download:

symantec.norton.ghost.v15.0.keymaker.only-core.zip

Full analysis: https://app.any.run/tasks/43aa379e-fd52-4300-9889-97d1528ea6b9
Verdict: No threats detected
Analysis date: April 05, 2019, 19:01:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

11E5D282F1ED6FE40389B03B2EA45A7A

SHA1:

0B76F1D54027C72B2E45FF1697C4C756BE072E62

SHA256:

077E4C2F740842A22FA9EE66A074BB2C044D36ED0AC14D1BF6632DAD6DC3DA66

SSDEEP:

3072:zDBsFwnMT0ZyOPhya/3FV5BgwJvmQUgut6eM45lkY3GfMlxmUj:zDCUu0ZLg63Fj7kgOX2fMlT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • keygen.exe (PID: 2816)

    • Application was dropped or rewritten from another process

      • CORE10k.EXE (PID: 3892)
      • keygen.exe (PID: 2816)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • keygen.exe (PID: 2816)
      • WinRAR.exe (PID: 2200)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2009:11:20 23:50:08
ZipCRC: 0xb453a5ba
ZipCompressedSize: 175
ZipUncompressedSize: 323
ZipFileName: FILE_ID.DIZ
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe keygen.exe core10k.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2200"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\symantec.norton.ghost.v15.0.keymaker.only-core.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2816"C:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\keygen.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\keygen.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2200.42398\keygen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3892"C:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42886\CORE10k.EXE" C:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42886\CORE10k.EXEWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2200.42886\core10k.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
472
Read events
452
Write events
20
Delete events
0

Modification events

(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2200) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\symantec.norton.ghost.v15.0.keymaker.only-core.zip
(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2200) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2200) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:@C:\Windows\System32\ieframe.dll,-10046
Value:
Internet Shortcut
(PID) Process:(2200) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:@C:\Windows\system32\notepad.exe,-469
Value:
Text Document
Executable files
5
Suspicious files
0
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
2816keygen.exeC:\Users\admin\AppData\Local\Temp\Test.dat
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\FILE_ID.DIZtext
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42886\FILE_ID.DIZtext
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\keygen.exeexecutable
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\CORE.NFOtext
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\173-¦+½+f+¦.urltext
MD5:AE411F6833C75CC0D0579C93B9129959
SHA256:082852D51894343C1D198F16F67A6CA59E9FECA4B7181861746F5703885FFBB0
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42886\keygen.exeexecutable
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42886\CORE.NFOtext
MD5:
SHA256:
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\173+f+¦--++.txttext
MD5:24F19B13A0C043E0C10166E96AA7B278
SHA256:A9F5F076E907F382C4FA8596EC668790054C8EB8F0264B84A8743EDBD11A159C
2200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2200.42398\CORE10k.EXEexecutable
MD5:D581068E84510083DDEA45E821EBDE36
SHA256:FA04F7F08277B74677628A224A096D4B9FE4CAFB7EFF9F9D92E2AD776085959D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
symantec.norton.ghost.v15.0.keymaker.only-core.zip