Windows Analysis Report
winmerge-master.zip

Overview

General Information

Sample name:	winmerge-master.zip
Analysis ID:	1528474
MD5:	9f0381944322481d07a921944de5451f
SHA1:	8ad0e7c9652ffa4342e28df29fdd7cccb872d861
SHA256:	587a4e55767fbf9c20987f0aba11760d269eb29734aeb823b3856f45395cccc1
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Program does not show much activity (idle)

Classification

Signatures

Source: winmerge-master.zip	Binary or memory string: Bwinmerge-master/Externals/poco/Foundation/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ALL.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: Jwinmerge-master/Plugins/src_VB/CompareMSExcelFiles/CompareMSExcelFiles.vbpUT
Source: winmerge-master.zip	Binary or memory string: 8Pwinmerge-master/Externals/crystaledit/test/test.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VB/IgnoreTwoFirstCharsOrder/IgnoreTwoFirstCharsOrder.vbpUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/WinMerge32BitPluginProxy/WinMerge32BitPluginProxy.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ALL.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VCPP/VCPPPlugins.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/WinMerge.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Foundation/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Foundation/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Vwinmerge-master/Externals/poco/Encodings/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Bwinmerge-master/Externals/poco/Encodings/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Bwinmerge-master/Externals/poco/Encodings/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: 9winmerge-master/ArchiveSupport/Merge7z/Merge7z.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: B7winmerge-master/Plugins/src_VCPP/VCPPPlugins.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: @winmerge-master/Plugins/src_VB/HideLastLetter/HideLastLetter.vbpUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Foundation/Foundation_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: 9winmerge-master/ArchiveSupport/Merge7z/Merge7z.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ArchiveSupport/Merge7z/Merge7z.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: Twinmerge-master/Plugins/WinMerge32BitPluginProxy/WinMerge32BitPluginProxy.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: 8winmerge-master/ShellExtension/ShellExtension.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: Awinmerge-master/Externals/poco/Encodings/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: Twinmerge-master/Plugins/WinMerge32BitPluginProxy/WinMerge32BitPluginProxy.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: UqC#winmerge-master/WinMerge.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Foundation/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/XML/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Testing/GoogleTest/CmdLine/CmdLine.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VCPP/VCPPPlugins.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: ZJwinmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: Uwinmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: Vwinmerge-master/Externals/poco/Encodings/Encodings_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: ^.<winmerge-master/Externals/poco/Encodings/Encodings_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ShellExtension/ShellExtension.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: =zqwinmerge-master/Externals/poco/Foundation/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VB/IgnoreLeadingLineNumbers/IgnoreLeadingLineNumbers.vbpUT
Source: winmerge-master.zip	Binary or memory string: Twinmerge-master/Plugins/src_VB/IgnoreTwoFirstCharsOrder/IgnoreTwoFirstCharsOrder.vbpUT
Source: winmerge-master.zip	Binary or memory string: Cwinmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/WinMerge.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/WinMerge32BitPluginProxy/WinMerge32BitPluginProxy.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/crystaledit/test/test.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/WinMerge.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: >winmerge-master/Testing/FolderCompare/FolderCompare.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: <winmerge-master/ALL.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: Hwinmerge-master/Plugins/src_VB/CompareMSWordFiles/CompareMSWordFiles.vbpUT
Source: winmerge-master.zip	Binary or memory string: />winmerge-master/Externals/poco/Foundation/Foundation_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VB/CompareMSExcelFiles/CompareMSExcelFiles.vbpUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VCPP/DisplayXMLFiles/DisplayXMLFiles.slnUT
Source: winmerge-master.zip	Binary or memory string: Sqwinmerge-master/Externals/poco/Foundation/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ALL.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/Encodings_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: *RJwinmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: Dwinmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: Dwinmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ALL.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: :winmerge-master/Externals/crystaledit/test/test.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/XML/XML_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Dwinmerge-master/Plugins/src_VCPP/DisplayXMLFiles/DisplayXMLFiles.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Testing/FolderCompare/FolderCompare.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/Encodings_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: 0winmerge-master/Externals/poco/XML/XML_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: gwinmerge-master/Externals/poco/Foundation/Foundation_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: Uwinmerge-master/Externals/poco/Encodings/Encodings_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Uwinmerge-master/Externals/poco/Encodings/Encodings_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ALL.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ShellExtension/ShellExtension.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VB/ToUpper/ToUpper.vbpUT
Source: winmerge-master.zip	Binary or memory string: cwinmerge-master/ALL.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: qVJwinmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Dwinmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: Twinmerge-master/Plugins/src_VB/IgnoreLeadingLineNumbers/IgnoreLeadingLineNumbers.vbpUT
Source: winmerge-master.zip	Binary or memory string: Cwinmerge-master/Externals/poco/Foundation/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: 2winmerge-master/Plugins/src_VB/ToUpper/ToUpper.vbpUT
Source: winmerge-master.zip	Binary or memory string: 9winmerge-master/ArchiveSupport/Merge7z/Merge7z.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/XML/XML_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: Uwinmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/Encodings_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VCPP/VCPPPlugins.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VB/CompareMSWordFiles/CompareMSWordFiles.vbpUT
Source: winmerge-master.zip	Binary or memory string: qrwinmerge-master/ALL.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/XML/XML_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: Dwinmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: :<winmerge-master/Externals/poco/XML/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: 8winmerge-master/ShellExtension/ShellExtension.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ALL.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: V<winmerge-master/Externals/poco/XML/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: ;winmerge-master/Externals/poco/Encodings/Encodings_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: A7winmerge-master/Plugins/src_VCPP/VCPPPlugins.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: R.0winmerge-master/Externals/poco/XML/XML_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: T.vBPE
Source: winmerge-master.zip	Binary or memory string: B>winmerge-master/Externals/poco/Foundation/Foundation_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: gqwinmerge-master/Externals/poco/Foundation/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: ;winmerge-master/Externals/poco/XML/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: /winmerge-master/Externals/poco/XML/XML_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Foundation/Foundation_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/WinMerge32BitPluginProxy/WinMerge32BitPluginProxy.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: A7winmerge-master/Plugins/src_VCPP/VCPPPlugins.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/Encodings/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/XML/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: Uwinmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Vwinmerge-master/Externals/poco/Encodings/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Plugins/src_VB/HideLastLetter/HideLastLetter.vbpUT
Source: winmerge-master.zip	Binary or memory string: Cwinmerge-master/Externals/poco/Foundation/samples/samples_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ArchiveSupport/Merge7z/Merge7z.vs2022.slnUT
Source: winmerge-master.zip	Binary or memory string: `cD#winmerge-master/WinMerge.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/crystaledit/Sample/SampleStatic.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: 6winmerge-master/Testing/GoogleTest/CmdLine/CmdLine.slnUT
Source: winmerge-master.zip	Binary or memory string: <winmerge-master/Externals/poco/Encodings/Encodings_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: 8winmerge-master/ShellExtension/ShellExtension.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/Externals/poco/XML/samples/samples_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ShellExtension/ShellExtension.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: Twinmerge-master/Plugins/WinMerge32BitPluginProxy/WinMerge32BitPluginProxy.vs2019.slnUT
Source: winmerge-master.zip	Binary or memory string: :Vgwinmerge-master/Externals/poco/Foundation/Foundation_vs170.slnUT
Source: winmerge-master.zip	Binary or memory string: Vwinmerge-master/Externals/poco/Encodings/samples/samples_vs90.slnUT
Source: winmerge-master.zip	Binary or memory string: winmerge-master/ArchiveSupport/Merge7z/Merge7z.vs2017.slnUT
Source: winmerge-master.zip	Binary or memory string: Dwinmerge-master/Externals/poco/Encodings/Compiler/Compiler_vs160.slnUT
Source: winmerge-master.zip	Binary or memory string: UqC#winmerge-master/WinMerge.vs2019.slnUT

Source: classification engine

Classification label: clean0.winZIP@1/0@0/0

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: winmerge-master.zip

Static file information: File size 17550324 > 1048576

Source: C:\Windows\System32\rundll32.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1528474
Product:	CloudBasic
Start time:	23:44:53
Start date:	07.10.2024
Sample:	winmerge-master.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	9f0381944322481d07a921944de5451f
SHA1:	8ad0e7c9652ffa4342e28df29fdd7cccb872d861
SHA256:	587a4e55767fbf9c20987f0aba11760d269eb29734aeb823b3856f45395cccc1
Filetype:	VYM Mind Map (12504/1) 60.96%

Windows Analysis Report
winmerge-master.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report winmerge-master.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
winmerge-master.zip