File name: | IE8-WindowsXP-x86-ENU.exe |
Full analysis: | https://app.any.run/tasks/e0849901-7004-4ad5-bcf9-a6acc9de6e5b |
Verdict: | Malicious activity |
Analysis date: | May 29, 2020, 20:44:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | A0669F24031E77EB72260D99579951DA |
SHA1: | FAB0A37F74696182D9B07A5B5EEEBA116737090F |
SHA256: | CAEF5C8ECA5768B94E673E5A98B766A935EBCD69E5351F2715EB4EBF24D59F19 |
SSDEEP: | 393216:oPsh3JzzE90a6Ehhjylqp+kXxnBcqQyjqTTQMhfPV/L:Ks5Jzz/Ehhj6qUkXxBL/C8uj |
.exe | | | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (80.1) |
---|---|---|
.exe | | | Win32 Executable MS Visual C++ (generic) (7.1) |
.exe | | | Win64 Executable (generic) (6.3) |
.scr | | | Windows screen saver (2.9) |
.dll | | | Win32 Dynamic Link Library (generic) (1.5) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2005:06:28 18:55:01+02:00 |
PEType: | PE32 |
LinkerVersion: | 7.1 |
CodeSize: | 31232 |
InitializedDataSize: | 72704 |
UninitializedDataSize: | - |
EntryPoint: | 0x5a45 |
OSVersion: | 5.2 |
ImageVersion: | 5.2 |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 6.2.29.0 |
ProductVersionNumber: | 6.2.29.0 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Windows NT 32-bit |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | English (U.S.) |
CharacterSet: | Unicode |
CompanyName: | Microsoft Corporation |
FileDescription: | Self-Extracting Cabinet |
FileVersion: | 6.2.0029.0 (SRV03_QFE.031113-0918) |
InternalName: | SFXCAB.EXE |
LegalCopyright: | © Microsoft Corporation. All rights reserved. |
OriginalFileName: | SFXCAB.EXE |
ProductName: | Microsoft® Windows® Operating System |
ProductVersion: | 6.2.0029.0 |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 28-Jun-2005 16:55:01 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Microsoft Corporation |
FileDescription: | Self-Extracting Cabinet |
FileVersion: | 6.2.0029.0 (SRV03_QFE.031113-0918) |
InternalName: | SFXCAB.EXE |
LegalCopyright: | © Microsoft Corporation. All rights reserved. |
OriginalFilename: | SFXCAB.EXE |
ProductName: | Microsoft® Windows® Operating System |
ProductVersion: | 6.2.0029.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000D0 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 28-Jun-2005 16:55:01 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x00007982 | 0x00007A00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.61008 |
.data | 0x0000A000 | 0x000110D4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.509584 |
.rsrc | 0x0001C000 | 0x00000988 | 0x00E63800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.99977 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.5279 | 904 | UNKNOWN | English - United States | RT_VERSION |
100 | 3.0946 | 282 | UNKNOWN | English - United States | RT_DIALOG |
107 | 2.9591 | 224 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
msvcrt.dll |
ntdll.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2868 | "C:\Users\admin\AppData\Local\Temp\IE8-WindowsXP-x86-ENU.exe" | C:\Users\admin\AppData\Local\Temp\IE8-WindowsXP-x86-ENU.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Self-Extracting Cabinet Exit code: 7 Version: 6.2.0029.0 (SRV03_QFE.031113-0918) | ||||
960 | c:\6358e45594b9a54102f67819\update\iesetup.exe | c:\6358e45594b9a54102f67819\update\iesetup.exe | — | IE8-WindowsXP-x86-ENU.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Internet Explorer 8 Setup Utility Exit code: 3221226540 Version: 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908) | ||||
1400 | c:\6358e45594b9a54102f67819\update\iesetup.exe | c:\6358e45594b9a54102f67819\update\iesetup.exe | IE8-WindowsXP-x86-ENU.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Internet Explorer 8 Setup Utility Exit code: 7 Version: 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\ieakmmc.chm | chm | |
MD5:B2AA9E67DA4EDF5AEB80B21E426E7D64 | SHA256:EB02AB555F8C4B47B45438B98B05054E4BF09D562E0E8F7EBE0C69F31EFF2C03 | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\ieapfltr.dll | executable | |
MD5:F1AE2A724B314A56CB6F5BDC7C2DB5C6 | SHA256:42B020B904AA4147BFCD109EA9E7CD203BB91E2BE810D9F1047DCCF78736D9B9 | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\ieapfltr.dat | executable | |
MD5:BA23EEECE60500D1391044F9ADEF3CBF | SHA256:AB92E15F9BFB1D691FFEF7FAD7CA4B7511C279FDDCCFBA346D6D443B223357FC | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\dxtrans.dll | executable | |
MD5:18C82D51FFEE41A96B59E3C665315B82 | SHA256:3A96D99B7F6199C6F5AE4F023E464A4AD2A9A0A63B365D5F087DB7551353787E | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\advpack.dll | executable | |
MD5:170FD8C49DBDE19B5798F0E621030D10 | SHA256:22FC931691E1B622E326E70C135EEFAF84201BA2E83BF700AB8E6CDA8C1C6957 | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\admparse.dll | executable | |
MD5:0075060C2AB9800C6E2BD5EE2BBC01FF | SHA256:3E8737D12F8260B99325290F622D21A02AE7C94FF62FC064943257DB9E653ECC | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\icardie.dll | executable | |
MD5:2102870C88849851AA2CB56AF03C95E6 | SHA256:EE1848E46FF598476D3ACFF4DC488E2B2506F18C801A5A2BDF69700A2E7E0E09 | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\ieaksie.dll | executable | |
MD5:1D1B0C48F04AB1772A003E82E21F0B7C | SHA256:D3885EEFFEE486B8293BEEFFFE75A7750FE92F29EB25C72C84A9B0A02F57715F | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\inetcpl.cpl | executable | |
MD5:58E1184192AC671BB85AD14659CD7439 | SHA256:D00B1060F672EFFAF3D6FBC3DB24B767F6D932C57E7300442D46181C9292E3FE | |||
2868 | IE8-WindowsXP-x86-ENU.exe | C:\6358e45594b9a54102f67819\inetres.adm | text | |
MD5:A38FE89DFA3895E6670EEA547942A7F7 | SHA256:0E6F12ED49522E62CC9B440AACDBD53F6832C52DEC0B3A47D68DDAF158D75A31 |