|
Analyzing...
|
File Name: OperaSetup.exe
SHA1: aa04b944c77a99dfce0cb4232dea8f67aaa49ea4
MD5: 0f569d45f34f2ada2d228ac46fadfb68
First Seen Date: 2017-07-14 00:11:59.964563 ( )
Number of Clients Seen: 3
Last Analysis Date: 2017-07-14 00:11:59.964563 ( )
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2017-07-14 00:11:59.964563 | Clean | |
| Static Analysis Overall Verdict | 2017-07-14 00:11:59.964563 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2017-07-14 00:11:59.964563 | No Threat Found | help |
| Precise Detectors Overall Verdict | 2017-07-14 00:11:59.964563 | No Match | help |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Suspicious | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Suspicious | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Packer detection on signature database
UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Reads memory of another process | |
| Opens a file in a system directory | |
Behavioral Information
C:\OperaSetup.exe
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Windows\system32\DUser.dll
C:\Windows\system32\Msftedit.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\syswow64\shlwapi.DLL
CopyFileW(C:\OperaSetup.exe,C:\Users\win7\AppData\Local\Temp\Opera Installer\OperaSetup.exe,0)
CopyFileExW(C:\OperaSetup.exe,C:\Users\win7\AppData\Local\Temp\Opera Installer\OperaSetup.exe,0,0,0,0)
CopyFileExW(,,,,,) -> 1
CopyFileW(,,) -> 1
{"lDistanceToMove": "ffffba88", "dwMoveMethod": "2", "lpDistanceToMoveHigh": "0", "hFile": "1a8"}
{"lDistanceToMove": "fffffc00", "dwMoveMethod": "2", "lpDistanceToMoveHigh": "0", "hFile": "450"}
{"lDistanceToMove": "fffffc00", "dwMoveMethod": "2", "lpDistanceToMoveHigh": "0", "hFile": "424"}
26c
4a0
310
314
3bc
394
118
2a8
1a4
268
308
300
49c
244
260
264
3e8
1b0
1b4
1b8
28c
1f4
1ac
432
KERNEL32.DLL
USER32.dll
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-localization-l1-2-1
Kernel32.dll
version.dll
C:\Users\win7\AppData\Local\Temp\Opera_installer_2017714101179.dll
api-ms-win-core-string-l1-1-0
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-localization-obsolete-l1-2-0
kernel32.dll
ntmarta.dll
Advapi32.dll
SspiCli.dll
Secur32.dll
SHELL32.dll
ADVAPI32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
Msftedit.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
WS2_32.dll
winhttp.dll
CRYPT32.dll
UxTheme.dll
USERENV.dll
IPHLPAPI.DLL
IMM32.dll
urlmon.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
api-ms-win-downlevel-shlwapi-l2-1-0.dll
DNSAPI.dll
ole32.dll
WindowsCodecs.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
CRYPTBASE.dll
dhcpcsvc.DLL
OLEAUT32.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
propsys.dll
comctl32.dll
C:\Windows\SysWOW64\ieframe.dll
PROPSYS.dll
iertutil.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
advapi32.dll
ntdll.dll
DUser.dll
C:\Windows\system32\DUser.dll
user32.dll
dwmapi.dll
C:\Windows\system32\xmllite.dll
imageres.dll
DnsCacheEntries
DisableKeepAlive
CacheMode
ProxyHttp1.1
DisableBasicOverClearChannel
DisableBranchCache
ShortcutBehavior
ScavengeCacheLowerBound
CertCacheNoValidate
IdnEnabled
LeashLegacyCookies
EnablePunycode
Plane16
MaxConnectionsPer1_0Server
Plane14
Plane15
Plane12
Plane13
ScavengeCacheFileLifeTime
Plane11
MaxConnectionsPerProxy
DnsCacheTimeout
UseFirstAvailable
FrameMerging
UBR
SendTimeOut
ProxyOverride
SessionMerging
WpadSearchAllDomains
DefaultConnectionSettings
EnableNegotiate
ClientAuthBuiltInUI
Plane6
Plane7
Plane1
Plane2
Plane3
HttpDefaultExpiryTimeSecs
FromCacheTimeout
Plane8
WarnAlwaysOnPost
ProxyEnable
SendExtraCRLF
DisableNTLMPreAuth
ShareCredsWithWinHttp
SocketSendBufferLength
ReceiveTimeOut
WarnOnPost
EnforceP3PValidity
ServerInfoTimeout
ConnectTimeOut
AlwaysDrainOnRedirect
WarnOnZoneCrossing
DontUseDNSLoadBalancing
EnableSpdyDebugAsserts
SecureProtocols
AutoConfigURL
WpadOverride
PreConnectLimit
SavedLegacySettings
MaxConnectionsPerServer
TcpAutotuning
TabProcGrowth
CreateUriCacheSize
Plane4
WarnOnBadCertRecving
EnableHttp1_1
SocketReceiveBufferLength
Plane5
FtpDefaultExpiryTimeSecs
ScavengeCacheFileLimit
Last install path
SyncMode5
CombineFalseStartData
BadProxyExpiresTime
DnsCacheEnabled
DisableReadRange
Last Stable Install Path
DisableFalseStartBlocklist
ConnectRetries
SqmHttpStreamRandomUploadPoolSize
WarnOnPostRedirect
DisableSecuritySettingsCheck
Plane9
Disable
FrameTabWindow
MaxHttpRedirects
DataFilePath
AutoDetect
SystemSetupInProgress
AutoProxyDetectType
Last Stable Install Path x64
Plane10
FEATURE_CLIENTAUTHCERTFILTER
KeepAliveTimeout
WarnOnHTTPSToHTTPRedirect
PreResolveLimit
ProxyServer
ProgId
DuoProtocols
AdminTabProcs
{"Reserved": "0", "hKey": "2a8", "lpData": "76089c98", "dwType": "1", "lpValueName": "CachePrefix", "cbData": "10"}
{"Reserved": "0", "hKey": "2a8", "lpData": "76086a44", "dwType": "1", "lpValueName": "CachePrefix", "cbData": "2"}
{"Reserved": "0", "hKey": "1a4", "lpData": "28f8338", "dwType": "1", "lpValueName": "Last Stable Install Path", "cbData": "30"}
{"Reserved": "0", "hKey": "314", "lpData": "2c6f2a0", "dwType": "4", "lpValueName": "ProxyEnable", "cbData": "4"}
{"Reserved": "0", "hKey": "2a8", "lpData": "760c48bc", "dwType": "1", "lpValueName": "CachePrefix", "cbData": "12"}
{"Reserved": "0", "hKey": "310", "lpData": "519748", "dwType": "3", "lpValueName": "SavedLegacySettings", "cbData": "b8"}
{"h_key": "80000001", "samDesired": "2", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "2c6f244", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "2c6f06c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "20006", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "2c6f2a4", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"h_key": "80000001", "samDesired": "f003f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "3ce934", "lpSubKey": "Software\\Opera Software"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "2c6fa20", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "2c6fa24", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"h_key": "80000001", "samDesired": "2001f", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "<NULL>", "phkResult": "267f480", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "2c6f184", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "2c6f2a4", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "2c6f288", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"h_key": "80000001", "samDesired": "1", "Reserved": "0", "lpSecurityAttributes": "0", "lpdwDisposition": "0", "dwOptions": "0", "lpClass": "", "phkResult": "284f28c", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\Opera_installer_2017714101179.dll", "dwDesiredAccess": "40000000", "dwShareMode": "0"}
{"dwCreationDisposition": "2", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\opera_installer_ui.lck", "dwDesiredAccess": "40000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "\\\\.\\C:", "dwDesiredAccess": "80", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "\\??\\C:\\Windows\\SysWOW64\\ieframe.dll", "dwDesiredAccess": "80", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "\\\\.\\Nsi", "dwDesiredAccess": "0", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\Opera", "dwDesiredAccess": "2", "dwShareMode": "7"}
{"dwCreationDisposition": "3", "path": "C:\\installer_prefs.json", "dwDesiredAccess": "80000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "\\\\.\\D:", "dwDesiredAccess": "80", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\Opera\\installer_prefs.json", "dwDesiredAccess": "80000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "http://www.opera.com/download/get/?partner=www&opsys=Windows", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "3", "path": "\\\\.\\mailslot\\opera_installer\\C:\\Program Files\\Opera", "dwDesiredAccess": "40000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\OperaSetup.exe", "dwDesiredAccess": "80000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Program Files\\Internet Explorer\\iexplore.exe", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"dwCreationDisposition": "4", "path": "C:\\Users\\win7\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat", "dwDesiredAccess": "c0000000", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\system32\\rsaenh.dll", "dwDesiredAccess": "80000000", "dwShareMode": "1"}
{"dwCreationDisposition": "4", "path": "C:\\Users\\win7\\AppData\\Local\\Temp\\Opera Installer\\opera_installer_20170714031001195.log", "dwDesiredAccess": "4", "dwShareMode": "3"}
{"dwCreationDisposition": "3", "path": "\\\\.\\pipe\\OperaCrashReporter624", "dwDesiredAccess": "103", "dwShareMode": "0"}
{"dwCreationDisposition": "3", "path": "C:\\Windows\\Fonts\\staticcache.dat", "dwDesiredAccess": "80000000", "dwShareMode": "5"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer"}
{"hKey": "49c", "phkResult": "0", "lpSubKey": "Tahoma"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "394", "phkResult": "0", "lpSubKey": "MS Shell Dlg"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "System\\Setup"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "25c", "phkResult": "0", "lpSubKey": "Microsoft\\Internet Explorer\\Security"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "2a0", "phkResult": "0", "lpSubKey": "History"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "RETRY_HEADERONLYPOST_ONCONNECTIONRESET"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_HTTP_USERNAME_PASSWORD_DISABLE"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "3e8", "phkResult": "0", "lpSubKey": "MS Shell Dlg 2"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_LOCALMACHINE_LOCKDOWN"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_USE_CNAME_FOR_SPN_KB911149"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\TabbedBrowsing"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_BUFFERBREAKING_818408"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_MIME_HANDLING"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_DIGEST_NO_EXTRAS_IN_URI"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\TabbedBrowsing"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_SCH_SEND_AUX_RECORD_KB_2618444"}
{"hKey": "2a0", "phkResult": "0", "lpSubKey": "Content"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Policies\\Microsoft\\PeerDist\\Service"}
{"hKey": "2a0", "phkResult": "0", "lpSubKey": "Cookies"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274"}
{"hKey": "398", "phkResult": "0", "lpSubKey": "{35B2A6E5-E669-426E-AFB6-1C7A607735EF}"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"}
{"hKey": "80000002", "phkResult": "0", "lpSubKey": "Software\\Microsoft\\Windows NT\\CurrentVersion\\PeerDist\\Service"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608"}
{"hKey": "258", "phkResult": "0", "lpSubKey": "Microsoft\\Internet Explorer\\Security"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001"}
{"hKey": "80000001", "phkResult": "0", "lpSubKey": "Software\\Opera Software"}
{"hKey": "240", "phkResult": "0", "lpSubKey": "FEATURE_INCLUDE_PORT_IN_SPN_KB908209"}
<NULL>
Local\Opera/Installer/UI_lock
Global\Opera/Installer/C:/Program Files/Opera
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\MSCTF.Asm.MutexDefault1
{"nNumberOfBytesToWrite": "51", "lpOverlapped": "0", "lpBuffer": "28f95e0", "lpNumberOfBytesWritten": "3ceb88", "hFile": "104"}
{"nNumberOfBytesToWrite": "51", "lpOverlapped": "0", "lpBuffer": "26f6dd0", "lpNumberOfBytesWritten": "45dfe0", "hFile": "104"}
{"nNumberOfBytesToWrite": "59", "lpOverlapped": "0", "lpBuffer": "27086d0", "lpNumberOfBytesWritten": "45e6d4", "hFile": "104"}
{"nNumberOfBytesToWrite": "36", "lpOverlapped": "0", "lpBuffer": "28f11b8", "lpNumberOfBytesWritten": "3ce72c", "hFile": "104"}
{"nNumberOfBytesToWrite": "49", "lpOverlapped": "0", "lpBuffer": "27148e0", "lpNumberOfBytesWritten": "2aff1c4", "hFile": "104"}
{"nNumberOfBytesToWrite": "5e", "lpOverlapped": "0", "lpBuffer": "28f95e0", "lpNumberOfBytesWritten": "3ceb88", "hFile": "104"}
{"nNumberOfBytesToWrite": "487", "lpOverlapped": "0", "lpBuffer": "28f97a8", "lpNumberOfBytesWritten": "3cedd4", "hFile": "104"}
{"nNumberOfBytesToWrite": "3b", "lpOverlapped": "0", "lpBuffer": "28f0f30", "lpNumberOfBytesWritten": "3cedd4", "hFile": "104"}
{"nNumberOfBytesToWrite": "4c", "lpOverlapped": "0", "lpBuffer": "2714888", "lpNumberOfBytesWritten": "2aff218", "hFile": "104"}
{"nNumberOfBytesToWrite": "186600", "lpOverlapped": "0", "lpBuffer": "dffd10", "lpNumberOfBytesWritten": "3cf9fc", "hFile": "b0"}
{"nNumberOfBytesToWrite": "39", "lpOverlapped": "0", "lpBuffer": "27169b8", "lpNumberOfBytesWritten": "284f0ac", "hFile": "104"}
{"nNumberOfBytesToWrite": "4e", "lpOverlapped": "0", "lpBuffer": "2714b48", "lpNumberOfBytesWritten": "45d9cc", "hFile": "104"}
{"nNumberOfBytesToWrite": "3e", "lpOverlapped": "0", "lpBuffer": "28f0f30", "lpNumberOfBytesWritten": "3cedd4", "hFile": "104"}
{"nNumberOfBytesToWrite": "65", "lpOverlapped": "0", "lpBuffer": "28e3aa0", "lpNumberOfBytesWritten": "3cedd4", "hFile": "104"}
{"nNumberOfBytesToWrite": "47", "lpOverlapped": "0", "lpBuffer": "27149e8", "lpNumberOfBytesWritten": "45da50", "hFile": "104"}
{"nNumberOfBytesToWrite": "49", "lpOverlapped": "0", "lpBuffer": "28febe8", "lpNumberOfBytesWritten": "3ce56c", "hFile": "104"}
{"nNumberOfBytesToWrite": "7a", "lpOverlapped": "0", "lpBuffer": "26ffda8", "lpNumberOfBytesWritten": "45e6d4", "hFile": "104"}
{"nNumberOfBytesToWrite": "4", "lpOverlapped": "0", "lpBuffer": "45e950", "lpNumberOfBytesWritten": "45e954", "hFile": "1c4"}
{"nNumberOfBytesToWrite": "2c3", "lpOverlapped": "0", "lpBuffer": "271bc90", "lpNumberOfBytesWritten": "45d848", "hFile": "104"}
{"nNumberOfBytesToWrite": "40", "lpOverlapped": "0", "lpBuffer": "28feb38", "lpNumberOfBytesWritten": "3ce4b8", "hFile": "104"}
{"nNumberOfBytesToWrite": "2c", "lpOverlapped": "0", "lpBuffer": "3cf078", "lpNumberOfBytesWritten": "3cf0d0", "hFile": "104"}
{"nNumberOfBytesToWrite": "50", "lpOverlapped": "0", "lpBuffer": "29019f8", "lpNumberOfBytesWritten": "3ce69c", "hFile": "104"}
{"nNumberOfBytesToWrite": "3c", "lpOverlapped": "0", "lpBuffer": "26f8280", "lpNumberOfBytesWritten": "45e6d4", "hFile": "104"}
{"nNumberOfBytesToWrite": "3d", "lpOverlapped": "0", "lpBuffer": "28f0fc0", "lpNumberOfBytesWritten": "3cecf8", "hFile": "104"}
{"nNumberOfBytesToWrite": "46", "lpOverlapped": "0", "lpBuffer": "27149e8", "lpNumberOfBytesWritten": "45d848", "hFile": "104"}
{"nNumberOfBytesToWrite": "80", "lpOverlapped": "0", "lpBuffer": "2718e18", "lpNumberOfBytesWritten": "2aff05c", "hFile": "104"}
{"nNumberOfBytesToWrite": "70", "lpOverlapped": "0", "lpBuffer": "271ae10", "lpNumberOfBytesWritten": "284f1a0", "hFile": "104"}
{"nNumberOfBytesToWrite": "61", "lpOverlapped": "0", "lpBuffer": "28f9678", "lpNumberOfBytesWritten": "3ceb88", "hFile": "104"}
{"nNumberOfBytesToWrite": "2b2", "lpOverlapped": "0", "lpBuffer": "28f8b48", "lpNumberOfBytesWritten": "3cedd4", "hFile": "104"}
{"nNumberOfBytesToWrite": "67", "lpOverlapped": "0", "lpBuffer": "28e3aa0", "lpNumberOfBytesWritten": "3cedd4", "hFile": "104"}
{"nNumberOfBytesToWrite": "52", "lpOverlapped": "0", "lpBuffer": "2707be0", "lpNumberOfBytesWritten": "45e44c", "hFile": "104"}
{"nNumberOfBytesToWrite": "53", "lpOverlapped": "0", "lpBuffer": "28f95e0", "lpNumberOfBytesWritten": "3ceb24", "hFile": "104"}
{"nNumberOfBytesToWrite": "54", "lpOverlapped": "0", "lpBuffer": "26f6dd0", "lpNumberOfBytesWritten": "45dfa8", "hFile": "104"}
{"nNumberOfBytesToWrite": "36", "lpOverlapped": "0", "lpBuffer": "26f83a0", "lpNumberOfBytesWritten": "45dfa8", "hFile": "104"}
{"nNumberOfBytesToWrite": "54", "lpOverlapped": "0", "lpBuffer": "28f9498", "lpNumberOfBytesWritten": "3ce72c", "hFile": "104"}
{"nNumberOfBytesToWrite": "4b", "lpOverlapped": "0", "lpBuffer": "27149e8", "lpNumberOfBytesWritten": "45d948", "hFile": "104"}
{"nNumberOfBytesToWrite": "56", "lpOverlapped": "0", "lpBuffer": "270dab0", "lpNumberOfBytesWritten": "45ded8", "hFile": "104"}
{"nNumberOfBytesToWrite": "53", "lpOverlapped": "0", "lpBuffer": "270dab0", "lpNumberOfBytesWritten": "2aff1c4", "hFile": "104"}
{"nNumberOfBytesToWrite": "20", "lpOverlapped": "28f6d98", "lpBuffer": "2901990", "lpNumberOfBytesWritten": "0", "hFile": "1a0"}
"C:\Users\win7\AppData\Local\Temp\Opera Installer\OperaSetup.exe" --version
"C:\OperaSetup.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --niuid=fd9eb068-c4a0-49b3-8f68-8caa5b8f5c30 --medium=pb --language=en --singleprofile=0 --copyonly=0 --allusers=1 --setdefaultbrowser=1 --startmenushortcut=1 --desktopshortcut=1 --quicklaunchshortcut=1 --pintotaskbar=1 --server-tracking-data=server_tracking_data --initial-pid=1228 --crash-reporter-pid=624 --wait-for-package="C:\Users\win7\AppData\Local\Temp\Opera Installer\opera_installer_20170714031000" --initial-proc-handle=DC03000000000000
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.opera.com/download/get/?partner=www&opsys=Windows
C:\Users\win7\AppData\Local\Temp\Opera Installer\opera_installer_20170714031001195.log
C:\Users\win7\AppData\Local\Temp\Opera Installer\OperaSetup.exe
IsDebuggerPresent
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Uninstaller FP Detector | 2017-07-14 00:11:32.130847 | No Match | help | No match. |
| Yara Rule Static Malware Detector | 2017-07-14 00:11:32.130485 | No Match | help | No match. |
| Static Precise PUA Detector 1 | 2017-07-14 00:11:32.131148 | No Match | help | NotDetected |
| Static Precise Virus Detector | 2017-07-14 00:11:32.140374 | No Match | help | NotDetected |
| Static Precise Trojan Detector | 2017-07-14 00:11:32.149442 | No Match | help | NotDetected |
| Static Precise PUA Detector 2 | 2017-07-14 00:11:32.160521 | No Match | help | No match. |
| Static Precise PUA Detector 3 | 2017-07-14 00:11:32.160676 | No Match | help | No match. |
| Static Precise Virus Detector 2 | 2017-07-14 00:11:32.169304 | No Match | help | No match. |
| Static Precise Trojan Detector 2 | 2017-07-14 00:11:32.167443 | No Match | help | No match. |
| Static Precise Trojan Detector 3 | 2017-07-14 00:11:32.169525 | No Match | help | No match. |
| Malicious Url Detector | 2017-07-14 00:11:57.426457 | No Match | help | No match. |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|