analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://install.avira-update.com/package/antivirus/win/en-us/avira_antivirus_en-us.exe

Full analysis: https://app.any.run/tasks/3bcfa2a8-704e-4eba-a210-5c26676a8b10
Verdict: Malicious activity
Analysis date: January 22, 2019, 18:24:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

ABB15D38831EE3EB9509B84FE6CC3D8A

SHA1:

52BC248BE1C5E00DBA2B98A4D2E6193FDAD3D0DD

SHA256:

FF6077DD4F1572B6149C69DE1749D7712B04F445D2D5262B45B3C7D5566D6BEC

SSDEEP:

3:N8LREJFRDElEGOTEUWQAZ/OTWQ6rA:2lgRZ3uGDSA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • presetup.exe (PID: 256)
      • avira_en____fm.exe (PID: 2188)
      • rundll32.exe (PID: 2144)
      • rundll32.exe (PID: 3844)
      • rundll32.exe (PID: 3524)
      • rundll32.exe (PID: 3252)
      • rundll32.exe (PID: 3012)
      • rundll32.exe (PID: 2576)
      • rundll32.exe (PID: 3088)
      • rundll32.exe (PID: 2344)
      • rundll32.exe (PID: 3328)
      • rundll32.exe (PID: 3548)
      • Avira.ServiceHost.exe (PID: 2692)
      • rundll32.exe (PID: 1944)
      • rundll32.exe (PID: 3580)
      • Avira.Systray.exe (PID: 3752)
      • rundll32.exe (PID: 2652)
      • Avira.Systray.exe (PID: 3648)
      • rundll32.exe (PID: 876)
      • fact.exe (PID: 3236)
      • setup.exe (PID: 3168)
      • avira.exe (PID: 904)
      • rundll32.exe (PID: 2676)
      • rundll32.exe (PID: 3720)
      • rundll32.exe (PID: 3748)
      • rundll32.exe (PID: 3604)
      • avconfig.exe (PID: 1008)
      • drvinstall32.exe (PID: 3560)
      • rundll32.exe (PID: 2704)
      • rundll32.exe (PID: 3224)
      • rundll32.exe (PID: 4044)
      • rundll32.exe (PID: 1920)
      • rundll32.exe (PID: 3768)
      • rundll32.exe (PID: 2696)
      • rundll32.exe (PID: 3992)
      • rundll32.exe (PID: 3788)
      • rundll32.exe (PID: 3928)
      • rundll32.exe (PID: 3016)
      • regsvr32.exe (PID: 2636)
      • rundll32.exe (PID: 3652)
      • rundll32.exe (PID: 1160)
      • licmgr.exe (PID: 4000)
      • avconfig.exe (PID: 2196)
      • rundll32.exe (PID: 1624)
      • rundll32.exe (PID: 2580)
      • rundll32.exe (PID: 2376)
      • AviraSecurityCenterAgent.exe (PID: 3308)
      • rundll32.exe (PID: 3312)
      • avguard.exe (PID: 940)
      • rundll32.exe (PID: 4036)
      • Avira.ServiceHost.exe (PID: 3592)
      • rundll32.exe (PID: 3256)
      • rundll32.exe (PID: 2772)
      • rundll32.exe (PID: 2288)
      • rundll32.exe (PID: 2872)
      • avshadow.exe (PID: 3268)
      • AviraSecurityCenterAgent.exe (PID: 2160)
      • rundll32.exe (PID: 2832)

    • Application was dropped or rewritten from another process

      • avira_en____fm.exe (PID: 2188)
      • Avira.OE.Setup.Bundle.exe (PID: 3028)
      • Avira.OE.Setup.Prerequisites.exe (PID: 2568)
      • Avira.OE.Setup.Prerequisites.exe (PID: 3384)
      • Avira.ServiceHost.exe (PID: 2692)
      • Avira.Systray.exe (PID: 3752)
      • Avira.Systray.exe (PID: 3648)
      • avira_en____fm.exe (PID: 3504)
      • presetup.exe (PID: 3148)
      • presetup.exe (PID: 256)
      • setup.exe (PID: 3168)
      • fact.exe (PID: 3236)
      • Avira.OE.Setup.Bundle.exe (PID: 3792)
      • avira.exe (PID: 904)
      • Avira.OE.Setup.Prerequisites.exe (PID: 2540)
      • avconfig.exe (PID: 1008)
      • drvinstall32.exe (PID: 3560)
      • licmgr.exe (PID: 4000)
      • avconfig.exe (PID: 2196)
      • avira.exe (PID: 2664)
      • avguard.exe (PID: 940)
      • AviraSecurityCenterAgent.exe (PID: 3308)
      • Avira.ServiceHost.exe (PID: 3592)
      • avshadow.exe (PID: 3268)
      • AviraSecurityCenterAgent.exe (PID: 2160)

    • Changes the autorun value in the registry

      • Avira.OE.Setup.Bundle.exe (PID: 3028)
      • Avira.OE.Setup.Bundle.exe (PID: 3792)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 2640)
      • schtasks.exe (PID: 2936)
      • schtasks.exe (PID: 3284)
      • schtasks.exe (PID: 996)
      • schtasks.exe (PID: 1036)

    • Uses Task Scheduler to run other applications

      • MsiExec.exe (PID: 2340)
      • MsiExec.exe (PID: 2592)
      • setup.exe (PID: 3168)

    • Changes settings of System certificates

      • Avira.ServiceHost.exe (PID: 2692)

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 3168)

    • Changes internet zones settings

      • avguard.exe (PID: 940)

  • SUSPICIOUS

    • Creates files in the Windows directory

      • avira_en____fm.exe (PID: 3504)
      • presetup.exe (PID: 256)
      • avira_en____fm.exe (PID: 2188)
      • Avira.ServiceHost.exe (PID: 2692)
      • avira.exe (PID: 2664)
      • fact.exe (PID: 3236)
      • setup.exe (PID: 3168)
      • Avira.OE.Setup.Bundle.exe (PID: 3792)
      • avira.exe (PID: 904)
      • rundll32.exe (PID: 3720)
      • msiexec.exe (PID: 2260)
      • wusa.exe (PID: 2680)
      • drvinstall32.exe (PID: 3560)
      • Avira.ServiceHost.exe (PID: 3592)
      • avguard.exe (PID: 940)

    • Executable content was dropped or overwritten

      • avira_en____fm.exe (PID: 3504)
      • avira_en____fm.exe (PID: 2188)
      • avira_antivirus_en-us[1].exe (PID: 3076)
      • Avira.OE.Setup.Bundle.exe (PID: 3028)
      • rundll32.exe (PID: 2144)
      • rundll32.exe (PID: 3524)
      • rundll32.exe (PID: 3252)
      • rundll32.exe (PID: 2576)
      • rundll32.exe (PID: 2344)
      • rundll32.exe (PID: 3580)
      • rundll32.exe (PID: 1944)
      • msiexec.exe (PID: 2260)
      • rundll32.exe (PID: 876)
      • avira.exe (PID: 2664)
      • Avira.ServiceHost.exe (PID: 2692)
      • avira.exe (PID: 904)
      • Avira.OE.Setup.Bundle.exe (PID: 3792)
      • setup.exe (PID: 3168)
      • rundll32.exe (PID: 2676)
      • rundll32.exe (PID: 3748)
      • rundll32.exe (PID: 3604)
      • rundll32.exe (PID: 3768)
      • rundll32.exe (PID: 3992)
      • rundll32.exe (PID: 3788)
      • rundll32.exe (PID: 3928)
      • rundll32.exe (PID: 4044)
      • rundll32.exe (PID: 3016)
      • drvinstall32.exe (PID: 3560)
      • rundll32.exe (PID: 3652)
      • rundll32.exe (PID: 1160)
      • rundll32.exe (PID: 1624)
      • rundll32.exe (PID: 2580)
      • rundll32.exe (PID: 2376)
      • rundll32.exe (PID: 4036)
      • rundll32.exe (PID: 3312)
      • rundll32.exe (PID: 2772)
      • rundll32.exe (PID: 2872)
      • rundll32.exe (PID: 2288)
      • rundll32.exe (PID: 2832)

    • Reads internet explorer settings

      • avira_en____fm.exe (PID: 2188)
      • Avira.Systray.exe (PID: 3648)

    • Changes IE settings (feature browser emulation)

      • avira_en____fm.exe (PID: 2188)
      • Avira.Systray.exe (PID: 3752)
      • Avira.Systray.exe (PID: 3648)
      • avira.exe (PID: 904)

    • Reads Internet Cache Settings

      • avira_en____fm.exe (PID: 2188)
      • avira.exe (PID: 904)

    • Starts itself from another location

      • avira_en____fm.exe (PID: 2188)
      • avira.exe (PID: 904)

    • Creates files in the program directory

      • Avira.OE.Setup.Bundle.exe (PID: 3028)
      • rundll32.exe (PID: 2576)
      • rundll32.exe (PID: 3580)
      • Avira.ServiceHost.exe (PID: 2692)
      • Avira.OE.Setup.Bundle.exe (PID: 3792)
      • setup.exe (PID: 3168)
      • avconfig.exe (PID: 2196)
      • avguard.exe (PID: 940)
      • rundll32.exe (PID: 2772)
      • Avira.ServiceHost.exe (PID: 3592)

    • Creates a software uninstall entry

      • Avira.OE.Setup.Bundle.exe (PID: 3028)
      • rundll32.exe (PID: 3012)
      • Avira.OE.Setup.Bundle.exe (PID: 3792)
      • rundll32.exe (PID: 3928)
      • setup.exe (PID: 3168)

    • Uses RUNDLL32.EXE to load library

      • MsiExec.exe (PID: 2340)
      • MsiExec.exe (PID: 2592)

    • Removes files from Windows directory

      • avira_en____fm.exe (PID: 2188)
      • Avira.ServiceHost.exe (PID: 2692)
      • avira_en____fm.exe (PID: 3504)
      • setup.exe (PID: 3168)
      • avira.exe (PID: 904)
      • drvinstall32.exe (PID: 3560)
      • rundll32.exe (PID: 2376)
      • Avira.ServiceHost.exe (PID: 3592)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 2260)

    • Adds / modifies Windows certificates

      • Avira.ServiceHost.exe (PID: 2692)

    • Reads Environment values

      • Avira.ServiceHost.exe (PID: 2692)
      • Avira.ServiceHost.exe (PID: 3592)

    • Searches for installed software

      • Avira.ServiceHost.exe (PID: 2692)
      • Avira.ServiceHost.exe (PID: 3592)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • avira.exe (PID: 904)

    • Creates files in the driver directory

      • setup.exe (PID: 3168)
      • drvinstall32.exe (PID: 3560)

    • Modifies the open verb of a shell class

      • avconfig.exe (PID: 1008)
      • licmgr.exe (PID: 4000)

    • Creates or modifies windows services

      • setup.exe (PID: 3168)
      • avguard.exe (PID: 940)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 2636)
      • avguard.exe (PID: 940)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2700)
      • msiexec.exe (PID: 2260)

    • Changes internet zones settings

      • iexplore.exe (PID: 2700)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3340)
      • iexplore.exe (PID: 2700)

    • Dropped object may contain Bitcoin addresses

      • avira_antivirus_en-us[1].exe (PID: 3076)
      • setup.exe (PID: 3168)
      • msiexec.exe (PID: 2260)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 2340)
      • MsiExec.exe (PID: 3944)
      • msiexec.exe (PID: 2260)
      • MsiExec.exe (PID: 2592)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2260)

    • Creates files in the program directory

      • msiexec.exe (PID: 2260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
80
Malicious processes
64
Suspicious processes
4

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe avira_antivirus_en-us[1].exe presetup.exe no specs presetup.exe avira_en____fm.exe avira_en____fm.exe avira.oe.setup.bundle.exe avira.oe.setup.prerequisites.exe no specs avira.oe.setup.prerequisites.exe no specs msiexec.exe msiexec.exe no specs rundll32.exe rundll32.exe no specs schtasks.exe no specs rundll32.exe rundll32.exe rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe rundll32.exe msiexec.exe no specs rundll32.exe no specs avira.servicehost.exe rundll32.exe rundll32.exe avira.systray.exe no specs avira.systray.exe rundll32.exe no specs rundll32.exe setup.exe fact.exe avira.exe avira.exe avira.oe.setup.bundle.exe avira.oe.setup.prerequisites.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe no specs rundll32.exe avconfig.exe no specs rundll32.exe drvinstall32.exe rundll32.exe wusa.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs schtasks.exe no specs rundll32.exe no specs rundll32.exe rundll32.exe rundll32.exe rundll32.exe rundll32.exe vssvc.exe no specs schtasks.exe no specs schtasks.exe no specs rundll32.exe rundll32.exe regsvr32.exe no specs licmgr.exe no specs rundll32.exe avconfig.exe no specs rundll32.exe avirasecuritycenteragent.exe no specs rundll32.exe rundll32.exe rundll32.exe avguard.exe rundll32.exe no specs avira.servicehost.exe rundll32.exe rundll32.exe rundll32.exe schtasks.exe no specs avshadow.exe no specs rundll32.exe avirasecuritycenteragent.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2700"C:\Program Files\Internet Explorer\iexplore.exe" https://install.avira-update.com/package/antivirus/win/en-us/avira_antivirus_en-us.exeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3340"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2700 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3076"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\avira_antivirus_en-us[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\avira_antivirus_en-us[1].exe
iexplore.exe
User:
admin
Integrity Level:
MEDIUM
3148"C:\Users\admin\AppData\Local\Temp\RarSFX0\presetup.exe" /CLEANUPSRCFILES C:\Users\admin\AppData\Local\Temp\RarSFX0\presetup.exeavira_antivirus_en-us[1].exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
MEDIUM
Description:
Avira Antivirus Presetup
Exit code:
3221226540
Version:
15.0.43.20
256"C:\Users\admin\AppData\Local\Temp\RarSFX0\presetup.exe" /CLEANUPSRCFILES C:\Users\admin\AppData\Local\Temp\RarSFX0\presetup.exe
avira_antivirus_en-us[1].exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
HIGH
Description:
Avira Antivirus Presetup
Version:
15.0.43.20
3504"C:\Users\admin\AppData\Local\Temp\RarSFX0\en-us\avira_en____fm.exe" /norestart NOAFTERINSTALLPAGE=1C:\Users\admin\AppData\Local\Temp\RarSFX0\en-us\avira_en____fm.exe
presetup.exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
HIGH
Description:
Avira
Exit code:
0
Version:
1.2.121.24663
2188"C:\Windows\Temp\{059666DF-4945-4815-9B7E-465D95DE618E}\.cr\avira_en____fm.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\RarSFX0\en-us\avira_en____fm.exe" -burn.filehandle.attached=148 -burn.filehandle.self=156 /norestart NOAFTERINSTALLPAGE=1C:\Windows\Temp\{059666DF-4945-4815-9B7E-465D95DE618E}\.cr\avira_en____fm.exe
avira_en____fm.exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
HIGH
Description:
Avira
Exit code:
0
Version:
1.2.121.24663
3028"C:\Windows\Temp\{93550457-4129-4D01-B130-6998F9447925}\.be\Avira.OE.Setup.Bundle.exe" -q -burn.elevated BurnPipe.{1855EA7C-7D03-4051-83D0-20CEFE88A9D6} {E7A3ABA6-900E-4D92-AC2E-538686CBB6BE} 2188C:\Windows\Temp\{93550457-4129-4D01-B130-6998F9447925}\.be\Avira.OE.Setup.Bundle.exe
avira_en____fm.exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
HIGH
Description:
Avira
Exit code:
0
Version:
1.2.121.24663
2568"C:\ProgramData\Package Cache\82948C2FF20668DA368EC7C3871AC0E1CE99142A\Avira.OE.Setup.Prerequisites.exe" /enableMsiService /checkRebootRequiredC:\ProgramData\Package Cache\82948C2FF20668DA368EC7C3871AC0E1CE99142A\Avira.OE.Setup.Prerequisites.exeAvira.OE.Setup.Bundle.exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
HIGH
Description:
Avira.OE.Setup.Prerequisites
Exit code:
0
Version:
1.2.121.24663
3384"C:\ProgramData\Package Cache\82948C2FF20668DA368EC7C3871AC0E1CE99142A\Avira.OE.Setup.Prerequisites.exe" /writeCrossDetectionKeyC:\ProgramData\Package Cache\82948C2FF20668DA368EC7C3871AC0E1CE99142A\Avira.OE.Setup.Prerequisites.exeAvira.OE.Setup.Bundle.exe
User:
admin
Company:
Avira Operations GmbH & Co. KG
Integrity Level:
HIGH
Description:
Avira.OE.Setup.Prerequisites
Exit code:
0
Version:
1.2.121.24663
Total events
6 172
Read events
3 907
Write events
0
Delete events
0

Modification events

No data
Executable files
1 131
Suspicious files
134
Text files
1 289
Unknown types
638

Dropped files

PID
Process
Filename
Type
2700iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2700iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFB6749F9346748F59.TMP
MD5:
SHA256:
3340iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\avira_antivirus_en-us[1].exe
MD5:
SHA256:
2700iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\avira_antivirus_en-us[1].exe
MD5:
SHA256:
3076avira_antivirus_en-us[1].exeC:\Users\admin\AppData\Local\Temp\RarSFX0\addr_file.htmlhtml
MD5:701F9A86DF4EAD62C9D7FE721C9B2788
SHA256:F5EEB97238D40588333E743DD98076DBC25105042DB541A5BA1C763E735A4112
3076avira_antivirus_en-us[1].exeC:\Users\admin\AppData\Local\Temp\RarSFX0\aecore.dllexecutable
MD5:1B921BE91A1D5477A251C216BFA6B776
SHA256:1277DD1F65D30AE2055EB732A4F7B9C31310F4868DD6ED38AC9A8D6D09962271
3076avira_antivirus_en-us[1].exeC:\Users\admin\AppData\Local\Temp\RarSFX0\aeexp.dllexecutable
MD5:4378FBB60289074E4A95D3C60058DB43
SHA256:F4FDEC19E9E5CEE7B0FD55D022A02603F797821D99C9AEC4817B8F3C418B7D38
3076avira_antivirus_en-us[1].exeC:\Users\admin\AppData\Local\Temp\RarSFX0\aebb.dllexecutable
MD5:CA7497DFEC41AE39C2ABA49DF489716C
SHA256:BE84CA71660188E04C3A777E19019412E280AF4BF6BE9E14CA2D54EA2EC47B17
3340iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019012220190123\index.datdat
MD5:E03B70922DA5D526480F9F01220F20DF
SHA256:7E784FE0A2C414488DAE84F8A718CFF2B086BBFAE00530D056C049FD2463E73F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2700
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2700
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3340
iexplore.exe
2.18.234.182:443
install.avira-update.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
install.avira-update.com
  • 2.18.234.182
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
2692
Avira.ServiceHost.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3592
Avira.ServiceHost.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
Process
Message
avira_en____fm.exe
Launcher Install Start
avira_en____fm.exe
Launcher Install Start
avira_en____fm.exe
Launcher Install End
avira_en____fm.exe
DocHostUiHandler::Release(): delete this
avira_en____fm.exe
JSObject::Release(): delete this
avira_en____fm.exe
~WebBrowser: Finished
avira.exe
Launcher Update Start
avira.exe
Launcher Update Start
drvinstall32.exe
WdfCoInstaller: [01/22/2019 18:27.04.992] ReadComponents: WdfSection for Driver Service avusbflt using KMDF lib version Major 1, minor 11
drvinstall32.exe
WdfCoInstaller: [01/22/2019 18:27.05.007] DIF_INSTALLDEVICE: Coinstaller version: 1.11.0
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://install.avira-update.com/package/antivirus/win/en-us/avira_antivirus_en-us.exe