File name:

Desktop Goose v0.21.zip

Full analysis: https://app.any.run/tasks/91595b0f-eee3-4e42-9b0b-d3cd7f7558cb
Verdict: Malicious activity
Analysis date: February 05, 2020, 16:12:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

4F90D1E5D6002FFC96D3D480403BCCBD

SHA1:

9FC5AFD63B3E2CBCEC48DEC900735AD482D86CD6

SHA256:

1436131CB9AE787D349AC41312AA8F23BC65693331932E1C94B385E261FFD6F2

SSDEEP:

98304:72sfpAKXcLqe3S1s+2FpwDhbJ/XKGEzJKiMRW:bcLqEDP6D5J/tE1K3RW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • GooseDesktop.exe (PID: 1412)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2548)

  • INFO

    • Manual execution by user

      • GooseDesktop.exe (PID: 1412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:02:05 17:47:21
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Desktop Goose v0.21/Assets/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe goosedesktop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1412"C:\Users\admin\Desktop\Desktop Goose v0.21\GooseDesktop.exe" C:\Users\admin\Desktop\Desktop Goose v0.21\GooseDesktop.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
GooseDesktop
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\desktop goose v0.21\goosedesktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2548"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Desktop Goose v0.21.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
551
Read events
530
Write events
21
Delete events
0

Modification events

(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2548) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Desktop Goose v0.21.zip
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(2548) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
1
Suspicious files
0
Text files
14
Unknown types
7

Dropped files

PID
Process
Filename
Type
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme2.pngimage
MD5:4F21B82BAC2893AFEC41A77EB024E3BB
SHA256:77AA8C017272C774BB0BB59D21A409DF09635676443919C7E5523ABE3908AE88
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme1.pngimage
MD5:EC6A7941AA0D1C3CD0A7B724324FBB96
SHA256:FE5EE195C07EBFC789F15CE771CC0F003AE43C0D5115C193D0F876DE00C18DBE
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme6.pngimage
MD5:E46D6D7154CEBF37D064C537F5D01F36
SHA256:A078C89DE64C606313E251122A4D6025FF3F76CD941F1FB2195938E6173CF9F1
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme5.pngimage
MD5:01F620EDA22AE06FBCC60500374FDD88
SHA256:F8A5D603018A04375B7B19FE72034F904E6A91237B68E196BD2B626519D6EF03
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme3.pngimage
MD5:CEF6B9818BC01655614FB969CFFC155F
SHA256:37BC0E217C6D6BF3EAF31072C02F010E785F4935ABE9849FBEE96D586D0904A7
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme4.pngimage
MD5:AF4BEF7B9F4F37AC62E782B5B59D02AA
SHA256:9FCC9A9ADCD231656E848B9B42BAB449EA5A083CBF3A7A987C2E52963D9CF6D0
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Images\Memes\Meme7.pngimage
MD5:245F29E1E0905C497306C8F06F503244
SHA256:9E3B5C5158686F49BC91D41D1215E8DF9322A092B7C9015E8F9228CFBE4C61E3
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Sound\NotEmbedded\MudSquith.mp3mp3
MD5:B2354D238829D09C54E272D8B4F60189
SHA256:D5281BA99731FE3C443B6B2D18960A49E74B5B407956D3E1A3CDE360F86573BA
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Sound\NotEmbedded\Honk3.mp3mp3
MD5:BCD1908CE864CB01A222B5CC791D7758
SHA256:E4B86C31838511199DAC9EB6E0507736EE461B0EDAA4BF9351142C534F2C2E8E
2548WinRAR.exeC:\Users\admin\Desktop\Desktop Goose v0.21\Assets\Sound\NotEmbedded\Honk2.mp3mp3
MD5:3B86BF25CD702A3A071590F088FABF64
SHA256:7C8864E0B63969E2469C2D80CD855648044CD15FD89DBABD275954EFB7EF6879
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Desktop Goose v0.21.zip