File name:

iMyfone.Fixppo.v.7.4.0.3.Setup.exe

Full analysis: https://app.any.run/tasks/1672c780-bc71-46ca-a126-cb942989b6bc
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 21:31:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

417768A7DA3487DE8C7D90297F2BA6C7

SHA1:

47279FDA0DA72E3B3C85142535F4C36281BB6CB4

SHA256:

F9956493020181E8B438405B2170D05D69E9BE8FA4ACF1FE767CAA01411E445E

SSDEEP:

12288:Au8dOUcPb6qVWNlTx5MWv/nVZ/g0iIcLpK8XyHBw1amyl3cZVVVR:oOLmqVy5Dv/nVVgdIctK8XyH6Tyl32z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1604)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Reads security settings of Internet Explorer

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Process requests binary or script from the Internet

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Executes application which crashes

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

  • INFO

    • The sample compiled with english language support

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Checks supported languages

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Creates files in the program directory

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Reads the computer name

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Reads the machine GUID from the registry

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Reads the software policy settings

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • WerFault.exe (PID: 7120)

    • Checks proxy server information

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • WerFault.exe (PID: 7120)

    • Creates files or folders in the user directory

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • WerFault.exe (PID: 7120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:02:14 07:20:45+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 137728
InitializedDataSize: 458240
UninitializedDataSize: -
EntryPoint: 0x1215a
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.2
ProductVersionNumber: 2.0.0.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: iMyFone Fixppo
FileVersion: 2.0.0.2
InternalName: Fixppo_Setup
LegalCopyright: Copyright©2019 iMyFone Technology Co., Ltd. All Rights Reserved
OriginalFileName: Fixppo_Setup.exe
ProductName: iMyFone Fixppo
ProductVersion: 2.0.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start imyfone.fixppo.v.7.4.0.3.setup.exe werfault.exe werfault.exe no specs imyfone.fixppo.v.7.4.0.3.setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1352C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1496 -s 2576C:\Windows\SysWOW64\WerFault.exeiMyfone.Fixppo.v.7.4.0.3.Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1496"C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exe" C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
iMyFone Fixppo
Exit code:
3221226356
Version:
2.0.0.2
Modules
Images
c:\users\admin\appdata\local\temp\imyfone.fixppo.v.7.4.0.3.setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1604"C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exe" C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
iMyFone Fixppo
Exit code:
3221226540
Version:
2.0.0.2
Modules
Images
c:\users\admin\appdata\local\temp\imyfone.fixppo.v.7.4.0.3.setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7120C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1496 -s 2552C:\Windows\SysWOW64\WerFault.exe
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
4 568
Read events
4 557
Write events
8
Delete events
3

Modification events

(PID) Process:(1496) iMyfone.Fixppo.v.7.4.0.3.Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1496) iMyfone.Fixppo.v.7.4.0.3.Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1496) iMyfone.Fixppo.v.7.4.0.3.Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7120) WerFault.exeKey:\REGISTRY\A\{66493f5c-6ae3-3db4-587e-0a116bdc5072}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(7120) WerFault.exeKey:\REGISTRY\A\{66493f5c-6ae3-3db4-587e-0a116bdc5072}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(7120) WerFault.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:ClockTimeSeconds
Value:
EC24576800000000
(PID) Process:(7120) WerFault.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:TickCount
Value:
E7BC170000000000
Executable files
0
Suspicious files
10
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
7120WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERAA98.tmp.dmp
MD5:
SHA256:
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\English.initext
MD5:B1CB243D99CDFA4509E90ADBFB8C284F
SHA256:69E88E26087D63D81A7019618AA47983191C126B78552CE251A2D878E3B11D76
7120WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_iMyfone.Fixppo.v_231a383e5a6d1174722d29c67337d1fbba006b_d8b5707a_822bfea5-f0bf-4533-9377-5a786f4992ce\Report.wer
MD5:
SHA256:
7120WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\iMyfone.Fixppo.v.7.4.0.3.Setup.exe.1496.dmp
MD5:
SHA256:
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\Italian.initext
MD5:E975499100B530A73B50890DD333D425
SHA256:191D3CF435C63D4BAF613BDAF4E8C268726CCF4CCFA51296AA84818C22A4E09F
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\Japanese.initext
MD5:EF13A7A8F881F64C8E439542B3D1D0DE
SHA256:722EEFD7809B677FAD585F1CF97B43A9190DA0C1D49ABB6FB82211684C068936
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\ChineseTW.initext
MD5:AB6200475E38B876B40B1AC3F7F90151
SHA256:9350DC8E47372E9A690F9C198BCBCBF400696463B4639A7FB4D55DF1B1B7AE1E
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BEbinary
MD5:912AAE792ACCD81F19816487329DB200
SHA256:08A0962E14E5EB5E5154A52667C42A29CB956CB926262D5125D3BF1BB892D9D2
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\imyfone-ios-system-recovery-setup[1].htmhtml
MD5:7F6BE3D33CAAE2A45EA937DA468BA736
SHA256:D2B62DF5C15C2F4C94F47F92A491B8556E38B388C5674BB27F18A02D8CB819C1
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BEbinary
MD5:FEB4EB664AE2C691146C28534C01A0E5
SHA256:DAD1CE5D11654C2588BAD0C6749DD19FCD09078F34F84DA1D6C63E828EA52E8E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
55
TCP/UDP connections
78
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2288
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
unknown
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
200
2.23.77.188:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEA2L6y22vPmqqsI0733hKjA%3D
unknown
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D
unknown
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
unknown
unknown
5944
MoUsoCoreWorker.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
unknown
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
unknown
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4868
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2288
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2288
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
47.254.67.250:80
www.imyfone.de
Alibaba US Technology Co., Ltd.
US
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
163.181.254.221:443
de.imyfone.com
US
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
163.181.58.175:80
ocsp.digicert.cn
MY
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.184.206
whitelisted
login.live.com
  • 20.190.160.22
  • 20.190.160.17
  • 20.190.160.14
  • 20.190.160.128
  • 20.190.160.20
  • 20.190.160.2
  • 20.190.160.64
  • 40.126.32.76
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted
www.imyfone.de
  • 47.254.67.250
unknown
de.imyfone.com
  • 163.181.254.221
whitelisted
ocsp.digicert.cn
  • 163.181.58.175
  • 163.181.58.174
  • 163.181.58.173
  • 163.181.58.176
  • 163.181.58.171
  • 163.181.58.172
  • 163.181.58.170
  • 163.181.58.177
whitelisted
status.rapidssl.com
  • 2.23.77.188
whitelisted
crl.microsoft.com
  • 23.55.104.172
  • 23.55.104.190
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iMyfone.Fixppo.v.7.4.0.3.Setup.exe