File name:

Jasi2169 NFO Viewer.exe

Full analysis: https://app.any.run/tasks/7d7f6ed9-4aea-4be5-98ce-738192b61d2c
Verdict: Malicious activity
Analysis date: January 23, 2024, 12:15:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

4C752A748558A37D034FFEBCB38E0D66

SHA1:

AA153EBD0DE1B5312B7C043263D38E02FDC7012F

SHA256:

D2C4F21391D5A842100425F9A2927EC47CDC55EDEA69013AA15F2C4EB4767E5C

SSDEEP:

3072:ECfEVEtuf2H+3AL7k/xP0EPgPxq9mrhwyJjrVs/33IV+Thzaot8Y:0lgX1njhsXza08

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Jasi2169 NFO Viewer.exe (PID: 1036)
      • Jasi2169 NFO Viewer.exe (PID: 3024)
      • Stardock Products Patch v1.5.exe (PID: 3640)

    • Creates a writable file in the system directory

      • Stardock Products Patch v1.5.exe (PID: 3640)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Jasi2169 NFO Viewer.exe (PID: 1036)
      • Jasi2169 NFO Viewer.exe (PID: 3024)
      • Stardock Products Patch v1.5.exe (PID: 3640)

  • INFO

    • Checks supported languages

      • Jasi2169 NFO Viewer.exe (PID: 1036)
      • Jasi2169 NFO Viewer.exe (PID: 3024)
      • Stardock Products Patch v1.5.exe (PID: 3640)

    • Reads the computer name

      • Jasi2169 NFO Viewer.exe (PID: 1036)
      • Jasi2169 NFO Viewer.exe (PID: 3024)
      • Stardock Products Patch v1.5.exe (PID: 3640)

    • Reads the machine GUID from the registry

      • Jasi2169 NFO Viewer.exe (PID: 1036)
      • Jasi2169 NFO Viewer.exe (PID: 3024)
      • Stardock Products Patch v1.5.exe (PID: 3640)

    • Create files in a temporary directory

      • Jasi2169 NFO Viewer.exe (PID: 1036)
      • Stardock Products Patch v1.5.exe (PID: 3640)

    • Manual execution by a user

      • control.exe (PID: 2320)
      • Jasi2169 NFO Viewer.exe (PID: 3024)
      • Stardock Products Patch v1.5.exe (PID: 3344)
      • Stardock Products Patch v1.5.exe (PID: 3640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:11:19 00:37:57+01:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 80
CodeSize: 136704
InitializedDataSize: 158720
UninitializedDataSize: -
EntryPoint: 0x235aa
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Jasi2169 NFO Viewer
CompanyName: Jasi2169
FileDescription: Jasi2169 NFO Viewer
FileVersion: 1.0.0.0
InternalName: Jasi2169 NFO Viewer.exe
LegalCopyright: Copyright © 2012
LegalTrademarks: All Rights Reserved..!!
OriginalFileName: Jasi2169 NFO Viewer.exe
ProductName: Jasi2169 NFO Viewer
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
5
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start jasi2169 nfo viewer.exe control.exe no specs jasi2169 nfo viewer.exe stardock products patch v1.5.exe no specs stardock products patch v1.5.exe

Process information

PID
CMD
Path
Indicators
Parent process
1036"C:\Users\admin\AppData\Local\Temp\Jasi2169 NFO Viewer.exe" C:\Users\admin\AppData\Local\Temp\Jasi2169 NFO Viewer.exe
explorer.exe
User:
admin
Company:
Jasi2169
Integrity Level:
MEDIUM
Description:
Jasi2169 NFO Viewer
Exit code:
3221225547
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\jasi2169 nfo viewer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2320"C:\Windows\System32\control.exe" SYSTEMC:\Windows\System32\control.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Control Panel
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\control.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3024"C:\Users\admin\Desktop\Jasi2169 NFO Viewer.exe" C:\Users\admin\Desktop\Jasi2169 NFO Viewer.exe
explorer.exe
User:
admin
Company:
Jasi2169
Integrity Level:
MEDIUM
Description:
Jasi2169 NFO Viewer
Exit code:
3221225547
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\jasi2169 nfo viewer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3344"C:\Users\admin\Desktop\Stardock Products Patch v1.5.exe" C:\Users\admin\Desktop\Stardock Products Patch v1.5.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Stardock Products Patch
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\stardock products patch v1.5.exe
c:\windows\system32\ntdll.dll
3640"C:\Users\admin\Desktop\Stardock Products Patch v1.5.exe" C:\Users\admin\Desktop\Stardock Products Patch v1.5.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Stardock Products Patch
Exit code:
3221225547
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\stardock products patch v1.5.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
3 654
Read events
3 560
Write events
93
Delete events
1

Modification events

(PID) Process:(2320) control.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0000000001000000060000000B00000002000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
020000000000000001000000060000000B000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_FolderType
Value:
{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_TopViewID
Value:
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
Operation:writeName:TV_TopViewVersion
Value:
0
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Operation:writeName:Mode
Value:
4
(PID) Process:(3640) Stardock Products Patch v1.5.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Operation:writeName:LogicalViewMode
Value:
1
Executable files
4
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1036Jasi2169 NFO Viewer.exeC:\Users\admin\AppData\Local\Temp\bassmod.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
3640Stardock Products Patch v1.5.exeC:\Users\admin\AppData\Local\Temp\Stardock Products Patch.X86.1.0.0.0\Native.dllexecutable
MD5:13E8F594CB3731201D2B74D9EACA249A
SHA256:FE21D378F1F0138DAC03EC59B8E635229078132977D43FE832E0A0CDB9D27FCB
3024Jasi2169 NFO Viewer.exeC:\Users\admin\Desktop\bassmod.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
3640Stardock Products Patch v1.5.exeC:\Users\admin\AppData\Local\Temp\Stardock Products Patch.X86.1.0.0.0\keygen_cursor.curbinary
MD5:FC9B2E18A0E21C712E227E88248882C1
SHA256:FE802DB4DE68C9340F7A211DDF694109FD983478454CCB925A06F68851276C69
3640Stardock Products Patch v1.5.exeC:\Windows\system32\bassmod.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Jasi2169 NFO Viewer.exe