File name:

WinHex-v13.2.SR-11.rar

Full analysis: https://app.any.run/tasks/3d1c9779-f1e2-4eff-a2d6-05eb30a8a9d1
Verdict: Malicious activity
Analysis date: December 22, 2023, 16:28:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v2.0, os: Win32
MD5:

3EA250A434EC948E4A73521CA0F55DFF

SHA1:

4644221E765217355FABBB0E0F084CD362389409

SHA256:

0A7C5DE3B10ECAA006D3385E603261D64C38A696370FF9E99C042ACE64AEDA03

SSDEEP:

49152:iNW0CZaWKZJ/lzcM+17Fb5h0SQMjlGQ57UsPoihukJ/i7wI1XN6RAHHCnZ0X+5Q1:ikKXP/lzcM+17RvEQ5QA8qi7RcZ0X+5y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • HelpPane.exe (PID: 2384)

    • Creates a software uninstall entry

      • setup.exe (PID: 1264)

    • Reads Internet Explorer settings

      • HelpPane.exe (PID: 2384)

    • Reads Microsoft Outlook installation path

      • HelpPane.exe (PID: 2384)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2044)
      • setup.exe (PID: 1624)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2044)
      • setup.exe (PID: 1624)

    • Checks supported languages

      • keygen.exe (PID: 296)
      • setup.exe (PID: 1264)
      • keygen.exe (PID: 2068)
      • setup.exe (PID: 1624)
      • WinHex.exe (PID: 712)
      • WinHex.exe (PID: 2308)
      • keygen.exe (PID: 1572)

    • Creates files in the program directory

      • setup.exe (PID: 1624)
      • WinHex.exe (PID: 712)
      • setup.exe (PID: 1264)

    • Reads the computer name

      • WinHex.exe (PID: 712)
      • setup.exe (PID: 1624)
      • setup.exe (PID: 1264)

    • Reads the machine GUID from the registry

      • winhlp32.exe (PID: 2348)
      • HelpPane.exe (PID: 2384)
      • WinHex.exe (PID: 712)

    • Checks proxy server information

      • HelpPane.exe (PID: 2384)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 39
UncompressedSize: -
OperatingSystem: Win32
ModifyDate: 2007:06:15 16:48:14
PackingMethod: Stored
ArchivedFileName: WinHex-v13.2.SR-11
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
12
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs keygen.exe no specs keygen.exe no specs setup.exe no specs setup.exe no specs setup.exe setup.exe winhex.exe no specs winhex.exe no specs winhlp32.exe no specs helppane.exe no specs keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\keygen.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\keygen.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
KGTemplate MFC Application
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2044.3108\winhex-v13.2.sr-11\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
492"C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.6477\WinHex-v13.2.SR-11\setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.6477\WinHex-v13.2.SR-11\setup.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2044.6477\winhex-v13.2.sr-11\setup.exe
c:\windows\system32\ntdll.dll
712"C:\Program Files\WinHex\WinHex.exe"C:\Program Files\WinHex\WinHex.exesetup.exe
User:
admin
Company:
X-Ways Software Technology AG
Integrity Level:
HIGH
Description:
WinHex
Exit code:
0
Version:
13.2
Modules
Images
c:\program files\winhex\winhex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1264"C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.6477\WinHex-v13.2.SR-11\setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.6477\WinHex-v13.2.SR-11\setup.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2044.6477\winhex-v13.2.sr-11\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1572"C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.27400\WinHex-v13.2.SR-11\keygen.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.27400\WinHex-v13.2.SR-11\keygen.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
KGTemplate MFC Application
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2044.27400\winhex-v13.2.sr-11\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1624"C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.6436\WinHex-v13.2.SR-11\setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.6436\WinHex-v13.2.SR-11\setup.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2044.6436\winhex-v13.2.sr-11\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2044"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\WinHex-v13.2.SR-11.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2068"C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3705\WinHex-v13.2.SR-11\keygen.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3705\WinHex-v13.2.SR-11\keygen.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
KGTemplate MFC Application
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2044.3705\winhex-v13.2.sr-11\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2308"C:\Program Files\WinHex\WinHex.exe"C:\Program Files\WinHex\WinHex.exesetup.exe
User:
admin
Company:
X-Ways Software Technology AG
Integrity Level:
HIGH
Description:
WinHex
Exit code:
0
Version:
13.2
Modules
Images
c:\program files\winhex\winhex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2348winhlp32.exe -xC:\Windows\winhlp32.exeWinHex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Winhlp32 Stub
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\winhlp32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
3 743
Read events
3 685
Write events
57
Delete events
1

Modification events

(PID) Process:(2044) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
34
Suspicious files
30
Text files
125
Unknown types
1

Dropped files

PID
Process
Filename
Type
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\Text file conversion Windows - UNIX.whstext
MD5:514123AC4DFEBBE07203CAAE3666D7F7
SHA256:69AD006980223C3B5200FBE2E72763B7B198A95B1BFAF7D62C969F4585319942
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\Text file conversion UNIX - Windows.whstext
MD5:F0EBF536A6FE6138CB8C1AE093A04156
SHA256:DF97E3931040E814981CE5DF601CD6C8E717C7DBBFD2DE852A9FC61ECDC48DF0
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\dialogs.datexecutable
MD5:66530A0EAD8BBA89384D677792AECE75
SHA256:9ABCABC68C8EAA69D56402F8EE01C7325BE28E6505DB154A1B18E49B86E6169D
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\Boot Sector FAT32.tpltext
MD5:5DAF7A7F40F7AC48892925B6BFE32D6C
SHA256:E74D02EFB3F333A52D40E2912E3AF917DE4F964113388BE8447ACF7943325E32
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\Boot Sector NTFS.tpltext
MD5:2E8332994401687EDB31B258B1BC18E6
SHA256:2F7220A3AF0D9D4DC724128B33CAA4984878F117AE63B276BB32C06CE52AC31D
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\Boot Sector FAT.tpltext
MD5:B62F0723A54D3F41160ABC8DF575B635
SHA256:4B16A526FAECEE899F97547A2FE05B7513DE6A6C4F807C9F6623C94EC4D2C5EC
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\WinHex.exeexecutable
MD5:E75641EA31731EA73BF695C46E54310A
SHA256:982A7E7F14A2EDCA63FC33F32A438606CD05A9C15DF112B6B058668C6803A1FA
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\timezone.datbinary
MD5:843AFFB88952E79D8C1E8A49D504A985
SHA256:1CFC1A7A614E4CBF35D335D93C9130C0BB4ED55DCA727B277A1537213A360E17
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\WINHEX.HLPhlp
MD5:C2F6B9A38A4B762A2E90D41988D0C9B8
SHA256:BBE96FDC1A7BF4C9C642C2C77431E02886D3BE73F249A7D060D451B6B9D96937
2044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2044.3108\WinHex-v13.2.SR-11\下载说明.htmhtml
MD5:0C1971727B047450AEAD02D37117C445
SHA256:09B45F792A0C100A6E1AEF2FBEED1DA96B53F3CB2B6EF4EF19C6809FF482BC5A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinHex-v13.2.SR-11.rar