General Info

File name

filezilla-server_0945.exe

Full analysis
https://app.any.run/tasks/ab1e40df-4a7f-4d4b-8e0c-d43734b95af0
Verdict
Malicious activity
Analysis date
3/14/2019, 17:46:37
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

57a2c9eb09fac2bc317077bea4cc3503

SHA1

e3d43e426a198982ce9182455c421ce41369d362

SHA256

d7de4affcf24c5025a3526bcff94f595d7af361e4b2ef848331eafd37e927f4a

SSDEEP

49152:DVlur1iA1uaD1qsfzCg1x6bTBTialF96hn6HpfVRRDMBVWMx3P:DzurxD1cg1gbNH6h6RDMF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • FileZilla Server.exe (PID: 3044)
  • FileZilla Server Interface.exe (PID: 3236)
  • FileZilla Server Interface.exe (PID: 3372)
  • FileZilla Server.exe (PID: 3584)
  • FileZilla Server.exe (PID: 3952)
  • FileZilla Server.exe (PID: 3180)
  • FileZilla Server.exe (PID: 2600)
  • FileZilla Server.exe (PID: 3200)
  • FileZilla Server.exe (PID: 3936)
Loads dropped or rewritten executable
  • filezilla-server_0945.exe (PID: 3672)
Changes the autorun value in the registry
  • filezilla-server_0945.exe (PID: 3672)
Creates files in the program directory
  • FileZilla Server Interface.exe (PID: 3236)
  • FileZilla Server.exe (PID: 3180)
  • filezilla-server_0945.exe (PID: 3672)
Executable content was dropped or overwritten
  • filezilla-server_0945.exe (PID: 3672)
Creates a software uninstall entry
  • filezilla-server_0945.exe (PID: 3672)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2010:04:10 14:19:31+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
25600
InitializedDataSize:
431104
UninitializedDataSize:
16896
EntryPoint:
0x354b
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
0.9.45.0
ProductVersionNumber:
0.9.45.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
CompanyName:
FileZilla Project
FileDescription:
FileZilla Server
FileVersion:
beta 0.9.45
LegalCopyright:
FileZilla Project
OriginalFileName:
FileZilla_Server-0_9_45.exe
ProductName:
FileZilla Server
ProductVersion:
beta 0.9.45
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
10-Apr-2010 12:19:31
Detected languages
English - United States
CompanyName:
FileZilla Project
FileDescription:
FileZilla Server
FileVersion:
beta 0.9.45
LegalCopyright:
FileZilla Project
OriginalFilename:
FileZilla_Server-0_9_45.exe
ProductName:
FileZilla Server
ProductVersion:
beta 0.9.45
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
10-Apr-2010 12:19:31
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000063A2 0x00006400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.48045
.rdata 0x00008000 0x000018F2 0x00001A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.88829
.data 0x0000A000 0x0006669C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.42988
.ndata 0x00071000 0x000A1000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00112000 0x00002A90 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.0065
Resources
1

2

3

4

102

103

104

105

106

107

110

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
44
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

+
drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start start filezilla-server_0945.exe no specs filezilla-server_0945.exe filezilla server.exe no specs filezilla server.exe no specs filezilla server.exe no specs filezilla server.exe no specs filezilla server interface.exe no specs filezilla server.exe no specs filezilla server.exe no specs filezilla server interface.exe filezilla server.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3140
CMD
"C:\Users\admin\AppData\Local\Temp\filezilla-server_0945.exe"
Path
C:\Users\admin\AppData\Local\Temp\filezilla-server_0945.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
beta 0.9.45
Modules
Image
c:\users\admin\appdata\local\temp\filezilla-server_0945.exe
c:\systemroot\system32\ntdll.dll

PID
3672
CMD
"C:\Users\admin\AppData\Local\Temp\filezilla-server_0945.exe"
Path
C:\Users\admin\AppData\Local\Temp\filezilla-server_0945.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
beta 0.9.45
Modules
Image
c:\users\admin\appdata\local\temp\filezilla-server_0945.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsre5cf.tmp\system.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\users\admin\appdata\local\temp\nsre5cf.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\program files\filezilla server\filezilla server.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\filezilla server\uninstall.exe
c:\program files\filezilla server\filezilla server interface.exe
c:\windows\system32\netutils.dll

PID
3180
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe" /stop
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3584
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe" /compat /stop
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3952
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe" /uninstall
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3044
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe" /adminport 14147
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3372
CMD
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" /adminport 1
Path
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server interface.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll

PID
2600
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe" /install auto
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3200
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe" /start
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3236
CMD
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
Path
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
Indicators
Parent process
filezilla-server_0945.exe
User
admin
Integrity Level
HIGH
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server interface.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\winhlp32.exe

PID
3936
CMD
"C:\Program Files\FileZilla Server\FileZilla Server.exe"
Path
C:\Program Files\FileZilla Server\FileZilla Server.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
FileZilla Project
Description
FileZilla Server
Version
0, 9, 45, 0
Modules
Image
c:\program files\filezilla server\filezilla server.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wls0wndh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

Registry activity

Total events
403
Read events
386
Write events
17
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
DisplayName
FileZilla Server
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
DisplayIcon
C:\Program Files\FileZilla Server\FileZilla server.exe
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
DisplayVersion
beta 0.9.45
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
HelpLink
https://filezilla-project.org/
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
InstallLocation
C:\Program Files\FileZilla Server
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
URLInfoAbout
https://filezilla-project.org/
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
URLUpdateInfo
https://filezilla-project.org/
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
UninstallString
C:\Program Files\FileZilla Server\uninstall.exe
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
Publisher
FileZilla Project
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
VersionMajor
0
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
VersionMinor
9
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
NoModify
1
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
NoRepair
1
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server
EstimatedSize
5169
3672
filezilla-server_0945.exe
write
HKEY_CURRENT_USER\Software\FileZilla Server
Install_Dir
C:\Program Files\FileZilla Server
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\FileZilla Server
Install_Dir
C:\Program Files\FileZilla Server
3672
filezilla-server_0945.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FileZilla Server Interface
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

Files activity

Executable files
7
Suspicious files
0
Text files
37
Unknown types
5

Dropped files

PID
Process
Filename
Type
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
executable
MD5: 09fbeee125dcbfc5aafdb2eb9471c5fb
SHA256: f08e81766512f302ab8e64e6e72deca67dc16829b9041b5b1cccaff83f58a8ba
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\Uninstall.exe
executable
MD5: 7f228f9486639f87690b8acb7cb68995
SHA256: 4467ac17b88e4bcdb1869e88ee8c36dc89fdea525174c8f100d10b4fa7bf8468
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\libeay32.dll
executable
MD5: 87dd7021c892c77fa979f93380297cfd
SHA256: 33418533e7fbedfe0514e4d9b45cc1860baec1fcfcba10adcfd044c169c6260d
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\ssleay32.dll
executable
MD5: 94976d409624ffd7294ab38a7e9035a9
SHA256: 5c04c17b197914eb462e10f9a4e5b3556917988928eb86677778655a13c39651
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\InstallOptions.dll
executable
MD5: 67d8f4d5acdb722e9cb7a99570b3ded1
SHA256: fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\System.dll
executable
MD5: 959ea64598b9a3e494c00e8fa793be7e
SHA256: 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
executable
MD5: 6acc18bdeceab47f86d1471911bc24fb
SHA256: 369ffd20f64ac4868e44c9951f4eacdfa84e68e22aff633e7a17b555f1f80ee3
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\readme.htm
html
MD5: c7d32fb83edb1d6e31e1a02367036696
SHA256: 47b57b4fb0688f4d895f43244b5809e0a67f11de738e925707053320d465ff6d
3672
filezilla-server_0945.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server\Uninstall.lnk
lnk
MD5: 54ff52f8450f622d41987655e255ba65
SHA256: 3b7965ab87dfe15e97772872491ed8713a998cffc656345e09fefe9f7aebfaa2
3236
FileZilla Server Interface.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.xml
text
MD5: b8ce9df8db8a408271ae4c8b9688ed62
SHA256: 73e8d8a8b9460b20bc000c87aa78572da3953c10bf8aca9c594bc2c2483ed207
3180
FileZilla Server.exe
C:\Program Files\FileZilla Server\FileZilla Server.xml
text
MD5: c38830a8199d779dba219e072035cfc1
SHA256: 83780e263b2bf3a5fea4e61a9608926993ae8d3b42c4f96450a235673858b86d
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CE.tmp
––
MD5:  ––
SHA256:  ––
3044
FileZilla Server.exe
C:\Program Files\FileZilla Server\FileZilla Server.xml
text
MD5: 692dc109416ad50d444e4aa9e3bdbfcb
SHA256: 8c814b2ec7453070c92587c88d6a40bb8aa2fa2b471d45aa4428ed3b10256dea
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\InterfaceOptions.ini
text
MD5: f3400330fe3049b54d80f9c1609819a2
SHA256: e17c9142f93d5732453c564153634127bd69c0623d9420272027bd6427dc0c15
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\license.txt
text
MD5: d8861c05ab80613d4a9e9fcdc4b0983e
SHA256: b7435a69ae21a7c50916e90520987392cecb32543f2ac59cb11181c44956cc35
3672
filezilla-server_0945.exe
C:\Program Files\FileZilla Server\legal.htm
html
MD5: 07f317266dba47e7cb1cc5ccf7040ed2
SHA256: ced5b4e92110c022d6b2ef7939a0edd45547198d53848d40f116ed3676c5c9f5
3672
filezilla-server_0945.exe
C:\Users\Public\Desktop\FileZilla Server Interface.lnk
lnk
MD5: d50a654c5fadd0bf3716124fd163244a
SHA256: d8a3e2391089cc86b8a849f3cd8a764d8a0a054de2a7b77a67ff07a1af3f65c0
3672
filezilla-server_0945.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server\FileZilla Server Interface.lnk
lnk
MD5: bef0fdfccf2104a107a9cff3814945ec
SHA256: 6a62cb333a4332f697f4eaa1f068bdcf29cedc1a2f389aaf6b57e62842571b2f
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\InterfaceOptions.ini
text
MD5: 5dba2c98d7330288176e2e4227e13111
SHA256: dfd28d580d9eae950cbd21eefdb5c547c4b5bae8153d172b906434abff206614
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\InterfaceOptions.ini
text
MD5: a616035e208fd9838fea36836bb2bb2b
SHA256: a84c1e20f3a91d9c6cd24aa5cd95f67b46084d5779673218d2a59f999ed260a7
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\StartupOptions.ini
text
MD5: 93db4c86be897bac3bca841c356d1ccb
SHA256: b4966668efd9f667abf487ee58b1b0b3a4e5f7f7e1e262733f78c51316f2ddc0
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\StartupOptions.ini
text
MD5: 1e577697a616522f6d1d776290fb4ef9
SHA256: 3aadd01d12bf0047e1b926e468b6ef7f297a76a59988aa9a19cb22eece43dd25
3672
filezilla-server_0945.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server\Stop FileZilla Server.lnk
lnk
MD5: 1056356ba6903ba51db0270cff98971f
SHA256: 7924e1e2f365cd4dcdebe114a96e3dc86de1e471b042b5ca520d1bd6330bf9ac
3672
filezilla-server_0945.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server\Start FileZilla Server.lnk
lnk
MD5: 827c6dcc2113e1a2de34cc62d11db705
SHA256: 7a65c01f1bc06d4e4596eca85a38aba0841cd5d8b57847ee79e79d866d2c41cb
3672
filezilla-server_0945.exe
C:\Users\admin\AppData\Local\Temp\nsrE5CF.tmp\StartupOptions.ini
text
MD5: d734576c222fabc8088849c19b85b86e
SHA256: 5851387e753633cdf71814f043c7c90fa6a9f56229dbcd426bef677689577ea3
3236
FileZilla Server Interface.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.xml
text
MD5: c38830a8199d779dba219e072035cfc1
SHA256: 83780e263b2bf3a5fea4e61a9608926993ae8d3b42c4f96450a235673858b86d

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.