831C7B3B47E55701E5C6CCA67A
SHA256:7EA1C2902A47FCD4A30180A4FE5BA5800FCAD76B63DA5CA4494E24954CEA9BD3
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\api-ms-win-core-console-l1-1-0.dllexecutable
MD5:B951011BA021C374455E8D1E18AF84D2
SHA256:1C057286BDF0CB90F7DD1FECF5E8AFBCFF1E27F2A94612967C0634AE639CA43D
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\is-D815G.tmpexecutable
MD5:6F1AAD861A3D1C2A72B1EA5C20CC4B06
SHA256:F0618F31ACCEA8D45BF87D893F3BA91016C75DC5671E3D258832621C131D8162
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\is-ESSFT.tmpexecutable
MD5:FCD5963E1B8889F47AEBC770BFB5F27F
SHA256:C089091DCCE7E14FB6B1ACE74E7805FAF09CD1B05A27FC7E452D532ACC0EB7CE
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\api-ms-win-core-console-l1-2-0.dllexecutable
MD5:C26D7D913FD245AFC0F0D658595447DC
SHA256:73E4264DD66696163FBBF868729841F2E9B86F5A59912E64FB9718A8C889A7AA
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\7z.dllexecutable
MD5:6F1AAD861A3D1C2A72B1EA5C20CC4B06
SHA256:F0618F31ACCEA8D45BF87D893F3BA91016C75DC5671E3D258832621C131D8162
324updf-9010200000-win-installer.tmpC:\Program Files\UPDF_Win\is-8I9T7.tmpexecutable
MD5:7435C7831C7B3B47E55701E5C6CCA67A
SHA256:7EA1C2902A47FCD4A30180A4FE5BA5800FCAD76B63DA5CA4494E24954CEA9BD3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
updf-9010200000-win-installer.exe