File name: | VC2008.EXE |
Full analysis: | https://app.any.run/tasks/4c1da05c-a5de-421c-89d3-9bb6d951523e |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 16:06:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | B936F0F378B9A35489353E878154E899 |
SHA1: | 56719288AB6514C07AC2088119D8A87056EEB94A |
SHA256: | C6A7E484F4D84883BC1205BCCEA3114C0521025712922298EDE9B2A1CD632357 |
SSDEEP: | 49152:wQixbpVndRcpfqwYO3u2XoKNLlMDEe/pmVS/F0jD:wtdnfnwp3oOLuB/3/uD |
.exe | | | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (82.5) |
---|---|---|
.exe | | | Win32 Executable MS Visual C++ (generic) (7.3) |
.exe | | | Win64 Executable (generic) (6.5) |
.dll | | | Win32 Dynamic Link Library (generic) (1.5) |
.exe | | | Win32 Executable (generic) (1) |
ProductVersion: | 9.0.21022.08 |
---|---|
ProductName: | Microsoft Visual C++ 2008 Redistributable |
OriginalFileName: | vcredist_x86.exe |
LegalCopyright: | © Microsoft Corporation. All rights reserved. |
InternalName: | vcredist_x86.exe |
FileVersion: | 9.0.21022.08 |
FileDescription: | Microsoft Visual C++ 2008 Redistributable Setup |
CompanyName: | Microsoft Corporation |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 9.0.21022.8 |
FileVersionNumber: | 9.0.21022.8 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 5.2 |
OSVersion: | 5.2 |
EntryPoint: | 0x5972 |
UninitializedDataSize: | - |
InitializedDataSize: | 6144 |
CodeSize: | 31232 |
LinkerVersion: | 7.1 |
PEType: | PE32 |
TimeStamp: | 2005:06:01 18:46:51+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 01-Jun-2005 16:46:51 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | - |
FileDescription: | sfxcab |
FileVersion: | 6, 1, 22, 5 |
InternalName: | sfxcab |
LegalCopyright: | Copyright (C) 2006 |
OriginalFilename: | sfxcab.exe |
ProductName: | sfxcab |
ProductVersion: | 6, 1, 22, 5 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000C8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 01-Jun-2005 16:46:51 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x000078A0 | 0x00007A00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.58359 |
.data | 0x0000A000 | 0x000110D4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.509584 |
.rsrc | 0x0001C000 | 0x00001474 | 0x001B2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.99914 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 1.5 | 4 | Latin 1 / Western European | English - United States | UNKNOWN |
100 | 3.0946 | 282 | Latin 1 / Western European | English - United States | RT_DIALOG |
101 | 2.16096 | 20 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
107 | 2.9591 | 224 | Latin 1 / Western European | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
msvcrt.dll |
ntdll.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3020 | "C:\Users\admin\AppData\Local\Temp\VC2008.EXE" | C:\Users\admin\AppData\Local\Temp\VC2008.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Visual C++ 2008 Redistributable Setup Exit code: 3221226540 Version: 9.0.21022.08 | ||||
2852 | "C:\Users\admin\AppData\Local\Temp\VC2008.EXE" | C:\Users\admin\AppData\Local\Temp\VC2008.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Visual C++ 2008 Redistributable Setup Version: 9.0.21022.08 | ||||
4092 | c:\068db81b0192cc457d10422414c14f\.\install.exe | c:\068db81b0192cc457d10422414c14f\install.exe | — | VC2008.EXE |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: External Installer Version: 9.0.21022.8 built by: RTM | ||||
3888 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\eula.1033.txt | text | |
MD5:99C22D4A31F4EAD4351B71D6F4E5F6A1 | SHA256:93A3C629FECFD10C1CF614714EFD69B10E89CFCAF94C2609D688B27754E4AB41 | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\eula.1036.txt | text | |
MD5:9147A93F43D8E58218EBCB15FDA888C9 | SHA256:A75019AC38E0D3570633FA282F3D95D20763657F4A2FE851FAE52A3185D1EDED | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\eula.1028.txt | text | |
MD5:9147A93F43D8E58218EBCB15FDA888C9 | SHA256:A75019AC38E0D3570633FA282F3D95D20763657F4A2FE851FAE52A3185D1EDED | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\eula.3082.txt | text | |
MD5:9147A93F43D8E58218EBCB15FDA888C9 | SHA256:A75019AC38E0D3570633FA282F3D95D20763657F4A2FE851FAE52A3185D1EDED | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\eula.1040.txt | text | |
MD5:9147A93F43D8E58218EBCB15FDA888C9 | SHA256:A75019AC38E0D3570633FA282F3D95D20763657F4A2FE851FAE52A3185D1EDED | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\eula.1041.txt | text | |
MD5:9B15A3A055CC6E67EA191A1B7885649A | SHA256:CAC11BDE0F7967389F9795DC2F2A5AA22B2C51D1A6AB0B0064DF72DC3EB192AE | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\vc_red.cab | compressed | |
MD5:E10F2F6E6379E9185F71AEC1421F37B4 | SHA256:9681BCFD73C610EB6A9538D872C1E7844548FCA341F22FB66CCADB4D78530B4D | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\vc_red.msi | executable | |
MD5:E0951D3CB1038EB2D2B2B2F336E1AB32 | SHA256:507AC60E145057764F13CF1AD5366A7E15DDC0DA5CC22216F69E3482697D5E88 | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\install.res.1033.dll | executable | |
MD5:9EDEB8B1C5C0A4CD3A3016B85108127D | SHA256:9BF7026A47DAAB7BB2948FD23E8CF42C06DD2E19EF8CDEA0AF7367453674A8F9 | |||
2852 | VC2008.EXE | C:\068db81b0192cc457d10422414c14f\install.res.3082.dll | executable | |
MD5:41BB37A347121F3E5E88D85100638B79 | SHA256:320C305177AB4EC6E00883A2CF0886019B5D36557219E4A188CF9DF3768F157F |