File name: | Combo Tools.rar |
Full analysis: | https://app.any.run/tasks/059743fa-8c00-4589-b1af-36cc532edaa4 |
Verdict: | Malicious activity |
Analysis date: | August 17, 2019, 17:08:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 1C0B60B59951FD4C685C1FCFB84A6DD5 |
SHA1: | 904CDC918D0843F97519FD7D82716E2C2729BFC7 |
SHA256: | 15D7C54066815C7CA7FCB767F7817F8B26409A5A71FEE064D7145ADDA555F3F8 |
SSDEEP: | 196608:5VOcW5Gn3JVKiM5c82n/7pBixvIUBs724:5VOdGnZVKiM58jpYxvvi724 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3184 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Combo Tools.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
848 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3204 | "C:\Users\admin\Desktop\Combo Tools\Split Combos\fSplit.exe" | C:\Users\admin\Desktop\Combo Tools\Split Combos\fSplit.exe | — | explorer.exe |
User: admin Company: dubasdey Integrity Level: MEDIUM Description: FileSplitter Exit code: 0 Version: 1.4.1.26382 | ||||
3456 | "C:\Users\admin\Desktop\Combo Tools\SLAYER Leecher v0.5\SLAYER Leecher v0.5 By X-SLAYER.exe" | C:\Users\admin\Desktop\Combo Tools\SLAYER Leecher v0.5\SLAYER Leecher v0.5 By X-SLAYER.exe | explorer.exe | |
User: admin Company: Iheb Briki Integrity Level: MEDIUM Description: SLAYER Leecher Exit code: 0 Version: 0.4.1 | ||||
2760 | "C:\Users\admin\Desktop\Combo Tools\dupe_remover\Elite Dups Remover 1.5.exe" | C:\Users\admin\Desktop\Combo Tools\dupe_remover\Elite Dups Remover 1.5.exe | — | explorer.exe |
User: admin Company: VEX Integrity Level: MEDIUM Description: ELITE DUPLICATES REMOVER Exit code: 0 Version: 1.5.0.0 |
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Combo Tools.rar | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3184) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (848) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (848) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | @C:\Windows\system32\notepad.exe,-469 |
Value: Text Document |
PID | Process | Filename | Type | |
---|---|---|---|---|
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\SLAYER Leecher v0.5\FX.wav | — | |
MD5:— | SHA256:— | |||
3204 | fSplit.exe | C:\Users\admin\AppData\Local\dubasdey\fSplit.exe_Url_3vhpqnzq3tkumff2tuivb0ykqffxunly\1.4.1.26382\lhf87m5v.newcfg | — | |
MD5:— | SHA256:— | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\dupe_remover\Elite Dups Remover 1.5.exe | executable | |
MD5:CA54EDD5DD7018FF735FE375AF91F43D | SHA256:F6F1C6D88FC68857E8B990A6FA936DB84A8B2B4397AB5552515058CD3F825EC2 | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\Split Combos\en-GB\fSplit.resources.dll | executable | |
MD5:D43279178640FDB02128251B7C6CDC11 | SHA256:2ADE5F663FB07AF2B74CBAFE89D631FEAE94F9DCF0532395A988EC6AE25BFC34 | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\Split Combos\README.md | html | |
MD5:8B07EE106F7A4B3F29AA1C7740661149 | SHA256:17F50F159DD7F9EADDC1549FE4803820EFE42822D2D6A7B17012CC0E7209E957 | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\Split Combos\es\fSplit.resources.dll | executable | |
MD5:1266FC3A2E02C3B4B4B06DF331F241AB | SHA256:5036250504C8AE019076246F289A2A2966FF535F388A6C7218A3FE1E6FC78865 | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\SLAYER Leecher v0.5\Keywords & Regex\Keywords by AnimuCracku.txt | text | |
MD5:E606F373730F9A973F67CD4AD89962EA | SHA256:37EF071DB392D93D9A47F6BE5BFAC5D8AF2F0C6E59C40820CD3DE113D054C8B8 | |||
3204 | fSplit.exe | C:\Users\admin\AppData\Local\dubasdey\fSplit.exe_Url_3vhpqnzq3tkumff2tuivb0ykqffxunly\1.4.1.26382\user.config | xml | |
MD5:6912797061B288A491E72F9C48B1F4F7 | SHA256:AD59D3D97F73B6068EA57A936AF59A77D2870549F5FC39C46C5443352CDB1F55 | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\Split Combos\changelog.txt | text | |
MD5:90D81CC3771F4429186A84C2DD6F97A6 | SHA256:614C9F72C43D56EFFDFD2D54A4B837A7C0F2A72375852B05934D75E707E07C15 | |||
3184 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3184.26900\Combo Tools\Split Combos\merge_combos_cmd.txt | text | |
MD5:522CA5D8511B62F60A0595631995545E | SHA256:0FA68C7D1B42E48FFB9DE155849196C69C035EB5C50C322B7DE939252B702CA1 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3456 | SLAYER Leecher v0.5 By X-SLAYER.exe | 104.20.208.21:443 | pastebin.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |