b162c2d70bb49d52f47437a4dc8bfbcb89ef33284503e997323114f712584a9e | AN…

archived 9 Sep 2020 21:36:23 UTC

General Info

File name

lj1488en.exe

Full analysis
https://app.any.run/tasks/98528711-b656-4689-95e5-b0ffee80bdb8
Verdict
Malicious activity
Analysis date
1/17/2019, 15:50:23
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
F E Q B

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive

Take your security
to the next level

  • ✓ Realtime interaction
  • ✓ Process monitoring
  • ✓ Network tracking
  • ✓ Inspect behavior graph
  • ✓ IOC gathering
Join free!
with ANY.RUN Community Version
MD5

412643bee7eecfaf5e1a303e26ddf3f9

SHA1

94a3315bd1bcb4888b39286258c636cee92e32da

SHA256

b162c2d70bb49d52f47437a4dc8bfbcb89ef33284503e997323114f712584a9e

SSDEEP

393216:tX6OIZbbdo2aKMVzVgeiLnDKZ3aatj//mx:tX8Vp965gFGph//e

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
Software environment set and analysis options

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • spoolsv.exe (PID: 1196)
  • Setup.exe (PID: 3180)
  • IKernel.exe (PID: 3260)
Application was dropped or rewritten from another process
  • Setup.exe (PID: 3180)
  • IKernel.exe (PID: 3868)
  • IKernel.exe (PID: 3260)
  • iKernel.exe (PID: 3700)
  • iKernel.exe (PID: 3500)
 Executable content was dropped or overwritten
  • Setup.exe (PID: 3180)
  • lj1488en.exe (PID: 3908)
  • IKernel.exe (PID: 3260)
Creates files in the program directory
  • Setup.exe (PID: 3180)
  • IKernel.exe (PID: 3260)
Creates files in the Windows directory
  • IKernel.exe (PID: 3260)
Creates a software uninstall entry
  • IKernel.exe (PID: 3260)
Starts itself from another location
  • IKernel.exe (PID: 3260)
Searches for installed software
  • IKernel.exe (PID: 3260)
  • DllHost.exe (PID: 2460)
Removes files from Windows directory
  • IKernel.exe (PID: 3260)
Creates COM task schedule object
  • IKernel.exe (PID: 3260)
 Low-level read access rights to disk partition
  • vssvc.exe (PID: 3600)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2002:08:02 09:01:18+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
77824
InitializedDataSize:
221184
UninitializedDataSize:
null
EntryPoint:
0x8af7
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
4.1.100.1332
ProductVersionNumber:
4.1.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
Comments:
CompanyName:
Hewlett Packard
FileDescription:
InternalName:
stub32
OriginalFileName:
stub32i.exe
FileVersion:
LegalCopyright:
ProductName:
lj1488
ProductVersion:
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
02-Aug-2002 07:01:18
Detected languages
English - United States
Comments:
null
CompanyName:
Hewlett Packard
FileDescription:
null
InternalName:
stub32
OriginalFilename:
stub32i.exe
FileVersion:
null
LegalCopyright:
null
ProductName:
lj1488
ProductVersion:
null