File name:

Baidu-WiFi-Hotspot.exe

Full analysis: https://app.any.run/tasks/dce4d75c-c240-4f21-a924-a2f8d9f55530
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 22, 2019, 08:42:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
adware
pua
lavasoft
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F15E6091B359C1A4165ADC8EB5D1F668

SHA1:

2633CAA971029B0F3A4B4C3594EB6CCF1A960187

SHA256:

E730F50E32B861467A588102F5EF69E9C92EB8E5911A1ED59FE5DBAFF77E652A

SSDEEP:

49152:cG5UfgmSNM62LyyiFlpb1VsAYfY1NnR7LFHI0FLnh7fdl8BvgHo7oSi3QMPvXzR:cG5Qg5u6FyiF3XKY1rLRI0FLhCvgH8i5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • installer.exe (PID: 2368)
      • GenericSetup.exe (PID: 3736)

    • Loads dropped or rewritten executable

      • GenericSetup.exe (PID: 3736)

    • LAVASOFT was detected

      • installer.exe (PID: 2368)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Baidu-WiFi-Hotspot.exe (PID: 1412)

    • Reads Windows owner or organization settings

      • GenericSetup.exe (PID: 3736)

    • Reads Environment values

      • GenericSetup.exe (PID: 3736)

    • Reads the Windows organization settings

      • GenericSetup.exe (PID: 3736)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:04:18 20:54:06+02:00
PEType: PE32
LinkerVersion: 6
CodeSize: 104448
InitializedDataSize: 36864
UninitializedDataSize: -
EntryPoint: 0x148d4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
CompanyName: -
FileDescription: -
InternalName: -
LegalCopyright: -
OriginalFileName: -
ProductName: -
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start baidu-wifi-hotspot.exe #LAVASOFT installer.exe genericsetup.exe baidu-wifi-hotspot.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1412"C:\Users\admin\AppData\Local\Temp\Baidu-WiFi-Hotspot.exe" C:\Users\admin\AppData\Local\Temp\Baidu-WiFi-Hotspot.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\baidu-wifi-hotspot.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2368.\installer.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\installer.exe
Baidu-WiFi-Hotspot.exe
User:
admin
Company:
adaware
Integrity Level:
HIGH
Exit code:
0
Version:
4.0.1.2042
Modules
Images
c:\users\admin\appdata\local\temp\7zs48502ca9\installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2720"C:\Users\admin\AppData\Local\Temp\Baidu-WiFi-Hotspot.exe" C:\Users\admin\AppData\Local\Temp\Baidu-WiFi-Hotspot.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\baidu-wifi-hotspot.exe
c:\systemroot\system32\ntdll.dll
3736"C:\Users\admin\AppData\Local\Temp\7zS48502CA9\GenericSetup.exe" C:\Users\admin\AppData\Local\Temp\7zS48502CA9\GenericSetup.exe husertype=AdminC:\Users\admin\AppData\Local\Temp\7zS48502CA9\GenericSetup.exe
installer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
4.0.1.2042
Modules
Images
c:\users\admin\appdata\local\temp\7zs48502ca9\genericsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
521
Read events
456
Write events
65
Delete events
0

Modification events

(PID) Process:(2368) installer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\images\loader.gif
(PID) Process:(2368) installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2368) installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3736) GenericSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3736) GenericSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
11
Suspicious files
0
Text files
19
Unknown types
0

Dropped files

PID
Process
Filename
Type
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\DownloadPage.htmlhtml
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\BundleConfig.jsontext
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\InstallingPage.htmlhtml
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\LaunchCarrierPage.htmlhtml
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\style.csstext
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\GenericSetup.exe.configxml
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\tis\EventHandler.tistext
MD5:
SHA256:
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\DownloadFolderPage.htmlhtml
MD5:1BED31BCD4D25B0EFD4972F7A15E04DD
SHA256:FAE84813E5208C7B1638FD6CC7DA420155A6C88B1B055AA8CF67E4441CA95592
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\images\loader.gifimage
MD5:2B26F73D382AB69F3914A7D9FDA97B0F
SHA256:A6A0B05B1D5C52303DD3E9E2F9CDA1E688A490FBE84EA0D6E22A051AB6EFD643
1412Baidu-WiFi-Hotspot.exeC:\Users\admin\AppData\Local\Temp\7zS48502CA9\Resources\OfferPage.htmlhtml
MD5:7F21C6E780368050097D26AB8481B717
SHA256:BD32FA37AE471EEC2CFDCB0AA970BE1179F79B3BBF147568FDDE6206C32048B3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
4
DNS requests
4
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2368
installer.exe
POST
200
104.18.87.101:80
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
US
text
29 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3736
GenericSetup.exe
104.16.236.79:443
h2oapi.adaware.com
Cloudflare Inc
US
shared
2368
installer.exe
104.18.87.101:80
flow.lavasoft.com
Cloudflare Inc
US
shared
3736
GenericSetup.exe
104.16.235.79:443
h2oapi.adaware.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
h2oapi.adaware.com
  • 104.16.236.79
  • 104.16.235.79
malicious
flow.lavasoft.com
  • 104.18.87.101
  • 104.18.88.101
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

PID
Process
Class
Message
2368
installer.exe
A Network Trojan was detected
ET MALWARE Lavasoft PUA/Adware Client Install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Baidu-WiFi-Hotspot.exe