Full Analysis Report of incredimail.exe

Summary:

  • Summary of the findings

      No. What's been found Severity

Technical details:

  • General

    • User : \\TEST-R7CHD9Q826\Administrator
    • Application type : Windows application
    • Priority : Normal
    • Size : 715530
    • Path : C:\Samples\incredimail.exe
    • Command : "C:\Samples\incredimail.exe"
    • MD5: 217947b39208bee165e4ed2d11e3393f
    • SHA1: 13eae851ccf045c06e07175714274a7d8e11a2aa
    • Version details

      • Company : ?? 2014 ClientConnect Ltd.
      • File version :
      • Product version : 1.4.0.5.150121.02
      • Desciption : IncrediMail Installation
      • Product name : IncrediMail Installation
      • Legal copyright : ?? 2014 ClientConnect Ltd.
      • Internal name :
    • File times

      • Creation time : Tuesday, January 27, 2015 - 14:52:08
      • Modification time : Tuesday, January 27, 2015 - 14:52:13
      • Last access time : Tuesday, January 27, 2015 - 15:03:21
    • Process times

      • Start time : 15 : 03 : 21
      • Exit time : 15 : 03 : 23
      • Kernel time : 0.062500 (s)
      • User time : 0.000000 (s)
    • IO counters

      • Read operation : 148
      • Write operation : 3
      • Other operation : 491
      • Read transfer : 74516
      • Write transfer : 348
      • Other transfer : 8202
    • Memory details

      • Page fault count : 796
      • Page file usage : 0
      • Peak page file usage : 9347072
      • Peak working set size : 3162112
      • Quota non paged pool usage : 0
      • Quota paged pool usage : 0
      • Quota peak non paged pool usage : 2536
      • Quota peak paged pool usage : 82516
      • Working set size : 28672
    • Process privileges

      • SeChangeNotifyPrivilege
      • SeSecurityPrivilege
      • SeBackupPrivilege
      • SeRestorePrivilege
      • SeSystemtimePrivilege
      • SeShutdownPrivilege
      • SeRemoteShutdownPrivilege
      • SeTakeOwnershipPrivilege
      • SeDebugPrivilege
      • SeSystemEnvironmentPrivilege
      • SeSystemProfilePrivilege
      • SeProfileSingleProcessPrivilege
      • SeIncreaseBasePriorityPrivilege
      • SeLoadDriverPrivilege
      • SeCreatePagefilePrivilege
      • SeIncreaseQuotaPrivilege
      • SeUndockPrivilege
      • SeManageVolumePrivilege
      • SeImpersonatePrivilege
      • SeCreateGlobalPrivilege
  • Events statistics

      Event Count
      OpenKey 3
      SetValueKey 11
      Process Create 1
      Process Exit 1
      Thread Create 1
      Thread Exit 1
      Load Image 20
  • Modules

      Index Name Path Load Address Image Size Entry Point Version Size Company Description
      1 ntdll.dll %System%\ntdll.dll 0x7C930000 0xD2000 0x00000000 5.2.3790.3290 (srv03_sp1_gdr.090203-1205) 841216 Microsoft Corporation NT Layer DLL
      2 KERNEL32.dll %System%\kernel32.dll 0x7C800000 0x12C000 0x7C825FB4 5.2.3790.3311 (srv03_sp1_gdr.090321-1245) 1206784 Microsoft Corporation Windows NT BASE API Client DLL
      3 USER32.dll %System%\user32.dll 0x77E10000 0x91000 0x77E1947C 5.2.3790.2892 (srv03_sp1_gdr.070301-0030) 584192 Microsoft Corporation Windows USER API Client DLL
      4 GDI32.dll %System%\gdi32.dll 0x77BD0000 0x49000 0x77BDB23E 5.2.3790.3233 (srv03_sp1_gdr.081022-1216) 286208 Microsoft Corporation GDI Client DLL
      5 ADVAPI32.dll %System%\advapi32.dll 0x77F30000 0xAC000 0x77F4DFCD 5.2.3790.3290 (srv03_sp1_gdr.090203-1205) 686592 Microsoft Corporation Advanced Windows 32 Base API
      6 RPCRT4.dll %System%\rpcrt4.dll 0x77C20000 0x9F000 0x77C45061 5.2.3790.2971 (srv03_sp1_gdr.070709-2334) 642560 Microsoft Corporation Remote Procedure Call Runtime
      7 shell32.dll %System%\shell32.dll 0x7CA10000 0x7E1000 0x7CA90660 6.00.3790.3158 (srv03_sp1_gdr.080617-1231) 8242176 Microsoft Corporation Windows Shell Common Dll
      8 msvcrt.dll %System%\msvcrt.dll 0x77B70000 0x5A000 0x77B7F78B 7.0.3790.1830 (srv03_sp1_rtm.050324-1447) 348672 Microsoft Corporation Windows NT CRT DLL
      9 SHLWAPI.dll %System%\shlwapi.dll 0x77EB0000 0x52000 0x77ED86F9 6.00.3790.3304 (srv03_sp1_gdr.090303-1204) 320512 Microsoft Corporation Shell Light-weight Utility Library
      10 COMCTL32.dll %Windir%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.1830_x-ww_1B6F474A\comctl32.dll 0x77370000 0x97000 0x773D482E 5.82 (srv03_sp1_rtm.050324-1447) 599040 Microsoft Corporation Common Controls Library
      11 ole32.dll %System%\ole32.dll 0x774B0000 0x134000 0x774F5C37 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 1244672 Microsoft Corporation Microsoft OLE for Windows
      12 VERSION.dll %System%\version.dll 0x77B60000 0x8000 0x77B61186 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 18432 Microsoft Corporation Version Checking and File Installation Libraries
      13 IMM32.DLL %System%\imm32.dll 0x76180000 0x1D000 0x761812D0 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 110592 Microsoft Corporation Windows IMM32 API Client DLL
      14 LPK.DLL %System%\lpk.dll 0x63090000 0x9000 0x63092EB2 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 22016 Microsoft Corporation Language Pack
      15 USP10.dll %System%\usp10.dll 0x74AE0000 0x61000 0x74B189AC 1.0422.3790.1830 (srv03_sp1_rtm.050324-1447) 364032 Microsoft Corporation Uniscribe Unicode script processor
      16 Comctl32.dll %Windir%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_7AE38CCF\comctl32.dll 0x77CD0000 0x103000 0x77D5A81E 6.0 (srv03_sp1_rtm.050324-1447) 1051136 Microsoft Corporation User Experience Controls Library
      17 MSCTF.dll %System%\MSCTF.dll 0x4B210000 0x51000 0x4B2113EE 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 317440 Microsoft Corporation MSCTF Server DLL
      18 SHFOLDER.dll %System%\shfolder.dll 0x76610000 0x9000 0x7661121F 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) 25088 Microsoft Corporation Shell Folder Service
      19 SETUPAPI.dll %System%\setupapi.dll 0x770D0000 0x176000 0x770D15D6 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 1522688 Microsoft Corporation Windows Setup API

       

  • File system modifications

  • Memory modifications

  • Registry modifications

    • The following Registry value was modified:

      • H = 6
  • Network activity

  • How to protect yourself in the future

This report was created with Ax3soft Scout.