Lpile2019-09.exe
This report is generated from a file or URL submitted to this webservice on September 16th 2021 13:11:59 (UTC)
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.49.1 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Reads terminal service related keys (often RDP related)
- Evasive
- Possibly tries to evade analysis by sleeping many times
MITRE ATT&CK™ Techniques Detection
Additional Context
Related Sandbox Artifacts
- Associated URLs
- hxxps://www.ensoftinc.com/updates/Lpile2019-09.exe
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 3
-
External Systems
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 2/68 Antivirus vendors marked sample as malicious (2% detection rate)
- source
- External System
- relevance
- 8/10
-
Sample was identified as malicious by at least one Antivirus engine
-
General
-
The analysis extracted a file that was identified as malicious
- details
-
1/67 Antivirus vendors marked dropped file "Engine.exe" as malicious (classified as "Malware.Generic" with 1% detection rate)
2/66 Antivirus vendors marked dropped file "00001#ensoft_server_install.exe" as malicious (classified as "Malware.Generic" with 3% detection rate)
1/68 Antivirus vendors marked dropped file "00281#NetUniKeyService.exe" as malicious (classified as "Malware.Generic" with 1% detection rate)
1/66 Antivirus vendors marked dropped file "00267#Lpile11CE.dll" as malicious (classified as "Unsafe.AI_Score_83%" with 1% detection rate)
1/68 Antivirus vendors marked dropped file "00003#EnsoftManualsViewer.exe" as malicious (classified as "Malware.Generic" with 1% detection rate)
3/66 Antivirus vendors marked dropped file "00274#CheckNetworkDongle_ipv_511.exe" as malicious (classified as "BehavesLike.Generic" with 4% detection rate)
1/69 Antivirus vendors marked dropped file "00002#ensoft_server_uninstall.exe" as malicious (classified as "Malware.Generic" with 1% detection rate)
2/64 Antivirus vendors marked dropped file "00005#NwUniKey.dll" as malicious (classified as "Malware.Pack.14279" with 3% detection rate)
1/69 Antivirus vendors marked dropped file "00280#NetUniKeyServer.exe" as malicious (classified as "Malware.Generic" with 1% detection rate)
2/64 Antivirus vendors marked dropped file "00009#UniKey.dll" as malicious (classified as "Malware.Pack.14279" with 3% detection rate) - source
- Binary File
- relevance
- 10/10
-
The analysis spawned a process that was identified as malicious
- details
-
2/68 Antivirus vendors marked spawned process "Lpile2019-09.exe" (PID: 2468) as malicious (classified as "BScope.Trojan" with 2% detection rate)
1/67 Antivirus vendors marked spawned process "Engine.exe" (PID: 3932) as malicious (classified as "Malware.Generic" with 1% detection rate) - source
- Monitored Target
- relevance
- 10/10
-
The analysis extracted a file that was identified as malicious
-
Suspicious Indicators 12
-
Environment Awareness
-
Possibly tries to evade analysis by sleeping many times
- details
- "Lpile2019-09.exe" (Thread ID: 3724) slept "520" times (threshold: 500)
- source
- API Call
- relevance
- 10/10
-
Reads the active computer name
- details
-
"DllHost.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME") - source
- Registry Access
- relevance
- 5/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly tries to evade analysis by sleeping many times
-
General
-
Reads configuration files
- details
- "Engine.exe" read file "%WINDIR%\win.ini"
- source
- API Call
- relevance
- 4/10
-
Reads configuration files
-
Installation/Persistence
-
Drops executable files
- details
-
"00019#qwindows.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00010#Unikey_client.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"00275#ensoft_key_inquirer_v5.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00282#SeverModul.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"Engine.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed"
"00020#Qt5Charts.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00001#ensoft_server_install.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00268#LPile2019.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00023#Qt5Widgets.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00277#Install.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"00012#EnsoftLogViewer.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00022#Qt5Gui.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00281#NetUniKeyService.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"00267#Lpile11CE.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00003#EnsoftManualsViewer.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00274#CheckNetworkDongle_ipv_511.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00276#ei_set_serverip_ipv.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00021#Qt5Core.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00018#qoffscreen.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00002#ensoft_server_uninstall.exe" has type "PE32 executable (console) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 10/10
-
Drops executable files
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Potential IP "0.0.0.0" found in string "[Header]
FileType=NetUniKey.ini
FileVersion =1
[General]
WorkingMode =2
#
#
#
#
AccessMode=2
#
#
#
[ServerSetting]
SearchingMode =1
#
#
ServerIP=0.0.0.0
Port=5680
TimeOut=5
#
AutoStart=0
#
#" - source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Reads terminal service related keys (often RDP related)
- details
-
"Lpile2019-09.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
"Lpile2019-09.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSAPPCOMPAT")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSAPPCOMPAT") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1021.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads terminal service related keys (often RDP related)
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"Lpile2019-09.exe" wrote bytes "75dc8476273e847651c18276ee9c8276949882760fb3887610998276909782760000000042c62f76152e2f76c0d92f761bf72f76c1083176e0c22f7636da2f7630c62f76d5d92f7686c42f7600000000" to virtual address "0x6F76E000" (part of module "MSLS31.DLL")
"Lpile2019-09.exe" wrote bytes "c04e557720545677e0655677b53857770000000000d02f7600000000c5ea2f760000000088ea2f7600000000e9684f7582285777ee29577700000000d2694f75000000007dbb2f760000000009be4f7500000000ba182f7600000000" to virtual address "0x776C1000" (part of module "NSI.DLL")
"Engine.exe" wrote bytes "d055957664739e760000000051c1827694988276ee9c827675dc8476273e84760fb3887600000000acdc2f761bf72f76c1083176c0d92f76152e2f7636da2f76d5d92f7630c62f76e0c22f7642c62f761bc62f7686c42f7672c62f7600000000" to virtual address "0x72A51000" (part of module "SHFOLDER.DLL")
"Engine.exe" wrote bytes "75dc8476273e847651c18276ee9c8276949882760fb3887610998276909782760000000042c62f76152e2f76c0d92f761bf72f76c1083176e0c22f7636da2f7630c62f76d5d92f7686c42f7600000000" to virtual address "0x6F76E000" (part of module "MSLS31.DLL")
"Engine.exe" wrote bytes "c04e557720545677e0655677b53857770000000000d02f7600000000c5ea2f760000000088ea2f7600000000e9684f7582285777ee29577700000000d2694f75000000007dbb2f760000000009be4f7500000000ba182f7600000000" to virtual address "0x776C1000" (part of module "NSI.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads information about supported languages
- details
-
"Lpile2019-09.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
"Lpile2019-09.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
"Lpile2019-09.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409") - source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Installs hooks/patches the running process
-
Hiding 4 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 12
-
Environment Awareness
-
Reads the cryptographic machine GUID
- details
- "DllHost.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads the cryptographic machine GUID
-
General
-
Creates a writable file in a temporary directory
- details
-
"Lpile2019-09.exe" created file "%TEMP%\SETUP_27055\Setup.txt"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\lp11-installer.qsp"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\Modern_Setup.bmp"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00011#Ensoft Utilities v5 - Users Manual.pdf"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00015#msvcr100.dll"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00016#msvcr120.dll"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00017#qminimal.dll"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00018#qoffscreen.dll"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00032#Example 1b HP 14x89 in sloping ground, second run.lp11r"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00035#Example 10 Drilled Shaft in Soft Clay, with Incremental Printing.lp11o"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00039#Example 11, LRFD Analysis.lp11d"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00040#Example 11, LRFD Analysis.lp11o"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00041#Example 11, LRFD Analysis.lp11p"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00043#Example 11, LRFD Analysis.lp11t"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00044#Example 12 liquefied sand with multiple lateral spread soil movement DS.lp11d"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00045#Example 12 liquefied sand with multiple lateral spread soil movement DS.lp11o"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00046#Example 12 liquefied sand with multiple lateral spread soil movement DS.lp11p"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00056#Example 13 Square Elastic Pile with Top y vs Length original.lp11p"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\00088#Example 15, Pile with Input EI vs Moment.lp11t"
"Lpile2019-09.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_27055\Engine.exe" - source
- API Call
- relevance
- 1/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "00019#qwindows.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00269#LPile2019Technical.bat" as clean (type is "DOS batch file ASCII text with CRLF line terminators"), Antivirus vendors marked dropped file "00010#Unikey_client.exe" as clean (type is "PE32 executable (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00275#ensoft_key_inquirer_v5.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00282#SeverModul.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00020#Qt5Charts.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00023#Qt5Widgets.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00277#Install.exe" as clean (type is "PE32 executable (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00012#EnsoftLogViewer.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00022#Qt5Gui.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00276#ei_set_serverip_ipv.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00021#Qt5Core.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00018#qoffscreen.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00008#server_util.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00017#qminimal.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows")
- source
- Binary File
- relevance
- 10/10
-
Loads rich edit control libraries
- details
-
"Lpile2019-09.exe" loaded module "%WINDIR%\System32\riched32.dll" at 729E0000
"Lpile2019-09.exe" loaded module "%WINDIR%\System32\riched20.dll" at 6E650000
"Engine.exe" loaded module "%WINDIR%\System32\riched32.dll" at 729E0000
"Engine.exe" loaded module "%WINDIR%\System32\riched20.dll" at 6E650000 - source
- Loaded Module
-
Scanning for window names
- details
-
"Lpile2019-09.exe" searching for class ".QDebug."
"Lpile2019-09.exe" searching for class ".AutoUpdate.X_"
"Lpile2019-09.exe" searching for class "C:\Lpile2019-09.exe"
"Engine.exe" searching for class ".QDebug." - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "Lpile2019-09.exe" (Show Process)
Spawned process "Engine.exe" with commandline "/TH_ID=_3724 /OriginExe="C:\Lpile2019-09.exe"" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
-
Spawned process "Lpile2019-09.exe" (Show Process)
Spawned process "Engine.exe" with commandline "/TH_ID=_3724 /OriginExe="C:\Lpile2019-09.exe"" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Creates a writable file in a temporary directory
-
Installation/Persistence
-
Connects to LPC ports
- details
-
"Lpile2019-09.exe" connecting to "\ThemeApiPort"
"Engine.exe" connecting to "\ThemeApiPort" - source
- API Call
- relevance
- 1/10
-
Dropped files
- details
-
"00271#TeeChart2013.chm" has type "MS Windows HtmlHelp Data"
"00019#qwindows.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00269#LPile2019Technical.bat" has type "DOS batch file ASCII text with CRLF line terminators"
"00010#Unikey_client.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"00275#ensoft_key_inquirer_v5.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00282#SeverModul.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"Engine.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed"
"00020#Qt5Charts.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00001#ensoft_server_install.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00268#LPile2019.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00023#Qt5Widgets.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00277#Install.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"00012#EnsoftLogViewer.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00022#Qt5Gui.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00281#NetUniKeyService.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"00267#Lpile11CE.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00003#EnsoftManualsViewer.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00274#CheckNetworkDongle_ipv_511.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00276#ei_set_serverip_ipv.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"00021#Qt5Core.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"Lpile2019-09.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"Lpile2019-09.exe" touched file "%WINDIR%\Fonts\StaticCache.dat"
"Lpile2019-09.exe" touched file "%WINDIR%\System32\en-US\user32.dll.mui"
"Lpile2019-09.exe" touched file "%WINDIR%\System32\en-US\msctf.dll.mui"
"Engine.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"Engine.exe" touched file "%WINDIR%\Fonts\StaticCache.dat"
"Engine.exe" touched file "%WINDIR%\System32\en-US\user32.dll.mui"
"Engine.exe" touched file "%WINDIR%\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui"
"Engine.exe" touched file "%WINDIR%\System32\en-US\msctf.dll.mui" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "B0Tsa:.Si"
Heuristic match: "TtO9>Jw.gt" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
-
"Lpile2019-09.exe" opened "\Device\KsecDD"
"Engine.exe" opened "\Device\KsecDD" - source
- API Call
- relevance
- 10/10
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
File Details
Lpile2019-09.exe
- Filename
- Lpile2019-09.exe
- Size
- 37MiB (39199504 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- 6f68d68f8093b36d9f7f5cd7fc389f3a1f9f4fcdb2a7e62f7111d21ecb26e306
- MD5
- 959f9f020a7588a0a9fc34b63978d639
- SHA1
- ebc62610a8b429b491e83e70bbe930f6ba8efac1
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total.
- DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} (PID: 3108)
-
Lpile2019-09.exe
(PID: 2468)
2/68
- Engine.exe /TH_ID=_3724 /OriginExe="C:\Lpile2019-09.exe" (PID: 3932) 1/67
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 34 extracted file(s). The remaining 259 file(s) are available in the full version and XML/JSON reports.
-
Malicious 10
-
-
00001#ensoft_server_install.exe
- Size
- 32KiB (32768 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (2/66)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- e38cbf3359781c8cd3b5a8512c08e734
- SHA1
- 2e196b172fb53bae5f087c6ea2cf24461ed44d79
- SHA256
- e96e5708a8457919716a76e2a0a209a83dc821b23c5c9ce2b1b6054d229f9921
-
00002#ensoft_server_uninstall.exe
- Size
- 24KiB (24576 bytes)
- Type
- peexe executable
- Description
- PE32 executable (console) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (1/69)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 7ffdfc8d9f065c91cb6812734240962e
- SHA1
- b6517cba5b6e160a106b47cfaa4c6000bab0775e
- SHA256
- 4ff495971bd271f5eddbe00cad19c97f82fdfc98437018f3cc09cef66287db46
-
00003#EnsoftManualsViewer.exe
- Size
- 1.7MiB (1747456 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (1/68)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 6610096f4057fcb7ce44c772a12f3773
- SHA1
- e3b1748a1795e356718eecfb57cc371c2b334825
- SHA256
- f662ebd13e88b98803b60e0bd3291c7d38486def7bced0431e7105e7bcb49640
-
00005#NwUniKey.dll
- Size
- 172KiB (176267 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Pack.14279" (2/64)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 6729ed89cbb9869c9435b6cc0835307e
- SHA1
- c2291ba6b81ae3d38cb3019aec77affe028c869a
- SHA256
- bc03bd9bee4523269950d4e63882d7e902da8090e79fbd4031a2c66cacd07b3d
-
00009#UniKey.dll
- Size
- 172KiB (176267 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Pack.14279" (2/64)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 6729ed89cbb9869c9435b6cc0835307e
- SHA1
- c2291ba6b81ae3d38cb3019aec77affe028c869a
- SHA256
- bc03bd9bee4523269950d4e63882d7e902da8090e79fbd4031a2c66cacd07b3d
-
Engine.exe
- Size
- 572KiB (585400 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
- AV Scan Result
- Labeled as "Malware.Generic" (1/67)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- c19702ca448041d00d8c81f27f9ce59e
- SHA1
- f0e54113d28907fdcd3c75071dd9c09aab6010c9
- SHA256
- 9ad81c20e45036c161d26b11e2162ea7a01477980b429791e455ac83d434f114
-
00281#NetUniKeyService.exe
- Size
- 333KiB (340480 bytes)
- Type
- peexe executable
- Description
- PE32 executable (console) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (1/68)
- MD5
- eb4c2293b019b4153e13f027b24201a2
- SHA1
- d828fbcc1e5e1a0898a0fd9ee90d112da477dda8
- SHA256
- a1f85e103c5e10c3ebcc9cb8238dfb040bb10bff42b30e95911131a2f68700a7
-
00267#Lpile11CE.dll
- Size
- 2.6MiB (2736640 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unsafe.AI_Score_83%" (1/66)
- MD5
- 7f5db2e26889b027d4f796a50cd73725
- SHA1
- 0e381eac28e275d3988eece2f55b998cbb511e98
- SHA256
- 5fa77f19db96a193492aa655e8c42722e663a2da57784852c0d98ad0e0583d13
-
00274#CheckNetworkDongle_ipv_511.exe
- Size
- 2.2MiB (2358272 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "BehavesLike.Generic" (3/66)
- MD5
- 2598a22ac22a9e347c68042df58dd101
- SHA1
- 87a59b668e08dbb58c5389c4f4a446f33ca0aa2a
- SHA256
- 84b17d28d5f8cd6c013b7a6470c9e163e9aedca5a40868738e39e0a2a09e6a12
-
00280#NetUniKeyServer.exe
- Size
- 706KiB (722432 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (1/69)
- MD5
- f3368cd1a64f8efcdde031dc1ab63593
- SHA1
- 9156dc16e27f889b605cc39fdd0d86cc9ea35f04
- SHA256
- 2b20039b128cb12780f2baee92e4a2ba53e9d429fa8a93e5a697f5719241a61d
-
-
Clean 15
-
-
00008#server_util.dll
- Size
- 72KiB (73728 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/67
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 2bf1f2ce527c1d2a7c53f1d7d989a36b
- SHA1
- 1633a1232c6c35d8c37a8f7ea68736357c1d48fb
- SHA256
- f71abb5ba00f6f6a5ba97c485f6d1db262d037231df7cb54d1aa3c6d4650b57b
-
00010#Unikey_client.exe
- Size
- 43KiB (44032 bytes)
- Type
- peexe executable
- Description
- PE32 executable (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 11da4c0a2379664a6fe97f8ab324fca5
- SHA1
- b65483636a23abc00c5184a374dc176a118bbf31
- SHA256
- 6f50c46cd1c84a87026fca918068e5f501bd93c44d76ecb1b47ac6dda503c86d
-
00012#EnsoftLogViewer.exe
- Size
- 349KiB (356864 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/63
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- dfe459d3172e32bf2745331837619334
- SHA1
- a99c5b629982f42d7e658a6d94ff8e6efd7da93b
- SHA256
- 6d519e2516a0328186fa9b53f2518c6c3b242aa79b48b1042279f6719c798a2a
-
00017#qminimal.dll
- Size
- 28KiB (28160 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/67
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 3c4a802a674a52edabe13aa0253cfa06
- SHA1
- 577dfe8f4a767fd51b5c834d1aaebef0314241ce
- SHA256
- 85927e0a338af2b6c80cf2b193202c011dea32373ff589ef31fb3cefce97626f
-
00018#qoffscreen.dll
- Size
- 526KiB (538624 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- ce1d030f9e5706e20c7508abb7b38fa4
- SHA1
- 8e97f7048eb65b513a5e119a2218e822f18ec984
- SHA256
- 742ee71e16b957036c6a26a07a6417e8676e41affb2f8c30d1bf9990a27a871e
-
00019#qwindows.dll
- Size
- 968KiB (991232 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/62
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- c8a87b360b6fb0c3754ee6f0b3f353cb
- SHA1
- 5fc105c197366faafbcfec4adea049add190133c
- SHA256
- a0f70b73989f001c8a004beaf93e9386ae8e3624ddb2481d235f71af80f8f2c5
-
00020#Qt5Charts.dll
- Size
- 726KiB (743424 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- d764a8f361275ecf89b60b400da7d433
- SHA1
- 40861d724295018178b565d6df2efac775f0f313
- SHA256
- e255f9c5c80bb936f385c11ec6b7d6d25cdc96749aaf8ccbe440f0311c65aeba
-
00021#Qt5Core.dll
- Size
- 4.4MiB (4621312 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/67
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 53e445aabbc8eafc0a0779d40bbae417
- SHA1
- c578dc85eb32c2305a088d7e57c05bacc072c217
- SHA256
- 5962c3e7d67c78a408eda9427c74de03bbe071733e6394edbb30274dccc0b66d
-
00022#Qt5Gui.dll
- Size
- 4.6MiB (4860928 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 02737d896f2ce36fa8df30435a1ad313
- SHA1
- 2714378f2d84abdc11a85836b123c04ba29707b5
- SHA256
- 3a93702b6927ba84b74ec7e23337b8ce8fb7162c97dc58625fa8309b326e8146
-
00023#Qt5Widgets.dll
- Size
- 4.2MiB (4420096 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/67
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 2ff65eb0669728e99448cee07497e1fe
- SHA1
- 2095cad53272b4a19594177f874a478012b7dac0
- SHA256
- 10a13e22d67d95146247d06c1fcde3decf8aa77ac0d9bc6be0d311b1e59dae6e
-
00269#LPile2019Technical.bat
- Size
- 282B (282 bytes)
- Type
- text
- Description
- DOS batch file, ASCII text, with CRLF line terminators
- AV Scan Result
- 0/58
- MD5
- b8ec5173dbc23f5d1739c7aaafb073b8
- SHA1
- 2dcca561150b8b8d9df6dc26f766f8e930b59672
- SHA256
- caccc3c10eebee966cb94a063803364a6c4787dbcff890b143a93dc702b77720
-
00275#ensoft_key_inquirer_v5.exe
- Size
- 2.4MiB (2514432 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- MD5
- 91cccff5b2d8e28946966a0e412e7e4c
- SHA1
- 91c38fa29eb7696fbfab34a7fe564ef2b8911af7
- SHA256
- 75ca7492027e3bb3792453a9bed67b5a0b27bc3087d559704b8332b434087e84
-
00282#SeverModul.dll
- Size
- 154KiB (157696 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- MD5
- df47fb6a00715fa590d1ba66a64f6976
- SHA1
- 77268baa860ba796a892ee427f095dd928214d87
- SHA256
- a3bdd2841fcafb3cb8ffb795b73b044ea9f3e9f6341995ee03c464e0ab56d42b
-
00277#Install.exe
- Size
- 89KiB (91136 bytes)
- Type
- peexe executable
- Description
- PE32 executable (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- MD5
- e68d1429a0af44f7212b1b96c1937062
- SHA1
- 8f02d53f27fdd27de9d60d0cc586d458894ea48d
- SHA256
- 86ff5a2749f4a3391534fb44ce12388a6f984da129f60996ce22539eec83c5e4
-
00276#ei_set_serverip_ipv.exe
- Size
- 356KiB (364544 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- MD5
- 401c39ed7385591f0449939445678727
- SHA1
- 8ddf2291a7f5a9200c73a1457b0dce16bec59e70
- SHA256
- df0897c4cde7906564f01fabd1f8d61a1a71f9a1325e6309915e3bd22085b289
-
-
Informative Selection 2
-
-
00241#Example 6c Pile-head Stiffness Matrix_ Method 3.lp11p
- Size
- 91KiB (92912 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- MD5
- 911ff52d42f98347cf570eacecfc7e8c
- SHA1
- 922826f1c1bfe4292c6a7fdee9306bfd56224693
- SHA256
- 2eddc148e7a5fc03411d28baa9ecd62d2ed47e193421a51623e01950660e0486
-
00236#Example 6b Pile-head Stiffness Matrix_ Method 2.lp11p
- Size
- 91KiB (92912 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- MD5
- 911ff52d42f98347cf570eacecfc7e8c
- SHA1
- 922826f1c1bfe4292c6a7fdee9306bfd56224693
- SHA256
- 2eddc148e7a5fc03411d28baa9ecd62d2ed47e193421a51623e01950660e0486
-
-
Informative 7
-
-
00000#Ensoft License and Disclaimer.pdf
- Size
- 142KiB (145246 bytes)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 4058e381b458130843cda1f9b60c1ff0
- SHA1
- 7fd21501665ee82861cb5517b9d3a0d5ff9c0562
- SHA256
- c5edadfee23d10d1e0744ad390838dd6496df07d15affbc892f5944d619f177b
-
00004#NetUniKey.ini
- Size
- 238B (238 bytes)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 553df9e63b074095f2d7d0f9fbd0e18b
- SHA1
- 4cac6b270aa24f81afbaefc550799c34f52e2e99
- SHA256
- 69a0356b66aaec531fb46068a92c85c1095eb3494c318888e97ba3a6673b7a77
-
00006#programs.ini
- Size
- 817B (817 bytes)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 04aac2ec03515f7240513d5dd2898880
- SHA1
- 986efcfc20ac8db732c72c4eea806216045649c3
- SHA256
- 4a3dcf6a9c110a1d06a9819b05a7da22a47911d799ce3c18f7fd0cd104845a55
-
00007#server_locked.ico
- Size
- 22KiB (22534 bytes)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 0c1c210f9820d0eea5a0836cf9aa4bd4
- SHA1
- 5cf52e9c79d17a9128153095c7767f8d5478da2f
- SHA256
- fc849b9387632fe0522da9310b160d413852ab7bb2c39f822d9bb5727de2c747
-
00011#Ensoft Utilities v5 - Users Manual.pdf
- Size
- 1.2MiB (1241414 bytes)
- Runtime Process
- Lpile2019-09.exe (PID: 2468)
- MD5
- 3dcb144274de06e6e287dd23358f9836
- SHA1
- cc329be453efd6a9011641009aa9ff7e1d11afe2
- SHA256
- beb1e12d067c0eaec5200c20abfa39b85da4277b11f6e8a85cb29a2047d66f4a
-
00271#TeeChart2013.chm
- Size
- 4.5MiB (4718592 bytes)
- Type
- text mshelp
- Description
- MS Windows HtmlHelp Data
- MD5
- 80c5be49c6568f1fa47e9c8aa3a12ce8
- SHA1
- 962f2c0f07290bea90ba5c7ebc4ab007d1cfb251
- SHA256
- ba69aa7a7e7c2070468dac021cc7e1b618b084f52a5cb701f1efb4467a816494
-
00268#LPile2019.exe
- Size
- 4.5MiB (4718592 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- MD5
- 2271fc6c8ce4f3332b4475f341d30a30
- SHA1
- 568be56a4a29bf64c52c9cbc1044d5fb231c7a2f
- SHA256
- acbfbe409e12c876b1189e54d0f1fc9b7e90e666ca43b7665360c7b1efac583c
-
Notifications
-
Runtime
- Network whitenoise filtering was applied
- No static analysis parsing on sample was performed
- Not all Falcon MalQuery lookups completed in time
- Not all sources for indicator ID "api-4" are available in the report
- Not all sources for indicator ID "api-47" are available in the report
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "binary-1" are available in the report
- Not all sources for indicator ID "string-64" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)