File name: | Exe2Aut v0.11.rar |
Full analysis: | https://app.any.run/tasks/0575611b-2b69-4a5f-8c0c-db8974ec66e4 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 16:44:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 48EE8905C196A20DE313C656580589D6 |
SHA1: | 2B466FBA87876E3A71A843151DBFFA0D0558746D |
SHA256: | 32C6C7A3E93FAEB74AD56230EA7A037BDBC2FE11E231D8078BFE5039EA18B4E2 |
SSDEEP: | 24576:yw9z7xcTLRSfgr/EJ90TI7Mvwnvg7d6BX41t5ppMnL3GGPPga1D3m/6BPOAPO2YI:b9z7xcPRetJ99gwv+1tM2GPPfS/l0BN7 |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | Exe2Aut v0.11\Exe2Aut.exe |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2016:04:24 18:44:03 |
OperatingSystem: | Win32 |
UncompressedSize: | 50176 |
CompressedSize: | 42406 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2792 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Exe2Aut v0.11.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3444 | "C:\Users\admin\Desktop\Exe2Aut v0.11\Exe2Aut.exe" | C:\Users\admin\Desktop\Exe2Aut v0.11\Exe2Aut.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM | ||||
3608 | "C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe" | C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe | — | Exe2Aut.exe |
User: admin Company: TranNghiaIT Integrity Level: MEDIUM Description: TranNghiaIT Exit code: 3221226540 Version: 3.3.14.5 | ||||
2320 | "C:\Users\admin\Desktop\Exe2Aut v0.11\New AutoIt v3 Script.exe" | C:\Users\admin\Desktop\Exe2Aut v0.11\New AutoIt v3 Script.exe | — | Exe2Aut.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2848 | "C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe" | C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe | — | Exe2Aut.exe |
User: admin Company: TranNghiaIT Integrity Level: MEDIUM Description: TranNghiaIT Exit code: 3221226540 Version: 3.3.14.5 | ||||
2128 | "C:\Users\admin\Desktop\Exe2Aut v0.11\Exe2Aut.exe" | C:\Users\admin\Desktop\Exe2Aut v0.11\Exe2Aut.exe | — | Exe2Aut.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3020 | "C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe" | C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe | — | Exe2Aut.exe |
User: admin Company: TranNghiaIT Integrity Level: MEDIUM Description: TranNghiaIT Exit code: 3221226540 Version: 3.3.14.5 |
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Exe2Aut v0.11.rar | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2792) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop |
PID | Process | Filename | Type | |
---|---|---|---|---|
3444 | Exe2Aut.exe | C:\Users\admin\AppData\Local\Temp\18C1.tmp | — | |
MD5:— | SHA256:— | |||
3444 | Exe2Aut.exe | C:\Users\admin\Desktop\Exe2Aut v0.11\New AutoIt v3 Script_.au3 | text | |
MD5:E26140686492380B9FEABC4513D73B96 | SHA256:16D01A59C3291320B209BBDAAEE9C7C0BAA4399F9BCC64555C8B4F133CF59CC9 | |||
3444 | Exe2Aut.exe | C:\Users\admin\AppData\Local\Temp\C36C.tmp | executable | |
MD5:96615B040FA3AA64BBDB039DBD86AB8D | SHA256:C262D252637DC617F5CF939DBFEA44B64A5ACCA1D7406BA300178AF37CC63523 | |||
2792 | WinRAR.exe | C:\Users\admin\Desktop\Exe2Aut v0.11\ReadMe.txt | text | |
MD5:0F637BDDFB7D9C81C4F5F7917BDF7701 | SHA256:AC16C55A11F6C070AA3891071F37545AC0B07F71C963166DCEB3DF1D7EBF65E1 | |||
2320 | New AutoIt v3 Script.exe | C:\Users\admin\Desktop\Exe2Aut v0.11\New AutoIt v3 Script_.au3 | binary | |
MD5:3CD0FD321EAB8EE196936FD8ACAE3A46 | SHA256:046DF5BE6B6E8E388F82B90F8ADA3316AD25AD1B8CD78496FBD958B1A3D55203 | |||
2792 | WinRAR.exe | C:\Users\admin\Desktop\Exe2Aut v0.11\Exe2Aut.exe | executable | |
MD5:26A4A6170418B7B1C4A069F18DF7D384 | SHA256:1B7794DC1D8373355781ADB401D8139C0F1634BDC59338A5AC15C88FDE9C2EAA | |||
2792 | WinRAR.exe | C:\Users\admin\Desktop\Exe2Aut v0.11\New AutoIt v3 Script.exe | executable | |
MD5:EFC5E95ECDB21660B9FF183B457FB09B | SHA256:4B336FF68FCA637038B7EB58774C1605DCABFACCEC3D88A40818790ECB1D649E | |||
2792 | WinRAR.exe | C:\Users\admin\Desktop\Exe2Aut v0.11\GcafeX.exe | executable | |
MD5:6F7BFD401E956B690358BF409D56E2EA | SHA256:5E774B2FDEB2BA071983BB53E71DDAB3845FA7561813D3A7E87B64C30BB9D27B |