analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

pubg-smert-aimbot-cracked.rar

Full analysis: https://app.any.run/tasks/846a4ed9-635b-431e-a893-74848caadc74
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: December 18, 2018, 07:52:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
rat
imminent
trojan
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

EC02608CF26A47FDE38AC7E154BCE15C

SHA1:

2350B372CB6FAB596B2328B5A9979962B3416A25

SHA256:

03C228BD741F0671D866475CC042C8BFFC49D5F6E69552051ADB64454001F508

SSDEEP:

49152:tGHpCastwNwJxLCFPA/FqBiZUHNpBaxxun8Fd5ttrQZd+9:tGHyw2PkAQBiZWNyxwq5ttrR9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Detected Imminent RAT

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Connects to CnC server

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Changes settings of System certificates

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Executes PowerShell scripts

      • cmd.exe (PID: 612)
      • cmd.exe (PID: 2676)

    • Actions looks like stealing of personal data

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Runs app for hidden code execution

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Changes the autorun value in the registry

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

  • SUSPICIOUS

    • Creates files in the user directory

      • PUBG aimbot Smert Cracked.exe (PID: 2952)
      • powershell.exe (PID: 2712)
      • powershell.exe (PID: 2736)

    • Connects to unusual port

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Executable content was dropped or overwritten

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Adds / modifies Windows certificates

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

    • Starts CMD.EXE for commands execution

      • PUBG aimbot Smert Cracked.exe (PID: 2952)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2788)
      • iexplore.exe (PID: 960)

    • Changes internet zones settings

      • iexplore.exe (PID: 960)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2212)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2212)

    • Creates files in the user directory

      • opera.exe (PID: 4076)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
66
Monitored processes
23
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs #IMMINENT pubg aimbot smert cracked.exe wmiapsrv.exe no specs cmd.exe no specs powershell.exe no specs explorer.exe no specs opera.exe chrome.exe chrome.exe no specs wmplayer.exe no specs chrome.exe no specs explorer.exe no specs chrome.exe no specs setup_wm.exe iexplore.exe chrome.exe no specs chrome.exe no specs iexplore.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs powershell.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3404"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\pubg-smert-aimbot-cracked.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2952"C:\Users\admin\Desktop\PUBG Smert Aimbot Cracked\PUBG aimbot Smert Cracked.exe" C:\Users\admin\Desktop\PUBG Smert Aimbot Cracked\PUBG aimbot Smert Cracked.exe
explorer.exe
User:
admin
Company:
pubgcnhacks.com
Integrity Level:
HIGH
Description:
PUBG aimbot Smert Cracked.exe
Version:
1.01
2264C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
WMI Performance Reverse Adapter
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
612"cmd.exe"C:\Windows\system32\cmd.exePUBG aimbot Smert Cracked.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
4294967295
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2712powershell.exe "[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime];(new-object Windows.Security.Credentials.PasswordVault).RetrieveAll() | % { $_.RetrievePassword(); $_ }"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3916"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
4076"C:\Program Files\Opera\opera.exe" C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
1748
2788"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
68.0.3440.106
3664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6d7500b0,0x6d7500c0,0x6d7500ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
3640"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1C:\Program Files\Windows Media Player\wmplayer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Total events
2 232
Read events
1 573
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
114
Text files
75
Unknown types
7

Dropped files

PID
Process
Filename
Type
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\FastColoredTextBox.dll
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\FIx error\Fix.html
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\GifLib.dll
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\LZLoader.dll
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\MaxMind.Db.dll
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\Mono.Nat.dll
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\Newtonsoft.Json.dll
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\PUBG aimbot Smert Cracked.exe
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\RANDOM ..170 RS accounts on the house lol.txt
MD5:
SHA256:
3404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3404.5052\PUBG Smert Aimbot Cracked\READ ME FIRST.txt
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
23
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2392
setup_wm.exe
GET
302
2.16.186.41:80
http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86
unknown
whitelisted
4076
opera.exe
GET
200
66.225.197.197:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
543 b
whitelisted
4076
opera.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAOXQPQlVpLtFek%2BmcpabOk%3D
US
der
471 b
whitelisted
2392
setup_wm.exe
GET
200
2.16.186.98:80
http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86
unknown
xml
546 b
whitelisted
2392
setup_wm.exe
GET
200
2.16.186.98:80
http://onlinestores.metaservices.microsoft.com/bing/bing.xml
unknown
text
523 b
whitelisted
960
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2952
PUBG aimbot Smert Cracked.exe
45.55.57.244:443
www.iptrackeronline.com
Digital Ocean, Inc.
US
malicious
2788
chrome.exe
216.58.206.3:443
www.google.de
Google Inc.
US
whitelisted
2788
chrome.exe
172.217.22.3:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2952
PUBG aimbot Smert Cracked.exe
120.148.191.110:9003
lol1342343.ddns.net
Telstra Pty Ltd
AU
malicious
2788
chrome.exe
172.217.16.202:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
2788
chrome.exe
216.58.207.35:443
www.gstatic.com
Google Inc.
US
whitelisted
2392
setup_wm.exe
2.16.186.98:80
onlinestores.metaservices.microsoft.com
Akamai International B.V.
whitelisted
2392
setup_wm.exe
2.16.186.41:80
redir.metaservices.microsoft.com
Akamai International B.V.
whitelisted
4076
opera.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
4076
opera.exe
82.145.215.40:443
certs.opera.com
Opera Software AS
whitelisted

DNS requests

Domain
IP
Reputation
lol1342343.ddns.net
  • 120.148.191.110
malicious
www.iptrackeronline.com
  • 45.55.57.244
shared
clientservices.googleapis.com
  • 172.217.22.3
whitelisted
www.google.de
  • 216.58.206.3
whitelisted
www.gstatic.com
  • 216.58.207.35
whitelisted
safebrowsing.googleapis.com
  • 172.217.16.202
whitelisted
accounts.google.com
  • 172.217.16.205
shared
ssl.gstatic.com
  • 216.58.206.3
whitelisted
redir.metaservices.microsoft.com
  • 2.16.186.41
  • 2.16.186.11
whitelisted
onlinestores.metaservices.microsoft.com
  • 2.16.186.98
  • 2.16.186.90
whitelisted

Threats

PID
Process
Class
Message
2952
PUBG aimbot Smert Cracked.exe
A Network Trojan was detected
MALWARE [PTsecurity] Imminent Monitor RAT (outbound)
2952
PUBG aimbot Smert Cracked.exe
A Network Trojan was detected
MALWARE [PTsecurity] Imminent Monitor RAT (outbound)
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
pubg-smert-aimbot-cracked.rar