File name:

adb-setup-1.4.3.exe

Full analysis: https://app.any.run/tasks/f66437b1-7d60-4bb2-a099-cdb475e0d347
Verdict: Malicious activity
Analysis date: March 12, 2018, 21:06:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

8C9085D4F753A2AAB26082FD2EB46A8E

SHA1:

EAE637085255A1C7D903A880374B20D108A3C38B

SHA256:

CA297F88AE58CC436028E07482E04E429E6BC81EAB291CBA814AA196D2C4F419

SSDEEP:

196608:cwYvfXDBYhBpeLHe3+EPegZT3VCz0TByC+Py7FU+LCZAsdX3LBO9:3ibBYDey3PFCuByPyhRwxBBI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • adb-setup-1.4.3.exe (PID: 3480)

    • Starts CMD.EXE for commands execution

      • adb-setup-1.4.3.exe (PID: 3760)

    • Creates files in the user directory

      • uTorrent.exe (PID: 2996)

    • Changes IE settings (feature browser emulation)

      • uTorrent.exe (PID: 2996)

    • Reads internet explorer settings

      • utorrentie.exe (PID: 3352)
      • utorrentie.exe (PID: 2296)

  • INFO

    • Dropped object may contain URL's

      • uTorrent.exe (PID: 2996)
      • adb-setup-1.4.3.exe (PID: 2924)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:12:31 01:38:38+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 57344
InitializedDataSize: 307200
UninitializedDataSize: 389120
EntryPoint: 0x6cad0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.4.3.0
ProductVersionNumber: 1.4.3.0
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Snoop05
FileDescription: 15 seconds ADB Installer
FileVersion: 1.4.3
InternalName: adb-installer
LegalCopyright: -
OriginalFileName: adb-installer-1.4.3.exe
PrivateBuild: December 30, 2012
ProductName: 15 seconds ADB Installer
ProductVersion: 1.4.3

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 31-Dec-2012 00:38:38
Detected languages:
  • English - United States
  • Russian - Russia
CompanyName: Snoop05
FileDescription: 15 seconds ADB Installer
FileVersion: 1.4.3
InternalName: adb-installer
LegalCopyright: -
OriginalFilename: adb-installer-1.4.3.exe
PrivateBuild: December 30, 2012
ProductName: 15 seconds ADB Installer
ProductVersion: 1.4.3

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0060
Pages in file: 0x0001
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000060

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 31-Dec-2012 00:38:38
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x0005F000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00060000
0x0000E000
0x0000D800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.97261
.rsrc
0x0006E000
0x0004B000
0x0004B000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.00963

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.23138
838
Latin 1 / Western European
English - United States
RT_MANIFEST
2
2.60602
744
Latin 1 / Western European
Russian - Russia
RT_ICON
3
2.63074
488
Latin 1 / Western European
Russian - Russia
RT_ICON
4
2.3817
296
Latin 1 / Western European
Russian - Russia
RT_ICON
5
3.28424
3752
Latin 1 / Western European
English - United States
RT_ICON
6
3.39214
2216
Latin 1 / Western European
English - United States
RT_ICON
7
3.17501
1736
Latin 1 / Western European
English - United States
RT_ICON
8
1.89055
1384
Latin 1 / Western European
English - United States
RT_ICON
9
2.75163
270376
Latin 1 / Western European
English - United States
RT_ICON
10
3.43924
9640
Latin 1 / Western European
English - United States
RT_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
MSVCRT.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
7
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start adb-setup-1.4.3.exe no specs adb-setup-1.4.3.exe adb-setup-1.4.3.exe no specs cmd.exe no specs utorrent.exe utorrentie.exe no specs utorrentie.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2296"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe" uTorrent_2996_024E7228_737090147 µTorrent4823DF041B09 uTorrentC:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.5.0_44090\utorrentie.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2924"C:\Users\admin\AppData\Local\Temp\adb-setup-1.4.3.exe" -sfxelevation C:\Users\admin\AppData\Local\Temp\adb-setup-1.4.3.exe
adb-setup-1.4.3.exe
User:
admin
Company:
Snoop05
Integrity Level:
HIGH
Description:
15 seconds ADB Installer
Exit code:
0
Version:
1.4.3
Modules
Images
c:\users\admin\appdata\local\temp\adb-setup-1.4.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
2968cmd /c ""C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\install.bat" "C:\Windows\system32\cmd.exeadb-setup-1.4.3.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
255
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2996"C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
explorer.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent
Exit code:
0
Version:
3.5.0.44090
Modules
Images
c:\users\admin\appdata\roaming\utorrent\utorrent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
3352"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe" uTorrent_2996_024E7358_102705963 µTorrent4823DF041B09 uTorrentC:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.5.0_44090\utorrentie.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3480"C:\Users\admin\AppData\Local\Temp\adb-setup-1.4.3.exe" C:\Users\admin\AppData\Local\Temp\adb-setup-1.4.3.exeexplorer.exe
User:
admin
Company:
Snoop05
Integrity Level:
MEDIUM
Description:
15 seconds ADB Installer
Exit code:
0
Version:
1.4.3
Modules
Images
c:\users\admin\appdata\local\temp\adb-setup-1.4.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
3760"C:\Users\admin\AppData\Local\Temp\adb-setup-1.4.3.exe" -sfxwaitall:0 "install.bat" C:\Users\admin\AppData\Local\Temp\adb-setup-1.4.3.exeadb-setup-1.4.3.exe
User:
admin
Company:
Snoop05
Integrity Level:
HIGH
Description:
15 seconds ADB Installer
Exit code:
0
Version:
1.4.3
Modules
Images
c:\users\admin\appdata\local\temp\adb-setup-1.4.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
Total events
1 057
Read events
997
Write events
60
Delete events
0

Modification events

(PID) Process:(3480) adb-setup-1.4.3.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3480) adb-setup-1.4.3.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3760) adb-setup-1.4.3.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3760) adb-setup-1.4.3.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2996) uTorrent.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\8F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2996) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:utorrentie.exe
Value:
11000
(PID) Process:(2996) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
Operation:writeName:utorrentie.exe
Value:
1
(PID) Process:(2996) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION
Operation:writeName:utorrentie.exe
Value:
0
(PID) Process:(2996) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2996) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B000000090000000000000000000000000000000400000000000000108E82C8479FD301000000000000000000000000020000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A8640B000000000000000002000000C0A8640B0000000000000000000000000000000000000000000000000C00000C37D0000010A73800D8703600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081F800009000230090002300380023000000000000702C000A00000000000000F8412C00
Executable files
14
Suspicious files
9
Text files
11
Unknown types
2

Dropped files

PID
Process
Filename
Type
2924adb-setup-1.4.3.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\amd64\NOTICE.txttext
MD5:EA7F2158B930BAF2C0FE799566489716
SHA256:A19B767B9DDDA7306C78232E4A223D0BA966471B74DCE3C0C995307CAB5BF7B7
2996uTorrent.exeC:\Users\admin\AppData\Local\Temp\Cab4CC1.tmp
MD5:
SHA256:
2996uTorrent.exeC:\Users\admin\AppData\Local\Temp\Tar4CC2.tmp
MD5:
SHA256:
2996uTorrent.exeC:\Users\admin\AppData\Local\Temp\Cab4CC3.tmp
MD5:
SHA256:
2996uTorrent.exeC:\Users\admin\AppData\Local\Temp\Tar4CC4.tmp
MD5:
SHA256:
2924adb-setup-1.4.3.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\androidwinusba64.catcat
MD5:B83F9FA084F11007C7E6C668E6FA9E54
SHA256:8F3F15BAEAF50AE7388562BE0303F5AC7EE3CB255448A24E3D33E1F094E0680E
2996uTorrent.exeC:\Users\admin\AppData\Local\Temp\Cab6510.tmp
MD5:
SHA256:
2996uTorrent.exeC:\Users\admin\AppData\Local\Temp\Tar6511.tmp
MD5:
SHA256:
2924adb-setup-1.4.3.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\adb\adb.exeexecutable
MD5:775416971E2A69064B8ACD575D3DFF4D
SHA256:1A7919487FF69796754219239D5D5B5472D019AF988757B5C4092253E7A78F2B
2924adb-setup-1.4.3.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\driver\android_winusb.infbinary
MD5:BEA78A10D31B64E81D007B4CE0ECD0EE
SHA256:7984D14AF8EBCE8255448AA728A5436916FCCB36D1814516301F04A7DEA2A666
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
147
DNS requests
18
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
69.164.56.131:80
http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=35FmVrb4p-7SQFSt&v=111258682&ol=en&ul=&tk=stable34&c=uTorrent
US
whitelisted
GET
304
68.232.34.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
whitelisted
GET
304
69.164.0.0:80
http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=35FmVrb4p-7SQFSt&v=111258682&ol=en&ul=&tk=stable34&c=uTorrent
US
whitelisted
GET
173.254.195.58:80
http://update.bittorrent.com/time.php
US
whitelisted
GET
200
208.111.135.1:80
http://cdn.ap.bittorrent.com/control/tags/ut.json
US
text
8.20 Kb
shared
GET
200
208.111.135.1:80
http://cdn.ap.bittorrent.com/control/feature/tags/ut.json
US
text
3.72 Kb
shared
GET
200
178.79.251.1:80
http://www.bt.co/network/index.html?site=954555&reload=true&rules=eyI0IjpbNF0sIjUiOls1XSwiMzgwIjpbMzgwLCA1XX0&adt=4&browser=ie&clientdata=utorrent%7c3%2e5%2e0%2e44090%7c290&geo=us&ie=8&page=torrent&w=498139398&langs=en
GB
html
599 b
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/assets/js/3p/ie8.js
GB
text
7.34 Kb
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/assets/js/index-bundled.js
GB
text
109 Kb
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/adzerk/ados-00dce7.js
GB
text
25.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
79.134.74.129:11704
Digit One LLC
RU
unknown
109.124.5.35:51413
LLC TOMTEL
RU
unknown
68.232.34.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
54.235.208.27:80
i-30.b-44090.ut.bench.utorrent.com
Amazon.com, Inc.
US
whitelisted
54.192.31.5:80
now.bt.co
Amazon.com, Inc.
US
unknown
69.164.0.0:80
apps.bittorrent.com
Limelight Networks, Inc.
US
suspicious
69.164.56.131:80
apps.bittorrent.com
Limelight Networks, Inc.
US
suspicious
52.85.201.190:80
utclient.utorrent.com
Amazon.com, Inc.
US
unknown
54.192.31.5:443
now.bt.co
Amazon.com, Inc.
US
unknown
208.111.135.1:80
cdn.ap.bittorrent.com
Limelight Networks, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
teredo.ipv6.microsoft.com
whitelisted
www.download.windowsupdate.com
  • 68.232.34.240
whitelisted
router.bittorrent.com
  • 67.215.246.10
shared
router.utorrent.com
  • 82.221.103.244
whitelisted
i-30.b-44090.ut.bench.utorrent.com
  • 54.235.208.27
  • 54.225.194.96
  • 23.21.92.252
  • 23.23.215.82
  • 23.23.85.1
  • 54.197.251.114
  • 23.21.139.158
  • 174.129.255.167
shared
now.bt.co
  • 54.192.31.5
whitelisted
apps.bittorrent.com
  • 69.164.0.0
  • 69.164.56.131
whitelisted
utclient.utorrent.com
  • 52.85.201.37
  • 52.85.201.200
  • 52.85.201.50
  • 52.85.201.178
  • 52.85.201.190
  • 52.85.201.53
  • 52.85.201.143
  • 52.85.201.222
shared
update.bittorrent.com
  • 173.254.195.58
whitelisted
cdn.ap.bittorrent.com
  • 208.111.131.66
  • 208.111.135.1
shared

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adb-setup-1.4.3.exe