File name:

Revenge-RAT v.0.3 Mod By NYAN CAT.rar

Full analysis: https://app.any.run/tasks/62e023f9-622d-4aee-9c84-38d1a90ed910
Verdict: Malicious activity
Analysis date: April 17, 2020, 14:56:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

8FC2F28088F2145F29AC70DC2658B34D

SHA1:

B24A6810C3AE97CCD56877E5226C06E3ED80E277

SHA256:

457E6E59293E7BB40D4BE31650E224B52FF71165D3CE8FCAA7360AAB881D0140

SSDEEP:

393216:scbu8oOu6g1p4TvH9kJpbsXmNqtRcj7aJKG+JT2:hS7xmT/SbemYXm73G+2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 1544)
      • SearchProtocolHost.exe (PID: 4088)

    • Application was dropped or rewritten from another process

      • Revenge-RAT v0.3.exe (PID: 3680)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 4088)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1544)

    • Reads internet explorer settings

      • Revenge-RAT v0.3.exe (PID: 3680)

  • INFO

    • Manual execution by user

      • Revenge-RAT v0.3.exe (PID: 3680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe revenge-rat v0.3.exe no specs searchprotocolhost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1544"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Revenge-RAT v.0.3 Mod By NYAN CAT.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3680"C:\Users\admin\Desktop\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe" C:\Users\admin\Desktop\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exeexplorer.exe
User:
admin
Company:
Revenge-RAT v0.3
Integrity Level:
MEDIUM
Description:
Revenge-RAT v0.3
Exit code:
0
Version:
0.0.0.3
Modules
Images
c:\users\admin\desktop\revenge-rat v3 - nyanxcat\revenge-rat v0.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
4088"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exe
SearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
810
Read events
785
Write events
25
Delete events
0

Modification events

(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1544) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Revenge-RAT v.0.3 Mod By NYAN CAT.rar
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
19
Suspicious files
16
Text files
71
Unknown types
2

Dropped files

PID
Process
Filename
Type
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\AHK\Ahk2Exe.exeexecutable
MD5:D717D5943BDCA2758360E4FA3B008A49
SHA256:E2A00647B5FA56B077D3D07B1C05E3B76B7269E07FC3EA84750EB03AD71024DE
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\AHK\AHK.ahktext
MD5:A908B151CC37C66AEAFF20D43BA0CAE0
SHA256:B032B99C88289C02388BD1DB21A3CFC34AC9AB36BC48BE5D6570AC6497F70E56
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\AHK\Unicode 32-bit.binexecutable
MD5:B86564D0EB29A5FAAB9E8DAACF269DF4
SHA256:2514235C34D17FDB4A8448BD088D89F631F5D70F12F5F7D5EE552144A345ED2D
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\AHK\AutoHotkeySC.binexecutable
MD5:B86564D0EB29A5FAAB9E8DAACF269DF4
SHA256:2514235C34D17FDB4A8448BD088D89F631F5D70F12F5F7D5EE552144A345ED2D
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Admin.resres
MD5:9E434A1B7CAD1906E90769032E707B8F
SHA256:6BDDC039731D8FEE3F86CA1845507A6707E21954383E73483F1DC6B62854110B
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Aut2exe.exeexecutable
MD5:D28806A3244AF288A2E569E36DF136C4
SHA256:89AFE97DD27C3CADB96481DD38A1352BF6B98FA0206DD2D856728A47DC06F3BA
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v10_48x48_256.icoimage
MD5:88624B8E01AC8036B6F1971B497DBB7E
SHA256:BADC42DA4C0E29AF7F6C0C58711D9DB7B3D7D4760C18CB521F4113D8CDBC2F3D
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Autoit.au3text
MD5:76592CDB5646CE753B0A032A219CEA41
SHA256:3B0A9192AE1945357E3E2A05E20C75663BB1788554F50BD5EE7E8B93C5AD1F66
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v10_256x256_RGB-A.icoimage
MD5:83918F1A255213FD4448EF834EB3F1E4
SHA256:B0C2A21CCCB64C4FC11F9BB9DC7F884EED700FE4158C4C36A314258C4F7F6C1A
1544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1544.28009\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v10_48x48_RGB-A.icoimage
MD5:464CAD850DAD4B07257808D584B0D0D1
SHA256:F3E3458FDA4B7A6AE1847BCD83F73CBC399AB612EAD7CC7BC89801055E267ED6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Revenge-RAT v.0.3 Mod By NYAN CAT.rar