File name:

Driver Checker.exe

Full analysis: https://app.any.run/tasks/6deaae30-3ff9-4aef-b791-6eb0c832e02a
Verdict: Malicious activity
Analysis date: November 01, 2024, 18:21:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

37DF84B4CE8E694453B02E4C7F318176

SHA1:

88176B161604D035674B891E9FC6DED9A514B665

SHA256:

C53EEE7B9F00F0B0BCD778EF178A795CDFDFF5CA819F14BB445067CE53D0CDEB

SSDEEP:

98304:sIWp1iuwUi1HTFueJ7j75KFTN/9+mgtdB0zgLkdW/G5qzgH/liOWT1NZo9sBK/Ts:hsvAxB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Driver Checker.exe (PID: 1168)

    • Application launched itself

      • Driver Checker.exe (PID: 1168)

    • Executable content was dropped or overwritten

      • Driver Checker.exe (PID: 1168)
      • Driver Checker.exe (PID: 7152)

    • Process drops legitimate windows executable

      • Driver Checker.exe (PID: 7152)
      • Driver Checker.exe (PID: 1168)
      • msiexec.exe (PID: 5612)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5332)

    • The process executes via Task Scheduler

      • regsvr32.exe (PID: 7080)
      • regsvr32.exe (PID: 7128)
      • regsvr32.exe (PID: 7256)
      • regsvr32.exe (PID: 8040)
      • reg.exe (PID: 8084)

  • INFO

    • Checks supported languages

      • Driver Checker.exe (PID: 1168)
      • msiexec.exe (PID: 5612)

    • Creates files or folders in the user directory

      • Driver Checker.exe (PID: 1168)

    • Reads Environment values

      • Driver Checker.exe (PID: 1168)

    • Reads the computer name

      • Driver Checker.exe (PID: 1168)
      • msiexec.exe (PID: 5612)

    • Create files in a temporary directory

      • Driver Checker.exe (PID: 1168)

    • Manages system restore points

      • SrTasks.exe (PID: 7628)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:10:01 12:44:40+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.41
CodeSize: 2906112
InitializedDataSize: 1176576
UninitializedDataSize: -
EntryPoint: 0x231960
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 12.0.0.66
ProductVersionNumber: 12.0.0.66
FileFlagsMask: 0x003f
FileFlags: Debug
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: IObit
FileDescription: Driver Checker Installer
FileVersion: 12.0.0.66
InternalName: Driver Checker
LegalCopyright: Copyright (C) 2024 IObit
OriginalFileName: Driver Checker.exe
ProductName: Driver Checker
ProductVersion: 12.0.0.66
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
15
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start driver checker.exe msiexec.exe msiexec.exe no specs driver checker.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs dpinstx32.exe no specs regsvr32.exe no specs reg.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1156C:\Windows\syswow64\MsiExec.exe -Embedding 0D909E4AAE6788124C70ABC1712B68AB CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1168"C:\Users\admin\AppData\Local\Temp\Driver Checker.exe" C:\Users\admin\AppData\Local\Temp\Driver Checker.exe
explorer.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
Driver Checker Installer
Version:
12.0.0.66
Modules
Images
c:\users\admin\appdata\local\temp\driver checker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\imagehlp.dll
5332C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5612C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
7080"regsvr32.exe" /s BitManager.dllC:\Windows\System32\regsvr32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
7128"regsvr32.exe" /s BitManager.dllC:\Windows\System32\regsvr32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
7152"C:\Users\admin\AppData\Local\Temp\Driver Checker.exe" /i "C:\Users\admin\AppData\Roaming\IObit\Driver Checker 12.0.0.66\install\8A58088\Driver Checker.msi" AI_EUIMSI=1 SECONDSEQUENCE="1" CLIENTPROCESSID="1168" CHAINERUIPROCESSID="1168Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_SETUPEXEPATH="C:\Users\admin\AppData\Local\Temp\Driver Checker.exe" SETUPEXEDIR="C:\Users\admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1730484744 " APPDIR="C:\APPDIR\" TARGETDIR="C:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\admin\AppData\Local\Temp\Driver Checker.exe" AI_INSTALL="1"C:\Users\admin\AppData\Local\Temp\Driver Checker.exe
Driver Checker.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
Driver Checker Installer
Exit code:
0
Version:
12.0.0.66
Modules
Images
c:\windows\syswow64\msimg32.dll
c:\windows\syswow64\dbghelp.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\srvcli.dll
c:\windows\syswow64\netutils.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\cabinet.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\rsaenh.dll
7256"regsvr32.exe" /s BitManager.dllC:\Windows\System32\regsvr32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
7628C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7640\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
2 535
Read events
2 381
Write events
145
Delete events
9

Modification events

(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000007F21A4F38A2CDB01EC150000F8180000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000007F21A4F38A2CDB01EC150000F8180000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000752752F48A2CDB01EC150000F8180000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000752752F48A2CDB01EC150000F8180000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000848A54F48A2CDB01EC150000F8180000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000D15459F48A2CDB01EC150000F8180000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
48000000000000009CC5CBF48A2CDB01EC150000F8180000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5612) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000005E2ACEF48A2CDB01EC150000C01B0000E8030000010000000000000000000000BB852519D758F046BF1916705F56064D00000000000000000000000000000000
(PID) Process:(5332) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000CE76DCF48A2CDB01D414000030180000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
23
Suspicious files
18
Text files
25
Unknown types
2

Dropped files

PID
Process
Filename
Type
5612msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID36B.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
7152Driver Checker.exeC:\Users\admin\AppData\Local\Temp\shiD6E0.tmpexecutable
MD5:84A34BF3486F7B9B7035DB78D78BDD1E
SHA256:F85911C910B660E528D2CF291BAA40A92D09961996D6D84E7A53A7095C7CD96E
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID27D.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\shiCF9D.tmpexecutable
MD5:84A34BF3486F7B9B7035DB78D78BDD1E
SHA256:F85911C910B660E528D2CF291BAA40A92D09961996D6D84E7A53A7095C7CD96E
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID3AA.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID34B.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID3EA.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID41A.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
1168Driver Checker.exeC:\Users\admin\AppData\Local\Temp\MSID544.tmpexecutable
MD5:EC6EBF65FE4F361A73E473F46730E05C
SHA256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
39
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:137
whitelisted
1588
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.18:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
2.23.209.187:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 2.16.164.18
  • 2.16.164.43
  • 2.16.164.106
  • 2.16.164.97
  • 2.16.164.51
  • 2.16.164.114
whitelisted
www.microsoft.com
  • 23.32.185.131
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.bing.com
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.149
  • 2.23.209.177
  • 2.23.209.135
  • 2.23.209.179
  • 2.23.209.183
  • 2.23.209.185
  • 2.23.209.150
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.140
  • 20.190.160.22
  • 40.126.32.138
  • 40.126.32.74
  • 40.126.32.136
  • 20.190.160.14
  • 40.126.32.72
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
th.bing.com
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.135
  • 2.23.209.185
  • 2.23.209.158
  • 2.23.209.150
  • 2.23.209.183
  • 2.23.209.149
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Driver Checker.exe