File name:

v1_sdk.rar

Full analysis: https://app.any.run/tasks/74c5ea7e-2448-4736-aac3-31d5ac9c3896
Verdict: No threats detected
Analysis date: December 28, 2019, 15:31:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

4346563FF63CD3BAC2294EE1C7D287E9

SHA1:

1951C4C6455EB270327C5BC1F1717081C1DC68C6

SHA256:

291C02EBCDF6C22DCB80B533460F1681129487E34DBAE03714137DF454BF842C

SSDEEP:

49152:nw7vEHI5WTEdVgwPiJSAvK3qhaDs5S9bOckDXNhew3a:w7vEKW4dVXPiJFK3zs5S9acxwq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by user

      • rundll32.exe (PID: 3400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 806
UncompressedSize: 2207
OperatingSystem: Win32
ModifyDate: 2018:11:25 08:52:20
PackingMethod: Normal
ArchivedFileName: hydra_beta\AI-Resolver.h
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2528"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\v1_sdk.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3400"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\hydra_beta\AI-Resolver.hC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
438
Read events
419
Write events
19
Delete events
0

Modification events

(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2528) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\v1_sdk.rar
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(2528) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
0
Suspicious files
0
Text files
311
Unknown types
8

Dropped files

PID
Process
Filename
Type
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\Backtrackassistant.htext
MD5:90A9D2B1E981AC9D563C4399A5EF4A75
SHA256:92CF69D3B399CC85EEB40B11CEFED19403B0B675C53A36C8A8836A47EA345C41
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\cheats\aimbot\aimbot.cpptext
MD5:EC1300A03ACC2CFDC15FA6396B63D8C0
SHA256:38F5858F5C9D8B162136CE3D4E4E35A08D1939855FB0804FF9ADB7FA7480945B
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\AI-Resolver.htext
MD5:96198D30A2469A4EE89D827C835E177B
SHA256:476DA8AD2F3E18E5F6716E8BB18C8885D155C981B151C7060B1C0947E9E2CC13
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\AutisticImageL0ader.htext
MD5:B356F716A5E6DA0270180BD16F90143B
SHA256:84A5429E9C27536DD6B506F3C42950F6B2CFCB85A890E2EF12EC19EAFA3DE8EB
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\Backtracking.htext
MD5:D475AC7624BE43063A124CC9740BC190
SHA256:04E719D5679659A33190C65EBE706E4DD2A20734AD05672DF4E8ED7DFD4DDC11
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\cheats\fakewalk\fakewalk.cpptext
MD5:3B688577400DA72034516FC3F7B70D23
SHA256:658E6FFD035DB56E9A3DE57136D3167D8EC9087CF8CA5CB45C6096EAEF5B99A2
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\autodefuser.exe.htext
MD5:4AD53E418AF144C6E6070193276834B6
SHA256:B0424BB1C7518EF0961D295DD0B81253B00F4C7284AE817A09D68BE891C65D9C
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\bektrek.cpptext
MD5:B71D50B5797F9B95D4A3A44E8981DBD6
SHA256:379C7B24BFBBA7E0A935D8B1C6C9ECA663B0A41CED72FA856AA6B1A79563F504
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\cheats\aimbot\aimbot.htext
MD5:DE587DE510BDB564D130019F0749B00D
SHA256:68D21D1B384B894BE9915B864E077AE366E44E4C05243D32FDC2CAF26F479393
2528WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2528.14364\hydra_beta\cheats\fakewalk\fakewalk.htext
MD5:1EFFAAE2291629E11D2446A8FECF0AA4
SHA256:03B76628738AB793EB970E1CB70AB907C01DF75ABC173D24864983E81BBFB8D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
v1_sdk.rar