File name:

CUH.EXE

Full analysis: https://app.any.run/tasks/c8ab6b70-41f2-42ea-a1df-7db0d573b897
Verdict: Malicious activity
Threats:

A backdoor is a type of cybersecurity threat that allows attackers to secretly compromise a system and conduct malicious activities, such as stealing data and modifying files. Backdoors can be difficult to detect, as they often use legitimate system applications to evade defense mechanisms. Threat actors often utilize special malware, such as PlugX, to establish backdoors on target devices.

Malware Trends Tracker     >>>
Analysis date: July 01, 2025, 15:13:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
floxif
backdoor
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

B4F8443A1C9F56A0762C685A04FEF8FA

SHA1:

2AFEE623640BDE731CB9C2C326671A45A108E521

SHA256:

FC13BE5A66383BA13AB19A8A4A80269E355DD1A4508B641E75637520F17B43B9

SSDEEP:

98304:ibkPPn1kqkGBGQXKMfe6rykL2WarMCcX0x/5OwqXIL/q0V3pO9BP+XWj:X

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • FLOXIF mutex has been found

      • CUH.EXE.exe (PID: 3300)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • The sample compiled with english language support

      • CUH.EXE.exe (PID: 3300)

    • Checks supported languages

      • CUH.EXE.exe (PID: 3300)

    • Create files in a temporary directory

      • CUH.EXE.exe (PID: 3300)

    • Reads the computer name

      • CUH.EXE.exe (PID: 3300)

    • Reads the machine GUID from the registry

      • CUH.EXE.exe (PID: 3300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:01:24 16:18:06+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 2634752
InitializedDataSize: 1180672
UninitializedDataSize: -
EntryPoint: 0x235412
OSVersion: 5.1
ImageVersion: 13
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 13.0.0.659
ProductVersionNumber: 13.0.0.659
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Builton: Wed 01/24/2024 11:18:04.36
Builtas: UNICODE
CompanyName: Corel Corporation
FileDescription: Corel Update Helper x32
FileVersion: 13.0.0.659
InternalName: Corel Update Helper
LegalCopyright: Copyright(c) 2021 Corel Corporation
LegalTrademarks: Copyright(c) 2021 Corel Corporation
OriginalFileName: CUH.exe
ProductName: Corel Common Framework
ProductVersion: 13.0.0.659
LanguageBuildID: -
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #FLOXIF cuh.exe.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3300"C:\Users\admin\AppData\Local\Temp\CUH.EXE.exe" C:\Users\admin\AppData\Local\Temp\CUH.EXE.exe
explorer.exe
User:
admin
Company:
Corel Corporation
Integrity Level:
MEDIUM
Description:
Corel Update Helper x32
Exit code:
0
Version:
13.0.0.659
Modules
Images
c:\users\admin\appdata\local\temp\cuh.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
97
Read events
89
Write events
8
Delete events
0

Modification events

(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:model
Value:
DELL|DELL
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:bios
Value:
DELL
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:cardnumber
Value:
7
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:7
Value:
62AEF2F5C88B
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:HFNCv2
Value:
62AEF2F5C88B
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:networkcard
Value:
62AEF2F5C88B
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\PCU
Operation:writeName:HFIv2
Value:
V220DE17E0CBBB28915B7BC1B751BFAD55
(PID) Process:(3300) CUH.EXE.exeKey:HKEY_CURRENT_USER\Software\Corel\CUH\2.0
Operation:writeName:TaskId
Value:
CorelUpdateHelperTask-E78398FBFEA5DDF15050EE6D7780661C
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
3300CUH.EXE.exeC:\Users\admin\AppData\Local\Temp\CUH.EXE_PCULog0.txttext
MD5:07A113E1C2E760C8728ED17EBD99DEC5
SHA256:D2E569E97A96045E826BF6E2EF5F6A7A293A9F6DE8D07DA55610D433374CD43B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CUH.EXE