File name:

ASIO4ALL_2_16.exe

Full analysis: https://app.any.run/tasks/60763270-174f-4797-b30e-0db61ffa986b
Verdict: Malicious activity
Analysis date: February 21, 2025, 20:17:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

FC6FBDDE5191D47852FDF527DE7C50DD

SHA1:

63F3A587259BC2AB98CEBF4B517928D8ED579DA0

SHA256:

C6B2F621A53584C581A9F5CE288D6D88562A062E2859DE787C5E5D9453B75C50

SSDEEP:

12288:W8dbzEY8mFrrINsuREcD1yxdiiNbRzdKXl8bzl55:W8dvEOrrINsuR/D4xdiebRBK6vf5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ASIO4ALL_2_16.exe (PID: 6180)
      • ASIO4ALL_2_16.exe (PID: 3080)
      • A4ARegFix.exe (PID: 6788)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ASIO4ALL_2_16.exe (PID: 6180)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ASIO4ALL_2_16.exe (PID: 6180)

    • There is functionality for taking screenshot (YARA)

      • ASIO4ALL_2_16.exe (PID: 6180)

    • Creates a software uninstall entry

      • ASIO4ALL_2_16.exe (PID: 6180)

    • Creates/Modifies COM task schedule object

      • ASIO4ALL_2_16.exe (PID: 6180)
      • regsvr32.exe (PID: 6760)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ASIO4ALL_2_16.exe (PID: 6180)

    • The process creates files with name similar to system file names

      • ASIO4ALL_2_16.exe (PID: 6180)

  • INFO

    • Creates files in the program directory

      • ASIO4ALL_2_16.exe (PID: 6180)

    • Reads the computer name

      • ASIO4ALL_2_16.exe (PID: 6180)

    • Creates files or folders in the user directory

      • ASIO4ALL_2_16.exe (PID: 6180)

    • The sample compiled with russian language support

      • ASIO4ALL_2_16.exe (PID: 6180)

    • Checks supported languages

      • ASIO4ALL_2_16.exe (PID: 6180)
      • A4ARegFix.exe (PID: 6788)

    • Create files in a temporary directory

      • ASIO4ALL_2_16.exe (PID: 6180)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 02:45:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186880
UninitializedDataSize: 2048
EntryPoint: 0x34c5
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
5
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start asio4all_2_16.exe regsvr32.exe no specs regsvr32.exe no specs a4aregfix.exe no specs asio4all_2_16.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3080"C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_16.exe" C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_16.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\asio4all_2_16.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6180"C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_16.exe" C:\Users\admin\AppData\Local\Temp\ASIO4ALL_2_16.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\asio4all_2_16.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6744"C:\WINDOWS\system32\regsvr32.exe" -s "C:\Program Files (x86)\ASIO4ALL v2\asio4all64.dll"C:\Windows\SysWOW64\regsvr32.exeASIO4ALL_2_16.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6760 -s "C:\Program Files (x86)\ASIO4ALL v2\asio4all64.dll"C:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6788"C:\Program Files (x86)\ASIO4ALL v2\A4ARegFix.exe"C:\Program Files (x86)\ASIO4ALL v2\A4ARegFix.exeASIO4ALL_2_16.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\asio4all v2\a4aregfix.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
294
Read events
278
Write events
16
Delete events
0

Modification events

(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:DisplayName
Value:
ASIO4ALL
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:DisplayVersion
Value:
2.16
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:HelpLink
Value:
http://www.asio4all.com
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:Publisher
Value:
tippach engineering
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:URLInfoAbout
Value:
http://www.asio4all.com
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:URLUpdateInfo
Value:
http://www.asio4all.com
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:Comments
Value:
Universal Windows ASIO Driver
(PID) Process:(6180) ASIO4ALL_2_16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
Operation:writeName:Language
Value:
1033
Executable files
7
Suspicious files
3
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
6180ASIO4ALL_2_16.exeC:\Users\admin\AppData\Local\Temp\nsw6853.tmp\ioSpecial.initext
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
6180ASIO4ALL_2_16.exeC:\Program Files (x86)\ASIO4ALL v2\asio4all.dllexecutable
MD5:F14E6696AC06E627019FBDC0B0D7B7B7
SHA256:F568763D7811D217895451365D93C1314F63D743900B441C71570ED08FC0C665
6180ASIO4ALL_2_16.exeC:\Program Files (x86)\ASIO4ALL v2\A4ARegFix.exeexecutable
MD5:A48BBDDCB6771A48A6F71258EC6D2371
SHA256:C3BBBC8C4B502F910C3613B614E159FFE407F343ABB2E208F4BB7BD6C7B4CA0F
6180ASIO4ALL_2_16.exeC:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.urlbinary
MD5:15A5D95ED493BF090F5A9633943B775A
SHA256:007DF5B56AD9FFB83061019E3FBF9F7A8AF84A4EA8C65C38B0F02AB27C4E2546
6180ASIO4ALL_2_16.exeC:\Program Files (x86)\ASIO4ALL v2\asio4all64.dllexecutable
MD5:96E5986FA2278B9D1CB107DD007B8D06
SHA256:92B728712043D509BB3B0E247888641B716E0777BA58822BA44AAF53A1DCFAFF
6180ASIO4ALL_2_16.exeC:\Users\admin\Desktop\ASIO4ALL Web Site.lnkbinary
MD5:8224B63377ED5C58E384DDD102A65AF9
SHA256:615109ED06DA1C0B6D623B1FB0089D265164F6442EB168F0BE558AC5C8FF1C81
6180ASIO4ALL_2_16.exeC:\Users\admin\AppData\Local\Temp\nsw6853.tmp\System.dllexecutable
MD5:564BB0373067E1785CBA7E4C24AAB4BF
SHA256:7A9DDEE34562CD3703F1502B5C70E99CD5BBA15DE2B6845A3555033D7F6CB2A5
6180ASIO4ALL_2_16.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnkbinary
MD5:2D5D8EB46E028B1E1DAA12EDB1FE1EC2
SHA256:9C370CC97F294052B338BE3C37FD9279566ED64EB3A00629F4E166911C3C9DFE
6180ASIO4ALL_2_16.exeC:\Program Files (x86)\ASIO4ALL v2\uninstall.exeexecutable
MD5:BDE91016A3E26B09D0B5888A7DC182AD
SHA256:4529250D1023839835EC14C9244CADCE390DEAE75970CD8471AC54F539BBAB96
6180ASIO4ALL_2_16.exeC:\Users\admin\AppData\Local\Temp\nsw6853.tmp\modern-wizard.bmpimage
MD5:3FF1169A736D4C708AFFB0467E12B276
SHA256:E7AFC4C0FDA8B5CD5361C2EACE2FC9D9B26BEDEFF475F2D2DDB2E87A503FBF70
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
31
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7064
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7064
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6428
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4308
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
936
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.139:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
40.126.31.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.139
  • 23.48.23.195
  • 23.48.23.142
  • 23.48.23.140
  • 23.48.23.146
  • 23.48.23.138
  • 23.48.23.137
  • 23.48.23.148
  • 23.48.23.134
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.162
  • 104.126.37.145
  • 104.126.37.154
  • 104.126.37.144
  • 104.126.37.163
  • 104.126.37.131
  • 104.126.37.153
  • 104.126.37.136
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
login.live.com
  • 40.126.31.131
  • 40.126.31.3
  • 40.126.31.128
  • 40.126.31.1
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.68
  • 20.190.159.0
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ASIO4ALL_2_16.exe