File name:

[@exp_0day]RF_SCreater_3.3.3.rar

Full analysis: https://app.any.run/tasks/93607a1c-bdae-4835-926b-904cd675ff52
Verdict: No threats detected
Analysis date: September 26, 2019, 17:22:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

C1D6917F2E48DF2FC653793BC8839979

SHA1:

1A73E1C3D15E0D297A1CAEA1416C9E9F17D9264E

SHA256:

32974F1FDC7CFACCD7334C228A9F52C6FBDE2A59DF50066B68CB82BC675F3F6A

SSDEEP:

98304:b4sAdDItkVIR5y4fUejc+irT9ul3D4cVLiV:b4xCWqViHS3D4L

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • RF_SCreater.exe (PID: 1884)
      • RF_SCreater.exe (PID: 2760)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3212)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe rf_screater.exe no specs rf_screater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1884"C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.13452\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.13452\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3212.13452\_38z0snyjj_rf_screater_3.3.3\rf_screater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2760"C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\RF_SCreater.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3212.6574\_38z0snyjj_rf_screater_3.3.3\rf_screater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3212"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\[@exp_0day]RF_SCreater_3.3.3.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 010
Read events
931
Write events
76
Delete events
3

Modification events

(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3212) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\[@exp_0day]RF_SCreater_3.3.3.rar
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
1
(PID) Process:(3212) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
2
Suspicious files
18
Text files
380
Unknown types
2

Dropped files

PID
Process
Filename
Type
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-14.jpgimage
MD5:D649CF27CC5C2610C5BBF1D573700E48
SHA256:E11FBEE0E2F20CFA2326F1FA79527C3B6A10087B1BEB456DBCC55B7917D26EDA
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-19.jpgimage
MD5:1DD26F0D6D496637A58BE8CB8B7D4DAE
SHA256:6C5B6A5B4DFD1CC1F327F1E8693C77E58C806249926EEEC992B4F74F31EA8C14
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-16.jpgimage
MD5:9F557D6CEF2F5A629F0AE11C993A5AB1
SHA256:62240D0BC9644840BDD18C7561F24E3F61B28EA136D0ED613AF5F281E5FF1F43
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-27.jpgimage
MD5:516A1FFC186D23DCC2B5C1FD604AB7DA
SHA256:3AA484494E50F518AC3E73070FCE608FFF5B107D921C52FE50132C8C3FC482D1
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-26.jpgimage
MD5:F0F7DF5C9E870B20FB3FE446D8967621
SHA256:B04DB787526C447A55D84BB811CDE388A4E9D9DE78325E03BF1D85FB65144388
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-28.jpgimage
MD5:F2CA35195BD270510F1EDB0FFCA8451B
SHA256:7422169321EABF5422310C8527E6D917FC8701C1D513A4D9FADC0EC78068BBEE
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-15.jpgimage
MD5:F3D062B00623758849470A03EEBC9C7A
SHA256:6994556634B04FF871DE585830CBEADBFEDB2D1C8EE0879220A8EC3DDA2303C7
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-30.jpgimage
MD5:53500273BB94ABAEB804E02A782A7D7E
SHA256:26FBD5A5E5159A769C14B21C9F4A8022707F68114EC79DD231B126D731BC6491
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-32.jpgimage
MD5:14E32C81787D5EF67F5C8DC1018D8223
SHA256:9370CDD01D50495A0CE095FC021EED8A57CF7C586A1686DAE89D47B973849A39
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.6574\_38Z0SNYJJ_RF_SCreater_3.3.3\Admin\17032009-18.jpgimage
MD5:B18928892BED3B38535A6FD310B3F009
SHA256:9DBEDD46033C3B9D96E0184BEB4D868CB8A156149618D91BBC76239161F99E64
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
[@exp_0day]RF_SCreater_3.3.3.rar