analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

mcafee_trial_setup_433.0207.3919_key.exe

Full analysis: https://app.any.run/tasks/523aa583-497c-4b3e-96cd-d77d4efb9be4
Verdict: Malicious activity
Analysis date: May 30, 2020, 13:05:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

65945ABA9D0D132D9D3BF5D85F0FA03D

SHA1:

B71B3A75DFA8E41C8D97B93A5E02EA9B19C332C6

SHA256:

DF5AA346C72DADB23827B04DAF13745A9AA4931E6CFAD0EC99582C4805389EA0

SSDEEP:

98304:MBYxU+6bGx7dfgh2qSef0Yy9KfpACNOxsK6toh9ACy88ZQQG38Hv:K6kGY2qSeO9KeCsxsKoohNy89Mv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • McDiReg.exe (PID: 2148)
      • mcuicnt.exe (PID: 572)
      • mcuicnt.exe (PID: 3524)
      • mcuicnt.exe (PID: 1820)
      • mcuicnt.exe (PID: 2772)
      • mcuicnt.exe (PID: 2876)

    • Loads dropped or rewritten executable

      • mcuicnt.exe (PID: 572)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2544)
      • mcuicnt.exe (PID: 2772)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2788)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 1464)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 3980)
      • mcuicnt.exe (PID: 3524)
      • mcuicnt.exe (PID: 1820)
      • mcuicnt.exe (PID: 2876)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2396)

    • Changes settings of System certificates

      • mcuicnt.exe (PID: 572)

  • SUSPICIOUS

    • Reads internet explorer settings

      • mcuicnt.exe (PID: 572)

    • Creates files in the program directory

      • McDiReg.exe (PID: 2148)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2544)
      • mcuicnt.exe (PID: 572)

    • Creates files in the user directory

      • mcuicnt.exe (PID: 572)
      • McDiReg.exe (PID: 2148)
      • mcuicnt.exe (PID: 2772)
      • mcuicnt.exe (PID: 1820)
      • mcuicnt.exe (PID: 2876)

    • Reads Internet Cache Settings

      • mcuicnt.exe (PID: 572)

    • Executable content was dropped or overwritten

      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2544)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 3980)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 1464)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2788)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 2396)

    • Application launched itself

      • taskmgr.exe (PID: 2924)

    • Adds / modifies Windows certificates

      • mcuicnt.exe (PID: 572)

  • INFO

    • Manual execution by user

      • taskmgr.exe (PID: 2924)
      • mcafee_trial_setup_433.0207.3919_key.exe (PID: 3980)
      • IMEDICTUPDATE.EXE (PID: 964)

    • Reads settings of System Certificates

      • mcuicnt.exe (PID: 572)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

ProductVersion: 4.0.161.1
ProductName: McAfee Package
OriginalFileName: mcinsint_mis.exe
LegalCopyRight: Copyright © 2020 McAfee, LLC
FileVersion: 1.0.0.0
FileDescription: McAfee Package
CompanyName: McAfee, LLC
CharacterSet: Windows, Latin1
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0000
ProductVersionNumber: 4.0.161.1
FileVersionNumber: 4.0.161.1
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: 6
OSVersion: 4
EntryPoint: 0x31d6
UninitializedDataSize: 1024
InitializedDataSize: 118784
CodeSize: 24576
LinkerVersion: 6
PEType: PE32
TimeStamp: 2018:12:15 23:24:22+01:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 15-Dec-2018 22:24:22
Detected languages:
  • English - United States
CompanyName: McAfee, LLC
FileDescription: McAfee Package
FileVersion: 1.0.0.0
LegalCopyRight: Copyright © 2020 McAfee, LLC
OriginalFilename: mcinsint_mis.exe
ProductName: McAfee Package
ProductVersion: 4.0.161.1

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000D8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 15-Dec-2018 22:24:22
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00005F0D
0x00006000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.45039
.rdata
0x00007000
0x00001250
0x00001400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.00109
.data
0x00009000
0x0001A818
0x00000400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
5.12959
.ndata
0x00024000
0x00009000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rsrc
0x0002D000
0x00006318
0x00006400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.75824

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.28733
841
UNKNOWN
English - United States
RT_MANIFEST
2
3.33921
4264
UNKNOWN
English - United States
RT_ICON
3
4.53307
3752
UNKNOWN
English - United States
RT_ICON
4
4.30121
2216
UNKNOWN
English - United States
RT_ICON
5
4.70655
1384
UNKNOWN
English - United States
RT_ICON
6
5.12697
1128
UNKNOWN
English - United States
RT_ICON
103
2.69913
90
UNKNOWN
English - United States
RT_GROUP_ICON
105
2.66174
256
UNKNOWN
English - United States
RT_DIALOG
106
2.88094
284
UNKNOWN
English - United States
RT_DIALOG
111
2.48825
96
UNKNOWN
English - United States
RT_DIALOG

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
75
Monitored processes
17
Malicious processes
4
Suspicious processes
8

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start mcafee_trial_setup_433.0207.3919_key.exe no specs mcafee_trial_setup_433.0207.3919_key.exe mcuicnt.exe mcdireg.exe no specs taskmgr.exe no specs mcafee_trial_setup_433.0207.3919_key.exe mcuicnt.exe no specs mcafee_trial_setup_433.0207.3919_key.exe no specs mcafee_trial_setup_433.0207.3919_key.exe mcuicnt.exe no specs mcafee_trial_setup_433.0207.3919_key.exe no specs mcafee_trial_setup_433.0207.3919_key.exe mcuicnt.exe no specs taskmgr.exe mcafee_trial_setup_433.0207.3919_key.exe mcuicnt.exe no specs imedictupdate.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2780"C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe" C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exeexplorer.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee Package
Exit code:
3221226540
Version:
1.0.0.0
2544"C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe" C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe
explorer.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee Package
Exit code:
1
Version:
1.0.0.0
572"C:\Users\admin\AppData\Local\Temp\nsqE0D5.tmp\mcuicnt.exe" vi2.dll C:\Users\admin\AppData\Local\Temp\nsqE0D5.tmp\mcuicnt.exe
mcafee_trial_setup_433.0207.3919_key.exe
User:
admin
Company:
McAfee, LLC.
Integrity Level:
HIGH
Description:
McAfee
Exit code:
1
Version:
9,11,127,0
2148C:\ProgramData\McAfee\Direct\McDiReg.exe -MONITOR_PI2 572C:\ProgramData\McAfee\Direct\McDiReg.exemcuicnt.exe
User:
admin
Company:
McAfee, LLC.
Integrity Level:
HIGH
Description:
McAfee Direct Registration
Exit code:
1
Version:
4,0,161,0
2924"C:\Windows\system32\taskmgr.exe" /4C:\Windows\system32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3980"C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe" C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe
explorer.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee Package
Exit code:
14
Version:
1.0.0.0
3524"C:\Users\admin\AppData\Local\Temp\nsxF0BE.tmp\mcuicnt.exe" vi2.dll C:\Users\admin\AppData\Local\Temp\nsxF0BE.tmp\mcuicnt.exemcafee_trial_setup_433.0207.3919_key.exe
User:
admin
Company:
McAfee, LLC.
Integrity Level:
HIGH
Description:
McAfee
Exit code:
14
Version:
9,11,127,0
2776"C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe" C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exetaskmgr.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee Package
Exit code:
3221226540
Version:
1.0.0.0
1464"C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe" C:\Users\admin\AppData\Local\Temp\mcafee_trial_setup_433.0207.3919_key.exe
taskmgr.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee Package
Exit code:
14
Version:
1.0.0.0
1820"C:\Users\admin\AppData\Local\Temp\nsdE39A.tmp\mcuicnt.exe" vi2.dll C:\Users\admin\AppData\Local\Temp\nsdE39A.tmp\mcuicnt.exemcafee_trial_setup_433.0207.3919_key.exe
User:
admin
Company:
McAfee, LLC.
Integrity Level:
HIGH
Description:
McAfee
Exit code:
14
Version:
9,11,127,0
Total events
4 309
Read events
2 861
Write events
0
Delete events
0

Modification events

No data
Executable files
113
Suspicious files
16
Text files
357
Unknown types
4

Dropped files

PID
Process
Filename
Type
2544mcafee_trial_setup_433.0207.3919_key.exeC:\Users\admin\AppData\Local\Temp\nsqE0D5.tmp\CreateMcDiRegTask.battext
MD5:673EA78C73F32E0EEFAB0544D00FBCB4
SHA256:D0E2E60D662C80DDD3835795F7C566FF9B6A84E6210817B4F01846DFA9736C11
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\Vi2_Fresh.jsontext
MD5:C98878C4A4A22CEDCB5DD114B6AA3925
SHA256:2886B97B46A963491B5F8A95442846A43639C42D927E135B98E40B43AE91C175
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\McDiReg.xmlxml
MD5:932AD7C6BA8427735A3A475146B692E5
SHA256:07C23910C1D79D5E33C5BE867150E33C3C3844B1A9233007A84E5E1998EE8F8B
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\Vi2Res.dllexecutable
MD5:CF15520C675996806B978F49B349FE31
SHA256:CEE2F4F5F5399D9D89D0D2110AD7CA2FE621B70834BF44ACC2D323592EC62D21
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\McDiReg.exeexecutable
MD5:C938F282C2807FA5D56093C8B2055200
SHA256:B66B240C97B1E75E19432876F453268A6A128924B48E08D2D02074AEEB338338
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\CreateMcDiRegTask.battext
MD5:673EA78C73F32E0EEFAB0544D00FBCB4
SHA256:D0E2E60D662C80DDD3835795F7C566FF9B6A84E6210817B4F01846DFA9736C11
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\DynamicAffid\1297\AWDET.initext
MD5:8CD838BBDF5ECBFC7BAECE097AA121D5
SHA256:DD899EC7C570226895DB3F5E04EB08F161BC78824488586B6D57DF2E3EAF92EA
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\DynamicAffid\1324\AWDET.initext
MD5:CA0AD538679EB415A098B1AB7FCD4451
SHA256:6478936F72C694F3134A2D4F41C3F0B9D35CE5A7698B995428C7DCF75FA4407A
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\DynamicAffid\1312\AWDET.initext
MD5:BA5E6BFF43ECAFCAE70CE667096C13EA
SHA256:6333776BB1CC7A3687699AFCD3440ECD11F1D1B8DE7353838B769021BC483422
2544mcafee_trial_setup_433.0207.3919_key.exeC:\ProgramData\McAfee\Direct\DynamicAffid\1318\AWDET.initext
MD5:B529E7CD9FAC37463968DAA5F1F08AC9
SHA256:DE7502FE7A70C2DBD1A0FAF1DA6BE1283DDF71EE22A801A6D5ADB311E48BF1D9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
572
mcuicnt.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCu%2F8JZxQ3BalXFvP7Nih9m
US
der
728 b
whitelisted
572
mcuicnt.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBT54gz5vn%2FXXBb71hRKynhUblJuBgQU0E4ixT1hcgq7J7SSNre6lZ8nMZwCEQCIBNwcbqvCopQZS0x1MTf6
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
572
mcuicnt.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
572
mcuicnt.exe
161.69.38.41:443
ws.mcafee.com
US
unknown

DNS requests

Domain
IP
Reputation
ws.mcafee.com
  • 161.69.38.41
unknown
ocsp.usertrust.com
  • 151.139.128.14
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
mcafee_trial_setup_433.0207.3919_key.exe