Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1500187
MD5:cd31545772cdb4e84902f25d3363c58d
SHA1:88ab168cbfc19785caab11109b4682d3cfcfafae
SHA256:3c80fd894036f549fb831d271595df775ebaba7d98fdeea579bfae3c9d42ec53
Infos:

Detection

Score:13
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Installs new ROOT certificates
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • Setup.exe (PID: 456 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: CD31545772CDB4E84902F25D3363C58D)
    • ISBEW64.exe (PID: 4228 cmdline: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{361795EF-EBB0-40A6-AE64-94AAA21D87EF} MD5: 8407FC98EE367CCB196894F7CD218792)
  • SrTasks.exe (PID: 6356 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)
    • conhost.exe (PID: 6372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • drvinst.exe (PID: 7072 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\ser2pl.inf" "9" "4b334f3bf" "0000000000000160" "WinSta0\Default" "0000000000000184" "208" "C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\VISTA" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
Source: Setup.exeStatic PE information: certificate valid
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBE72.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SER9ab95.rra
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SERSaba5.rra
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\inf\SERSabb4.rra
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\inf\SERWabb4.rra
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_f8875256a6be18aa
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\inf\oem4.inf
Source: C:\Windows\System32\drvinst.exeFile deleted: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmp
Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: clean13.winEXE@6/36@0/0
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Program Files (x86)\InstallShield Installation Information\
Source: C:\Users\user\Desktop\Setup.exeMutant created: \Sessions\1\BaseNamedObjects\ECC3713C-08A4-40E3-95F1-7D0704F1CE5E
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6372:120:WilError_03
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\
Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.ini
Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exe
Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{361795EF-EBB0-40A6-AE64-94AAA21D87EF}
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{361795EF-EBB0-40A6-AE64-94AAA21D87EF}
Source: unknownProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\ser2pl.inf" "9" "4b334f3bf" "0000000000000160" "WinSta0\Default" "0000000000000184" "208" "C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\VISTA"
Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: lz32.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched32.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched20.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: usp10.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sfc.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sfc_os.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: srclient.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: spp.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: powrprof.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: vssapi.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: vsstrace.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: umpdc.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sxproxy.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: devrtl.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: drvstore.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: spinf.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: srclient.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: srcore.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: wer.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: bcd.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: msxml3.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vss_ps.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sfc.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sfc_os.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: srclient.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: spp.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: powrprof.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: vssapi.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: vsstrace.dll
Source: C:\Users\user\Desktop\Setup.exeSection loaded: umpdc.dll
Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Users\user\Desktop\Setup.exeFile written: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\setup.ini
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLL
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Setup.exeStatic PE information: certificate valid
Source: Setup.exeStatic file information: File size 3176304 > 1048576

Persistence and Installation Behavior

barindex
Installs new ROOT certificates
Source: C:\Windows\System32\drvinst.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\Windows\System32\drvinst.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\_Setup.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmpJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2ac03.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\QRemabb4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBE59db.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\Uninabe3.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsR5a1a.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setu598d.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SER9ab95.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\Deleabd4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotn599d.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\ISSetup.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt59eb.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SERSaba5.rraJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmpJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\QRemabb4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\Uninabe3.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SER9ab95.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\Deleabd4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SERSaba5.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsR5a1a.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setu598d.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotn599d.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBE59db.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt59eb.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SERSaba5.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\QRemabb4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\Deleabd4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\Temp\Uninabe3.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2ac03.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SysWOW64\SER9ab95.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Source: C:\Windows\System32\SrTasks.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\_Setup.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmpJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2ac03.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Windows\Temp\QRemabb4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Windows\Temp\Uninabe3.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsR5a1a.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setu598d.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Windows\SysWOW64\SER9ab95.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Windows\Temp\Deleabd4.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotn599d.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt59eb.rraJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\ISSetup.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Windows\SysWOW64\SERSaba5.rraJump to dropped file
Source: C:\Windows\System32\SrTasks.exe TID: 6360Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\Desktop\Setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Setup.exeFile Volume queried: C:\Windows FullSizeInformation
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: unknownProcess created: C:\Windows\System32\drvinst.exe drvinst.exe "4" "0" "c:\users\user\appdata\local\temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\ser2pl.inf" "9" "4b334f3bf" "0000000000000160" "winsta0\default" "0000000000000184" "208" "c:\users\user\appdata\local\temp\{5d8075f0-4ded-4b0c-b9eb-df1dcd69c020}\{ecc3713c-08a4-40e3-95f1-7d0704f1ce5e}\vista"
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\ser2pl.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		2
Windows Service		2
Windows Service		41
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Process Injection		1
Install Root Certificate		LSASS Memory3
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Setup.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\ISSetup.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\_Setup.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBE59db.rra0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotn599d.rra0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setu598d.rra0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsR5a1a.rra0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2ac03.rra0%ReversingLabs
C:\Windows\SysWOW64\SER9PL.sys (copy)0%ReversingLabs
C:\Windows\SysWOW64\SERSPL.VXD (copy)0%ReversingLabs
C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmp0%ReversingLabs
C:\Windows\Temp\Deleabd4.rra0%ReversingLabs
C:\Windows\Temp\PLUninst.exe (copy)2%ReversingLabs
C:\Windows\Temp\QRemabb4.rra2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500187
Start date and time:2024-08-28 00:51:37 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:29
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:Setup.exe
Detection:CLEAN
Classification:clean13.winEXE@6/36@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 20.166.126.56
  • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ctldl.windowsupdate.com, crl.verisign.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: Setup.exe

Created / dropped Files

C:\Program Files (x86)\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.ilg (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B0271F22A1434F4C79C8365041529DB4
SHA1:9570E35DA2CCB102F658937638D97DC5D8ECFE45
SHA-256:429BEA95B855923BD7ECC141EB82E921F8739721B71C00967202CFFBB80B41D0
SHA-512:19106F7264852005076E042CB9120CA81C4C47CDFF83766B073F0C187FCB37564BC36B7FB1391CD3668E9A5BE144F1E2EB570E2C143A2BF04646DEB4A39C7FE6
Malicious:false
Reputation:unknown
Preview:......................>.......................................................~............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .......'..._...!..."...#...$...%...&...5...4...)...*...+...,...-......./...0...1...2...3.......R...6...7...8...9...:...;...<...=...>...?...Z...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...Y...T...U...V...W...X...y...[...]...\...^...`...a......._...k...c...d...e...f...g...h...i...j.......l...m.......o...p...q...r...s...t...u...v...w...x.......z...

C:\Program Files (x86)\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.ini

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Generic INItialization configuration [Languages]
Category:dropped
Size (bytes):602
Entropy (8bit):5.488183152545981
Encrypted:false
SSDEEP:
MD5:BB20D4D87666A94C38ADA9333FF02514
SHA1:491D7BCCD84367A2C92505EE436C0D5CE1123F18
SHA-256:46A8B4DE883750D4C1E90528EB28EFEEEDE7AF03EE64312BD316607FB4D2AA35
SHA-512:B6C913EC89A340830B537031029333BD276591034D5DD097DDEF82D18D5B34DAC211B6424DFFB9B269B7A73D32C641A2EF12E8CC3DEBB73B0A1C31FA5630ADDD
Malicious:false
Reputation:unknown
Preview:[Startup]..AppName=PL-2303 Driver Installer..ProductGUID=ECC3713C-08A4-40E3-95F1-7D0704F1CE5E..CompanyName=Prolific Technology Inc..ErrorReportURL=http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s..MediaFormat=0..LogMode=1..Resource=_Setup.dll..SmallProgress=N..SplashTime=..CheckMD5=Y..CmdLine=..ShowPasswordDialog=N..EngineVersion=14.0.0.162..EngineBinding=1..Source=0..AllUsers=1..InstallGuid={ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}..[Languages]..Default=0x0009..count=4..key0=0x0404..key1=0x0009..key2=0x0011..key3=0x0804..RequireExactLangMatch=0x0404,0x0804..

C:\Users\user\AppData\Local\Temp\58f1.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):184320
Entropy (8bit):2.7303273331476663
Encrypted:false
SSDEEP:
MD5:B0271F22A1434F4C79C8365041529DB4
SHA1:9570E35DA2CCB102F658937638D97DC5D8ECFE45
SHA-256:429BEA95B855923BD7ECC141EB82E921F8739721B71C00967202CFFBB80B41D0
SHA-512:19106F7264852005076E042CB9120CA81C4C47CDFF83766B073F0C187FCB37564BC36B7FB1391CD3668E9A5BE144F1E2EB570E2C143A2BF04646DEB4A39C7FE6
Malicious:false
Reputation:unknown
Preview:......................>.......................................................~............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .......'..._...!..."...#...$...%...&...5...4...)...*...+...,...-......./...0...1...2...3.......R...6...7...8...9...:...;...<...=...>...?...Z...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...Y...T...U...V...W...X...y...[...]...\...^...`...a......._...k...c...d...e...f...g...h...i...j.......l...m.......o...p...q...r...s...t...u...v...w...x.......z...

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\ISSetup.dll

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:dropped
Size (bytes):535552
Entropy (8bit):7.6019064631901445
Encrypted:false
SSDEEP:
MD5:6C48E05107EB494620AB0DC96D3C5B80
SHA1:E6CED277DE082BD8E2CCBFAD7A1D5CD1E9DB85AB
SHA-256:13223E7FBEB3DAC968DE77E6BE974A36F86DC07884CC0E80EABF8B817CCB4A04
SHA-512:983E3D3012114AF3DA009C5D46CE467C7A9C6023766B54AFE58137654BB5A1C1EDA2FD1FF4B1902102E8315B80557EFA58DBCF01641DDE07924285BD015A196A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.0...c...c...c...c...cc..c...c...cd..c...c...c.0.c...c.0.c...c:1.c...c.1.c...c...cL..c.1.c...c.1.c...c'..c...c.2.c...cRich...c........................PE..L.....&F...........!.........P......................................................................................p...................h............................................................................................................text...................PEC2.O......`....rsrc............................... ....reloc...............*..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\data1.cab

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:InstallShield CAB
Category:dropped
Size (bytes):795922
Entropy (8bit):7.997134344731452
Encrypted:true
SSDEEP:
MD5:59D4BC046AB7A8FA42BEF3AA5E53CB76
SHA1:5610A400BDBF199F34852321AD0D561E4C2817D1
SHA-256:841CA3AB6ADA891C7510306B8E39DC3247E3AA6F6F4EEFA5C3D615298157F5C8
SHA-512:7A3238A65DD3828D674C911660DEF45CCE8D92AB7E6D02AB8FF5CAB16EAA6B77E7AC38416FC6E4BAF8482B8A23DD4CE81AA3103D873CA3E456E37DFB6603C2E3
Malicious:false
Reputation:unknown
Preview:ISc(x........................................................................................................................................................................................................................................................................................................................................................................................<q....@..}....^................K.....7E......j..5@>TK.I..t.^N...b1..N..........................................................K..X.n.:.|.`.....,4.....E..ad.K.~dd.&F..]...ou...\.....-.....f.e..E.[..R........^|..E..}..E|.2oD....]..J4.....k.5...Z-..7.87..W-Z.6B..*K}.5>..-o..i.n..L...t.ij.7.-.N.M.1=..J.G..9.P...;.....U.o...L._...d..E..9.!{.b....../.......Gx@.P..;@:.]o......\....~/VmS..)E..}.T...O....."K....J....3).x...0.s......_.=X..-K.....f.<.......G.!.......?c..Ng.Lz.8.e.+...m....t....$d#,.Y.....D.I...TJ.'"..?..3.,.%...so\\..~5qC.."...*M..<Z.T..').\,...KE.w...>.{t.#...q0.x6.k.....K.l...+..

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\data1.hdr

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:InstallShield CAB
Category:dropped
Size (bytes):16276
Entropy (8bit):3.856523027926118
Encrypted:false
SSDEEP:
MD5:692062BA1D4DD41C603C4CD60B4DB7A7
SHA1:742457E7FAB073DCC7F7D862588C33C491F6D7CE
SHA-256:B60781848AFF7279A090175B37F7422B0636EDCB07F0733184C4732EAC29A57B
SHA-512:C86F820FCEB3752547C4D87B329A11754908633DE9B87C561B241A12926E3436EE070887170D7113A60B2609E445A718B149F070C873CA2997090F5EB9FBDE9B
Malicious:false
Reputation:unknown
Preview:ISc(x............)...?..........................................................................B~.........................................................................................................................................................................................................................................................................................<q....@..}....^................K.....7E......j..5@>TK.I..t.^N...b1..N...........................................................#...........)..........................4.............................f...........................r...~.......................................................................................................................&...2.......>...J...........V.......b.......................n..........................................................................................................................."...........................:.......F...........................................R.

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\layout.bin

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:data
Category:dropped
Size (bytes):473
Entropy (8bit):2.262342544079411
Encrypted:false
SSDEEP:
MD5:7AA2AC4BDE4140892FF86EB0E515B366
SHA1:51B623CC5F464D8EFB9FB443757FDAF7D4AE2812
SHA-256:F0BE2BCD56A4C9801E1C7D13C8310C1AF1BFE9403CF0468C7E5AFA468653AA0E
SHA-512:8F22A1238E87296EA805AF51C17B785A8B7D88EC1218091AFB0466EEDE9F7C44A0F8D8B08C3852F56658E652C0EF65EDAB789685C6E795C5048320B3A15F10CA
Malicious:false
Reputation:unknown
Preview:c..R.@...................................................................................................................................................................................................................................................................... ...H.....*.........p...{...................................z...z...z...z...z...z...z...z...z...z...setup.ini..setup.exe.setup.iss.setup.inx._Setup.dll.ISSetup.dll.data1.hdr.data1.cab.data2.cab.layout.bin.

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.exe

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):372736
Entropy (8bit):6.32742650769751
Encrypted:false
SSDEEP:
MD5:6F58A1D8E7B031C6F2A60BA04D1A0B7D
SHA1:64CED7781DE492D15F0D443FAFFD2D0244B43E56
SHA-256:B7A82904D92B096CB6AB537365F9C7F24B1ECEFAA6EA7974C24E8102B1746F4B
SHA-512:81371904CBE4DD5062E9EDE60C3A0429ADCD8C7B62DCB5F45B122280D2E3FB5D1DDD4B0F109D972B919E67CDE99636CDD952082CD74B567769211EA389A89912
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bF+N&'E.&'E.&'E.];I.%'E..;K.9'E.I8O..'E.I8N.)'E...Y.%'E...`.$'E. .O.$'E.&'D.v&E...\.3'E. .N..'E..!C.''E.Rich&'E.........................PE..L.....&F..................... ....... ............@.....................................................................................X............................................................................................................text...Bz.......................... ..`.rdata..p...........................@..@.data...,t...0...`...0..............@....rsrc...X........ ..................@..@........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.ini

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Generic INItialization configuration [Languages]
Category:dropped
Size (bytes):528
Entropy (8bit):5.451274444063703
Encrypted:false
SSDEEP:
MD5:7DB4553B27967AFF463EB36B8EBE76F1
SHA1:5716E6FD94EEA119CECEB9E74C63B4823B7E65E8
SHA-256:43D30EE20D75E8EF29D7138568540EE23F996D0644EAF6BF4F687B6EED5D3B94
SHA-512:0389638C02B49A2400F411B82F411FDCF95C6BBEFCB9CD3604518D5DC99A128EC23CB6E499B7334EAFF870114E651F31C433DE7AC2550A7A8BCD497985E0FE07
Malicious:false
Reputation:unknown
Preview:[Startup]..AppName=PL-2303 Driver Installer..ProductGUID=ECC3713C-08A4-40E3-95F1-7D0704F1CE5E..CompanyName=Prolific Technology Inc..ErrorReportURL=http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s..MediaFormat=0..LogMode=1..Resource=_Setup.dll..SmallProgress=N..SplashTime=..CheckMD5=Y..CmdLine=..ShowPasswordDialog=N..EngineVersion=14.0.0.162..EngineBinding=1..[Languages]..Default=0x0009..count=4..key0=0x0404..key1=0x0009..key2=0x0011..key3=0x0804..RequireExactLangMatch=0x0404,0x0804..

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.inx

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:data
Category:dropped
Size (bytes):227326
Entropy (8bit):7.386783953507761
Encrypted:false
SSDEEP:
MD5:61017604754AE480DC87F55FFB46C172
SHA1:13FA83DB2CC7F4EFE058B7F59CBA02D3B4D70956
SHA-256:498467D7110539A60C2B7046CC7DC6670075AFF3C7B45DE2EA7F8ECA74A0BC0C
SHA-512:413E693FE84DC0B12F0980E0980466AB081AAF675C18763D0C8B1FCB4709563D0EB5C8F8B3E0D1685A0AEEC7C44AA334D78AB192F0EA0365611ECAC78F8F8572
Malicious:false
Reputation:unknown
Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}a.=mQ.Y]A(.M1\.)!.).......................................}...m..q]}}aMmmQ=]]A-MM1.==!.--.......................)...m.}...........m..<.....I]]%E.. .g.Sck.....SG.S#Go.....d.......D.`....$.\l......y....<..mii!Q.w.L...c ..kS......?..K'O+.Ck.<.....X..8(,.....<..........x...}}}Me....w.....o===.%...GsK?..8.....;0.l(T,.@@......,|.(.......e..4..0.....IUU=]..{.$.c{k.).....c.3K.k'+.....X.@,\P@....8.p..(...p....i... ....L.-UEAA=I...G..--..s.3W.....C.#`.....8,.H.D.............i...H......EYY)A..<....ScS3....._.oO......P.0(..(,......................Q}}Ee..{D..sw955.=.C.kC.#.....W.k??.LL\,<,....<...8$..y....]...@....`........9MM.5...S....O3Oow''o+.....`.8D\.4..@.4. ....}..........h...Ymm%U..4.c.{sss..[.....SG.#;?o7..O8hd,<,.......L.. .d.......E..x......0...{.=55.={.sC.WG._K##.kOW.o...... .4(L......i..P...l......T....AYY)A..g.o[{_.......sCGcco3.Hdll.h

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.iss

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Generic INItialization configuration [File Transfer]
Category:dropped
Size (bytes):657
Entropy (8bit):5.306138274389431
Encrypted:false
SSDEEP:
MD5:3135E1182A65D6F35F2C8816B9632FE1
SHA1:DDFDD0934CA14FDCA8620ED3FC88AD53FF215756
SHA-256:D5B137357A90B0A9DA23E8F435C05A39F41EFBEDFA975C55AB27042FCE7EBD6C
SHA-512:EEDC03C3FB2629821E668FDFE435DA9B7ECDD2DBDCCFA9A388B26C260EFFBC0E529F5BE0C27004724536021ADBF9496C9BFA8073DF9FF38228737ED648D6E844
Malicious:false
Reputation:unknown
Preview:[InstallShield Silent]..Version=v7.00..File=Response File..[File Transfer]..OverwrittenReadOnly=NoToAll..[{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-DlgOrder]..Dlg0={ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-SdWelcome-0..Count=3..Dlg1={ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-SdLicense2Rtf-0..Dlg2={ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-SdFinish-0..[{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-SdWelcome-0]..Result=1..[{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-SdLicense2Rtf-0]..Result=1..[Application]..Name=PL-2303 USB-to-Serial..Version=1.00.000..Company=Prolific Technology INC..Lang=0404..[{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}-SdFinish-0]..Result=1..bOpt1=0..bOpt2=0..

C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\_Setup.dll

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):332744
Entropy (8bit):5.575463563840559
Encrypted:false
SSDEEP:
MD5:200BEDE8248E5B0B238B8D2C89B92AAF
SHA1:916A9D3BBF46A808DEC38E66B059E21EDD9F8FB5
SHA-256:0F5F4E003F4666DDC29A6CDD640A7D3B59687DE1CCC54AD0DD30F1B701D7EB6A
SHA-512:6797D64B2F4601B74B7B52E130FAE7A83C0CD85654BF3DE6BB41CE3F08425CC9688E6B3075510147A97E100939EE899BF6FBDDC7E86F533FDD8F098369BE5632
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................Rich...................PE..L.....&F...........!......................... ...................................................................................... ..(............................................................................................................text............................... ..`.rsrc...(.... ....... ..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\SETB5E8.tmp

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Windows setup INFormation
Category:modified
Size (bytes):2850
Entropy (8bit):5.322995161668334
Encrypted:false
SSDEEP:
MD5:0D966D1B1CDDAB3E8C57BD0349EE560F
SHA1:F5F7A48AB5127A0D989EAC135210B86FB8C3C2AD
SHA-256:C4C1488C9B9F43041E44D252C7CA0F05944C8E321140C92F98685AFFA4F0A718
SHA-512:683FB68F0CE19D0DA7FD775D1A8B57256076E5FDD7C15C4ECB18395D3D962AD9220B8725395406CF49C4F0F7E5E5602730C52A5E4F76FE3C1A16CD842354F040
Malicious:false
Reputation:unknown
Preview:;..; SER2PL.INF (for Windows Vista)..;..; Copyright (c) 2007, Prolific Technology Inc.......[version]..signature="$CHICAGO$"..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}..Provider=%PRO%..DriverVer=11/19/2009,3.3.10.140..CatalogFile=ser2pl.cat......; ================= Device Install section =====================....[ControlFlags]..ExcludeFromSelect=*....[Manufacturer]..%PRO%=PRO,NT,NTAMD64....[SourceDisksFiles]..ser2pl.sys=1..ser2pl64.sys=1....[SourceDisksNames]..1=%DISK_NAME%,....[DestinationDirs]..DefaultDestDir = 12....[PRO.NT]..%DeviceDesc% = ComPort, USB\VID_067B&PID_2303....[PRO.NTAMD64]..%DeviceDesc% = ComPort, USB\VID_067B&PID_2303......[ComPort.NT]..CopyFiles=ComPort.NT.Copy..AddReg=ComPort.NT.AddReg....[ComPort.NT.HW]..AddReg=ComPort.HW.AddReg....[ComPort.NT.Services]..AddService = Ser2pl, 0x00000002, Serial_Service_Inst.NT..AddService = Serenum,,Serenum_Service_Inst....[ComPort.NT.Copy]..ser2pl.sys....[ComPort.NT.AddReg]..HKR,,DevLoader,,*ntkern..HKR,,N

C:\Users\user\AppData\Local\Temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\ser2pl.inf (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:0D966D1B1CDDAB3E8C57BD0349EE560F
SHA1:F5F7A48AB5127A0D989EAC135210B86FB8C3C2AD
SHA-256:C4C1488C9B9F43041E44D252C7CA0F05944C8E321140C92F98685AFFA4F0A718
SHA-512:683FB68F0CE19D0DA7FD775D1A8B57256076E5FDD7C15C4ECB18395D3D962AD9220B8725395406CF49C4F0F7E5E5602730C52A5E4F76FE3C1A16CD842354F040
Malicious:false
Reputation:unknown
Preview:;..; SER2PL.INF (for Windows Vista)..;..; Copyright (c) 2007, Prolific Technology Inc.......[version]..signature="$CHICAGO$"..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}..Provider=%PRO%..DriverVer=11/19/2009,3.3.10.140..CatalogFile=ser2pl.cat......; ================= Device Install section =====================....[ControlFlags]..ExcludeFromSelect=*....[Manufacturer]..%PRO%=PRO,NT,NTAMD64....[SourceDisksFiles]..ser2pl.sys=1..ser2pl64.sys=1....[SourceDisksNames]..1=%DISK_NAME%,....[DestinationDirs]..DefaultDestDir = 12....[PRO.NT]..%DeviceDesc% = ComPort, USB\VID_067B&PID_2303....[PRO.NTAMD64]..%DeviceDesc% = ComPort, USB\VID_067B&PID_2303......[ComPort.NT]..CopyFiles=ComPort.NT.Copy..AddReg=ComPort.NT.AddReg....[ComPort.NT.HW]..AddReg=ComPort.HW.AddReg....[ComPort.NT.Services]..AddService = Ser2pl, 0x00000002, Serial_Service_Inst.NT..AddService = Serenum,,Serenum_Service_Inst....[ComPort.NT.Copy]..ser2pl.sys....[ComPort.NT.AddReg]..HKR,,DevLoader,,*ntkern..HKR,,N

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBE59db.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):120768
Entropy (8bit):5.948474195507666
Encrypted:false
SSDEEP:
MD5:8407FC98EE367CCB196894F7CD218792
SHA1:6F280CF374FBA172426B8912170B5CBAFE3D88CD
SHA-256:E1890E4EF7FE9C2242E1FA65DA8162687C893D1A025FEF254B827940D03A0D5A
SHA-512:5850B48B374CB243D6EACF011F11E31050FF04118939424804A62E52DA335CEA6A7EA8DC363D49895EA29929B518C69DCCC8320074693E7B50540580D477956C
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..-%.~%.~%.~.*.~-.~.*.~o.~.*.~..~Sq.~$.~Sq.~*.~%.~..~.*.~&.~.*.~$.~.*.~$.~Rich%.~................PE..d...p.&F..........#.................`.........@.........................................................................................................`...........................P$............................................... ...............................text............................... ..`.rdata...m... ...n..................@..@.data....,..........................@....pdata..............................@..@.rsrc...`...........................@..@........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8407FC98EE367CCB196894F7CD218792
SHA1:6F280CF374FBA172426B8912170B5CBAFE3D88CD
SHA-256:E1890E4EF7FE9C2242E1FA65DA8162687C893D1A025FEF254B827940D03A0D5A
SHA-512:5850B48B374CB243D6EACF011F11E31050FF04118939424804A62E52DA335CEA6A7EA8DC363D49895EA29929B518C69DCCC8320074693E7B50540580D477956C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..-%.~%.~%.~.*.~-.~.*.~o.~.*.~..~Sq.~$.~Sq.~*.~%.~..~.*.~&.~.*.~$.~.*.~$.~Rich%.~................PE..d...p.&F..........#.................`.........@.........................................................................................................`...........................P$............................................... ...............................text............................... ..`.rdata...m... ...n..................@..@.data....,..........................@....pdata..............................@..@.rsrc...`...........................@..@........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\core599d.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):65503
Entropy (8bit):3.783333450686201
Encrypted:false
SSDEEP:
MD5:09D38CECA6A012F4CE5B54F03DB9B21A
SHA1:01FCB72F22205E406FF9A48C5B98D7B7457D7D98
SHA-256:F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
SHA-512:8C73CA3AF53A9BAF1B9801F87A8FF759DA9B40637A86567C6CC10AB491ACCB446B40C8966807BD06D52EB57384E2D6A4886510DE338019CFD7EF966B45315BA9
Malicious:false
Reputation:unknown
Preview:; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 2/27/2002; rs....[Win32]....12500852.cpx=0x00000000 ..12510866.cpx=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.cpx=0x00000000..12520861.cpx=0x00000000 ..12520863.cpx=0x00000000 ..12520865.cpx=0x00000000..6to4svc.dll=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x000

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\corecomp.ini (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:09D38CECA6A012F4CE5B54F03DB9B21A
SHA1:01FCB72F22205E406FF9A48C5B98D7B7457D7D98
SHA-256:F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
SHA-512:8C73CA3AF53A9BAF1B9801F87A8FF759DA9B40637A86567C6CC10AB491ACCB446B40C8966807BD06D52EB57384E2D6A4886510DE338019CFD7EF966B45315BA9
Malicious:false
Reputation:unknown
Preview:; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 2/27/2002; rs....[Win32]....12500852.cpx=0x00000000 ..12510866.cpx=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.cpx=0x00000000..12520861.cpx=0x00000000 ..12520863.cpx=0x00000000 ..12520865.cpx=0x00000000..6to4svc.dll=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x000

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotn599d.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):10704
Entropy (8bit):5.884578809185698
Encrypted:false
SSDEEP:
MD5:69348C7C4260E37C1C72EDF236995BE1
SHA1:4665917E3BC0099D410C49496CB9D7DCE08D13F7
SHA-256:F62BE21A12B87BA1A4C45112E05954B1D3F3E69F590A9BF96A91AF62548140E9
SHA-512:6FE39497DF80D815366767B0EE771C0A86BF044596AC2547EBE67529638F77C15C3BD577E051B10517644F36308FED85FE2C3E48ED2DFCAB5D0341A8AE7E0C81
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.&F............................>*... ...@....@.. .......................................................................)..K....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ *......H.......8"...............................................................0..?........(......,%s..........,....o.....+...o............&..&......*..*.........11..........14...............................0..W.......s................r...p.....(......s.......o.....,...o......o....+...o......&..&.....*.*.........EK..........EN...............................0...................i.>..........i.1s...+g......o......r...po....,..r...po....-....r...po....,..r...po....-....r...po....,..r#.

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotnetinstaller.exe (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:69348C7C4260E37C1C72EDF236995BE1
SHA1:4665917E3BC0099D410C49496CB9D7DCE08D13F7
SHA-256:F62BE21A12B87BA1A4C45112E05954B1D3F3E69F590A9BF96A91AF62548140E9
SHA-512:6FE39497DF80D815366767B0EE771C0A86BF044596AC2547EBE67529638F77C15C3BD577E051B10517644F36308FED85FE2C3E48ED2DFCAB5D0341A8AE7E0C81
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.&F............................>*... ...@....@.. .......................................................................)..K....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ *......H.......8"...............................................................0..?........(......,%s..........,....o.....+...o............&..&......*..*.........11..........14...............................0..W.......s................r...p.....(......s.......o.....,...o......o....+...o......&..&.....*.*.........EK..........EN...............................0...................i.>..........i.1s...+g......o......r...po....,..r...po....-....r...po....,..r...po....-....r...po....,..r#.

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\DIFx59cc.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):86
Entropy (8bit):4.629340123004133
Encrypted:false
SSDEEP:
MD5:10BAA5B67536F4433F37534B9C8BB828
SHA1:82E5C34B1279AFDA223B639B49078D03C52875F5
SHA-256:1B9FD5C1F18357BD459BE20BFCBF47EE18FA0C5D5CC42F6AED2705D5868B65F4
SHA-512:49C6798EBB3B6137CAFB78B88350D02094367523DCF8F9E580DE1941E514B8B3DF786D1D817090E5DAB80AC4D0D015796B2CE28B296DB31D111E0D0BBAEEBB37
Malicious:false
Reputation:unknown
Preview:[<Properties>]..DIFx32Supported=No..DIFxIntel64Supported=No..DIFxAMD64Supported=No....

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\DIFxData.ini (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:10BAA5B67536F4433F37534B9C8BB828
SHA1:82E5C34B1279AFDA223B639B49078D03C52875F5
SHA-256:1B9FD5C1F18357BD459BE20BFCBF47EE18FA0C5D5CC42F6AED2705D5868B65F4
SHA-512:49C6798EBB3B6137CAFB78B88350D02094367523DCF8F9E580DE1941E514B8B3DF786D1D817090E5DAB80AC4D0D015796B2CE28B296DB31D111E0D0BBAEEBB37
Malicious:false
Reputation:unknown
Preview:[<Properties>]..DIFx32Supported=No..DIFxIntel64Supported=No..DIFxAMD64Supported=No....

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Font59bc.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):39
Entropy (8bit):4.162980744225906
Encrypted:false
SSDEEP:
MD5:00F313E3E007599349A0C4D81C7807C4
SHA1:F0171F15AAB836A1979D3833E46B5E59E4EA32E0
SHA-256:766EE687D90B0217EB41CB85ACA04375BDC24DB986A33536631F864B7CE1A08A
SHA-512:8BB25A62C0B1640DEC36403A493ED54C05F7CDE7B7357C8FAEA785A79C4B76BBE6A3D6FE78DB52B558A37ABAC90C2B2E8B13868A76294554D51670E9FA8764AD
Malicious:false
Reputation:unknown
Preview:[<Properties>]..FontRegistration=No....

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\FontData.ini (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:00F313E3E007599349A0C4D81C7807C4
SHA1:F0171F15AAB836A1979D3833E46B5E59E4EA32E0
SHA-256:766EE687D90B0217EB41CB85ACA04375BDC24DB986A33536631F864B7CE1A08A
SHA-512:8BB25A62C0B1640DEC36403A493ED54C05F7CDE7B7357C8FAEA785A79C4B76BBE6A3D6FE78DB52B558A37ABAC90C2B2E8B13868A76294554D51670E9FA8764AD
Malicious:false
Reputation:unknown
Preview:[<Properties>]..FontRegistration=No....

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Lice597e.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with very long lines (943), with CRLF line terminators
Category:dropped
Size (bytes):5435
Entropy (8bit):5.01241084080729
Encrypted:false
SSDEEP:
MD5:1260A753F9166476CBF01DC37323C5CA
SHA1:6E847542E872C1E6845F85636CEF81F8B989E6AD
SHA-256:E42BC259D9E53697F78B12161DEF93EDABD7A428730191F74BCEBE83D1FF2B17
SHA-512:2263D4F6FBE54319AF6A8C15E272FFDDA8C8EE523D2D5024984ABD451A3BBF674F1836973BF43BEEC8A8DB809937B289CF279E27DB38EE3CC8FE115D9E469F63
Malicious:false
Reputation:unknown
Preview:End User License Agreement ("EULA").. ..Do not install or use the software until you have read and accepted all of the license terms. Permission to use the software is conditional upon your agreeing to the license terms. Installation or use of the software by you will be deemed to be acceptance of the license terms. Acceptance will bind you to the license terms in a legally enforceable contract with Prolific Technology Inc... ..* SOFTWARE LICENSE AND LIMITED WARRANTY..This is an agreement between you, the end user, and Prolific Technology Inc. ("Prolific"). By using this software, you agree to become bound by the terms of this agreement... ..IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT USE THIS SOFTWARE AND PLEASE PROMPTLY REMOVE IT FROM YOUR COMPUTER... ..* GRANT OF LICENSE..Prolific, as licensor, grants to you, the licensee, a non-exclusive right to install One Button Utility (hereinafter the "SOFTWARE") on one computer and use the SOFTWARE in accordance with the terms

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\License.txt (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with very long lines (943), with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:1260A753F9166476CBF01DC37323C5CA
SHA1:6E847542E872C1E6845F85636CEF81F8B989E6AD
SHA-256:E42BC259D9E53697F78B12161DEF93EDABD7A428730191F74BCEBE83D1FF2B17
SHA-512:2263D4F6FBE54319AF6A8C15E272FFDDA8C8EE523D2D5024984ABD451A3BBF674F1836973BF43BEEC8A8DB809937B289CF279E27DB38EE3CC8FE115D9E469F63
Malicious:false
Reputation:unknown
Preview:End User License Agreement ("EULA").. ..Do not install or use the software until you have read and accepted all of the license terms. Permission to use the software is conditional upon your agreeing to the license terms. Installation or use of the software by you will be deemed to be acceptance of the license terms. Acceptance will bind you to the license terms in a legally enforceable contract with Prolific Technology Inc... ..* SOFTWARE LICENSE AND LIMITED WARRANTY..This is an agreement between you, the end user, and Prolific Technology Inc. ("Prolific"). By using this software, you agree to become bound by the terms of this agreement... ..IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT USE THIS SOFTWARE AND PLEASE PROMPTLY REMOVE IT FROM YOUR COMPUTER... ..* GRANT OF LICENSE..Prolific, as licensor, grants to you, the licensee, a non-exclusive right to install One Button Utility (hereinafter the "SOFTWARE") on one computer and use the SOFTWARE in accordance with the terms

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setu598d.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):73728
Entropy (8bit):5.6303825114736545
Encrypted:false
SSDEEP:
MD5:B193567F9C305C820385781BBB18F999
SHA1:121FC7D94E36D864E8C4F7165344FD1176B795E5
SHA-256:F198F5F84BF93406C31D7B1765BD7D47EF8E44933F946211311E658D4E2A08B7
SHA-512:D61C5CD40DF2DDEDD932C60F34EEECE322B8C48071C207B042F4B959A5F22C65D6C924E347812F13857190266C95B14DB430025749D24B1180672FCC2A9A5E92
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.}.Z.}.Z.}.}S..H.}.}S....}... .S.}.Z.|.?.}.}S..z.}.}S..[.}.}S..[.}.}S..[.}.RichZ.}.................PE..L......K...........!.........p...............................................0..........................................b.......d.......H.................... ..........................................@...............l............................text............................... ..`.rdata..b .......0..................@..@.data...D,....... ..................@....rsrc...H...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\SetupEx.dll (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B193567F9C305C820385781BBB18F999
SHA1:121FC7D94E36D864E8C4F7165344FD1176B795E5
SHA-256:F198F5F84BF93406C31D7B1765BD7D47EF8E44933F946211311E658D4E2A08B7
SHA-512:D61C5CD40DF2DDEDD932C60F34EEECE322B8C48071C207B042F4B959A5F22C65D6C924E347812F13857190266C95B14DB430025749D24B1180672FCC2A9A5E92
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.}.Z.}.Z.}.}S..H.}.}S....}... .S.}.Z.|.?.}.}S..z.}.}S..[.}.}S..[.}.}S..[.}.RichZ.}.................PE..L......K...........!.........p...............................................0..........................................b.......d.......H.................... ..........................................@...............l............................text............................... ..`.rdata..b .......0..................@..@.data...D,....... ..................@....rsrc...H...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Stri59eb.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):2230
Entropy (8bit):5.362283293393229
Encrypted:false
SSDEEP:
MD5:336114FC6AA5D6313F9BD2DE981D5F9E
SHA1:051D636243226A5E1FEAF06CA3B8E396A14B6576
SHA-256:C2D2139E96BDD9742B2FE1616D56EE3EB7CC397B8BEA58164CAFF68A4A28CC33
SHA-512:D0CC1B27655D34645DBA76E5115961BB5EAF62D5DD8A27E3C43A9C37D54C723C010BE8B790D513DB31E8CC619C76CDCB7492C5750785557D08840E5108731FB8
Malicious:false
Reputation:unknown
Preview:[StringTable:Data:0009]..ASkDlgText3=Exit Setup Program..AskDlgMesg=Warning! You already have installed the PL-2303 USB-to-Serial driver. Please select one of the options below...AskDlgText1=Reinstall Driver (Upgrade Driver)..AskDlgText2=Uninstall the Driver..COMPANY_NAME=Prolific Technology INC..FINISHBOOTMESG1=Setup has finished reinstalling the PL-2303 USB-to-Serial driver, it is recommended to reboot the system for device to work properly...FINISHBOOTMESG2=If you have plugged the PL-2303 device on PC before running this setup, please unplug and then plug the cable again for system detection...FINISHBOOTTITLE=Installation Complete..FINISHMESG1=The InstallShield wizard has successfully installed the PL-2303 USB-to-Serial driver. Please click the Finish button to exit the wizard...FOLDER_NAME=PL-2303 Driver..IDPROP_SETUPTYPE_COMPLETE=Complete..IDPROP_SETUPTYPE_COMPLETE_DESC=Complete..IDPROP_SETUPTYPE_CUSTOM=Custom..IDPROP_SETUPTYPE_CUSTOM_DESC_PRO=Custom..IDS_PROGMSG_IIS_CREATEVROOT=C

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\StringTable-0009-English.ips (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:336114FC6AA5D6313F9BD2DE981D5F9E
SHA1:051D636243226A5E1FEAF06CA3B8E396A14B6576
SHA-256:C2D2139E96BDD9742B2FE1616D56EE3EB7CC397B8BEA58164CAFF68A4A28CC33
SHA-512:D0CC1B27655D34645DBA76E5115961BB5EAF62D5DD8A27E3C43A9C37D54C723C010BE8B790D513DB31E8CC619C76CDCB7492C5750785557D08840E5108731FB8
Malicious:false
Reputation:unknown
Preview:[StringTable:Data:0009]..ASkDlgText3=Exit Setup Program..AskDlgMesg=Warning! You already have installed the PL-2303 USB-to-Serial driver. Please select one of the options below...AskDlgText1=Reinstall Driver (Upgrade Driver)..AskDlgText2=Uninstall the Driver..COMPANY_NAME=Prolific Technology INC..FINISHBOOTMESG1=Setup has finished reinstalling the PL-2303 USB-to-Serial driver, it is recommended to reboot the system for device to work properly...FINISHBOOTMESG2=If you have plugged the PL-2303 device on PC before running this setup, please unplug and then plug the cable again for system detection...FINISHBOOTTITLE=Installation Complete..FINISHMESG1=The InstallShield wizard has successfully installed the PL-2303 USB-to-Serial driver. Please click the Finish button to exit the wizard...FOLDER_NAME=PL-2303 Driver..IDPROP_SETUPTYPE_COMPLETE=Complete..IDPROP_SETUPTYPE_COMPLETE_DESC=Complete..IDPROP_SETUPTYPE_CUSTOM=Custom..IDPROP_SETUPTYPE_CUSTOM_DESC_PRO=Custom..IDS_PROGMSG_IIS_CREATEVROOT=C

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2ac03.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):81920
Entropy (8bit):6.50929110698456
Encrypted:false
SSDEEP:
MD5:8B80A722CCE8E16F495FCAEB43D863D1
SHA1:69D60D569A73A414E896BF724828F1AC45C3D796
SHA-256:37C3AE191E76E5DE4EB789A4ED1C7837F9BD13FABD370B6E403D89664DE87F85
SHA-512:7CD505DCD37BDBADEA462E0DA46D47F67D2AF1CDB504828D419135BA723F690DDEC1D1357606198FC7B787F4D44D01E3C69E23D9F3AA1B68379D396B3A90F98E
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p:.M.T.M.T.M.T.j.:.H.T.M.U.i.T.j./.J.T.j.).I.T.j.9.k.T.j.(.L.T.j.,.L.T.RichM.T.........PE..L...P..K.....................&......................................................A.......................................xq..P...................................................................P...@............................................text...~........................... ..h.rdata..D...........................@..H.data........ ......................@...PAGE....!....0...................... ..`PAGESER......@...................... ..`PAGESRP0.....P... .................. ..`INIT....,....p.......$.............. ....rsrc................*..............@..B.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2pl.inf (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8B80A722CCE8E16F495FCAEB43D863D1
SHA1:69D60D569A73A414E896BF724828F1AC45C3D796
SHA-256:37C3AE191E76E5DE4EB789A4ED1C7837F9BD13FABD370B6E403D89664DE87F85
SHA-512:7CD505DCD37BDBADEA462E0DA46D47F67D2AF1CDB504828D419135BA723F690DDEC1D1357606198FC7B787F4D44D01E3C69E23D9F3AA1B68379D396B3A90F98E
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p:.M.T.M.T.M.T.j.:.H.T.M.U.i.T.j./.J.T.j.).I.T.j.9.k.T.j.(.L.T.j.,.L.T.RichM.T.........PE..L...P..K.....................&......................................................A.......................................xq..P...................................................................P...@............................................text...~........................... ..h.rdata..D...........................@..H.data........ ......................@...PAGE....!....0...................... ..`PAGESER......@...................... ..`PAGESRP0.....P... .................. ..`INIT....,....p.......$.............. ....rsrc................*..............@..B.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2pl.sys (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8B80A722CCE8E16F495FCAEB43D863D1
SHA1:69D60D569A73A414E896BF724828F1AC45C3D796
SHA-256:37C3AE191E76E5DE4EB789A4ED1C7837F9BD13FABD370B6E403D89664DE87F85
SHA-512:7CD505DCD37BDBADEA462E0DA46D47F67D2AF1CDB504828D419135BA723F690DDEC1D1357606198FC7B787F4D44D01E3C69E23D9F3AA1B68379D396B3A90F98E
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p:.M.T.M.T.M.T.j.:.H.T.M.U.i.T.j./.J.T.j.).I.T.j.9.k.T.j.(.L.T.j.,.L.T.RichM.T.........PE..L...P..K.....................&......................................................A.......................................xq..P...................................................................P...@............................................text...~........................... ..h.rdata..D...........................@..H.data........ ......................@...PAGE....!....0...................... ..`PAGESER......@...................... ..`PAGESRP0.....P... .................. ..`INIT....,....p.......$.............. ....rsrc................*..............@..B.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsR5a1a.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:dropped
Size (bytes):126912
Entropy (8bit):7.720544496731414
Encrypted:false
SSDEEP:
MD5:898515A4AE2FB9D74AE2A905CF82B074
SHA1:ED751342F4BBD131DE393975E08019EA56355107
SHA-256:ED38584275B7248CE51254BC34FBE247AF641C416660342689D19E6559623B13
SHA-512:35AB0A7082CBFD90324748B539B521791EA644EEDDB6042F3A47E4D98EB22721D133442ACB1B33A4C90FD72A560892AB2978C29EDEBE94E443A13C6116F17EBD
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$Lh&`-.u`-.u`-.u.2.ua-.u.1.ut-.u.2.u0-.u`-.u*-.u...uc-.uf..ub-.u.+.ua-.uRich`-.u........PE..L.....&F...........!.................................................................@...................................................6...........................................................................................................text...................PEC2.O......`....rsrc....P.......B.................. ....reloc..............................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsRes.dll (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:898515A4AE2FB9D74AE2A905CF82B074
SHA1:ED751342F4BBD131DE393975E08019EA56355107
SHA-256:ED38584275B7248CE51254BC34FBE247AF641C416660342689D19E6559623B13
SHA-512:35AB0A7082CBFD90324748B539B521791EA644EEDDB6042F3A47E4D98EB22721D133442ACB1B33A4C90FD72A560892AB2978C29EDEBE94E443A13C6116F17EBD
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$Lh&`-.u`-.u`-.u.2.ua-.u.1.ut-.u.2.u0-.u`-.u*-.u...uc-.uf..ub-.u.+.ua-.uRich`-.u........PE..L.....&F...........!.................................................................@...................................................6...........................................................................................................text...................PEC2.O......`....rsrc....P.......B.................. ....reloc..............................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\defa5a0a.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:dropped
Size (bytes):1168
Entropy (8bit):2.551387347019812
Encrypted:false
SSDEEP:
MD5:0ABAFE3F69D053494405061DE2629C82
SHA1:E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:false
Reputation:unknown
Preview:RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\default.pal (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:0ABAFE3F69D053494405061DE2629C82
SHA1:E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:false
Reputation:unknown
Preview:RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt.dll (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:77A3125A2059F39A9BEF961953A8DB8D
SHA1:2FFB52F60C570D1D73CAAB095F3784DC8454E5E6
SHA-256:D6CD68FA4468878D8BC045EA518235F7C6CBEBBD525486DDCEC7D1069D83F119
SHA-512:00863CB19420F4764AB0F71AE0D788E22AD340D9F7AA074BDA2F8FD8317012567E46335802FDFC800F671C22C1E74618819613C4ADB6ADEEAA2E74CD66401605
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................................................W...............w....................J.......r.......Rich............PE..L....&F...........!..... ...........S.......0...............................p.......................................3......\Q.......0...............P.......`.......................................................................................text.... ..............PEC2.O......`....rsrc....0...0....... .............. ....reloc.......`.......N..............@...................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt59eb.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:dropped
Size (bytes):222144
Entropy (8bit):7.941740126132889
Encrypted:false
SSDEEP:
MD5:77A3125A2059F39A9BEF961953A8DB8D
SHA1:2FFB52F60C570D1D73CAAB095F3784DC8454E5E6
SHA-256:D6CD68FA4468878D8BC045EA518235F7C6CBEBBD525486DDCEC7D1069D83F119
SHA-512:00863CB19420F4764AB0F71AE0D788E22AD340D9F7AA074BDA2F8FD8317012567E46335802FDFC800F671C22C1E74618819613C4ADB6ADEEAA2E74CD66401605
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................................................W...............w....................J.......r.......Rich............PE..L....&F...........!..... ...........S.......0...............................p.......................................3......\Q.......0...............P.......`.......................................................................................text.... ..............PEC2.O......`....rsrc....0...0....... .............. ....reloc.......`.......N..............@...................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\INF\SERSabb4.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):2280
Entropy (8bit):5.611064162397153
Encrypted:false
SSDEEP:
MD5:575FD26D1590EB326B4686643746F678
SHA1:B3258A331BC56975C9799F550D056DDF60B5E248
SHA-256:A9FAEBB2C80FC7F8D402F2D39D8660B15E25ED93D0105AB1616F1F2C86640536
SHA-512:95BB74053D0503762E2CFB9F2BF38BFD3754D2584E58F81BEFBCD22315F92CBF64FF5542E0E6E638F60ACFB4F05C45E87228EA0049184FAE28496162F9968554
Malicious:false
Reputation:unknown
Preview:;.SERSPL.INF..;.Copyright (c) 1999 Prolific Technology..;..;.09/13/2000....[version]..signature="$Windows 95$"..Class=Ports..ClassGUID={4d36e978-e325-11ce-bfc1-08002be10318}..Provider=%Mfg%....; [DestinationDirs]..; SerialPort.Copy = 11 ; \windows\system....; [SourceDiskFiles]..; serport.vxd = 1....; [SourceDisksNames]..; 1="USB to Serial Disk #1","",1....; Drivers..;----------------------------------------------------------..[Manufacturer]..%Mfg%=USB2SERDevices....[USB2SERDevices]..%OURPORTDEVICE%=SerialPort, VID_067B&PID_2303....; COM sections..;----------------------------------------------------------....[SerialPort]..; CopyFiles=SerialPort.Copy..AddReg=SerialPort.AddReg..LogConfig=caa,c34,c3a,c43,c4a,c14,c1a,c23,c2a....; [SerialPort.Copy]..; SerPort.VXD....[SerialPort.AddReg]..HKR,,DevLoader,,*vcomm..HKR,,Enumerator,,serenum.vxd..HKR,,PortDriver,,serspl.vxd..HKR,,USBDriver,,ser9pl.sys..HKR,,Contention,,*vcd..HKR,,ConfigDialog,,serialui.dll..HKR,,DCB,3,1C,00,00,00, 00,C2,01,00,

C:\Windows\INF\SERWabb4.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Generic INItialization configuration [Pro]
Category:dropped
Size (bytes):2537
Entropy (8bit):5.450282770791616
Encrypted:false
SSDEEP:
MD5:B144B2211FE17055EC007B90223CDAD0
SHA1:20641EE39C6F25198CC27564EB5F02C8D8B52310
SHA-256:826D4E111B9E8608A032061F88718DE63EFCC7BDF5835016F85699E112FB8FFC
SHA-512:F55ED601A3690E1FC1B505DD3E530DF113941A4464FB9E0608069DDF8E9916E0923E24E0B9C92B66A1A0A229194586F45977D9C3E90F2DA4A7FF96F0EF0E8596
Malicious:false
Reputation:unknown
Preview:;.SERWPL.INF - INF file for USB-to-Serial Device..;.Copyright (C) 2001, Prolific Technology Inc...;..;.03/14/2001..[Manufacturer]..%Pro%=Pro....[Pro]..%DeviceDesc%=ComPort, USB\VID_067B&PID_2303....[SourceDisksNames]..1=%Pro.Disk%,,,....[SourceDisksFiles]..SER9PL.SYS=1..SERSPL.VXD=1..SERSPL.INF=1..SERWPL.INF=1....[SourceDisksFiles.x86]..ser2pl.sys=1....[DestinationDirs]..USB2SER.Files.Ext = 11..USB2SER.Files.Inf = 10,INF..DefaultDestDir=12..ComPort.NT.Copy=12....[ComPort_install]..;Windows98_ME....[Version]..Signature="$Windows 95$"..Class=USB..provider=%Pro%....[PreCopySection]..HKR,,NoSetupUI,,1....[ComPort]..;CopyFiles=USB2SER.Files.Ext, USB2SER.Files.Inf..AddReg=USB2SER.AddReg....[USB2SER.AddReg]..HKR,,DevLoader,,*ntkern..HKR,,NTMPDriver,,SER9PL.SYS....[USB2SER.Files.Ext]..SER9PL.SYS..SERSPL.VXD....[USB2SER.Files.Inf]..SERWPL.INF..SERSPL.INF....;========================================================================..;..;============================================================

C:\Windows\INF\setupapi.dev.log

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Generic INItialization configuration [BeginLog]
Category:dropped
Size (bytes):2495591
Entropy (8bit):5.219399797153902
Encrypted:false
SSDEEP:
MD5:77C31CC107E0E78E3B5225B27BC1B561
SHA1:F0D8A00B0D5BAB63B01911FDD2DBCD50B0FC31EC
SHA-256:92D8AE2BD80C48723042045B1718EF3B759F6480CAC72153983E6E8D777207A3
SHA-512:5D9429CC476E70FD5D63F2F6BA7AABF8F5866B43DA9C65DB8D0E4CA11156569ADDFD958E657E59E83F0641AB6333449D502601F0EF86A4D2DB0B6CB3FFDC6E63
Malicious:false
Reputation:unknown
Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

C:\Windows\SysWOW64\SER9PL.sys (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:A16FB34E56C781DC56BE7492315655B9
SHA1:E64D883A1437BFF02AB16FEB9D73B9EA44629365
SHA-256:FB5EAF100CD4A82237216D15BFDFD7159F08C537756750B5579E3638839928A0
SHA-512:34E423116ABD2650E708FE9BEB1A0B9E518899D33E6423047EB77575DBB00E2066D5F2A8BD7A32872B898F06B7B0DB5B798FB83D8F2F82F2CA76F16A329D5D3D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1j.0u..cu..cu..cu..cr..cu..cw..c,(.cC..cs(.cr..c...ct..c.+.ct..cRichu..c........................PE..L....z.B Z...............I.. .......|1.......G...... ... ....................Z......................................@L...... N..P...@S.......................V..........T............................................................................text...zD.......D.................. ..hPNP.....6....G..@....G.............. ..h.data........G.......G..............@....edata......@L......@L..............@..@INIT........ N.. ... N.............. ....rsrc.......@S......@S..............@..B.reloc.. ....V.. ....V..............@..B.................P......ZO..rO...O...O...O...O...O..>O...P..&P..<P..TP..bP..zP...P...P...O...P...P...P...Q...Q.."Q..8Q..LQ..^Q..xQ...Q...Q...Q...Q...Q...Q...R..(R..2R..LR..dR..vR...R...R...R..4O.......R...R.......................z.B.........*......

C:\Windows\SysWOW64\SER9ab95.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):35892
Entropy (8bit):5.935465769471254
Encrypted:false
SSDEEP:
MD5:A16FB34E56C781DC56BE7492315655B9
SHA1:E64D883A1437BFF02AB16FEB9D73B9EA44629365
SHA-256:FB5EAF100CD4A82237216D15BFDFD7159F08C537756750B5579E3638839928A0
SHA-512:34E423116ABD2650E708FE9BEB1A0B9E518899D33E6423047EB77575DBB00E2066D5F2A8BD7A32872B898F06B7B0DB5B798FB83D8F2F82F2CA76F16A329D5D3D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1j.0u..cu..cu..cu..cr..cu..cw..c,(.cC..cs(.cr..c...ct..c.+.ct..cRichu..c........................PE..L....z.B Z...............I.. .......|1.......G...... ... ....................Z......................................@L...... N..P...@S.......................V..........T............................................................................text...zD.......D.................. ..hPNP.....6....G..@....G.............. ..h.data........G.......G..............@....edata......@L......@L..............@..@INIT........ N.. ... N.............. ....rsrc.......@S......@S..............@..B.reloc.. ....V.. ....V..............@..B.................P......ZO..rO...O...O...O...O...O..>O...P..&P..<P..TP..bP..zP...P...P...O...P...P...P...Q...Q.."Q..8Q..LQ..^Q..xQ...Q...Q...Q...Q...Q...Q...R..(R..2R..LR..dR..vR...R...R...R..4O.......R...R.......................z.B.........*......

C:\Windows\SysWOW64\SERSPL.VXD (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:MS-DOS executable, LE executable for MS Windows (VxD)
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:FBD8C98379A3017D5E0708A816C72A6D
SHA1:80A0DF1F991281BDEDF54F1ECAFE64FBA3895C17
SHA-256:0FD5E04C73702EF2995A13802BC78EE0EE63BB5E186F9E2EBCCB7832B7E19CD4
SHA-512:15CF53BC3DCFF7218535D9D99306562CF80410F35AC17E629953D05B2826CA1CEACD8566B23D7ED6B44002F5C429F8020646E34D703799840DA4E7A75196574F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M............................................Rich............LE..................,...........................Z...............................................................*.......*...........(....f..#............................................f...........O......E ......(...LCODT........ ..).......PCOD......... ..,.......ICOD.............................................................................................................................. ...!..."...#...$...%...&...'...(...)...*...+...,..SERSPL.........................................?..............._..._..._..._..._...i...s.......................................b...v...........................?.......]...............>.................L...K..0..p...,..@4..(...2..$...1.. ...*.....P*......*......&'....L..........&.....p&......%'....L.............P%......$......$.....p$..... $......$.....0"......!

C:\Windows\SysWOW64\SERSaba5.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:MS-DOS executable, LE executable for MS Windows (VxD)
Category:dropped
Size (bytes):26719
Entropy (8bit):5.4670177974015575
Encrypted:false
SSDEEP:
MD5:FBD8C98379A3017D5E0708A816C72A6D
SHA1:80A0DF1F991281BDEDF54F1ECAFE64FBA3895C17
SHA-256:0FD5E04C73702EF2995A13802BC78EE0EE63BB5E186F9E2EBCCB7832B7E19CD4
SHA-512:15CF53BC3DCFF7218535D9D99306562CF80410F35AC17E629953D05B2826CA1CEACD8566B23D7ED6B44002F5C429F8020646E34D703799840DA4E7A75196574F
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M............................................Rich............LE..................,...........................Z...............................................................*.......*...........(....f..#............................................f...........O......E ......(...LCODT........ ..).......PCOD......... ..,.......ICOD.............................................................................................................................. ...!..."...#...$...%...&...'...(...)...*...+...,..SERSPL.........................................?..............._..._..._..._..._...i...s.......................................b...v...........................?.......]...............>.................L...K..0..p...,..@4..(...2..$...1.. ...*.....P*......*......&'....L..........&.....p&......%'....L.............P%......$......$.....p$..... $......$.....0"......!

C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmp

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):97280
Entropy (8bit):6.240060218064393
Encrypted:false
SSDEEP:
MD5:172600C07C64B6C989AEE451994AC18D
SHA1:53A0160300C3CAF6BF18E976DC9BAD6CB1915770
SHA-256:A21BE5D125F575627197A8729FDC1D582BF7E468A914297D04BB14616C16F41A
SHA-512:FC4C6FEE4D089C55BDD6E7E4DE111B57A249E487D30E2E1740325EB7724973DC8D20542BD9B37770A052BC3A7C0D7773FF9CB795490821AD64914899FA0C74C3
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............s...............r.............................................................Rich............PE..d... ..K.........."......\...,......<...........................................................................................................<............p..................$....@...............................................@...............................text....*.......,.................. ..h.rdata.......@.......0..............@..H.data...,....P.......<..............@....pdata.......p.......>..............@..HPAGE....q............F.............. ..`PAGESRP03$.......&...H.............. ..`PAGESER..............n.............. ..`INIT.................p.............. ....rsrc................v..............@..B.reloc...............z..............@..B................................................................................................

C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBE72.tmp

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:data
Category:dropped
Size (bytes):7929
Entropy (8bit):7.109195449660102
Encrypted:false
SSDEEP:
MD5:93DFE1A6B10DDF5ED0590C61A664EF83
SHA1:E43351D5B361C72A110C04C1DAAFF8CC954F0739
SHA-256:D294D77424BE49A8ECAA926E35BF428D6B5B85A053192B12C1237D4F80634784
SHA-512:D543283498E91C3667CE3590256DA2B91D7E5798C410ADA68F2F7C735B5240A329E3A408CCECBF25606C2BF6596601F3442FDAB72ADD445369E11E7D4BEF2AC1
Malicious:false
Reputation:unknown
Preview:0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7...........D..T.P.(...091123120220Z0...+.....7.....0...0....R1.6.E.0.F.D.8.A.3.0.F.7.6.7.9.B.D.D.5.9.3.3.1.7.2.B.F.5.6.3.2.E.2.E.6.E.E.3.3.1...1..W08..+.....7...1*0(...F.i.l.e........s.e.r.2.p.l...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............0.g..Y3.+.c..n.10....RF.2.4.D.2.3.D.2.B.D.8.D.8.C.B.9.8.B.9.4.F.A.D.2.5.E.E.3.B.2.D.8.3.D.8.B.E.1.9.3...1..M0<..+.....7...1.0,...F.i.l.e........s.e.r.2.p.l.6.4...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........M#........^..=..0....RF.5.F

C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\ser2pl.cat (copy)

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:93DFE1A6B10DDF5ED0590C61A664EF83
SHA1:E43351D5B361C72A110C04C1DAAFF8CC954F0739
SHA-256:D294D77424BE49A8ECAA926E35BF428D6B5B85A053192B12C1237D4F80634784
SHA-512:D543283498E91C3667CE3590256DA2B91D7E5798C410ADA68F2F7C735B5240A329E3A408CCECBF25606C2BF6596601F3442FDAB72ADD445369E11E7D4BEF2AC1
Malicious:false
Reputation:unknown
Preview:0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7...........D..T.P.(...091123120220Z0...+.....7.....0...0....R1.6.E.0.F.D.8.A.3.0.F.7.6.7.9.B.D.D.5.9.3.3.1.7.2.B.F.5.6.3.2.E.2.E.6.E.E.3.3.1...1..W08..+.....7...1*0(...F.i.l.e........s.e.r.2.p.l...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............0.g..Y3.+.c..n.10....RF.2.4.D.2.3.D.2.B.D.8.D.8.C.B.9.8.B.9.4.F.A.D.2.5.E.E.3.B.2.D.8.3.D.8.B.E.1.9.3...1..M0<..+.....7...1.0,...F.i.l.e........s.e.r.2.p.l.6.4...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........M#........^..=..0....RF.5.F

C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\ser2pl64.sys (copy)

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:172600C07C64B6C989AEE451994AC18D
SHA1:53A0160300C3CAF6BF18E976DC9BAD6CB1915770
SHA-256:A21BE5D125F575627197A8729FDC1D582BF7E468A914297D04BB14616C16F41A
SHA-512:FC4C6FEE4D089C55BDD6E7E4DE111B57A249E487D30E2E1740325EB7724973DC8D20542BD9B37770A052BC3A7C0D7773FF9CB795490821AD64914899FA0C74C3
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............s...............r.............................................................Rich............PE..d... ..K.........."......\...,......<...........................................................................................................<............p..................$....@...............................................@...............................text....*.......,.................. ..h.rdata.......@.......0..............@..H.data...,....P.......<..............@....pdata.......p.......>..............@..HPAGE....q............F.............. ..`PAGESRP03$.......&...H.............. ..`PAGESER..............n.............. ..`INIT.................p.............. ....rsrc................v..............@..B.reloc...............z..............@..B................................................................................................

C:\Windows\System32\catroot2\dberr.txt

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):74026
Entropy (8bit):5.389892519503095
Encrypted:false
SSDEEP:
MD5:CE74EB5A9C4C508A6426B6FEEE5CD00C
SHA1:234595F2F375287667A17E752F1C8D3087B33AD1
SHA-256:746BCC623BD4AD92BBB103BC31A12FDF4BA29E943CA8C670C5FBF4697F10BA42
SHA-512:743D6F8166F875511809379A5A4A3D7214469A193D733AC9E42F7BE8588BC56A4FFA138A8440939285D6855A9EDF54A292BFB2CA71BF3A8D39A82322401C2B6B
Malicious:false
Reputation:unknown
Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

C:\Windows\Temp\Deleabd4.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):143360
Entropy (8bit):5.81670184600834
Encrypted:false
SSDEEP:
MD5:80D740259E177515BB336C8896AD88DC
SHA1:4F0D9F3BC3DFDEEA7E3C955E194EA91BEBC7C63E
SHA-256:0942A384431F51EB4DA914C79FC312272E427AC3C0ABF8295DB772B09B3C3E77
SHA-512:BBFB0AA363683CE335A0B46B221754A754262F90C67188ADF25390CD284B8BABF3F3280A719984C616F553D486F7106B04EB6BD017C256C892F6D617D5C85A47
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{..{..{..2s..{..s..{..2s..{..w..{..w..5{..Z..{..KX..{..{..y..w...{..]p..{..w..{..Rich.{..........................PE..L....4.B.................`...........B.......p....@..........................p..............................................\........0...3.............................................................H............p.........@....................text....S.......`.................. ..`.rdata..jT...p...`...p..............@..@.data....P....... ..................@....rsrc....3...0...@..................@..@........................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\DeleteUSB.exe (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:80D740259E177515BB336C8896AD88DC
SHA1:4F0D9F3BC3DFDEEA7E3C955E194EA91BEBC7C63E
SHA-256:0942A384431F51EB4DA914C79FC312272E427AC3C0ABF8295DB772B09B3C3E77
SHA-512:BBFB0AA363683CE335A0B46B221754A754262F90C67188ADF25390CD284B8BABF3F3280A719984C616F553D486F7106B04EB6BD017C256C892F6D617D5C85A47
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{..{..{..2s..{..s..{..2s..{..w..{..w..5{..Z..{..KX..{..{..y..w...{..]p..{..w..{..Rich.{..........................PE..L....4.B.................`...........B.......p....@..........................p..............................................\........0...3.............................................................H............p.........@....................text....S.......`.................. ..`.rdata..jT...p...`...p..............@..@.data....P....... ..................@....rsrc....3...0...@..................@..@........................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\PLUninst.exe (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:5E4D5AD7D6B97325158F9B208ED6B98B
SHA1:5EC313FDDDE095811992E9F8E53D8EA1C30FF39E
SHA-256:352F2738D424BAFBC05EBABAFDA9569E65566D70E7789BEC5ADA9453F2EC46C9
SHA-512:520A4A2A25103CC9ECA9B8CE7FC86B1E738ED3F8E847DB186BBB57EC19396567A64729C4F61D556B6B113131DA9B8498E23E662DE68F4EF043B86E56CBD07DEA
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{..Bs...{...s...{..Bs...{...w...{...w..E{...Z...{..;X...{...{...y...w..{..-p...{...w...{..Rich.{..........PE..L...l4.B.................`..........s?.......p....@..........................p......................................................0...3..............................................................H............p......`...@....................text....P.......`.................. ..`.rdata...S...p...`...p..............@..@.data....P....... ..................@....rsrc....3...0...@..................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\QRemabb4.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):147456
Entropy (8bit):5.947376041251099
Encrypted:false
SSDEEP:
MD5:004FA62F61DF14EA8623B474E49921AF
SHA1:172E6DC513BAC6601F5138048A5C98D3E55A20FF
SHA-256:B382FA026CEE6B59F187B83F1CC846491AE01556B603F4E91803DCF4B9D059AC
SHA-512:39A7F866ADB803962F99422E75229FA074CE583A1672F14D92142B188B237D9E706C6C9C4B8BF553206B2BFC46D489FE43F9BF93897891AA93E7784CAC88D0D2
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1.Cm_.Cm_.Cm_.Pe6.Bm_..e..Dm_.Pe..Am_.FaP._m_.Fa...m_.hLx.Jm_..NF.Em_..e..Rm_.Cm^.^o_.Fa?.!m_..f..Bm_.Fa..Bm_.RichCm_.........................PE..L....3.B.................p...........Z............@..................................................................................@...3..............................................................H...................$...@....................text....l.......p.................. ..`.rdata...Y.......`..................@..@.data....P....... ..................@....rsrc....3...@...@..................@..@................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\QRemover.exe (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:004FA62F61DF14EA8623B474E49921AF
SHA1:172E6DC513BAC6601F5138048A5C98D3E55A20FF
SHA-256:B382FA026CEE6B59F187B83F1CC846491AE01556B603F4E91803DCF4B9D059AC
SHA-512:39A7F866ADB803962F99422E75229FA074CE583A1672F14D92142B188B237D9E706C6C9C4B8BF553206B2BFC46D489FE43F9BF93897891AA93E7784CAC88D0D2
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1.Cm_.Cm_.Cm_.Pe6.Bm_..e..Dm_.Pe..Am_.FaP._m_.Fa...m_.hLx.Jm_..NF.Em_..e..Rm_.Cm^.^o_.Fa?.!m_..f..Bm_.Fa..Bm_.RichCm_.........................PE..L....3.B.................p...........Z............@..................................................................................@...3..............................................................H...................$...@....................text....l.......p.................. ..`.rdata...Y.......`..................@..@.data....P....... ..................@....rsrc....3...@...@..................@..@................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\Uninabe3.rra

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):143360
Entropy (8bit):5.782465161186039
Encrypted:false
SSDEEP:
MD5:5E4D5AD7D6B97325158F9B208ED6B98B
SHA1:5EC313FDDDE095811992E9F8E53D8EA1C30FF39E
SHA-256:352F2738D424BAFBC05EBABAFDA9569E65566D70E7789BEC5ADA9453F2EC46C9
SHA-512:520A4A2A25103CC9ECA9B8CE7FC86B1E738ED3F8E847DB186BBB57EC19396567A64729C4F61D556B6B113131DA9B8498E23E662DE68F4EF043B86E56CBD07DEA
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{..Bs...{...s...{..Bs...{...w...{...w..E{...Z...{..;X...{...{...y...w..{..-p...{...w...{..Rich.{..........PE..L...l4.B.................`..........s?.......p....@..........................p......................................................0...3..............................................................H............p......`...@....................text....P.......`.................. ..`.rdata...S...p...`...p..............@..@.data....P....... ..................@....rsrc....3...0...@..................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\Uninstall.ICO (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:5E4D5AD7D6B97325158F9B208ED6B98B
SHA1:5EC313FDDDE095811992E9F8E53D8EA1C30FF39E
SHA-256:352F2738D424BAFBC05EBABAFDA9569E65566D70E7789BEC5ADA9453F2EC46C9
SHA-512:520A4A2A25103CC9ECA9B8CE7FC86B1E738ED3F8E847DB186BBB57EC19396567A64729C4F61D556B6B113131DA9B8498E23E662DE68F4EF043B86E56CBD07DEA
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{..Bs...{...s...{..Bs...{...w...{...w..E{...Z...{..;X...{...{...y...w..{..-p...{...w...{..Rich.{..........PE..L...l4.B.................`..........s?.......p....@..........................p......................................................0...3..............................................................H............p......`...@....................text....P.......`.................. ..`.rdata...S...p...`...p..............@..@.data....P....... ..................@....rsrc....3...0...@..................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\Uninstall.exe (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:5E4D5AD7D6B97325158F9B208ED6B98B
SHA1:5EC313FDDDE095811992E9F8E53D8EA1C30FF39E
SHA-256:352F2738D424BAFBC05EBABAFDA9569E65566D70E7789BEC5ADA9453F2EC46C9
SHA-512:520A4A2A25103CC9ECA9B8CE7FC86B1E738ED3F8E847DB186BBB57EC19396567A64729C4F61D556B6B113131DA9B8498E23E662DE68F4EF043B86E56CBD07DEA
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{..Bs...{...s...{..Bs...{...w...{...w..E{...Z...{..;X...{...{...y...w..{..-p...{...w...{..Rich.{..........PE..L...l4.B.................`..........s?.......p....@..........................p......................................................0...3..............................................................H............p......`...@....................text....P.......`.................. ..`.rdata...S...p...`...p..............@..@.data....P....... ..................@....rsrc....3...0...@..................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\inf\SERSPL.INF (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:575FD26D1590EB326B4686643746F678
SHA1:B3258A331BC56975C9799F550D056DDF60B5E248
SHA-256:A9FAEBB2C80FC7F8D402F2D39D8660B15E25ED93D0105AB1616F1F2C86640536
SHA-512:95BB74053D0503762E2CFB9F2BF38BFD3754D2584E58F81BEFBCD22315F92CBF64FF5542E0E6E638F60ACFB4F05C45E87228EA0049184FAE28496162F9968554
Malicious:false
Reputation:unknown
Preview:;.SERSPL.INF..;.Copyright (c) 1999 Prolific Technology..;..;.09/13/2000....[version]..signature="$Windows 95$"..Class=Ports..ClassGUID={4d36e978-e325-11ce-bfc1-08002be10318}..Provider=%Mfg%....; [DestinationDirs]..; SerialPort.Copy = 11 ; \windows\system....; [SourceDiskFiles]..; serport.vxd = 1....; [SourceDisksNames]..; 1="USB to Serial Disk #1","",1....; Drivers..;----------------------------------------------------------..[Manufacturer]..%Mfg%=USB2SERDevices....[USB2SERDevices]..%OURPORTDEVICE%=SerialPort, VID_067B&PID_2303....; COM sections..;----------------------------------------------------------....[SerialPort]..; CopyFiles=SerialPort.Copy..AddReg=SerialPort.AddReg..LogConfig=caa,c34,c3a,c43,c4a,c14,c1a,c23,c2a....; [SerialPort.Copy]..; SerPort.VXD....[SerialPort.AddReg]..HKR,,DevLoader,,*vcomm..HKR,,Enumerator,,serenum.vxd..HKR,,PortDriver,,serspl.vxd..HKR,,USBDriver,,ser9pl.sys..HKR,,Contention,,*vcd..HKR,,ConfigDialog,,serialui.dll..HKR,,DCB,3,1C,00,00,00, 00,C2,01,00,

C:\Windows\inf\SERWPL.INF (copy)

Download File
Process:C:\Users\user\Desktop\Setup.exe
File Type:Generic INItialization configuration [Pro]
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B144B2211FE17055EC007B90223CDAD0
SHA1:20641EE39C6F25198CC27564EB5F02C8D8B52310
SHA-256:826D4E111B9E8608A032061F88718DE63EFCC7BDF5835016F85699E112FB8FFC
SHA-512:F55ED601A3690E1FC1B505DD3E530DF113941A4464FB9E0608069DDF8E9916E0923E24E0B9C92B66A1A0A229194586F45977D9C3E90F2DA4A7FF96F0EF0E8596
Malicious:false
Reputation:unknown
Preview:;.SERWPL.INF - INF file for USB-to-Serial Device..;.Copyright (C) 2001, Prolific Technology Inc...;..;.03/14/2001..[Manufacturer]..%Pro%=Pro....[Pro]..%DeviceDesc%=ComPort, USB\VID_067B&PID_2303....[SourceDisksNames]..1=%Pro.Disk%,,,....[SourceDisksFiles]..SER9PL.SYS=1..SERSPL.VXD=1..SERSPL.INF=1..SERWPL.INF=1....[SourceDisksFiles.x86]..ser2pl.sys=1....[DestinationDirs]..USB2SER.Files.Ext = 11..USB2SER.Files.Inf = 10,INF..DefaultDestDir=12..ComPort.NT.Copy=12....[ComPort_install]..;Windows98_ME....[Version]..Signature="$Windows 95$"..Class=USB..provider=%Pro%....[PreCopySection]..HKR,,NoSetupUI,,1....[ComPort]..;CopyFiles=USB2SER.Files.Ext, USB2SER.Files.Inf..AddReg=USB2SER.AddReg....[USB2SER.AddReg]..HKR,,DevLoader,,*ntkern..HKR,,NTMPDriver,,SER9PL.SYS....[USB2SER.Files.Ext]..SER9PL.SYS..SERSPL.VXD....[USB2SER.Files.Inf]..SERWPL.INF..SERSPL.INF....;========================================================================..;..;============================================================

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.55363635880913
TrID:
  • Win32 Executable (generic) a (10002005/4) 95.43%
  • DirectShow filter (201580/2) 1.92%
  • Windows ActiveX control (116523/4) 1.11%
  • Win32 EXE PECompact compressed (v2.x) (59071/9) 0.56%
  • InstallShield setup (43055/19) 0.41%
File name:Setup.exe
File size:3'176'304 bytes
MD5:cd31545772cdb4e84902f25d3363c58d
SHA1:88ab168cbfc19785caab11109b4682d3cfcfafae
SHA256:3c80fd894036f549fb831d271595df775ebaba7d98fdeea579bfae3c9d42ec53
SHA512:482be992b98efe56ed1a4cb5716d12321c5e28d144b985ad40b9d152cde47d467b052946e82ee2c3d63f7668705c6318f1d61f34eb0533b5ea358467af096d75
SSDEEP:49152:S5XjOui0/5LKqLhtbx/p/noQUhtm683Df7klWYBiCKhSOoSvbJp5+5q:ShjOp0hKqLhbpPoThM68377vBKepA4
TLSH:56E5E002BBEA816EF2B74A70E97B07B15BB5BC969E31811F7390B91C1C306A1D531B17
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bF+N&'E.&'E.&'E.];I.%'E..;K.9'E.I8O..'E.I8N.)'E...Y.%'E...`.$'E. .O.$'E.&'D.v&E...\.3'E. .N..'E..!C.''E.Rich&'E................

File Icon

Icon Hash:2727122723110113

Static PE Info

General

Entrypoint:0x422094
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:0x4626B2F4 [Thu Apr 19 00:08:20 2007 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:8f244019e52c417786599750d44c515a

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 29/04/2009 02:00:00 08/05/2010 01:59:59
Subject Chain
  • CN=Prolific Technology Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Prolific Technology Inc., S=Taipei, C=TW
Version:3
Thumbprint MD5:D9C5BCF4847D5A65869181BDF6276D3E
Thumbprint SHA-1:64C43A116EBC08102A85FC1D7031389511D0DC70
Thumbprint SHA-256:F9CBD2C71A4657F390A12AF3257D1268ECDB4E74B6A10D8C0DD834E6D4E00D2F
Serial:06899F9218FFE732899BEF8B6B686465

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0044A2F0h
push 00425048h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 58h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [00449140h]
xor edx, edx
mov dl, ah
mov dword ptr [00458D70h], edx
mov ecx, eax
and ecx, 000000FFh
mov dword ptr [00458D6Ch], ecx
shl ecx, 08h
add ecx, edx
mov dword ptr [00458D68h], ecx
shr eax, 10h
mov dword ptr [00458D64h], eax
push 00000001h
call 00007F211CC2BD81h
pop ecx
test eax, eax
jne 00007F211CC2A0AAh
push 0000001Ch
call 00007F211CC2A168h
pop ecx
call 00007F211CC2B24Dh
test eax, eax
jne 00007F211CC2A0AAh
push 00000010h
call 00007F211CC2A157h
pop ecx
xor esi, esi
mov dword ptr [ebp-04h], esi
call 00007F211CC2EDA6h
call dword ptr [00449308h]
mov dword ptr [0045A428h], eax
call 00007F211CC2EC64h
mov dword ptr [00458CB4h], eax
call 00007F211CC2EA0Dh
call 00007F211CC2E94Fh
call 00007F211CC2D0A2h
mov dword ptr [ebp-30h], esi
lea eax, dword ptr [ebp-5Ch]
push eax
call dword ptr [0044930Ch]
call 00007F211CC2E8E0h
mov dword ptr [ebp-64h], eax
test byte ptr [ebp-30h], 00000001h
je 00007F211CC2A0A8h
movzx eax, word ptr [ebp+00h]

Rich Headers

Programming Language:
  • [EXP] VC++ 6.0 SP5 build 8804

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x510c80xf0.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x5b0000x232c.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x3060380x1738
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x490000x4cc.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x47a420x48000246bc04c9934d94ae3e5085c0fbab939False0.5119594997829862data6.582164078038985IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x490000x9a700xa00016f2af57c4910be773837ffdb7fbde59False0.3839599609375data4.563700076946339IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x530000x742c0x6000ed1e754e7b6303e212e660e942089261False0.2513834635416667data3.274968751787648IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x5b0000x232c0x3000bc771372afbdf9ddce017fcb10690eacFalse0.4298502604166667data5.902552822833265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x5b2080x928Device independent bitmap graphic, 22 x 64 x 24, image size 21760.36177474402730375
RT_ICON0x5bb300x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.8424855491329479
RT_ICON0x5c0980x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.5013440860215054
RT_ICON0x5c3800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.8068592057761733
RT_DIALOG0x5cc280x42data0.8333333333333334
RT_GROUP_ICON0x5cc6c0x14data1.15
RT_VERSION0x5cc800x32cdata0.4605911330049261
RT_MANIFEST0x5cfac0x37fXML 1.0 document, ASCII text, with CRLF line terminators0.47150837988826816

Imports

DLLImport
COMCTL32.dll
VERSION.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
KERNEL32.dllLoadLibraryExA, QueryPerformanceFrequency, CreateEventA, ReadFile, CompareStringA, CompareStringW, GlobalSize, SizeofResource, FreeResource, SearchPathA, FindNextFileA, GetTempFileNameA, GetExitCodeProcess, TerminateProcess, OpenProcess, GetLocalTime, InitializeCriticalSection, GetCurrentProcessId, GetVersion, LeaveCriticalSection, EnterCriticalSection, GetCurrentThread, VirtualQuery, VirtualProtect, UnmapViewOfFile, GetShortPathNameA, MapViewOfFile, CreateFileMappingA, SetEvent, ResetEvent, QueryPerformanceCounter, SystemTimeToFileTime, lstrcmpA, MoveFileExA, GetDiskFreeSpaceA, GetSystemDirectoryA, GetSystemInfo, IsBadReadPtr, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, lstrcpyA, lstrlenA, Sleep, CloseHandle, CreateProcessA, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, RemoveDirectoryA, DeleteFileA, ResumeThread, SetThreadContext, MulDiv, GetPrivateProfileStringA, GetPrivateProfileSectionNamesA, SetEndOfFile, FlushFileBuffers, SetStdHandle, IsBadCodePtr, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetStringTypeW, GetStringTypeA, SetUnhandledExceptionFilter, HeapSize, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, LCMapStringW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, TlsGetValue, TlsAlloc, CreateDirectoryA, FindFirstFileA, FindClose, lstrcmpiA, lstrcpynA, WriteFile, GetDriveTypeA, SetFilePointer, GetFileAttributesA, ReleaseMutex, GetPrivateProfileIntA, lstrcatA, LoadLibraryA, GetSystemDefaultLangID, CreateMutexA, FreeLibrary, SetErrorMode, GetTickCount, FindResourceExA, FindResourceA, LoadResource, LockResource, GetWindowsDirectoryA, InterlockedDecrement, LocalFree, InterlockedIncrement, FormatMessageA, GetTempPathA, GetVersionExA, CreateFileA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, GetLastError, SetLastError, WaitForSingleObject, ExitProcess, GetCurrentProcess, DuplicateHandle, GetThreadContext, VirtualProtectEx, WriteProcessMemory, FlushInstructionCache, TlsSetValue, GetCurrentThreadId, GetCommandLineA, GetStartupInfoA, RaiseException, HeapAlloc, HeapFree, RtlUnwind, DeleteCriticalSection, InterlockedExchange, GetFileSize
USER32.dllSetWindowLongA, SetWindowTextA, SendMessageA, GetDlgItem, wsprintfA, WaitForInputIdle, CharUpperA, MessageBoxA, DialogBoxIndirectParamA, SetDlgItemTextA, MsgWaitForMultipleObjects, CharLowerBuffA, SetFocus, BeginPaint, EndPaint, LoadStringA, FillRect, ScreenToClient, GetWindowTextLengthA, GetWindowTextA, GetWindowPlacement, SendDlgItemMessageA, GetMessageA, DefWindowProcA, GetParent, GetWindow, SystemParametersInfoA, MapWindowPoints, SetWindowPos, GetPropA, EnableMenuItem, SetPropA, RemovePropA, ShowWindow, IsWindow, GetSysColor, LoadImageA, CreateDialogParamA, GetDC, ReleaseDC, SetActiveWindow, PeekMessageA, IsDialogMessageA, TranslateMessage, DispatchMessageA, DestroyWindow, CreateDialogIndirectParamA, SetForegroundWindow, GetDesktopWindow, GetClientRect, EnableWindow, IsWindowEnabled, GetWindowDC, UpdateWindow, InvalidateRect, DrawIcon, MapDialogRect, GetClassNameA, CallWindowProcA, DrawFocusRect, InflateRect, DrawTextA, CopyRect, EnumChildWindows, CreateWindowExA, RegisterClassExA, IntersectRect, GetDlgItemTextA, GetWindowLongA, GetWindowRect, MoveWindow, EndDialog, LoadIconA
GDI32.dllCreateCompatibleBitmap, CreateDCA, GetStockObject, GetTextExtentPoint32A, CreatePatternBrush, DeleteMetaFile, SetMetaFileBitsEx, SetStretchBltMode, SelectClipRgn, SetPixel, PatBlt, PlayMetaFile, StretchBlt, CreateBitmap, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, CreateDIBitmap, SaveDC, SetBkMode, SetTextColor, TextOutA, RestoreDC, GetTextExtentPointA, CreateFontIndirectA, SetBkColor, CreateRectRgn, DeleteObject, CreateSolidBrush, GetDIBColorTable, GetSystemPaletteEntries, CreatePalette, CreateHalftonePalette, GetDeviceCaps, GetObjectA, CreateCompatibleDC, UnrealizeObject, SelectPalette, RealizePalette, SelectObject, BitBlt, DeleteDC, SetMapMode
ADVAPI32.dllRegCloseKey, RegQueryValueA, RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegEnumKeyA, RegOpenKeyA, FreeSid, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, OpenThreadToken
SHELL32.dllSHGetPathFromIDListA, SHGetMalloc, ShellExecuteExA, SHGetSpecialFolderLocation
ole32.dllCoInitialize, CoUninitialize
OLEAUT32.dllSysFreeString, SysAllocString, SysAllocStringLen, SysReAllocStringLen, SysStringLen, GetErrorInfo, VariantClear, VariantChangeType
LZ32.dllLZOpenFileA, LZCopy, LZClose
RPCRT4.dllRpcStringFreeA, UuidCreate, UuidToStringA