File name: | 1.rar |
Full analysis: | https://app.any.run/tasks/9e9461f9-9302-42ae-a86d-0eb35834d24f |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 07:03:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | B0F4411635565131BD0E77F0EB0383F1 |
SHA1: | B7B4C7C7C8D28978AD90C5DFF3A2725ADB059622 |
SHA256: | 48821B749239F46D64CE386C026F248F00C979ED0DBD3BC92BDE713C6354C9D0 |
SSDEEP: | 98304:0TuGTN4Sj59f+BZmbH21GntctlSR08jIR9RnEW2fP:kN/92rmbH216Ol4fjiPGP |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | Spytech SpyAgent Stealth 6.2\Crack\sysdiag.exe |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2007:12:08 20:57:08 |
OperatingSystem: | Win32 |
UncompressedSize: | 1426944 |
CompressedSize: | 1336695 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3088 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3496 | "C:\Users\admin\Desktop\Spytech SpyAgent Stealth 6.2\SpyAgentSetup.exe" | C:\Users\admin\Desktop\Spytech SpyAgent Stealth 6.2\SpyAgentSetup.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2156 | "C:\PROGRA~1\SPYTEC~1\SPYTEC~1\driver-setup.exe" -s | C:\PROGRA~1\SPYTEC~1\SPYTEC~1\driver-setup.exe | SpyAgentSetup.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2200 | "C:\Program Files\WinConfig\npf_mgm.exe" -r | C:\Program Files\WinConfig\npf_mgm.exe | — | driver-setup.exe |
User: admin Company: CACE Technologies Integrity Level: HIGH Description: npf_mgm Exit code: 0 Version: 3, 1, 0, 27 | ||||
3664 | "C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe" | C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe | — | SpyAgentSetup.exe |
User: admin Integrity Level: HIGH | ||||
284 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2276 | C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3432 | "C:\Users\admin\Desktop\Spytech SpyAgent Stealth 6.2\Crack\sysdiag.exe" | C:\Users\admin\Desktop\Spytech SpyAgent Stealth 6.2\Crack\sysdiag.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3088.26283\Spytech SpyAgent Stealth 6.2\Crack\sysdiag.exe | — | |
MD5:— | SHA256:— | |||
3088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3088.26283\Spytech SpyAgent Stealth 6.2\SpyAgentSetup.exe | — | |
MD5:— | SHA256:— | |||
3088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3088.26283\Spytech SpyAgent Stealth 6.2\te.nfo | — | |
MD5:— | SHA256:— | |||
284 | explorer.exe | C:\Users\admin\Desktop\Spytech SpyAgent Stealth 6.2 | — | |
MD5:— | SHA256:— | |||
3496 | SpyAgentSetup.exe | C:\Users\admin\AppData\Local\Temp\~vis0000\miscdata.xyz | — | |
MD5:— | SHA256:— | |||
3496 | SpyAgentSetup.exe | C:\Users\admin\AppData\Local\Temp\~vis0000\uninstal.log | text | |
MD5:BEC6A3D8CC0E3F9825915F4E97261274 | SHA256:66F228656E7A0D390D0C3457B0989823F6DFF09B75F3FE4F8FFB187F17BAF6B7 | |||
3496 | SpyAgentSetup.exe | C:\Users\admin\AppData\Local\Temp\~vis0000\mainsplash.bmp | image | |
MD5:BA3248BBFAC9DAEFEDF96E8DDD358FCF | SHA256:5F2EFE11E1C17D8280A181A68825497A4BDC3A94F8BAE3A2C81A3A3980E24699 | |||
3496 | SpyAgentSetup.exe | C:\Users\admin\AppData\Local\Temp\~vis0000\sidesplash.bmp | image | |
MD5:47EAA203BC42B602AE63E4F5BB409C48 | SHA256:0DFE6DDF16C673D298BA0D7E40F6F0FF308EF71165F51DB24AF953B9C93CD4CB | |||
3496 | SpyAgentSetup.exe | C:\Users\admin\AppData\Local\Temp\~vis0000\vise32ex.dll | executable | |
MD5:1D527A223FDED6CCA097884C30ED8B2B | SHA256:5032E0D6808786354022B24941DB42D5896E1B749DD4A2DDD299414C2477E975 | |||
3496 | SpyAgentSetup.exe | C:\Users\admin\AppData\Local\Temp\~vis0000\uninst32.exe | executable | |
MD5:2DF12458AE83E3F19723CF48866B21D4 | SHA256:7E306136271DE860A01C1AE2454CB31209A529769577A5625386343A0B2C32FF |