File name:

Revenge-RAT v.0.3 Mod By NYAN CAT.rar

Full analysis: https://app.any.run/tasks/62e023f9-622d-4aee-9c84-38d1a90ed910
Verdict: Malicious activity
Analysis date: April 17, 2020, 14:56:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

8FC2F28088F2145F29AC70DC2658B34D

SHA1:

B24A6810C3AE97CCD56877E5226C06E3ED80E277

SHA256:

457E6E59293E7BB40D4BE31650E224B52FF71165D3CE8FCAA7360AAB881D0140

SSDEEP:

393216:scbu8oOu6g1p4TvH9kJpbsXmNqtRcj7aJKG+JT2:hS7xmT/SbemYXm73G+2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Revenge-RAT v0.3.exe (PID: 3680)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 4088)

    • Actions looks like stealing of personal data

      • SearchProtocolHost.exe (PID: 4088)
      • WinRAR.exe (PID: 1544)

  • SUSPICIOUS

    • Reads internet explorer settings

      • Revenge-RAT v0.3.exe (PID: 3680)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1544)

  • INFO

    • Manual execution by user

      • Revenge-RAT v0.3.exe (PID: 3680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe revenge-rat v0.3.exe no specs searchprotocolhost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1544"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Revenge-RAT v.0.3 Mod By NYAN CAT.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3680"C:\Users\admin\Desktop\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe" C:\Users\admin\Desktop\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exeexplorer.exe
User:
admin
Company:
Revenge-RAT v0.3
Integrity Level:
MEDIUM
Description:
Revenge-RAT v0.3
Exit code:
0
Version:
0.0.0.3
Modules
Images
c:\users\admin\desktop\revenge-rat v3 - nyanxcat\revenge-rat v0.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
4088"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exe
SearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
810
Read events
785
Write events
25
Delete events
0

Modification events

(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1544) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Revenge-RAT v.0.3 Mod By NYAN CAT.rar
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
19
Suspicious files
16
Text files
71
Unknown types
2

Dropped files

PID
Process
Filename
Type
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Builder.exeexecutable
MD5:
SHA256:
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\AForge.Video.DirectShow.dllexecutable
MD5:2343899EA6B3DFF06A6DB2F0FBD86406
SHA256:643A7F9754D90D475DB3F84AF7B254A64DD555CED0F039AAA4F08B5B27AB4FDB
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Autoit.au3text
MD5:76592CDB5646CE753B0A032A219CEA41
SHA256:3B0A9192AE1945357E3E2A05E20C75663BB1788554F50BD5EE7E8B93C5AD1F66
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\AHK\Unicode 32-bit.binexecutable
MD5:B86564D0EB29A5FAAB9E8DAACF269DF4
SHA256:2514235C34D17FDB4A8448BD088D89F631F5D70F12F5F7D5EE552144A345ED2D
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v10_256x256_RGB-A.icoimage
MD5:83918F1A255213FD4448EF834EB3F1E4
SHA256:B0C2A21CCCB64C4FC11F9BB9DC7F884EED700FE4158C4C36A314258C4F7F6C1A
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v9_48x48_256.icoimage
MD5:A87C314DD8B1FDE98FCA6E504F5FF8A0
SHA256:C43AD7216D3F7553AE87A03F23D3BE0D6F9C5212E5DCE3D38B8E8A433A549DCA
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\AForge.Video.dllexecutable
MD5:A614D58E17BA34826B59C4942C32F078
SHA256:311724FF73B331CD6DE0649B01923F7E43D168AA5B1E7F031B2B175148062757
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Aut2exe_x64.exeexecutable
MD5:CECB773C5B0E15B8D1C02840FD118F38
SHA256:7261BD93161CFE191E354152D489C3721E41D84A87D6C1AF7EAA4DC0C75AB3FF
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v9_48x48_RGB-A.icoimage
MD5:9019034BC36952EF2539648B95635546
SHA256:1AF7F2ED9420F5F524AFA5DC2E077F9657D6E13EE153036AA6F71216170C4D6C
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Old1.icoimage
MD5:30270204AF026B5874476EC41ABE3ACD
SHA256:29D40D3CB78D5FA6FAFEABDDB01296D5FEAF8E7864210F5581F1BAD50C613B32
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Revenge-RAT v.0.3 Mod By NYAN CAT.rar