File name:

imazing-generator-se_gGdLCDveAH.zip

Full analysis: https://app.any.run/tasks/df0c5369-ea2e-4713-80f4-a3e97212d406
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 28, 2024, 14:04:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
downloadassistant
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

2620803FACBE92DEE967C13418D703BC

SHA1:

A297DDE0DB621753A5D408F5D9FE20431BF8F595

SHA256:

E8637E57F37D966F5B7AB30EC41602619725777F253620A73C646FC2732ECECD

SSDEEP:

98304:/IlYUX4QOGXZHVR9bpBELgBNrbfP24l7uim5BceXxN0GZulAOt2VGEu4ztCi9JWo:YTTCBPHD0g6T1QV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • imazing-generator-se_gGdLCDveAH.exe (PID: 4060)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1872)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1844)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

    • DOWNLOADASSISTANT has been detected (SURICATA)

      • soundlabfree.exe (PID: 1432)
      • soundlabfree.exe (PID: 2348)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • imazing-generator-se_gGdLCDveAH.exe (PID: 4060)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1872)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1844)

    • Reads the Windows owner or organization settings

      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

    • Process drops legitimate windows executable

      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

    • Access to an unwanted program domain was detected

      • soundlabfree.exe (PID: 1432)

    • Searches for installed software

      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3972)

    • Checks supported languages

      • imazing-generator-se_gGdLCDveAH.exe (PID: 4060)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 4072)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1872)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • soundlabfree.exe (PID: 1432)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1844)
      • wmpnscfg.exe (PID: 1236)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)
      • soundlabfree.exe (PID: 2348)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3972)

    • Reads the computer name

      • imazing-generator-se_gGdLCDveAH.tmp (PID: 4072)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • soundlabfree.exe (PID: 1432)
      • wmpnscfg.exe (PID: 1236)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)
      • soundlabfree.exe (PID: 2348)

    • Manual execution by a user

      • imazing-generator-se_gGdLCDveAH.exe (PID: 4060)
      • wmpnscfg.exe (PID: 1236)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1844)

    • Create files in a temporary directory

      • imazing-generator-se_gGdLCDveAH.exe (PID: 1872)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 4060)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.exe (PID: 1844)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

    • Creates files or folders in the user directory

      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

    • Creates a software uninstall entry

      • imazing-generator-se_gGdLCDveAH.tmp (PID: 2024)
      • imazing-generator-se_gGdLCDveAH.tmp (PID: 1932)

    • Reads the machine GUID from the registry

      • soundlabfree.exe (PID: 1432)
      • soundlabfree.exe (PID: 2348)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x000b
ZipCompression: Deflated
ZipModifyDate: 2024:05:28 17:03:38
ZipCRC: 0xb68c1ac9
ZipCompressedSize: 7587458
ZipUncompressedSize: 7612337
ZipFileName: imazing-generator-se_gGdLCDveAH.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
12
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe imazing-generator-se_ggdlcdveah.exe imazing-generator-se_ggdlcdveah.tmp no specs imazing-generator-se_ggdlcdveah.exe imazing-generator-se_ggdlcdveah.tmp schtasks.exe no specs #DOWNLOADASSISTANT soundlabfree.exe wmpnscfg.exe no specs imazing-generator-se_ggdlcdveah.exe imazing-generator-se_ggdlcdveah.tmp schtasks.exe no specs #DOWNLOADASSISTANT soundlabfree.exe

Process information

PID
CMD
Path
Indicators
Parent process
1184"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Sound_Lab_Free_5281"C:\Windows\System32\schtasks.exeimazing-generator-se_gGdLCDveAH.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1236"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1432"C:\Users\admin\AppData\Local\Sound Lab Free\soundlabfree.exe" 80f0b963ee2fe2bf3eadbc2324d7436eC:\Users\admin\AppData\Local\Sound Lab Free\soundlabfree.exe
imazing-generator-se_gGdLCDveAH.tmp
User:
admin
Integrity Level:
HIGH
Description:
DrawPad Graphic Design Software
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\users\admin\appdata\local\sound lab free\soundlabfree.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
1844"C:\Users\admin\Desktop\imazing-generator-se_gGdLCDveAH.exe" C:\Users\admin\Desktop\imazing-generator-se_gGdLCDveAH.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Sound Lab Free Setup
Version:
Modules
Images
c:\users\admin\desktop\imazing-generator-se_ggdlcdveah.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1872"C:\Users\admin\Desktop\imazing-generator-se_gGdLCDveAH.exe" /SPAWNWND=$30188 /NOTIFYWND=$30186 C:\Users\admin\Desktop\imazing-generator-se_gGdLCDveAH.exe
imazing-generator-se_gGdLCDveAH.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
Sound Lab Free Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\imazing-generator-se_ggdlcdveah.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1932"C:\Users\admin\AppData\Local\Temp\is-09GOH.tmp\imazing-generator-se_gGdLCDveAH.tmp" /SL5="$50136,7347133,56832,C:\Users\admin\Desktop\imazing-generator-se_gGdLCDveAH.exe" C:\Users\admin\AppData\Local\Temp\is-09GOH.tmp\imazing-generator-se_gGdLCDveAH.tmp
imazing-generator-se_gGdLCDveAH.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-09goh.tmp\imazing-generator-se_ggdlcdveah.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2024"C:\Users\admin\AppData\Local\Temp\is-PBHJT.tmp\imazing-generator-se_gGdLCDveAH.tmp" /SL5="$40176,7347133,56832,C:\Users\admin\Desktop\imazing-generator-se_gGdLCDveAH.exe" /SPAWNWND=$30188 /NOTIFYWND=$30186 C:\Users\admin\AppData\Local\Temp\is-PBHJT.tmp\imazing-generator-se_gGdLCDveAH.tmp
imazing-generator-se_gGdLCDveAH.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-pbhjt.tmp\imazing-generator-se_ggdlcdveah.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2240"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Sound_Lab_Free_5281"C:\Windows\System32\schtasks.exeimazing-generator-se_gGdLCDveAH.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
2348"C:\Users\admin\AppData\Local\Sound Lab Free\soundlabfree.exe" 80f0b963ee2fe2bf3eadbc2324d7436eC:\Users\admin\AppData\Local\Sound Lab Free\soundlabfree.exe
imazing-generator-se_gGdLCDveAH.tmp
User:
admin
Integrity Level:
HIGH
Description:
DrawPad Graphic Design Software
Version:
1.0.0.1
Modules
Images
c:\users\admin\appdata\local\sound lab free\soundlabfree.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3972"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\imazing-generator-se_gGdLCDveAH.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
4 983
Read events
4 932
Write events
50
Delete events
1

Modification events

(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3972) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\imazing-generator-se_gGdLCDveAH.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
60
Suspicious files
1
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
1872imazing-generator-se_gGdLCDveAH.exeC:\Users\admin\AppData\Local\Temp\is-PBHJT.tmp\imazing-generator-se_gGdLCDveAH.tmpexecutable
MD5:5A823668AEC2B3CE99879F3C922F2B4E
SHA256:C6C56C6C2ADF73DE6AFE964FEC461B22F9C18E2E91A1B0519569B1F877B26557
4060imazing-generator-se_gGdLCDveAH.exeC:\Users\admin\AppData\Local\Temp\is-P1G3M.tmp\imazing-generator-se_gGdLCDveAH.tmpexecutable
MD5:5A823668AEC2B3CE99879F3C922F2B4E
SHA256:C6C56C6C2ADF73DE6AFE964FEC461B22F9C18E2E91A1B0519569B1F877B26557
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\libgcc_s_dw2-1.dllexecutable
MD5:FADDE43C97607E4445A6F924D851F04E
SHA256:F0614835136413217ED3BAEC9BA22AAAC4C37956AFCB0209F1F89B7676AE86BC
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Temp\is-NO1RH.tmp\_isetup\_iscrypt.dllexecutable
MD5:A69559718AB506675E907FE49DEB71E9
SHA256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\is-BC5HB.tmpexecutable
MD5:5E664A451F4CFD51FF96AEBE48E2003B
SHA256:7305E53C1330028EEBB0C33CC8E52C5EC432FD13BFBAAA810D987E535D6D94CA
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\is-1055L.tmptext
MD5:3BB131D6862FDB57979F6C859C7AF30E
SHA256:3F63CC3979F035E87C272F895B24B107ACE6A9265EA362A49EC823F333693D14
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\is-8RHLL.tmpexecutable
MD5:C283D446B34E75019B81D0981CB11F0D
SHA256:F6530962659D0641236A42517A30DC55C4FCB7D30E942C3E820AF343798A770D
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\is-N0DFE.tmpexecutable
MD5:FADDE43C97607E4445A6F924D851F04E
SHA256:F0614835136413217ED3BAEC9BA22AAAC4C37956AFCB0209F1F89B7676AE86BC
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\libstdc++-6.dllexecutable
MD5:C283D446B34E75019B81D0981CB11F0D
SHA256:F6530962659D0641236A42517A30DC55C4FCB7D30E942C3E820AF343798A770D
2024imazing-generator-se_gGdLCDveAH.tmpC:\Users\admin\AppData\Local\Sound Lab Free\unins000.exeexecutable
MD5:5E664A451F4CFD51FF96AEBE48E2003B
SHA256:7305E53C1330028EEBB0C33CC8E52C5EC432FD13BFBAAA810D987E535D6D94CA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
6
DNS requests
1
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1432
soundlabfree.exe
POST
104.21.74.224:80
http://soneservice.shop/new/net_api
unknown
unknown
2348
soundlabfree.exe
POST
104.21.74.224:80
http://soneservice.shop/new/net_api
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1432
soundlabfree.exe
104.21.74.224:80
soneservice.shop
CLOUDFLARENET
unknown
2348
soundlabfree.exe
104.21.74.224:80
soneservice.shop
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
soneservice.shop
  • 104.21.74.224
  • 172.67.164.12
unknown

Threats

PID
Process
Class
Message
1432
soundlabfree.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] DownloadAssistant HTTP POST Request
2348
soundlabfree.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] DownloadAssistant HTTP POST Request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
imazing-generator-se_gGdLCDveAH.zip