File name:

RonyaSoft CD DVD Label Maker 3.02 Install.exe

Full analysis: https://app.any.run/tasks/cda63ddc-c574-472e-9c41-bcdbb8862cdd
Verdict: Malicious activity
Threats:

Metamorfo is a trojan malware family that has been active since 2018. It remains a top threat, focusing on stealing victims’ financial information, including banking credentials and other data. The malware is known for targeting users in Brazil.

Malware Trends Tracker     >>>
Analysis date: January 28, 2024, 17:12:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
metamorfo
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

A124B965E75594EEE124A12C0603190B

SHA1:

64DB8DBBACADD14B20A5826B2A6D4583DDC7CA3E

SHA256:

ECC504565761E793D7E4DD76636975A6226B136FC9D6DC374F853BB9429F7E47

SSDEEP:

98304:HTl8t0dJesXlllIgehixLcZmuC/0Sn918fBCzOb7bzdBrw1fuPkQ/xDpxUwSLX/W:tQggN/1IhAlr6ifmPgECxTMFvOkN2cuv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • METAMORFO has been detected (YARA)

      • CDDVDLabelMaker.exe (PID: 2356)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • The process creates files with name similar to system file names

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Executable content was dropped or overwritten

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads the Internet Settings

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

  • INFO

    • Checks supported languages

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads the computer name

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Create files in a temporary directory

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads Environment values

      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads product name

      • CDDVDLabelMaker.exe (PID: 2356)

    • Creates files in the program directory

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads the machine GUID from the registry

      • CDDVDLabelMaker.exe (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 23:50:41+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ronyasoft cd dvd label maker 3.02 install.exe #METAMORFO cddvdlabelmaker.exe ronyasoft cd dvd label maker 3.02 install.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2356"C:\Program Files\RonyaSoft\CD DVD Label Maker\CDDVDLabelMaker.exe"C:\Program Files\RonyaSoft\CD DVD Label Maker\CDDVDLabelMaker.exe
RonyaSoft CD DVD Label Maker 3.02 Install.exe
User:
admin
Company:
RonyaSoft
Integrity Level:
HIGH
Description:
RonyaSoft CD DVD Label Maker
Exit code:
0
Version:
3.2.20.1
Modules
Images
c:\program files\ronyasoft\cd dvd label maker\cddvdlabelmaker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2628"C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe" C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\ronyasoft cd dvd label maker 3.02 install.exe
c:\windows\system32\ntdll.dll
2736"C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe" C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ronyasoft cd dvd label maker 3.02 install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
1 104
Read events
1 103
Write events
0
Delete events
1

Modification events

(PID) Process:(2356) CDDVDLabelMaker.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{2A09C7F3-B8BC-45AF-B610-B212E697150A}
Operation:delete keyName:(default)
Value:
Executable files
860
Suspicious files
3 169
Text files
144
Unknown types
0

Dropped files

PID
Process
Filename
Type
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\LangDLL.dllexecutable
MD5:9384F4007C492D4FA040924F31C00166
SHA256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\modern-wizard.bmpimage
MD5:9677343374C1A0735B61CA9919A7387A
SHA256:58C467E96D6544330E820E5F1358C4F41CB486EC4A41A7D96B45070B6A1B764D
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Blu-ray Double Insert.rdlbinary
MD5:3F6F215AEB3E06E06F4992209388300D
SHA256:EBCA22C9888E62AC8A328793021C88ACC4B98E9BE6835D7A737A83E641334309
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Blu-ray Insert.rdlbinary
MD5:8104A7F387515694ABD3A446D68B7FB1
SHA256:AAE21F503697FF751AB7B7D92AB67D4F24DBF06955672FE3CE3233EE7C617731
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\StartMenu.dllexecutable
MD5:A4173B381625F9F12AADB4E1CDAEFDB8
SHA256:7755FF2707CA19344D489A5ACEC02D9E310425FA6E100D2F13025761676B875B
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\CD Back Insert.rdlbinary
MD5:819166E83195407CD380DB7019988E09
SHA256:45352E4314A0849E836058F23E7337CAD087F33AA1FE7837720EC74F89CC1E5E
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Origami CD Case.rdlbinary
MD5:E772D3855A2A0E11CDCAC825A24A9DCD
SHA256:51CCD188D74F14634CED3111EB2CBABC3B983F15003EE3543A35A0B0D7790124
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Paper Sleeve.rdlbinary
MD5:E23C98EF0896BB40C4983A91BDFFB3C3
SHA256:44DA3F0204A0C23036228D35D4030C3ACD6B7A475DB2813D7196204E4D955EE9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
CDDVDLabelMaker.exe
[TMAIN; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdInitializeSource, ID: 1, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[TMAIN; 0 (0)]: Dump(String): " Symbols: 76660000, FileName: "C:\Windows\system32\kernel32.dll", FUsed: 0"
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdInitializeDebugSymbols, ID: 2, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeSource, ID: 1, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeDebugSymbols, ID: 2, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): " Symbols: 76660000, FileName: "C:\Windows\system32\kernel32.dll", FUsed: 1"
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdCleanupDebugSymbols, ID: 3, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdCleanupDebugSymbols, ID: 3, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 62 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeSource, ID: 5, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 62 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdCleanupDebugSymbols, ID: 7, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RonyaSoft CD DVD Label Maker 3.02 Install.exe