analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

LicenseCrawler - CHIP-Installer.exe

Full analysis: https://app.any.run/tasks/5075d418-7b84-468b-93e6-8253b8cd971c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 22, 2019, 07:30:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

AF72306A68434E0C43848600B87D1B27

SHA1:

46A65A84B39998B5B4333F21C545CD9D9C5C93C6

SHA256:

E81FBE35DEF1876898336A07B080F99B296C9FB76A99418D6005A3748046F10E

SSDEEP:

24576:Xq5TfcdHj4fmbo2qfjzPhHyOjgu2Fzny1gdjgsA5k:XUTsamExbjg9jgQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • avast_free_antivirus_setup_online.exe (PID: 3556)
      • avast_free_antivirus_setup_online.exe (PID: 3368)
      • dmr_72.exe (PID: 3848)
      • instup.exe (PID: 3996)
      • LicenseCrawler.exe (PID: 3140)
      • instup.exe (PID: 3424)
      • sbr.exe (PID: 3932)

    • Downloads executable files from the Internet

      • dmr_72.exe (PID: 3848)
      • avast_free_antivirus_setup_online.exe (PID: 3368)

    • Changes settings of System certificates

      • dmr_72.exe (PID: 3848)

    • Loads dropped or rewritten executable

      • instup.exe (PID: 3996)
      • LicenseCrawler.exe (PID: 3140)

    • Changes the autorun value in the registry

      • instup.exe (PID: 3424)

  • SUSPICIOUS

    • Reads internet explorer settings

      • dmr_72.exe (PID: 3848)

    • Low-level read access rights to disk partition

      • avast_free_antivirus_setup_online.exe (PID: 3368)
      • instup.exe (PID: 3996)
      • avast_free_antivirus_setup_online.exe (PID: 3556)
      • instup.exe (PID: 3424)

    • Creates files in the Windows directory

      • avast_free_antivirus_setup_online.exe (PID: 3368)
      • avast_free_antivirus_setup_online.exe (PID: 3556)
      • instup.exe (PID: 3996)
      • instup.exe (PID: 3424)

    • Executable content was dropped or overwritten

      • avast_free_antivirus_setup_online.exe (PID: 3368)
      • LicenseCrawler - CHIP-Installer.exe (PID: 2456)
      • dmr_72.exe (PID: 3848)
      • avast_free_antivirus_setup_online.exe (PID: 3556)
      • instup.exe (PID: 3996)
      • WinRAR.exe (PID: 3892)
      • instup.exe (PID: 3424)

    • Creates files in the program directory

      • avast_free_antivirus_setup_online.exe (PID: 3556)
      • instup.exe (PID: 3996)

    • Adds / modifies Windows certificates

      • dmr_72.exe (PID: 3848)

    • Creates files in the user directory

      • dmr_72.exe (PID: 3848)

    • Removes files from Windows directory

      • instup.exe (PID: 3996)
      • instup.exe (PID: 3424)

    • Starts itself from another location

      • instup.exe (PID: 3996)

    • Searches for installed software

      • dmr_72.exe (PID: 3848)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • LicenseCrawler - CHIP-Installer.exe (PID: 2456)
      • instup.exe (PID: 3424)

    • Reads settings of System Certificates

      • dmr_72.exe (PID: 3848)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (30.7)
.exe | UPX compressed Win32 Executable (30.1)
.exe | Win32 EXE Yoda's Crypter (29.5)
.exe | Win32 Executable (generic) (5)
.exe | Generic Win/DOS Executable (2.2)

EXIF

EXE

OriginalFileName: CHIP Secured Installer
ProductName: CHIP Secured Installer
InternalName: CHIP Secured Installer
CompanyName: CHIP Digital GmbH
LegalCopyright: Copyright © 2019 Chip Digital GmbH
ProductVersion: 2.9.10.0
FileDescription: CHIP Secured Installer
Comments: CHIP Secured Installer
FileVersion: 2.9.10.0
CharacterSet: Unicode
LanguageCode: German
FileSubtype: -
ObjectFileType: Unknown
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0000
ProductVersionNumber: 2.9.10.0
FileVersionNumber: 2.9.10.0
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x1c68d0
UninitializedDataSize: 1515520
InitializedDataSize: 987136
CodeSize: 344064
LinkerVersion: 11
PEType: PE32
TimeStamp: 2019:03:13 10:43:21+01:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 13-Mar-2019 09:43:21
Detected languages:
  • English - United Kingdom
  • German - Germany
FileVersion: 2.9.10.0
Comments: CHIP Secured Installer
FileDescription: CHIP Secured Installer
ProductVersion: 2.9.10.0
LegalCopyright: Copyright © 2019 Chip Digital GmbH
CompanyName: CHIP Digital GmbH
InternalName: CHIP Secured Installer
ProductName: CHIP Secured Installer
OriginalFilename: CHIP Secured Installer

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000108

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 13-Mar-2019 09:43:21
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x00172000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00173000
0x00054000
0x00053C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.93604
.rsrc
0x001C7000
0x000F1000
0x000F0E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
6.39466

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.32366
1444
Latin 1 / Western European
German - Germany
RT_MANIFEST
4
3.75291
9640
Latin 1 / Western European
English - United Kingdom
RT_ICON
7
3.34702
1428
Latin 1 / Western European
English - United Kingdom
RT_STRING
8
3.2817
1674
Latin 1 / Western European
English - United Kingdom
RT_STRING
9
3.28849
1168
Latin 1 / Western European
English - United Kingdom
RT_STRING
10
3.28373
1532
Latin 1 / Western European
English - United Kingdom
RT_STRING
11
3.26322
1628
Latin 1 / Western European
English - United Kingdom
RT_STRING
12
3.25812
1126
Latin 1 / Western European
English - United Kingdom
RT_STRING
99
2.0815
20
Latin 1 / Western European
English - United Kingdom
RT_GROUP_ICON
166
2.68292
80
Latin 1 / Western European
English - United Kingdom
RT_MENU

Imports

ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
GDI32.dll
IPHLPAPI.DLL
KERNEL32.DLL
MPR.dll
OLEAUT32.dll
PSAPI.DLL
SHELL32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
13
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start licensecrawler - chip-installer.exe no specs licensecrawler - chip-installer.exe dmr_72.exe explorer.exe no specs explorer.exe no specs avast_free_antivirus_setup_online.exe winrar.exe no specs avast_free_antivirus_setup_online.exe winrar.exe instup.exe licensecrawler.exe no specs instup.exe sbr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3672"C:\Users\admin\AppData\Local\Temp\LicenseCrawler - CHIP-Installer.exe" C:\Users\admin\AppData\Local\Temp\LicenseCrawler - CHIP-Installer.exeexplorer.exe
User:
admin
Company:
CHIP Digital GmbH
Integrity Level:
MEDIUM
Description:
CHIP Secured Installer
Exit code:
3221226540
Version:
2.9.10.0
2456"C:\Users\admin\AppData\Local\Temp\LicenseCrawler - CHIP-Installer.exe" C:\Users\admin\AppData\Local\Temp\LicenseCrawler - CHIP-Installer.exe
explorer.exe
User:
admin
Company:
CHIP Digital GmbH
Integrity Level:
HIGH
Description:
CHIP Secured Installer
Exit code:
0
Version:
2.9.10.0
3848"C:\Users\admin\AppData\Local\Temp\DMR\dmr_72.exe" -install -54439828 -chipderedesign -fc6b6e4b84fe4aae9082c6161ec4930d - -BLUB2 -bhyrryigpengvmjc -2456C:\Users\admin\AppData\Local\Temp\DMR\dmr_72.exe
LicenseCrawler - CHIP-Installer.exe
User:
admin
Company:
Chip Digital GmbH
Integrity Level:
HIGH
Description:
CHIP Secured Installer
Version:
2.9.10.0
3984"C:\Windows\explorer.exe" /e,/select,C:\Users\admin\Downloads\licensecrawler_2.1.2301.zipC:\Windows\explorer.exedmr_72.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2784C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3368"C:\Users\admin\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\c36806329dd1ca55ff7a96fec0779424\avast_free_antivirus_setup_online.exe" /SILENT C:\Users\admin\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\c36806329dd1ca55ff7a96fec0779424\avast_free_antivirus_setup_online.exe
dmr_72.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Version:
2.1.1279.0
3112"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\licensecrawler_2.1.2301.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3556"C:\Windows\Temp\asw.8d77844b5617f669\avast_free_antivirus_setup_online.exe" /SILENT /cookie:mmm_cip_ppi_002_599_m /ga_clientid:94209c7b-0ef6-4fd6-831e-5085f8303a05 /edat_dir:C:\Windows\Temp\asw.8d77844b5617f669C:\Windows\Temp\asw.8d77844b5617f669\avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Version:
19.3.4241.0
3892"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\licensecrawler_2.1.2301.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3996"C:\Windows\Temp\asw.83c72f9aa07f3dad\instup.exe" /edition:1 /ga_clientid:94209c7b-0ef6-4fd6-831e-5085f8303a05 /guid:e119c0ee-43d6-4bad-a0fd-ad609c86941f /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.83c72f9aa07f3dad /SILENT /cookie:mmm_cip_ppi_002_599_m /ga_clientid:94209c7b-0ef6-4fd6-831e-5085f8303a05 /edat_dir:C:\Windows\Temp\asw.8d77844b5617f669C:\Windows\Temp\asw.83c72f9aa07f3dad\instup.exe
avast_free_antivirus_setup_online.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Version:
19.3.4241.0
Total events
9 165
Read events
6 329
Write events
0
Delete events
0

Modification events

No data
Executable files
23
Suspicious files
34
Text files
47
Unknown types
2

Dropped files

PID
Process
Filename
Type
3556avast_free_antivirus_setup_online.exeSetup.log
MD5:
SHA256:
3556avast_free_antivirus_setup_online.exeC:\Windows\Temp\asw.83c72f9aa07f3dad\servers.deftext
MD5:C66EFF1E07EDD34AE3465B8FB23020F1
SHA256:8EB05C4D9B307CF69ED5F13DAC4B18C912EA11B2230E62D9891EF1C138380A42
3368avast_free_antivirus_setup_online.exeC:\windows\temp\asw.8d77844b5617f669\ecoo.edattext
MD5:3C38147AA44779EE9B4287EA8D7F998C
SHA256:B380D5392B9024877088B795EC5E7194F23AC55BE450EDC3F5920CF3A75A3AE2
3848dmr_72.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\MarselisSlabWeb[1].eoteot
MD5:99DB29822EBD7B203C4D42F511A09126
SHA256:8BB3DD596D97E5130178968732A0E2490668B5850E94F6B64D1E0262D5C8E5C8
3848dmr_72.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\jquery[1].jstext
MD5:21AAD200D2965AB5E8003EB72A60CDBA
SHA256:DFCBB6BDD9CA50BA56F33B36F585456707F90EEF14BE072D46908F3A6D56F82B
2456LicenseCrawler - CHIP-Installer.exeC:\Users\admin\AppData\Local\Temp\DMR\dmr_72.exeexecutable
MD5:E1C531D8EE0435A4829C850C64C6E066
SHA256:DE261633341935832DFDA0B6FF43C6DFA34CA40F98BBEBCA84CF3F9A513326B1
3556avast_free_antivirus_setup_online.exeC:\Windows\Temp\asw.83c72f9aa07f3dad\config.deftext
MD5:553B471777D328A6EF79790FD516BB47
SHA256:38B63D92FC4300B5A9D4CE9CBB77194CD3E8AA7FAAACB09DD33F851EE7622026
3848dmr_72.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\main[1].jstext
MD5:8AB97ADDE4779CB7ABA2AD7693F8804F
SHA256:84C455C2B26F53B7E4750DFE0C782C93BFD0B3F3F0F2C0695749E402602AA79E
3848dmr_72.exeC:\Users\admin\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\3533bda4c65ccfbbc76d3b22854fd16c\1-klick-chip-setup.exeexecutable
MD5:35894C5B6B6FC3FD8C34FAB6998CEA4A
SHA256:C38861941FDFB0798EDAA6EEB9DAF880321CE287CA236654E3FF0F73C8CAA330
3848dmr_72.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\main[1].csstext
MD5:D7D0460325E0498216BD55AF8298E758
SHA256:92C02CD6A818E9A33E8D5D24191ED942DBF4EF8AF86B3F2BEC5F98B8556F72DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
56
DNS requests
58
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3848
dmr_72.exe
GET
5.9.198.83:80
http://api.chip-secured-download.de/downloaderContent/jquery.js
DE
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/downloaderContent/main.css?v=1461939270
DE
text
1.65 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/track/uac.php?clientid=661b878e-975f-4599-8734-b17dc440936e&cid=54439828&pid=chipderedesign&source=BLUB2&setupid=fc6b6e4b84fe4aae9082c6161ec4930d&langcountry=en-US&state=WithoutUAC
DE
binary
121 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/downloaderContent/MarselisSlabWeb.eot?&1440165143
DE
eot
61.7 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/downloaderContent/jquery.js
DE
text
32.2 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/downloaderContent/progress.php?pid=chipderedesign&cid=54439828&sid=fc6b6e4b84fe4aae9082c6161ec4930d&appname=4C6963656E7365437261776C6572&uid=661b878e-975f-4599-8734-b17dc440936e&scid=&source=BLUB2&language=en-eu&piddata=&uaexe=66697265666F782E657865&Camplist=64386635313338383638323336356261393562616434326463323933303838663B61316363303330363632343534346235306161666131633930383766343364643B31313131636230656231386533626238623736356362663664623237656132333B3737396434326630663031356265393839666436663565623065343765343733
DE
htm
2.18 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/newbrandmachine/chipderedesign?cid=54439828&scid=&headline1=4C6963656E7365437261776C6572&headline2=434849502D444F574E4C4F4144&euid=366639636331626331306538356565633137636264653832&icon=68747470733A2F2F7777772E636869702E64652F69692F352F382F392F352F392F322F322F663964306162626339613035663033332E6A7067&screenshot=68747470733A2F2F7777772E636869702E64652F69692F352F382F392F352F392F322F322F623431383265623035366135343330372E6A7067&MetaRating=35&lang=en
DE
binary
121 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.84:80
http://static.chip-secured-download.de/gfx/pagead/AVAST/avast-buttons-v1-feb18.gif
DE
image
36.6 Kb
suspicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/downloaderContent/main.js?v=12
DE
text
2.74 Kb
malicious
3848
dmr_72.exe
GET
200
5.9.198.83:80
http://api.chip-secured-download.de/geoip/geoip.php?ip=36322e3231342e36372e313836&givezip=true
DE
text
14 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3556
avast_free_antivirus_setup_online.exe
172.217.16.142:80
www.google-analytics.com
Google Inc.
US
whitelisted
3848
dmr_72.exe
2.16.186.59:80
dl.cdn.chip.de
Akamai International B.V.
whitelisted
3848
dmr_72.exe
5.9.198.83:80
api.chip-secured-download.de
Hetzner Online GmbH
DE
malicious
3848
dmr_72.exe
5.9.198.84:80
static.chip-secured-download.de
Hetzner Online GmbH
DE
suspicious
3848
dmr_72.exe
176.9.97.244:80
api.chip-secured-download.de
Hetzner Online GmbH
DE
malicious
3996
instup.exe
8.8.8.8:53
Google Inc.
US
whitelisted
3848
dmr_72.exe
2.18.69.143:443
bits.avcdn.net
Akamai International B.V.
whitelisted
3368
avast_free_antivirus_setup_online.exe
77.234.45.54:80
v7event.stats.avast.com
AVAST Software s.r.o.
DE
unknown
3996
instup.exe
5.62.53.220:443
shepherd.ff.avast.com
US
unknown
3556
avast_free_antivirus_setup_online.exe
77.234.45.54:80
v7event.stats.avast.com
AVAST Software s.r.o.
DE
unknown

DNS requests

Domain
IP
Reputation
api.chip-secured-download.de
  • 5.9.198.83
  • 176.9.97.244
unknown
ocs1.chdi-server.de
  • 5.9.175.19
unknown
static.chip-secured-download.de
  • 5.9.198.84
  • 176.9.97.245
suspicious
downloaderapi.chip.de
  • 23.45.107.220
whitelisted
bits.avcdn.net
  • 2.18.69.143
whitelisted
service.chip-secured-download.de
  • 176.9.97.244
  • 5.9.198.83
malicious
dl.cdn.chip.de
  • 2.16.186.59
  • 2.16.186.72
whitelisted
www.google-analytics.com
  • 172.217.16.142
whitelisted
v7event.stats.avast.com
  • 77.234.45.54
  • 5.62.40.204
  • 77.234.45.53
whitelisted
iavs9x.u.avast.com
  • 2.16.186.104
  • 2.16.186.50
whitelisted

Threats

PID
Process
Class
Message
3848
dmr_72.exe
A Network Trojan was detected
MALWARE [PTsecurity] DownloadSponsor inbound artifact m1
3848
dmr_72.exe
A Network Trojan was detected
MALWARE [PTsecurity] DownloadSponsor inbound artifact m1
3848
dmr_72.exe
A Network Trojan was detected
MALWARE [PTsecurity] DownloadSponsor img_welcome PNG artifact
3848
dmr_72.exe
A Network Trojan was detected
MALWARE [PTsecurity] DownloadSponsor inbound artifact m1
3848
dmr_72.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3848
dmr_72.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3848
dmr_72.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3848
dmr_72.exe
Generic Protocol Command Decode
SURICATA STREAM excessive retransmissions
3368
avast_free_antivirus_setup_online.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
LicenseCrawler - CHIP-Installer.exe