File name:

CEFHelper.zip

Full analysis: https://app.any.run/tasks/018886a8-9d97-46ba-939f-4a871341c174
Verdict: Malicious activity
Analysis date: February 12, 2022, 15:43:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

4BADCA64497DCAE7751AADB8F9D3AA83

SHA1:

1907801CCD396F0FA1872CD70F80BCFCE17C9DDB

SHA256:

06070CEFCA2D96B7CDE24C93E4E94575F3B7C310E8329D69A2EF09A46B8565D8

SSDEEP:

3072:hc5g/pNIgM6uyPm+YOE1dtdxIIGjdOp/p9D0er:h6g/pWgM6uy+B1YIBhDDN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • CEFHelper.exe (PID: 3940)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 3768)
      • cmd.exe (PID: 404)

    • Reads the computer name

      • WinRAR.exe (PID: 3768)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3768)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 3768)

  • INFO

    • Manual execution by user

      • CEFHelper.exe (PID: 3940)
      • cmd.exe (PID: 404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: AvastAuth.dat
ZipUncompressedSize: 164363
ZipCompressedSize: 110630
ZipCRC: 0xb51157ae
ZipModifyDate: 2020:03:13 03:42:07
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe cefhelper.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
404"C:\Windows\system32\cmd.exe" C:\Windows\system32\cmd.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3768"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\CEFHelper.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
3940"C:\Users\admin\Desktop\CEFHelper\CEFHelper.exe" C:\Users\admin\Desktop\CEFHelper\CEFHelper.exeExplorer.EXE
User:
admin
Company:
AVAST Software
Integrity Level:
MEDIUM
Description:
Avast remediation exe
Exit code:
126
Version:
17.3.3443.0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3768WinRAR.exeC:\Users\admin\Desktop\CEFHelper\AvastAuth.datbinary
MD5:53830FE278811363F93E0906D8B5CE69
SHA256:8EC409C1537E3030405BC8F8353D2605D1E88F1B245554383682F3AA8B5100EC
3768WinRAR.exeC:\Users\admin\Desktop\CEFHelper\CEFHelper.exeexecutable
MD5:A72036F635CECF0DCB1E9C6F49A8FA5B
SHA256:85CA20EEEC3400C68A62639A01928A5DAB824D2EADF589E5CBFE5A2BC41D9654
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CEFHelper.zip