Windows Analysis Report
MagicUtilities-Setup-3.1.4.5-Win10.exe

Overview

General Information

Sample name:	MagicUtilities-Setup-3.1.4.5-Win10.exe
Analysis ID:	1522462
MD5:	b0a4144c3aeef5d61201706e2f786ff0
SHA1:	224e8360830c2b02e4daef69a2c0d55a98ff0ec4
SHA256:	4150d4963e9283e26e1bbe67f56c733feec94ae4cc42b2e5fc35b40efa92ea8f
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Drops PE files

Found dropped PE file which has not been started or loaded

PE file contains sections with non-standard names

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: certificate valid

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Uses 32bit PE files

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean2.winEXE@3/2@0/0

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

File created: C:\Users\user\AppData\Local\Programs

Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe

File created: C:\Users\user\AppData\Local\Temp\is-66B67.tmp

Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe

File read: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe

Source: unknown	Process created: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe "C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe"
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Process created: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp "C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp" /SL5="$40380,68291663,1056768,C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe"
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Process created: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp "C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp" /SL5="$40380,68291663,1056768,C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe"

Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Section loaded: dwmapi.dll

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

Window found: window name: TMainForm

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: certificate valid

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static file information: File size 69423208 > 1048576

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains sections with non-standard names

Source: MagicUtilities-Setup-3.1.4.5-Win10.exe

Static PE information: section name: .didata

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	File created: C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	File created: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp			Jump to dropped file

Source: C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp

Jump to dropped file

Screenshots

Network Map

⊘No contacted IP infos

ID:	1522462
Product:	CloudBasic
Start time:	07:05:54
Start date:	30.09.2024
Sample:	MagicUtilities-Setup-3.1.4.5-Win10.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b0a4144c3aeef5d61201706e2f786ff0
SHA1:	224e8360830c2b02e4daef69a2c0d55a98ff0ec4
SHA256:	4150d4963e9283e26e1bbe67f56c733feec94ae4cc42b2e5fc35b40efa92ea8f
Filetype:	Win32 Executable (generic) a (10002005/4) 98.45%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	9D13CC54CB881EF523EEA84C934A8AD1	CC0128344E12D699BB2BE8FCB946ACE81CD8BA8E	AC45E7D2311D3138311F1B654E76B4685111079915DC55C1E487DF66E1900C36
C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	E4211D6D009757C078A9FAC7FF4F03D4	019CD56BA687D39D12D4B13991C9A42EA6BA03DA	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95

Windows Analysis Report
MagicUtilities-Setup-3.1.4.5-Win10.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Windows Analysis Report MagicUtilities-Setup-3.1.4.5-Win10.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Windows Analysis Report
MagicUtilities-Setup-3.1.4.5-Win10.exe