File name:

xf-adsk2019_x64.exe

Full analysis: https://app.any.run/tasks/e5a18af4-7713-444f-a6f1-a536359bc58e
Verdict: Malicious activity
Analysis date: October 17, 2022, 05:07:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

EE05A2FD29273588668976C59995A020

SHA1:

77922AE13195484B7AB8A8258258AB6BA09E8EC2

SHA256:

DF0EDDEA5AEA614FA5B20649D4573CEDCC160A2E56740E77E9237E3430082F61

SSDEEP:

24576:9B2YDyv/aWALQSCHYJFNOu/Ouhru2eBTykPe:9BHGaWqr3LOYOgReBGQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • xf-adsk2019_x64.exe (PID: 2500)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • xf-adsk2019_x64.exe (PID: 2500)

  • INFO

    • Checks supported languages

      • xf-adsk2019_x64.exe (PID: 2500)

    • Process checks LSA protection

      • xf-adsk2019_x64.exe (PID: 2500)

    • Reads the machine GUID from the registry

      • xf-adsk2019_x64.exe (PID: 2500)

    • Creates a file in a temporary directory

      • xf-adsk2019_x64.exe (PID: 2500)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2015-Mar-11 15:11:45
Detected languages:
  • French - France

DOS Header

e_magic: MZ
e_cblp: 144
e_cp: 3
e_crlc: -
e_cparhdr: 4
e_minalloc: -
e_maxalloc: 65535
e_ss: -
e_sp: 184
e_csum: -
e_ip: -
e_cs: -
e_ovno: -
e_oemid: -
e_oeminfo: -
e_lfanew: 248

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 6
TimeDateStamp: 2015-Mar-11 15:11:45
PointerToSymbolTable: -
NumberOfSymbols: -
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
4096
559396
3072
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
5.20542
.data
565248
40000
0
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata
606208
3136
0
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.AC20190
610304
908216
0
IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.AC20191
1519616
1031292
1031680
IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.99403
.rsrc
2551808
8680
8704
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.19904

Resources

Title
Entropy
Size
Codepage
Language
Type
1
6.25345
8500
UNKNOWN
French - France
RT_ICON
103
1.91924
20
UNKNOWN
French - France
RT_GROUP_ICON

Imports

ADVAPI32.dll
GDI32.dll
KERNEL32.DLL
KERNEL32.DLL (#2)
KERNEL32.DLL (#3)
USER32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start xf-adsk2019_x64.exe

Process information

PID
CMD
Path
Indicators
Parent process
2500"C:\Users\admin\AppData\Local\Temp\xf-adsk2019_x64.exe" C:\Users\admin\AppData\Local\Temp\xf-adsk2019_x64.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\xf-adsk2019_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
27
Read events
27
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2500xf-adsk2019_x64.exeC:\Users\admin\AppData\Local\Temp\adesk_patcher64.exeexecutable
MD5:29E4D39AA7525DEA051456F145BF0F6E
SHA256:C3900FE43CAAE514CB61CC326F8D839873AA07E6A38F7D6E76D417ED4704EB7E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
xf-adsk2019_x64.exe