File name:

软件程序1.0.1.exe

Full analysis: https://app.any.run/tasks/aa422add-3717-4ba1-b3f9-a3e369770fc7
Verdict: Malicious activity
Analysis date: June 21, 2025, 07:19:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
golang
arch-exec
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 5 sections
MD5:

9061EB93F61DEB24F1A181DFFD0F1F5B

SHA1:

D8B3B0508DDD7A62312961C71B69BDFE6205221E

SHA256:

F390BC3284D9B88CE7D526FEF068763A15B2F6A5AE990927FF7A192DED8DADAA

SSDEEP:

98304:Jelf8AVOqBsF/QvEK5MxQ9LE2Kv4vnq9jD5AclmmsFUv0vZSCfAyZaB+ZSC7dImB:/pFGoRqd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • 软件程序1.0.1.exe (PID: 5400)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • 软件程序1.0.1.exe (PID: 5400)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6640)

  • INFO

    • Checks supported languages

      • 软件程序1.0.1.exe (PID: 5400)

    • Manual execution by a user

      • WinRAR.exe (PID: 1560)
      • WinRAR.exe (PID: 6368)
      • WinRAR.exe (PID: 6640)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 2148)
      • OpenWith.exe (PID: 2580)

    • Application based on Golang

      • 软件程序1.0.1.exe (PID: 5400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:03:02 03:38:31+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware
PEType: PE32+
LinkerVersion: 8
CodeSize: 149504
InitializedDataSize: 155648
UninitializedDataSize: -
EntryPoint: 0x21c70
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 1.1.1.0
ProductVersionNumber: 1.1.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Sejin Chun
FileDescription: Language Translator
FileVersion: 1.1.1
InternalName: Language Translator
LegalCopyright: Copyright (c) 2005-2025 Chun Sejin
ProductName: Language Translator
ProductVersion: 1.1.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
7
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start 软件程序1.0.1.exe no specs slui.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs openwith.exe no specs openwith.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1560"C:\Program Files\WinRAR\WinRAR.exe" a -ep1 -scul -r0 -iext -- . C:\Users\admin\Desktop\软件程序1.0.1.exeC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2148C:\WINDOWS\system32\OpenWith.exe -EmbeddingC:\Windows\System32\OpenWith.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2580C:\WINDOWS\system32\OpenWith.exe -EmbeddingC:\Windows\System32\OpenWith.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4700C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5400"C:\Users\admin\Desktop\软件程序1.0.1.exe" C:\Users\admin\Desktop\软件程序1.0.1.exeexplorer.exe
User:
admin
Company:
Sejin Chun
Integrity Level:
MEDIUM
Description:
Language Translator
Version:
1.1.1
Modules
Images
c:\users\admin\desktop\软件程序1.0.1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6368"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\软件程序1.0.1.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6640"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\软件程序1.0.1.exe" C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
4 651
Read events
4 594
Write events
43
Delete events
14

Modification events

(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:15
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:14
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:13
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:12
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:11
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:10
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:9
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:8
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:7
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
Operation:delete valueName:6
Value:
Executable files
0
Suspicious files
4
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa6640.27090\软件程序1.0.1binary
MD5:D093872E88F3DA2BC67BE2D79F14BB89
SHA256:D9BABC4AAAE295EA7AFE9BD76CEF006714929B6CE1BBECBF4B6DC5DCCA477640
1560WinRAR.exeC:\Users\admin\Desktop\软件程序1.0.1.rarcompressed
MD5:CCE759D4AE1BF2CD22626CF8D8CE9699
SHA256:103D90CCEABE5C6C6C279079B51B4310D37403FD6E835CE5CC01152CEB0EE328
6640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa6640.27447\软件程序1.0.1binary
MD5:D093872E88F3DA2BC67BE2D79F14BB89
SHA256:D9BABC4AAAE295EA7AFE9BD76CEF006714929B6CE1BBECBF4B6DC5DCCA477640
6640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6640.27864\软件程序1.0.1binary
MD5:D093872E88F3DA2BC67BE2D79F14BB89
SHA256:D9BABC4AAAE295EA7AFE9BD76CEF006714929B6CE1BBECBF4B6DC5DCCA477640
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
22
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
184.24.77.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2468
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2468
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1200
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2028
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
184.24.77.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2468
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2468
SIHClient.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 184.24.77.12
  • 184.24.77.35
  • 184.24.77.6
  • 184.24.77.37
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
login.live.com
  • 20.190.160.131
  • 20.190.160.4
  • 20.190.160.20
  • 20.190.160.22
  • 20.190.160.3
  • 20.190.160.64
  • 20.190.160.67
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
软件程序1.0.1.exe