File name:

HD.Tune.Pro.5.75.Portable.exe

Full analysis: https://app.any.run/tasks/8fa320cc-c51d-41e6-a9a9-d316fc897e8c
Verdict: Malicious activity
Analysis date: July 05, 2024, 13:18:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

24817C015E5442B14ACFAD0474349B90

SHA1:

72F4CCB4D157B608329E47F4F8138C76E7A064EC

SHA256:

EB0543911DCD7B041EBDBE9403B0C03C06228E5C7E20B2805D6F80DFCB02F441

SSDEEP:

98304:Xs5s+KW+7TxdHk5cApPXhUiWE/ZQiKVHRZJcfuL7YldMR+Av/0lcn62Dtb26pFGz:JUkg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • HD.Tune.Pro.5.75.Portable.exe (PID: 1428)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • HD.Tune.Pro.5.75.Portable.exe (PID: 1428)

    • Reads security settings of Internet Explorer

      • HD.Tune.Pro.5.75.Portable.exe (PID: 1428)

    • Executes application which crashes

      • HD Tune Pro.exe (PID: 6880)
      • HD Tune Pro.exe (PID: 5380)

    • Application launched itself

      • HD Tune Pro.exe (PID: 6880)
      • HD Tune Pro.exe (PID: 5380)

  • INFO

    • Checks supported languages

      • HD.Tune.Pro.5.75.Portable.exe (PID: 1428)
      • HD Tune Pro.exe (PID: 6880)
      • HD Tune Pro.exe (PID: 5380)

    • Reads the computer name

      • HD.Tune.Pro.5.75.Portable.exe (PID: 1428)
      • HD Tune Pro.exe (PID: 6880)
      • HD Tune Pro.exe (PID: 5380)

    • Manual execution by a user

      • HD Tune Pro.exe (PID: 6880)
      • HD Tune Pro.exe (PID: 5380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:01:28 15:00:00+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 158720
InitializedDataSize: 39936
UninitializedDataSize: -
EntryPoint: 0x24f5a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 18.1.0.0
ProductVersionNumber: 18.1.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Soft98.iR
FileDescription: Compress
FileVersion: 1.3
InternalName: Compress
LegalCopyright: Copyright (c) 2018
OriginalFileName: -
ProductName: -
ProductVersion: -
Comments: Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
8
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start hd.tune.pro.5.75.portable.exe rundll32.exe no specs hd tune pro.exe hd tune pro.exe no specs werfault.exe no specs hd tune pro.exe hd tune pro.exe no specs werfault.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1428"C:\Users\admin\AppData\Local\Temp\HD.Tune.Pro.5.75.Portable.exe" C:\Users\admin\AppData\Local\Temp\HD.Tune.Pro.5.75.Portable.exe
explorer.exe
User:
admin
Company:
Soft98.iR
Integrity Level:
MEDIUM
Description:
Compress
Exit code:
0
Version:
1.3
Modules
Images
c:\users\admin\appdata\local\temp\hd.tune.pro.5.75.portable.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1992C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5380 -s 620C:\Windows\SysWOW64\WerFault.exeHD Tune Pro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
5380"C:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exe" C:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exe
explorer.exe
User:
admin
Company:
EFD Software
Integrity Level:
MEDIUM
Description:
HD Tune Pro
Version:
5, 7, 5, 0
Modules
Images
c:\users\admin\desktop\hd.tune.pro.5.75.portable\hd tune pro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
5608"C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe" C:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exeHD Tune Pro.exe
User:
admin
Company:
EFD Software
Integrity Level:
MEDIUM
Description:
HD Tune Pro
Version:
5, 7, 5, 0
6684C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
6880"C:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exe" C:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exe
explorer.exe
User:
admin
Company:
EFD Software
Integrity Level:
MEDIUM
Description:
HD Tune Pro
Version:
5, 7, 5, 0
Modules
Images
c:\users\admin\desktop\hd.tune.pro.5.75.portable\hd tune pro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6908"C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe" C:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exeHD Tune Pro.exe
User:
admin
Company:
EFD Software
Integrity Level:
MEDIUM
Description:
HD Tune Pro
Version:
5, 7, 5, 0
7092C:\WINDOWS\SysWOW64\WerFault.exe -u -p 6880 -s 652C:\Windows\SysWOW64\WerFault.exeHD Tune Pro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
10 279
Read events
10 265
Write events
14
Delete events
0

Modification events

(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@C:\Program Files (x86)\Common Files\system\wab32res.dll,-10100
Value:
Contacts
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
12
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
86
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
Operation:writeName:LastUpdate
Value:
A9F2876600000000
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(1428) HD.Tune.Pro.5.75.Portable.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
Executable files
1
Suspicious files
6
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
6880HD Tune Pro.exeC:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\Data\Registry.rw.tvr.transactbinary
MD5:BDDE5AA6B9D9D43FA1D0C97C8ADACEF1
SHA256:C9262D11A808CB9F01E391DBBAF400BB4C7F7F1B8764343EDADFA308F65A7A65
6880HD Tune Pro.exeC:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\Data\Registry.rw.tvr.lck.DESKTOP-JGLLJLD.ffffffff.1ae4binary
MD5:A9AA221321DA7FF6D2CF8F97E24D86C2
SHA256:2C65D87A11DBE41BD8196E566DE4AB68EA49F093A449B5130FA799D26A50C3EB
1428HD.Tune.Pro.5.75.Portable.exeC:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\Soft98.iR.urlurl
MD5:3DDF222B0633A83ECD9F4DD34F1D3FD3
SHA256:CD49C8C8A991A045E07E301C17735760A6C0C4EF533882C48A7F1D9AF6FC8582
1428HD.Tune.Pro.5.75.Portable.exeC:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\HD Tune Pro.exeexecutable
MD5:D12427C936FBCBF4E2CBF3C3BAA8FDC3
SHA256:5A62FBADC6F001D197F7CEF0A1F8CFA4C3778560A8D1C84A7FD659793D00FF4E
6880HD Tune Pro.exeC:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\Data\Registry.rw.tvr.lckbinary
MD5:A9AA221321DA7FF6D2CF8F97E24D86C2
SHA256:2C65D87A11DBE41BD8196E566DE4AB68EA49F093A449B5130FA799D26A50C3EB
7092WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER79F6.tmp.WERInternalMetadata.xmlxml
MD5:0B9B821A03E4124C7D61D5D9BBEAC9CE
SHA256:7CC36579053CDFCEEA0B65AA7CDCD7F2B0B1C7B1A021DCF856A331906DD2F0E8
1992WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC17F.tmp.WERInternalMetadata.xmlxml
MD5:63ECF29400248BC9C282B2943DC80024
SHA256:601A72156552F216DC3DEB34FAAACA25B32B8202D74EECDEDF6613D5E3570D78
6880HD Tune Pro.exeC:\Users\admin\Desktop\HD.Tune.Pro.5.75.Portable\Data\Registry.rw.tvrbinary
MD5:BDDE5AA6B9D9D43FA1D0C97C8ADACEF1
SHA256:C9262D11A808CB9F01E391DBBAF400BB4C7F7F1B8764343EDADFA308F65A7A65
7092WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER78FB.tmp.dmpbinary
MD5:BC9B8C9BAE8E36C64FDD50078B224234
SHA256:1BAE449FCD653FE35D92240C7A53C2E0FE274485B6BEA9FEEF65B6EC81A23079
7092WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER7A26.tmp.xmlxml
MD5:D7A3261EF21A988626D676E5FA5E752B
SHA256:187A7FB9AB6EF684827704406B75E75048AF9F169FD24993B99991010DC59084
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
58
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1888
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
1888
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
6068
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
3800
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
6736
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
6736
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4656
SearchApp.exe
104.126.37.144:443
Akamai International B.V.
DE
unknown
4032
svchost.exe
239.255.255.250:1900
unknown
1452
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2060
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1888
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
unknown
1888
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1888
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
unknown
1888
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 51.104.136.2
unknown
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.72
unknown
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
login.live.com
  • 40.126.32.140
  • 20.190.160.17
  • 40.126.32.72
  • 40.126.32.134
  • 40.126.32.76
  • 40.126.32.68
  • 20.190.160.22
  • 40.126.32.133
unknown
go.microsoft.com
  • 23.218.210.69
unknown
slscr.update.microsoft.com
  • 20.12.23.50
unknown
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
unknown
arc.msn.com
  • 20.31.169.57
unknown
self.events.data.microsoft.com
  • 104.46.162.224
unknown

Threats

No threats detected
Process
Message
HD Tune Pro.exe
<?dml?>#3 p=6880/1AE0h t=6884/1AE4h: <link cmd=".reload /f nt0_dll.dll=0x7FC80000">Reload</link> <b>nt0_dll.dll</b> 0x7FC80000 packaged
HD Tune Pro.exe
<?dml?>#1 p=6880/1AE0h t=6884/1AE4h: <link cmd=".reload /f boot_loader.exe=0x66200000">Reload</link> <b>boot_loader.exe</b> 0x66200000
HD Tune Pro.exe
<?dml?>#2 p=6880/1AE0h t=6884/1AE4h: Loading packaged nt0_dll.dll...
HD Tune Pro.exe
<?dml?>#1 p=5380/1504h t=2028/7ECh: <link cmd=".reload /f boot_loader.exe=0x66200000">Reload</link> <b>boot_loader.exe</b> 0x66200000
HD Tune Pro.exe
<?dml?>#2 p=5380/1504h t=2028/7ECh: Loading packaged nt0_dll.dll...
HD Tune Pro.exe
<?dml?>#3 p=5380/1504h t=2028/7ECh: <link cmd=".reload /f nt0_dll.dll=0x7FC80000">Reload</link> <b>nt0_dll.dll</b> 0x7FC80000 packaged
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
HD.Tune.Pro.5.75.Portable.exe