File name: | 2.zip |
Full analysis: | https://app.any.run/tasks/26d771c2-7422-49d0-a784-a513ed6151ef |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 20:43:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 5F4886DF5CC9F0FADF6DE4AC85C47099 |
SHA1: | 567AFBD90075E43041F0E43FACF4DAE81D185F17 |
SHA256: | 1BAA173F577E8C3BF49A7BAE9157AA60074D5D29ED1F9C8707E0D3D4337B0996 |
SSDEEP: | 98304:83nbjjBJfoJ8lO0q+dEtypiy0YRdI16DPrDVQDVU4B:6nbjjBxo+U0fdMypiqdIYcfB |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | L-Check Reborn 1.0.0.1/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2019:03:15 08:56:24 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3068 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
856 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2576 | "C:\Users\admin\Desktop\L-Check Reborn 1.0.0.1\L-Check Reborn.exe" | C:\Users\admin\Desktop\L-Check Reborn 1.0.0.1\L-Check Reborn.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: L-Check Reborn Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\Newtonsoft.Jsons.dll | — | |
MD5:— | SHA256:— | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\xNet.dll | — | |
MD5:— | SHA256:— | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\Appfuscated\project.map.xml | xml | |
MD5:CCCFDCEA1E74BF38F536917097217BF1 | SHA256:29D8CAEA7F41AB7BD86A9CBFEA156C907A41AA3F930AAF0AA94ED4C4E4071471 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\L-Check Reborn.exe | executable | |
MD5:9134AB876411A69767D07C50BDE599EC | SHA256:6B0F0536E9D444846D969DCD83553E017CB69474BAB388453D2C12C50773076F | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\key.txt | text | |
MD5:7EAC9D6474E5D21CF73956C93F37CE66 | SHA256:DCC395461E8EFB1FAE3B24CAC25C29F95162404C080C876E39384835057C8F86 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\Appfuscated\Newtonsoft.Json.dll | executable | |
MD5:C9A64B6F8ADA66C9C1BCF8F00756BE85 | SHA256:FEEC2693520CCAC7361C04659E20060B04EAEF4E14822EE0E6E8C886EB6D8078 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\MetroFramework.dll | executable | |
MD5:4FB9F436B0D1B89EF6B668B025B6FDB5 | SHA256:2B491FF714E369674A8A68A13A166AA5DCB97211CD25DC9EB8F62ADC081018A8 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\Newtonsoft.Json.dll | executable | |
MD5:43D5FD88135332E0D1BED1A8B69F6531 | SHA256:6A9E79545EB43B1B4B8EE3D01CB76944E08A638E31BB43695376C26003219843 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\Appfuscated\MetroFramework.dll | executable | |
MD5:EF08032CA4B4BBEAC76F418630BA9708 | SHA256:E53BEA309139A056B60301104027FB4FD2E5C60D2D3BB831EBD8DFA5E5A24BF3 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.33654\L-Check Reborn 1.0.0.1\MetroFrameworks.dll | executable | |
MD5:DB12322F1797779EB661D7D8E197D559 | SHA256:593279D1FC03A668A3F16F1E97BF6AA875D34F3AB1B9E7921F61D980D9DF6036 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2576 | L-Check Reborn.exe | 104.24.1.112:443 | cracked.to | Cloudflare Inc | US | shared |
— | — | 104.24.1.112:443 | cracked.to | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
cracked.to |
| whitelisted |
Process | Message |
---|---|
L-Check Reborn.exe |
%s------------------------------------------------
--- Themida Professional ---
--- (c)2012 Oreans Technologies ---
------------------------------------------------
|