File name:

[@exp_0day]RF_SCreater_3.3.3.rar

Full analysis: https://app.any.run/tasks/93607a1c-bdae-4835-926b-904cd675ff52
Verdict: No threats detected
Analysis date: September 26, 2019, 17:22:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

C1D6917F2E48DF2FC653793BC8839979

SHA1:

1A73E1C3D15E0D297A1CAEA1416C9E9F17D9264E

SHA256:

32974F1FDC7CFACCD7334C228A9F52C6FBDE2A59DF50066B68CB82BC675F3F6A

SSDEEP:

98304:b4sAdDItkVIR5y4fUejc+irT9ul3D4cVLiV:b4xCWqViHS3D4L

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • RF_SCreater.exe (PID: 1884)
      • RF_SCreater.exe (PID: 2760)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3212)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe rf_screater.exe no specs rf_screater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1884"C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.13452\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.13452\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3212.13452\_38z0snyjj_rf_screater_3.3.3\rf_screater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2760"C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3212.6574\_38z0snyjj_rf_screater_3.3.3\rf_screater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3212"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\[@exp_0day]RF_SCreater_3.3.3.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 010
Read events
931
Write events
76
Delete events
3

Modification events

(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3212) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\[@exp_0day]RF_SCreater_3.3.3.rar
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
1
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
2
Suspicious files
18
Text files
380
Unknown types
2

Dropped files

PID
Process
Filename
Type
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-21.jpgimage
MD5:A2B69AC673BA46FEEDD54DE4A6CCEB12
SHA256:7177EA49EF553CEC5AEF4F2859388020A2B76EE37D5808207EF63428E5EB057F
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-19.jpgimage
MD5:1DD26F0D6D496637A58BE8CB8B7D4DAE
SHA256:6C5B6A5B4DFD1CC1F327F1E8693C77E58C806249926EEEC992B4F74F31EA8C14
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-14.jpgimage
MD5:D649CF27CC5C2610C5BBF1D573700E48
SHA256:E11FBEE0E2F20CFA2326F1FA79527C3B6A10087B1BEB456DBCC55B7917D26EDA
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-20.jpgimage
MD5:7703EB18B535904CD18F52AA16955B73
SHA256:F07187A7A4321BFE480C64E4647D05A9C1B5ADA5BA9A7D98FDF951AA1FB17ED2
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-18.jpgimage
MD5:B18928892BED3B38535A6FD310B3F009
SHA256:9DBEDD46033C3B9D96E0184BEB4D868CB8A156149618D91BBC76239161F99E64
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-16.jpgimage
MD5:9F557D6CEF2F5A629F0AE11C993A5AB1
SHA256:62240D0BC9644840BDD18C7561F24E3F61B28EA136D0ED613AF5F281E5FF1F43
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-23.jpgimage
MD5:CFD8642B921F1F996CC21FA0BB77B1B4
SHA256:927C4527235379B5E7BCA0A4CA6382C0511C2AABD6BD3D64653E6E08C0733C9E
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-17.jpgimage
MD5:A3F8A816C3C822C8A3E875CB5515BE49
SHA256:D36186833EAC75635F2D2C6EC039BB223D8E7F721D19B3E103D7FC34305C39AB
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-22.jpgimage
MD5:E390C026814190A4ED69775625CA2737
SHA256:B56BF7D97E23C2C8E2206F97A68C334E6D7106C009F7C24AC470CE7CBA244AD4
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-26.jpgimage
MD5:F0F7DF5C9E870B20FB3FE446D8967621
SHA256:B04DB787526C447A55D84BB811CDE388A4E9D9DE78325E03BF1D85FB65144388
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
[@exp_0day]RF_SCreater_3.3.3.rar