File name:

iMyfone.Fixppo.v.7.4.0.3.Setup.exe

Full analysis: https://app.any.run/tasks/1672c780-bc71-46ca-a126-cb942989b6bc
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 21:31:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

417768A7DA3487DE8C7D90297F2BA6C7

SHA1:

47279FDA0DA72E3B3C85142535F4C36281BB6CB4

SHA256:

F9956493020181E8B438405B2170D05D69E9BE8FA4ACF1FE767CAA01411E445E

SSDEEP:

12288:Au8dOUcPb6qVWNlTx5MWv/nVZ/g0iIcLpK8XyHBw1amyl3cZVVVR:oOLmqVy5Dv/nVVgdIctK8XyH6Tyl32z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1604)
      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • There is functionality for taking screenshot (YARA)

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Process requests binary or script from the Internet

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Executes application which crashes

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

  • INFO

    • Checks supported languages

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Reads the computer name

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Creates files in the program directory

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • The sample compiled with english language support

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Reads the software policy settings

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • WerFault.exe (PID: 7120)

    • Creates files or folders in the user directory

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • WerFault.exe (PID: 7120)

    • Reads the machine GUID from the registry

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)

    • Checks proxy server information

      • iMyfone.Fixppo.v.7.4.0.3.Setup.exe (PID: 1496)
      • WerFault.exe (PID: 7120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:02:14 07:20:45+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 137728
InitializedDataSize: 458240
UninitializedDataSize: -
EntryPoint: 0x1215a
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.2
ProductVersionNumber: 2.0.0.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: iMyFone Fixppo
FileVersion: 2.0.0.2
InternalName: Fixppo_Setup
LegalCopyright: Copyright©2019 iMyFone Technology Co., Ltd. All Rights Reserved
OriginalFileName: Fixppo_Setup.exe
ProductName: iMyFone Fixppo
ProductVersion: 2.0.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start imyfone.fixppo.v.7.4.0.3.setup.exe werfault.exe werfault.exe no specs imyfone.fixppo.v.7.4.0.3.setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1352C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1496 -s 2576C:\Windows\SysWOW64\WerFault.exeiMyfone.Fixppo.v.7.4.0.3.Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1496"C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exe" C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
iMyFone Fixppo
Exit code:
3221226356
Version:
2.0.0.2
Modules
Images
c:\users\admin\appdata\local\temp\imyfone.fixppo.v.7.4.0.3.setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1604"C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exe" C:\Users\admin\AppData\Local\Temp\iMyfone.Fixppo.v.7.4.0.3.Setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
iMyFone Fixppo
Exit code:
3221226540
Version:
2.0.0.2
Modules
Images
c:\users\admin\appdata\local\temp\imyfone.fixppo.v.7.4.0.3.setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7120C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1496 -s 2552C:\Windows\SysWOW64\WerFault.exe
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
4 568
Read events
4 557
Write events
8
Delete events
3

Modification events

(PID) Process:(1496) iMyfone.Fixppo.v.7.4.0.3.Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1496) iMyfone.Fixppo.v.7.4.0.3.Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1496) iMyfone.Fixppo.v.7.4.0.3.Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7120) WerFault.exeKey:\REGISTRY\A\{66493f5c-6ae3-3db4-587e-0a116bdc5072}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(7120) WerFault.exeKey:\REGISTRY\A\{66493f5c-6ae3-3db4-587e-0a116bdc5072}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(7120) WerFault.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:ClockTimeSeconds
Value:
EC24576800000000
(PID) Process:(7120) WerFault.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:TickCount
Value:
E7BC170000000000
Executable files
0
Suspicious files
10
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
7120WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERAA98.tmp.dmp
MD5:
SHA256:
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\English.initext
MD5:B1CB243D99CDFA4509E90ADBFB8C284F
SHA256:69E88E26087D63D81A7019618AA47983191C126B78552CE251A2D878E3B11D76
7120WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_iMyfone.Fixppo.v_231a383e5a6d1174722d29c67337d1fbba006b_d8b5707a_822bfea5-f0bf-4533-9377-5a786f4992ce\Report.wer
MD5:
SHA256:
7120WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\iMyfone.Fixppo.v.7.4.0.3.Setup.exe.1496.dmp
MD5:
SHA256:
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\Italian.initext
MD5:E975499100B530A73B50890DD333D425
SHA256:191D3CF435C63D4BAF613BDAF4E8C268726CCF4CCFA51296AA84818C22A4E09F
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\French.initext
MD5:0528BD9DEF5DD11E8B0C8951A2DD2751
SHA256:9DE6568DBE8E234546FEDBF8DBED4DD1B5468DAA5B2A51CF31531CA996AE97FE
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\imyfone-ios-system-recovery-setup[1].htmhtml
MD5:7F6BE3D33CAAE2A45EA937DA468BA736
SHA256:D2B62DF5C15C2F4C94F47F92A491B8556E38B388C5674BB27F18A02D8CB819C1
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Program Files (x86)\imyfone_down\iMyfone.Fixppo.v.7.4.0.3.Setup\German.initext
MD5:A888AD531EE2FF6260CF84C8FF16BB68
SHA256:791512E1084BD412FC5EF9C7F29CDA072BADB9A6F0B59A0ACBFAB0090DAB8209
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BEbinary
MD5:FEB4EB664AE2C691146C28534C01A0E5
SHA256:DAD1CE5D11654C2588BAD0C6749DD19FCD09078F34F84DA1D6C63E828EA52E8E
1496iMyfone.Fixppo.v.7.4.0.3.Setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_2522A05D575042E2DE484FEBBDBA1D5Cbinary
MD5:2999AA89749CD9DB36913A75FDEF27F9
SHA256:D415D1B703E7306004306028168AB4572AB9FF8ABE160C6CC0A56FE1957F5692
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
55
TCP/UDP connections
78
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2288
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
US
html
245 b
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D
DE
binary
471 b
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
200
2.23.77.188:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEA2L6y22vPmqqsI0733hKjA%3D
DE
binary
471 b
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
US
html
245 b
unknown
5944
MoUsoCoreWorker.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
US
binary
825 b
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
US
html
245 b
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
US
html
245 b
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
GET
301
47.254.67.250:80
http://www.imyfone.de/download/trial/ios-system-recovery/imyfone-ios-system-recovery-setup.exe
US
html
245 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4868
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2288
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2288
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
47.254.67.250:80
www.imyfone.de
Alibaba US Technology Co., Ltd.
US
unknown
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
163.181.254.221:443
de.imyfone.com
US
whitelisted
1496
iMyfone.Fixppo.v.7.4.0.3.Setup.exe
163.181.58.175:80
ocsp.digicert.cn
MY
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.184.206
whitelisted
login.live.com
  • 20.190.160.22
  • 20.190.160.17
  • 20.190.160.14
  • 20.190.160.128
  • 20.190.160.20
  • 20.190.160.2
  • 20.190.160.64
  • 40.126.32.76
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted
www.imyfone.de
  • 47.254.67.250
unknown
de.imyfone.com
  • 163.181.254.221
whitelisted
ocsp.digicert.cn
  • 163.181.58.175
  • 163.181.58.174
  • 163.181.58.173
  • 163.181.58.176
  • 163.181.58.171
  • 163.181.58.172
  • 163.181.58.170
  • 163.181.58.177
whitelisted
status.rapidssl.com
  • 2.23.77.188
whitelisted
crl.microsoft.com
  • 23.55.104.172
  • 23.55.104.190
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iMyfone.Fixppo.v.7.4.0.3.Setup.exe