File name:

software_reporter_tool.exe

Full analysis: https://app.any.run/tasks/e39397ab-3520-430c-a145-f21b6430ccf8
Verdict: Malicious activity
Analysis date: July 29, 2019, 20:20:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

8F3C648FCA3811066AB418208B078691

SHA1:

4776A0FBD1D9D0ECE20EDBB0661D1C2A10D77630

SHA256:

E0788548E3C42A936B8695A6637C2D079EF4203311C87CB62E2784FF16A2AB24

SSDEEP:

196608:Fw6V3gV6Orauj1sE23e31Wqawpkpt8VIpOcpEr6ZN0a:Fw61gVz23ha+p9Or6H0a

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • software_reporter_tool.exe (PID: 2284)

  • SUSPICIOUS

    • Application launched itself

      • software_reporter_tool.exe (PID: 3612)

    • Executable content was dropped or overwritten

      • software_reporter_tool.exe (PID: 2284)

  • INFO

    • Loads the Task Scheduler COM API

      • software_reporter_tool.exe (PID: 3612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:07:22 07:00:00+02:00
PEType: PE32
LinkerVersion: 14
CodeSize: 1754112
InitializedDataSize: 11241984
UninitializedDataSize: -
EntryPoint: 0x183f00
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 44.211.200.0
ProductVersionNumber: 44.211.200.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Google
FileDescription: Software Reporter Tool
FileVersion: 44.211.200
InternalName: software_reporter_tool_exe
LegalCopyright: Copyright 2015 Google Inc. All Rights Reserved.
OriginalFileName: software_reporter_tool.exe
ProductName: Software Reporter Tool
ProductVersion: 44.211.200
CompanyShortName: Google
ProductShortName: Software Reporter Tool
OfficialBuild: 1

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 22-Jul-2019 05:00:00
Detected languages:
  • English - United States
TLS Callbacks: 2 callback(s) detected.
Debug artifacts:
  • software_reporter_tool.exe.pdb
CompanyName: Google
FileDescription: Software Reporter Tool
FileVersion: 44.211.200
InternalName: software_reporter_tool_exe
LegalCopyright: Copyright 2015 Google Inc. All Rights Reserved.
OriginalFilename: software_reporter_tool.exe
ProductName: Software Reporter Tool
ProductVersion: 44.211.200
CompanyShortName: Google
ProductShortName: Software Reporter Tool
Official Build: 1

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0078
Pages in file: 0x0001
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0x0000
Initial SS value: 0x0000
Initial SP value: 0x0000
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000078

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 10
Time date stamp: 22-Jul-2019 05:00:00
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x001AC3DD
0x001AC400
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.71005
.rdata
0x001AE000
0x00076BFC
0x00076C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.5968
.data
0x00225000
0x000081BC
0x00003200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.48329
.00cfg
0x0022E000
0x00000004
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
0.0611629
.tls
0x0022F000
0x0000001D
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0.136464
.voltbl
0x00230000
0x00000324
0x00000400
5.45778
CPADinfo(
0x00231000
0x00000028
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0.122276
prot
0x00232000
0x000000C1
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
0
.rsrc
0x00233000
0x00A2EC90
0x00A2EE00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.68952
.reloc
0x00C62000
0x0000F5E0
0x0000F600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.70331

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.33361
1068
UNKNOWN
English - United States
RT_MANIFEST
11000
4.43289
573
UNKNOWN
UNKNOWN
TEXT
11500
6.64978
379392
UNKNOWN
UNKNOWN
LIBRARY
11501
6.56587
32184
UNKNOWN
UNKNOWN
LIBRARY
11502
6.64202
264632
UNKNOWN
UNKNOWN
LIBRARY
11503
6.2844
2928984
UNKNOWN
UNKNOWN
LIBRARY
11504
6.64338
967000
UNKNOWN
UNKNOWN
LIBRARY
11505
6.70547
5491128
UNKNOWN
UNKNOWN
LIBRARY
11506
6.37674
610648
UNKNOWN
UNKNOWN
LIBRARY
11600
4.4966
44
UNKNOWN
UNKNOWN
TEXT

Imports

ADVAPI32.dll
IPHLPAPI.DLL
KERNEL32.dll
OLEAUT32.dll
SHELL32.dll
SHLWAPI.dll
Secur32.dll
USER32.dll
VERSION.dll
WINHTTP.dll

Exports

Title
Ordinal
Address
0
0x00000000
GetHandleVerifier
1
0x000E0EF0
IsSandboxedProcess
2
0x00093C20
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start software_reporter_tool.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe software_reporter_tool.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2284"c:\users\admin\appdata\local\temp\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_3612_NGYXWVKVCALKMBVQ" --sandboxed-process-id=2 --init-done-notifier=388 --sandbox-mojo-pipe-token=11354041007025000846 --mojo-platform-channel-handle=324 --engine=2c:\users\admin\appdata\local\temp\software_reporter_tool.exe
software_reporter_tool.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
0
Version:
44.211.200
Modules
Images
c:\users\admin\appdata\local\temp\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
2988"c:\users\admin\appdata\local\temp\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_3612_NGYXWVKVCALKMBVQ" --sandboxed-process-id=3 --init-done-notifier=608 --sandbox-mojo-pipe-token=15518598407639879869 --mojo-platform-channel-handle=604c:\users\admin\appdata\local\temp\software_reporter_tool.exesoftware_reporter_tool.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
0
Version:
44.211.200
Modules
Images
c:\users\admin\appdata\local\temp\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
3612"C:\Users\admin\AppData\Local\Temp\software_reporter_tool.exe" C:\Users\admin\AppData\Local\Temp\software_reporter_tool.exeexplorer.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
0
Version:
44.211.200
Modules
Images
c:\users\admin\appdata\local\temp\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
3816c:\users\admin\appdata\local\temp\software_reporter_tool.exe --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=44.211.200 --initial-client-data=0xe4,0xec,0xf0,0xe8,0xf4,0x11f9e28,0x11f9e38,0x11f9e44c:\users\admin\appdata\local\temp\software_reporter_tool.exesoftware_reporter_tool.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
0
Version:
44.211.200
Modules
Images
c:\users\admin\appdata\local\temp\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
Total events
436
Read events
432
Write events
3
Delete events
1

Modification events

(PID) Process:(3612) software_reporter_tool.exeKey:HKEY_CURRENT_USER\Software\Google\Software Removal Tool\ScanTimes
Operation:delete keyName:
Value:
(PID) Process:(3612) software_reporter_tool.exeKey:HKEY_CURRENT_USER\Software\Google\Software Removal Tool
Operation:writeName:StartTime
Value:
7FA24AEB6DED2E00
(PID) Process:(3612) software_reporter_tool.exeKey:HKEY_CURRENT_USER\Software\Google\Software Removal Tool
Operation:writeName:EngineErrorCode
Value:
65536
(PID) Process:(3612) software_reporter_tool.exeKey:HKEY_CURRENT_USER\Software\Google\Software Removal Tool
Operation:writeName:EngineErrorCode
Value:
589824
Executable files
7
Suspicious files
3
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3612software_reporter_tool.exeC:\Users\admin\AppData\Local\Temp\debug.logtext
MD5:
SHA256:
2284software_reporter_tool.exeC:\users\admin\appdata\local\temp\debug.logtext
MD5:
SHA256:
3816software_reporter_tool.exeC:\users\admin\appdata\local\temp\debug.logtext
MD5:
SHA256:
3612software_reporter_tool.exeC:\users\admin\appdata\local\Google\Software Reporter Tool\settings.datbinary
MD5:B94703502CAB5AC56931643149E6FB81
SHA256:B0AE3F8E9904CCDF4E887A2BD65156B9A844739C75F2D6F1F592D7878A5FDA00
2284software_reporter_tool.exeC:\users\admin\appdata\local\temp\em001_32.dllexecutable
MD5:E9C10B913C4365C5E14DFBFA5F1B128F
SHA256:D89D40ABA74EF9818F3C440BE36FD8C13DA4B9E09272DA3A1ED59A98F20E3C1D
2988software_reporter_tool.exeC:\users\admin\appdata\local\temp\debug.logtext
MD5:
SHA256:
2284software_reporter_tool.exeC:\users\admin\appdata\local\temp\em002_32.dllexecutable
MD5:C5F99F64621F8783CE891DAF1A78113B
SHA256:4576672F872A0BBBCEC8C1C441156F0CEB57BBF165C3CB25FC9D1734D25F8CCD
2284software_reporter_tool.exeC:\users\admin\appdata\local\temp\edls_32.dllexecutable
MD5:5A6A6029614AC855D5A7D2A4A595DEA1
SHA256:1DDAE5721437F3CFA3B7DF754227F9D6388F3EB5F63000FDC16793E25229972D
2284software_reporter_tool.exeC:\users\admin\appdata\local\temp\em000_32.dllexecutable
MD5:2AD7364C59F37DB236AB149ACE05FD10
SHA256:C282F94F71CE00483B5D57C7A0EA5A44E70272DC2C8F4ABF3C5B1C8D9C860608
2284software_reporter_tool.exeC:\users\admin\appdata\local\temp\em004_32.dllexecutable
MD5:1E476D42CFE1D63055D7A53E9026477E
SHA256:7A8C1450C7B81AD37882EF08A6B1D9407DA012D2BED7485A5AD0920E90D87D24
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
software_reporter_tool.exe