File name:

RonyaSoft CD DVD Label Maker 3.02 Install.exe

Full analysis: https://app.any.run/tasks/cda63ddc-c574-472e-9c41-bcdbb8862cdd
Verdict: Malicious activity
Threats:

Metamorfo is a trojan malware family that has been active since 2018. It remains a top threat, focusing on stealing victims’ financial information, including banking credentials and other data. The malware is known for targeting users in Brazil.

Malware Trends Tracker     >>>
Analysis date: January 28, 2024, 17:12:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
metamorfo
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

A124B965E75594EEE124A12C0603190B

SHA1:

64DB8DBBACADD14B20A5826B2A6D4583DDC7CA3E

SHA256:

ECC504565761E793D7E4DD76636975A6226B136FC9D6DC374F853BB9429F7E47

SSDEEP:

98304:HTl8t0dJesXlllIgehixLcZmuC/0Sn918fBCzOb7bzdBrw1fuPkQ/xDpxUwSLX/W:tQggN/1IhAlr6ifmPgECxTMFvOkN2cuv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • METAMORFO has been detected (YARA)

      • CDDVDLabelMaker.exe (PID: 2356)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads the Internet Settings

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Executable content was dropped or overwritten

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

  • INFO

    • Checks supported languages

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Creates files in the program directory

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads the computer name

      • CDDVDLabelMaker.exe (PID: 2356)
      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads product name

      • CDDVDLabelMaker.exe (PID: 2356)

    • Create files in a temporary directory

      • CDDVDLabelMaker.exe (PID: 2356)
      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads the machine GUID from the registry

      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads Environment values

      • CDDVDLabelMaker.exe (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 23:50:41+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ronyasoft cd dvd label maker 3.02 install.exe #METAMORFO cddvdlabelmaker.exe ronyasoft cd dvd label maker 3.02 install.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2356"C:\Program Files\RonyaSoft\CD DVD Label Maker\CDDVDLabelMaker.exe"C:\Program Files\RonyaSoft\CD DVD Label Maker\CDDVDLabelMaker.exe
RonyaSoft CD DVD Label Maker 3.02 Install.exe
User:
admin
Company:
RonyaSoft
Integrity Level:
HIGH
Description:
RonyaSoft CD DVD Label Maker
Exit code:
0
Version:
3.2.20.1
Modules
Images
c:\program files\ronyasoft\cd dvd label maker\cddvdlabelmaker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2628"C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe" C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\ronyasoft cd dvd label maker 3.02 install.exe
c:\windows\system32\ntdll.dll
2736"C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe" C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ronyasoft cd dvd label maker 3.02 install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
1 104
Read events
1 103
Write events
0
Delete events
1

Modification events

(PID) Process:(2356) CDDVDLabelMaker.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{2A09C7F3-B8BC-45AF-B610-B212E697150A}
Operation:delete keyName:(default)
Value:
Executable files
860
Suspicious files
3 169
Text files
144
Unknown types
0

Dropped files

PID
Process
Filename
Type
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\LangDLL.dllexecutable
MD5:9384F4007C492D4FA040924F31C00166
SHA256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\StartMenu.dllexecutable
MD5:A4173B381625F9F12AADB4E1CDAEFDB8
SHA256:7755FF2707CA19344D489A5ACEC02D9E310425FA6E100D2F13025761676B875B
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\CD Back Insert.rdlbinary
MD5:819166E83195407CD380DB7019988E09
SHA256:45352E4314A0849E836058F23E7337CAD087F33AA1FE7837720EC74F89CC1E5E
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Blu-ray Insert.rdlbinary
MD5:8104A7F387515694ABD3A446D68B7FB1
SHA256:AAE21F503697FF751AB7B7D92AB67D4F24DBF06955672FE3CE3233EE7C617731
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Origami CD Case.rdlbinary
MD5:E772D3855A2A0E11CDCAC825A24A9DCD
SHA256:51CCD188D74F14634CED3111EB2CBABC3B983F15003EE3543A35A0B0D7790124
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Index.dattext
MD5:9EEA8B033BA13A8DF4CFB37A3B8C5766
SHA256:844BB1F466D127D38D2A3F12FE4E822E81348F98D6FEA01C65961035C5DE5399
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Blu-ray Double Insert.rdlbinary
MD5:3F6F215AEB3E06E06F4992209388300D
SHA256:EBCA22C9888E62AC8A328793021C88ACC4B98E9BE6835D7A737A83E641334309
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Full Face Label (with bleeds).rdlbinary
MD5:C73B63E51CA075DFAC7A1A71DAA9D8E7
SHA256:70C1A54BF8F19C3CA1190E9DF5A4BF54243E01F9B1F437FBD93C9E2C171544B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
CDDVDLabelMaker.exe
[TMAIN; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdInitializeSource, ID: 1, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[TMAIN; 0 (0)]: Dump(String): " Symbols: 76660000, FileName: "C:\Windows\system32\kernel32.dll", FUsed: 0"
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdInitializeDebugSymbols, ID: 2, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeSource, ID: 1, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeDebugSymbols, ID: 2, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): " Symbols: 76660000, FileName: "C:\Windows\system32\kernel32.dll", FUsed: 1"
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdCleanupDebugSymbols, ID: 3, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdCleanupDebugSymbols, ID: 3, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 62 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeSource, ID: 5, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 62 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdCleanupDebugSymbols, ID: 7, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RonyaSoft CD DVD Label Maker 3.02 Install.exe