File name:

GoldenEyeRAT1.6.6RELEASE.zip

Full analysis: https://app.any.run/tasks/a858c3e8-a6ee-4de9-b84a-757f14e44d8b
Verdict: Malicious activity
Threats:

njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world.

Malware Trends Tracker     >>>
Analysis date: December 06, 2018, 07:09:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
rat
njrat
bladabindi
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

F7670BB96A27A041E10E3BA84DF0D011

SHA1:

37C08B7F6A8E38B62DA83A680B412BD5AA4B5864

SHA256:

05F30945508D84B63809CC8EA7630FD5BBA2750CA21CB734E08D5E993EA5C01F

SSDEEP:

24576:xYEYAIG/xvmk2GYNu5nPmoaEMwV4FC15o:OlAIGxBYNupPmoaEdVy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • InitSetup.exe (PID: 2720)
      • InitSetup.exe (PID: 2704)
      • InitSetup.exe (PID: 3200)
      • InitSetup.exe (PID: 1420)
      • InitSetup.exe (PID: 3048)
      • InitSetup.exe (PID: 3652)
      • InitSetup.exe (PID: 3948)
      • InitSetup.exe (PID: 2428)
      • InitSetup.exe (PID: 3720)
      • InitSetup.exe (PID: 3356)
      • InitSetup.exe (PID: 3944)
      • InitSetup.exe (PID: 2296)
      • InitSetup.exe (PID: 3032)
      • InitSetup.exe (PID: 3680)
      • InitSetup.exe (PID: 3932)
      • InitSetup.exe (PID: 3372)
      • InitSetup.exe (PID: 2500)
      • InitSetup.exe (PID: 3576)
      • InitSetup.exe (PID: 2132)
      • InitSetup.exe (PID: 3152)
      • InitSetup.exe (PID: 2964)
      • InitSetup.exe (PID: 3644)
      • InitSetup.exe (PID: 1864)
      • InitSetup.exe (PID: 3560)
      • InitSetup.exe (PID: 3460)
      • InitSetup.exe (PID: 2960)
      • InitSetup.exe (PID: 3524)
      • InitSetup.exe (PID: 4072)
      • InitSetup.exe (PID: 2112)
      • InitSetup.exe (PID: 3248)
      • InitSetup.exe (PID: 3972)
      • InitSetup.exe (PID: 3912)
      • InitSetup.exe (PID: 3964)
      • InitSetup.exe (PID: 2700)
      • InitSetup.exe (PID: 3692)
      • InitSetup.exe (PID: 3128)
      • InitSetup.exe (PID: 340)
      • InitSetup.exe (PID: 2280)
      • InitSetup.exe (PID: 1764)
      • InitSetup.exe (PID: 3044)
      • InitSetup.exe (PID: 3252)
      • InitSetup.exe (PID: 2328)
      • InitSetup.exe (PID: 2624)
      • InitSetup.exe (PID: 3320)
      • InitSetup.exe (PID: 2168)
      • InitSetup.exe (PID: 3176)
      • InitSetup.exe (PID: 3596)
      • InitSetup.exe (PID: 3000)
      • InitSetup.exe (PID: 3816)
      • InitSetup.exe (PID: 2160)
      • InitSetup.exe (PID: 2412)
      • InitSetup.exe (PID: 3300)
      • InitSetup.exe (PID: 3864)
      • InitSetup.exe (PID: 3736)
      • InitSetup.exe (PID: 2336)
      • InitSetup.exe (PID: 2676)
      • InitSetup.exe (PID: 2840)
      • InitSetup.exe (PID: 2480)
      • InitSetup.exe (PID: 3672)
      • InitSetup.exe (PID: 2484)
      • InitSetup.exe (PID: 3608)
      • InitSetup.exe (PID: 3164)
      • InitSetup.exe (PID: 1328)
      • InitSetup.exe (PID: 3212)
      • InitSetup.exe (PID: 2136)
      • InitSetup.exe (PID: 4056)
      • InitSetup.exe (PID: 1336)
      • InitSetup.exe (PID: 3540)
      • InitSetup.exe (PID: 3588)
      • InitSetup.exe (PID: 2596)
      • InitSetup.exe (PID: 2684)
      • InitSetup.exe (PID: 3832)
      • InitSetup.exe (PID: 3620)
      • InitSetup.exe (PID: 2404)
      • InitSetup.exe (PID: 2756)
      • InitSetup.exe (PID: 3028)
      • InitSetup.exe (PID: 3504)
      • InitSetup.exe (PID: 2204)
      • InitSetup.exe (PID: 3408)
      • InitSetup.exe (PID: 5080)
      • InitSetup.exe (PID: 5592)
      • InitSetup.exe (PID: 4880)
      • InitSetup.exe (PID: 5428)
      • InitSetup.exe (PID: 4664)
      • InitSetup.exe (PID: 4532)
      • InitSetup.exe (PID: 5112)
      • InitSetup.exe (PID: 4144)
      • InitSetup.exe (PID: 4176)
      • InitSetup.exe (PID: 5948)
      • InitSetup.exe (PID: 6048)
      • InitSetup.exe (PID: 5852)
      • InitSetup.exe (PID: 4116)
      • InitSetup.exe (PID: 5344)
      • InitSetup.exe (PID: 5892)
      • InitSetup.exe (PID: 5044)
      • InitSetup.exe (PID: 6056)
      • InitSetup.exe (PID: 5436)
      • InitSetup.exe (PID: 5360)
      • InitSetup.exe (PID: 1140)
      • InitSetup.exe (PID: 4800)
      • InitSetup.exe (PID: 4428)
      • InitSetup.exe (PID: 4780)
      • InitSetup.exe (PID: 5924)
      • InitSetup.exe (PID: 5240)
      • InitSetup.exe (PID: 2828)
      • InitSetup.exe (PID: 5708)
      • InitSetup.exe (PID: 4228)
      • InitSetup.exe (PID: 4284)
      • InitSetup.exe (PID: 5336)
      • InitSetup.exe (PID: 4480)
      • InitSetup.exe (PID: 5564)
      • InitSetup.exe (PID: 5032)
      • InitSetup.exe (PID: 5664)
      • InitSetup.exe (PID: 7268)
      • InitSetup.exe (PID: 7120)
      • InitSetup.exe (PID: 6672)
      • InitSetup.exe (PID: 8092)
      • InitSetup.exe (PID: 8120)
      • WindowsGrfxSrvs.exe (PID: 10180)
      • InitSetup.exe (PID: 9496)
      • WindowsGrfxSrvs.exe (PID: 2944)
      • WindowsGrfxSrvs.exe (PID: 3952)
      • InitSetup.exe (PID: 8232)
      • WindowsGrfxSrvs.exe (PID: 636)
      • WindowsGrfxSrvs.exe (PID: 8320)
      • WindowsGrfxSrvs.exe (PID: 5816)
      • WindowsGrfxSrvs.exe (PID: 9992)
      • WindowsGrfxSrvs.exe (PID: 5504)
      • WindowsGrfxSrvs.exe (PID: 6064)
      • InitSetup.exe (PID: 10068)
      • WindowsGrfxSrvs.exe (PID: 8676)
      • InitSetup.exe (PID: 5640)
      • WindowsGrfxSrvs.exe (PID: 8428)
      • WindowsGrfxSrvs.exe (PID: 8020)
      • WindowsGrfxSrvs.exe (PID: 6216)
      • WindowsGrfxSrvs.exe (PID: 5508)
      • WindowsGrfxSrvs.exe (PID: 4548)
      • InitSetup.exe (PID: 8592)
      • WindowsGrfxSrvs.exe (PID: 8580)
      • WindowsGrfxSrvs.exe (PID: 4364)
      • WindowsGrfxSrvs.exe (PID: 9148)
      • InitSetup.exe (PID: 9948)
      • WindowsGrfxSrvs.exe (PID: 1760)
      • WindowsGrfxSrvs.exe (PID: 6076)
      • WindowsGrfxSrvs.exe (PID: 10144)
      • WindowsGrfxSrvs.exe (PID: 6380)
      • WindowsGrfxSrvs.exe (PID: 9412)
      • InitSetup.exe (PID: 8956)
      • WindowsGrfxSrvs.exe (PID: 1200)
      • WindowsGrfxSrvs.exe (PID: 4960)
      • WindowsGrfxSrvs.exe (PID: 3272)
      • WindowsGrfxSrvs.exe (PID: 9544)
      • WindowsGrfxSrvs.exe (PID: 10032)
      • WindowsGrfxSrvs.exe (PID: 1884)
      • WindowsGrfxSrvs.exe (PID: 9264)
      • WindowsGrfxSrvs.exe (PID: 4012)
      • WindowsGrfxSrvs.exe (PID: 6700)
      • InitSetup.exe (PID: 5468)
      • WindowsGrfxSrvs.exe (PID: 3384)
      • WindowsGrfxSrvs.exe (PID: 9728)
      • WindowsGrfxSrvs.exe (PID: 9920)
      • InitSetup.exe (PID: 3956)
      • InitSetup.exe (PID: 6120)
      • InitSetup.exe (PID: 4872)
      • InitSetup.exe (PID: 5516)
      • InitSetup.exe (PID: 7596)
      • InitSetup.exe (PID: 4384)
      • InitSetup.exe (PID: 6976)
      • InitSetup.exe (PID: 7316)
      • InitSetup.exe (PID: 2972)
      • InitSetup.exe (PID: 9424)
      • InitSetup.exe (PID: 2232)
      • InitSetup.exe (PID: 5584)
      • InitSetup.exe (PID: 7928)
      • InitSetup.exe (PID: 684)
      • InitSetup.exe (PID: 6020)
      • InitSetup.exe (PID: 8008)
      • InitSetup.exe (PID: 5088)
      • InitSetup.exe (PID: 5356)
      • InitSetup.exe (PID: 7112)
      • InitSetup.exe (PID: 6520)
      • InitSetup.exe (PID: 8512)
      • InitSetup.exe (PID: 9488)
      • InitSetup.exe (PID: 3216)
      • InitSetup.exe (PID: 2860)
      • InitSetup.exe (PID: 9240)
      • InitSetup.exe (PID: 4944)
      • InitSetup.exe (PID: 8564)
      • InitSetup.exe (PID: 6744)
      • InitSetup.exe (PID: 8352)
      • InitSetup.exe (PID: 10012)
      • InitSetup.exe (PID: 4576)
      • InitSetup.exe (PID: 3700)
      • InitSetup.exe (PID: 6592)
      • InitSetup.exe (PID: 6524)
      • InitSetup.exe (PID: 3988)
      • InitSetup.exe (PID: 3136)
      • InitSetup.exe (PID: 8160)
      • InitSetup.exe (PID: 10016)
      • InitSetup.exe (PID: 904)
      • InitSetup.exe (PID: 8952)
      • InitSetup.exe (PID: 10160)
      • InitSetup.exe (PID: 7628)
      • InitSetup.exe (PID: 6736)
      • InitSetup.exe (PID: 4112)
      • InitSetup.exe (PID: 8276)
      • InitSetup.exe (PID: 6068)
      • InitSetup.exe (PID: 7788)
      • InitSetup.exe (PID: 7924)
      • InitSetup.exe (PID: 4500)
      • InitSetup.exe (PID: 8628)
      • InitSetup.exe (PID: 2256)
      • InitSetup.exe (PID: 9824)
      • InitSetup.exe (PID: 5116)
      • InitSetup.exe (PID: 6780)
      • InitSetup.exe (PID: 2292)
      • InitSetup.exe (PID: 8372)
      • InitSetup.exe (PID: 8412)
      • InitSetup.exe (PID: 5184)
      • InitSetup.exe (PID: 5056)
      • InitSetup.exe (PID: 4088)
      • InitSetup.exe (PID: 2888)
      • InitSetup.exe (PID: 3616)
      • InitSetup.exe (PID: 2080)

    • Uses Task Scheduler to run other applications

      • InitSetup.exe (PID: 2500)
      • InitSetup.exe (PID: 3720)
      • InitSetup.exe (PID: 3948)
      • InitSetup.exe (PID: 2428)
      • InitSetup.exe (PID: 340)
      • InitSetup.exe (PID: 3576)
      • InitSetup.exe (PID: 3356)
      • InitSetup.exe (PID: 3048)
      • InitSetup.exe (PID: 3032)
      • InitSetup.exe (PID: 2280)
      • InitSetup.exe (PID: 2700)
      • InitSetup.exe (PID: 3912)
      • InitSetup.exe (PID: 3964)
      • InitSetup.exe (PID: 3152)
      • InitSetup.exe (PID: 2328)
      • InitSetup.exe (PID: 2840)
      • InitSetup.exe (PID: 2480)
      • InitSetup.exe (PID: 3596)
      • InitSetup.exe (PID: 3832)
      • InitSetup.exe (PID: 3044)
      • InitSetup.exe (PID: 3028)
      • InitSetup.exe (PID: 3164)
      • InitSetup.exe (PID: 3620)
      • InitSetup.exe (PID: 2676)
      • InitSetup.exe (PID: 2136)
      • InitSetup.exe (PID: 2684)
      • InitSetup.exe (PID: 4880)
      • InitSetup.exe (PID: 5948)
      • InitSetup.exe (PID: 2160)
      • InitSetup.exe (PID: 5032)
      • InitSetup.exe (PID: 2828)
      • InitSetup.exe (PID: 5564)
      • InitSetup.exe (PID: 5336)
      • InitSetup.exe (PID: 8092)
      • InitSetup.exe (PID: 7120)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 6660)
      • schtasks.exe (PID: 6560)
      • schtasks.exe (PID: 4192)
      • schtasks.exe (PID: 7572)
      • schtasks.exe (PID: 6336)
      • schtasks.exe (PID: 8036)
      • schtasks.exe (PID: 8548)
      • schtasks.exe (PID: 8728)
      • schtasks.exe (PID: 9100)
      • schtasks.exe (PID: 8404)
      • schtasks.exe (PID: 9300)
      • schtasks.exe (PID: 8836)
      • schtasks.exe (PID: 3184)
      • schtasks.exe (PID: 9408)
      • schtasks.exe (PID: 7072)
      • schtasks.exe (PID: 8808)
      • schtasks.exe (PID: 10184)
      • schtasks.exe (PID: 3172)
      • schtasks.exe (PID: 8244)
      • schtasks.exe (PID: 6248)
      • schtasks.exe (PID: 8796)
      • schtasks.exe (PID: 9328)
      • schtasks.exe (PID: 8748)
      • schtasks.exe (PID: 8272)
      • schtasks.exe (PID: 8424)
      • schtasks.exe (PID: 7260)
      • schtasks.exe (PID: 8652)
      • schtasks.exe (PID: 2620)
      • schtasks.exe (PID: 4316)
      • schtasks.exe (PID: 6188)
      • schtasks.exe (PID: 9188)
      • schtasks.exe (PID: 4372)
      • schtasks.exe (PID: 1020)
      • schtasks.exe (PID: 5620)
      • schtasks.exe (PID: 7004)

    • NJRAT was detected

      • WindowsGrfxSrvs.exe (PID: 2944)

    • Connects to CnC server

      • WindowsGrfxSrvs.exe (PID: 2944)

  • SUSPICIOUS

    • Application launched itself

      • GoldenEye Remote Administration Tool.exe (PID: 3296)
      • GoldenEye Remote Administration Tool.exe (PID: 3108)
      • GoldenEye Remote Administration Tool.exe (PID: 2616)
      • GoldenEye Remote Administration Tool.exe (PID: 2160)
      • GoldenEye Remote Administration Tool.exe (PID: 312)
      • GoldenEye Remote Administration Tool.exe (PID: 3680)
      • GoldenEye Remote Administration Tool.exe (PID: 3632)
      • GoldenEye Remote Administration Tool.exe (PID: 2472)
      • GoldenEye Remote Administration Tool.exe (PID: 3580)
      • GoldenEye Remote Administration Tool.exe (PID: 3088)
      • GoldenEye Remote Administration Tool.exe (PID: 312)
      • GoldenEye Remote Administration Tool.exe (PID: 4024)
      • GoldenEye Remote Administration Tool.exe (PID: 2848)
      • GoldenEye Remote Administration Tool.exe (PID: 2136)
      • GoldenEye Remote Administration Tool.exe (PID: 3024)
      • GoldenEye Remote Administration Tool.exe (PID: 4036)
      • GoldenEye Remote Administration Tool.exe (PID: 3460)
      • GoldenEye Remote Administration Tool.exe (PID: 4080)
      • GoldenEye Remote Administration Tool.exe (PID: 3676)
      • GoldenEye Remote Administration Tool.exe (PID: 128)
      • GoldenEye Remote Administration Tool.exe (PID: 992)
      • GoldenEye Remote Administration Tool.exe (PID: 3912)
      • GoldenEye Remote Administration Tool.exe (PID: 3212)
      • GoldenEye Remote Administration Tool.exe (PID: 2608)
      • GoldenEye Remote Administration Tool.exe (PID: 2276)
      • GoldenEye Remote Administration Tool.exe (PID: 2264)
      • GoldenEye Remote Administration Tool.exe (PID: 1820)
      • GoldenEye Remote Administration Tool.exe (PID: 2604)
      • GoldenEye Remote Administration Tool.exe (PID: 3736)
      • GoldenEye Remote Administration Tool.exe (PID: 2680)
      • GoldenEye Remote Administration Tool.exe (PID: 2632)
      • GoldenEye Remote Administration Tool.exe (PID: 2216)
      • GoldenEye Remote Administration Tool.exe (PID: 2812)
      • GoldenEye Remote Administration Tool.exe (PID: 3924)
      • GoldenEye Remote Administration Tool.exe (PID: 3708)
      • GoldenEye Remote Administration Tool.exe (PID: 2304)
      • GoldenEye Remote Administration Tool.exe (PID: 3748)
      • GoldenEye Remote Administration Tool.exe (PID: 3888)
      • GoldenEye Remote Administration Tool.exe (PID: 3480)
      • GoldenEye Remote Administration Tool.exe (PID: 3928)
      • GoldenEye Remote Administration Tool.exe (PID: 3492)
      • GoldenEye Remote Administration Tool.exe (PID: 3324)
      • GoldenEye Remote Administration Tool.exe (PID: 4044)
      • GoldenEye Remote Administration Tool.exe (PID: 3312)
      • GoldenEye Remote Administration Tool.exe (PID: 2828)
      • GoldenEye Remote Administration Tool.exe (PID: 3028)
      • GoldenEye Remote Administration Tool.exe (PID: 3624)
      • GoldenEye Remote Administration Tool.exe (PID: 2600)
      • GoldenEye Remote Administration Tool.exe (PID: 3456)
      • GoldenEye Remote Administration Tool.exe (PID: 4932)
      • GoldenEye Remote Administration Tool.exe (PID: 5108)
      • GoldenEye Remote Administration Tool.exe (PID: 5544)
      • GoldenEye Remote Administration Tool.exe (PID: 5604)
      • GoldenEye Remote Administration Tool.exe (PID: 5656)
      • GoldenEye Remote Administration Tool.exe (PID: 4416)
      • GoldenEye Remote Administration Tool.exe (PID: 4508)
      • GoldenEye Remote Administration Tool.exe (PID: 5524)
      • GoldenEye Remote Administration Tool.exe (PID: 4152)
      • GoldenEye Remote Administration Tool.exe (PID: 6060)
      • GoldenEye Remote Administration Tool.exe (PID: 4876)
      • GoldenEye Remote Administration Tool.exe (PID: 4444)
      • GoldenEye Remote Administration Tool.exe (PID: 4140)
      • GoldenEye Remote Administration Tool.exe (PID: 5460)
      • GoldenEye Remote Administration Tool.exe (PID: 5096)
      • GoldenEye Remote Administration Tool.exe (PID: 4232)
      • GoldenEye Remote Administration Tool.exe (PID: 5008)
      • GoldenEye Remote Administration Tool.exe (PID: 4620)
      • GoldenEye Remote Administration Tool.exe (PID: 4180)
      • GoldenEye Remote Administration Tool.exe (PID: 5772)
      • GoldenEye Remote Administration Tool.exe (PID: 6124)
      • GoldenEye Remote Administration Tool.exe (PID: 5920)
      • GoldenEye Remote Administration Tool.exe (PID: 5692)
      • GoldenEye Remote Administration Tool.exe (PID: 5684)
      • GoldenEye Remote Administration Tool.exe (PID: 4484)
      • GoldenEye Remote Administration Tool.exe (PID: 4552)
      • GoldenEye Remote Administration Tool.exe (PID: 5824)
      • GoldenEye Remote Administration Tool.exe (PID: 1008)
      • GoldenEye Remote Administration Tool.exe (PID: 5284)
      • GoldenEye Remote Administration Tool.exe (PID: 4196)
      • GoldenEye Remote Administration Tool.exe (PID: 1660)
      • GoldenEye Remote Administration Tool.exe (PID: 6052)
      • GoldenEye Remote Administration Tool.exe (PID: 6384)
      • GoldenEye Remote Administration Tool.exe (PID: 7188)
      • GoldenEye Remote Administration Tool.exe (PID: 5480)
      • GoldenEye Remote Administration Tool.exe (PID: 7124)
      • GoldenEye Remote Administration Tool.exe (PID: 6664)
      • GoldenEye Remote Administration Tool.exe (PID: 7908)
      • GoldenEye Remote Administration Tool.exe (PID: 8708)
      • GoldenEye Remote Administration Tool.exe (PID: 6732)
      • GoldenEye Remote Administration Tool.exe (PID: 3072)
      • GoldenEye Remote Administration Tool.exe (PID: 3424)
      • GoldenEye Remote Administration Tool.exe (PID: 3744)
      • GoldenEye Remote Administration Tool.exe (PID: 4696)
      • GoldenEye Remote Administration Tool.exe (PID: 788)
      • GoldenEye Remote Administration Tool.exe (PID: 4904)
      • GoldenEye Remote Administration Tool.exe (PID: 7708)
      • GoldenEye Remote Administration Tool.exe (PID: 6956)
      • GoldenEye Remote Administration Tool.exe (PID: 7536)
      • GoldenEye Remote Administration Tool.exe (PID: 7144)
      • GoldenEye Remote Administration Tool.exe (PID: 2952)
      • GoldenEye Remote Administration Tool.exe (PID: 9404)
      • GoldenEye Remote Administration Tool.exe (PID: 2564)
      • GoldenEye Remote Administration Tool.exe (PID: 8508)
      • GoldenEye Remote Administration Tool.exe (PID: 4476)
      • GoldenEye Remote Administration Tool.exe (PID: 8576)
      • GoldenEye Remote Administration Tool.exe (PID: 5544)
      • GoldenEye Remote Administration Tool.exe (PID: 1852)
      • GoldenEye Remote Administration Tool.exe (PID: 4068)
      • GoldenEye Remote Administration Tool.exe (PID: 6504)
      • GoldenEye Remote Administration Tool.exe (PID: 10116)
      • GoldenEye Remote Administration Tool.exe (PID: 2180)
      • GoldenEye Remote Administration Tool.exe (PID: 6016)
      • GoldenEye Remote Administration Tool.exe (PID: 7116)
      • GoldenEye Remote Administration Tool.exe (PID: 5568)
      • GoldenEye Remote Administration Tool.exe (PID: 3276)
      • GoldenEye Remote Administration Tool.exe (PID: 9352)
      • GoldenEye Remote Administration Tool.exe (PID: 2284)
      • GoldenEye Remote Administration Tool.exe (PID: 3312)
      • GoldenEye Remote Administration Tool.exe (PID: 5100)
      • GoldenEye Remote Administration Tool.exe (PID: 6936)
      • GoldenEye Remote Administration Tool.exe (PID: 3940)
      • GoldenEye Remote Administration Tool.exe (PID: 9732)
      • GoldenEye Remote Administration Tool.exe (PID: 7444)
      • GoldenEye Remote Administration Tool.exe (PID: 6432)
      • GoldenEye Remote Administration Tool.exe (PID: 2872)
      • GoldenEye Remote Administration Tool.exe (PID: 8240)
      • GoldenEye Remote Administration Tool.exe (PID: 2400)
      • GoldenEye Remote Administration Tool.exe (PID: 4300)
      • GoldenEye Remote Administration Tool.exe (PID: 3800)
      • GoldenEye Remote Administration Tool.exe (PID: 8224)
      • GoldenEye Remote Administration Tool.exe (PID: 6696)
      • GoldenEye Remote Administration Tool.exe (PID: 6864)
      • GoldenEye Remote Administration Tool.exe (PID: 2912)
      • GoldenEye Remote Administration Tool.exe (PID: 8832)
      • GoldenEye Remote Administration Tool.exe (PID: 9788)
      • GoldenEye Remote Administration Tool.exe (PID: 2976)
      • GoldenEye Remote Administration Tool.exe (PID: 3076)
      • GoldenEye Remote Administration Tool.exe (PID: 5160)
      • GoldenEye Remote Administration Tool.exe (PID: 564)
      • GoldenEye Remote Administration Tool.exe (PID: 4108)
      • GoldenEye Remote Administration Tool.exe (PID: 8976)

    • Executable content was dropped or overwritten

      • GoldenEye Remote Administration Tool.exe (PID: 3296)
      • InitSetup.exe (PID: 2500)
      • InitSetup.exe (PID: 3948)
      • InitSetup.exe (PID: 3720)

    • Creates files in the Windows directory

      • GoldenEye Remote Administration Tool.exe (PID: 3296)

    • Starts itself from another location

      • InitSetup.exe (PID: 2500)
      • InitSetup.exe (PID: 3720)
      • InitSetup.exe (PID: 3356)
      • InitSetup.exe (PID: 3948)
      • InitSetup.exe (PID: 3032)
      • InitSetup.exe (PID: 3048)
      • InitSetup.exe (PID: 2428)
      • InitSetup.exe (PID: 340)
      • InitSetup.exe (PID: 3576)
      • InitSetup.exe (PID: 3912)
      • InitSetup.exe (PID: 3964)
      • InitSetup.exe (PID: 3152)
      • InitSetup.exe (PID: 2280)
      • InitSetup.exe (PID: 2700)
      • InitSetup.exe (PID: 3044)
      • InitSetup.exe (PID: 2328)
      • InitSetup.exe (PID: 3596)
      • InitSetup.exe (PID: 2840)
      • InitSetup.exe (PID: 3028)
      • InitSetup.exe (PID: 3832)
      • InitSetup.exe (PID: 2136)
      • InitSetup.exe (PID: 3164)
      • InitSetup.exe (PID: 2480)
      • InitSetup.exe (PID: 3620)
      • InitSetup.exe (PID: 2160)
      • InitSetup.exe (PID: 4880)
      • InitSetup.exe (PID: 2684)
      • InitSetup.exe (PID: 2828)
      • InitSetup.exe (PID: 5948)
      • InitSetup.exe (PID: 2676)
      • InitSetup.exe (PID: 5032)
      • InitSetup.exe (PID: 5336)
      • InitSetup.exe (PID: 7120)
      • InitSetup.exe (PID: 5564)
      • InitSetup.exe (PID: 8092)

    • Connects to unusual port

      • WindowsGrfxSrvs.exe (PID: 2944)

  • INFO

    • Application was crashed

      • Stub.exe (PID: 6464)

    • Reads settings of System Certificates

      • WindowsGrfxSrvs.exe (PID: 2944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2018:12:05 13:13:14
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: GoldenEyeRAT1.6.6RELEASE/Golden Eye RAT Client/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
535
Monitored processes
453
Malicious processes
86
Suspicious processes
116

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start winrar.exe no specs goldeneye remote administration tool.exe initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs stub.exe initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs initsetup.exe goldeneye remote administration tool.exe no specs schtasks.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs schtasks.exe no specs schtasks.exe no specs #NJRAT windowsgrfxsrvs.exe schtasks.exe no specs schtasks.exe no specs initsetup.exe no specs schtasks.exe no specs goldeneye remote administration tool.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs initsetup.exe no specs schtasks.exe no specs schtasks.exe no specs goldeneye remote administration tool.exe no specs schtasks.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs schtasks.exe no specs initsetup.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs goldeneye remote administration tool.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs goldeneye licensing server.exe schtasks.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs schtasks.exe no specs schtasks.exe no specs goldeneye remote administration tool.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs schtasks.exe no specs goldeneye remote administration tool.exe no specs schtasks.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs windowsgrfxsrvs.exe no specs goldeneye remote administration tool.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs windowsgrfxsrvs.exe no specs goldeneye remote administration tool.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs windowsgrfxsrvs.exe no specs goldeneye remote administration tool.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs windowsgrfxsrvs.exe no specs schtasks.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs windowsgrfxsrvs.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe initsetup.exe no specs goldeneye remote administration tool.exe no specs msbuild.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs initsetup.exe no specs goldeneye remote administration tool.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exeGoldenEye Remote Administration Tool.exe
User:
admin
Company:
BreakingSecurity.net
Integrity Level:
HIGH
Exit code:
0
Version:
1.01.0001
Modules
Images
c:\users\admin\desktop\goldeneyerat1.6.6release\golden eye rat client\goldeneye remote administration tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
312"C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exeGoldenEye Remote Administration Tool.exe
User:
admin
Company:
BreakingSecurity.net
Integrity Level:
HIGH
Exit code:
0
Version:
1.01.0001
Modules
Images
c:\windows\system32\apphelp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sxs.dll
312"C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exeGoldenEye Remote Administration Tool.exe
User:
admin
Company:
BreakingSecurity.net
Integrity Level:
HIGH
Exit code:
0
Version:
1.01.0001
Modules
Images
c:\users\admin\desktop\goldeneyerat1.6.6release\golden eye rat client\goldeneye remote administration tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
316"C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exeGoldenEye Remote Administration Tool.exe
User:
admin
Company:
BreakingSecurity.net
Integrity Level:
HIGH
Exit code:
0
Version:
1.01.0001
Modules
Images
c:\users\admin\desktop\goldeneyerat1.6.6release\golden eye rat client\goldeneye remote administration tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
340"C:\Windows\InitSetup.exe" 0C:\Windows\InitSetup.exe
GoldenEye Remote Administration Tool.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\windows\initsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
564"C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exeGoldenEye Remote Administration Tool.exe
User:
admin
Company:
BreakingSecurity.net
Integrity Level:
HIGH
Exit code:
0
Version:
1.01.0001
Modules
Images
c:\users\admin\desktop\goldeneyerat1.6.6release\golden eye rat client\goldeneye remote administration tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
636"C:\Users\admin\WindowsGrfxSrvs\WindowsGrfxSrvs.exe" C:\Users\admin\WindowsGrfxSrvs\WindowsGrfxSrvs.exeInitSetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\windowsgrfxsrvs\windowsgrfxsrvs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
684"C:\Windows\InitSetup.exe" 0C:\Windows\InitSetup.exeGoldenEye Remote Administration Tool.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\windows\initsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
788"C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe" 0C:\Users\admin\Desktop\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exeGoldenEye Remote Administration Tool.exe
User:
admin
Company:
BreakingSecurity.net
Integrity Level:
HIGH
Exit code:
0
Version:
1.01.0001
Modules
Images
c:\users\admin\desktop\goldeneyerat1.6.6release\golden eye rat client\goldeneye remote administration tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
904"C:\Windows\InitSetup.exe" 0C:\Windows\InitSetup.exeGoldenEye Remote Administration Tool.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\windows\initsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
21 257
Read events
20 324
Write events
933
Delete events
0

Modification events

(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2844) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\GoldenEyeRAT1.6.6RELEASE.zip
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(2844) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
4
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\FileSearcher.ini
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\networkcontrol.ini
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\On Join Commands.ini
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Configuration\settings.ini
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\Data\GeoIP.dat
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\GoldenEye Remote Administration Tool.exe
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Golden Eye RAT Client\VelyseTheme.dll
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Lic Server\Clients\Hostah\hwid.txt
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Lic Server\Clients\Hostah\password.txt
MD5:
SHA256:
2844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2844.19658\GoldenEyeRAT1.6.6RELEASE\Lic Server\GoldenEye Licensing Server.exe
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
2
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2944
WindowsGrfxSrvs.exe
104.20.208.21:443
pastebin.com
Cloudflare Inc
US
shared
2944
WindowsGrfxSrvs.exe
70.46.121.187:9000
citysinks.com
Windstream Communications Inc
US
malicious

DNS requests

Domain
IP
Reputation
pastebin.com
  • 104.20.208.21
  • 104.20.209.21
malicious
citysinks.com
  • 70.46.121.187
malicious

Threats

Found threats are available for the paid subscriptions
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GoldenEyeRAT1.6.6RELEASE.zip