File name:

NETFLIX Checker Account By X-KILLER.rar

Full analysis: https://app.any.run/tasks/cd0283a4-5b11-4ef2-a3fe-200ad7775f63
Verdict: Malicious activity
Analysis date: February 15, 2020, 18:47:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

4D041DD2B26141A48F6351FE87BD305C

SHA1:

1AFC3B1E367926E23D9FF773CAF4AF6B74CEA20F

SHA256:

4EEDFE589CE8C62DC41C358A6C85D331C623F4964E4B8313196E938C043F8B38

SSDEEP:

12288:pCVadSvyPhoYq1E1PzYYNEt2/lSeD/NZnzLbgqr75nfW5SZaSCDaRze4YlH0wrpz:Wadcy9n1bv/NZzLUA75fWwOp4YlrrS+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • NETFLIX Checker Account By X-KILLER.exe (PID: 1632)
      • SearchProtocolHost.exe (PID: 3548)

    • Application was dropped or rewritten from another process

      • NETFLIX Checker Account By X-KILLER.exe (PID: 1632)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • NETFLIX Checker Account By X-KILLER.exe (PID: 1632)
      • WinRAR.exe (PID: 1720)

  • INFO

    • Manual execution by user

      • NETFLIX Checker Account By X-KILLER.exe (PID: 1632)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 210
UncompressedSize: 5280
OperatingSystem: Win32
ModifyDate: 2019:07:24 23:04:28
PackingMethod: Normal
ArchivedFileName: NETFLIX Checker Account By X-KILLER\debug.log
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs netflix checker account  by x-killer.exe

Process information

PID
CMD
Path
Indicators
Parent process
1632"C:\Users\admin\Desktop\NETFLIX Checker Account By X-KILLER\NETFLIX Checker Account By X-KILLER.exe" C:\Users\admin\Desktop\NETFLIX Checker Account By X-KILLER\NETFLIX Checker Account By X-KILLER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
checker by X-KILLER
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\netflix checker account by x-killer\netflix checker account by x-killer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1720"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NETFLIX Checker Account By X-KILLER.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3548"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
795
Read events
773
Write events
22
Delete events
0

Modification events

(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1720) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\NETFLIX Checker Account By X-KILLER.rar
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
4
Suspicious files
0
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\Results\Result 26-07-19 13-30-47\Valid_accounts.txttext
MD5:5011942BF9D4A0E877A610FC80BC26EE
SHA256:E8D5A22FDB4239C178E85B3F852890AA35ECFBFB32978F5415D60529D0B39A9F
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\NETFLIX Checker Account By X-KILLER.exeexecutable
MD5:867F1FBC0A5D89A100D4FE867FA4B34F
SHA256:E22C7F85F00CC4A5219D23EAD9AE28897EBEA30D09B39387456C1F4FD4541CE5
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\Results\Result 11-03-19 23-28-06\Valid_accounts.txttext
MD5:DCEFCE877A83B071C708BA52478473BC
SHA256:4B84D03A96CC86063E59D5E4193C8373929DFCF54CB44E1B177467F7CA9D996D
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\Results\Result 28-07-19 17-41-08\Valid_accounts.txttext
MD5:7BADEB07A8FD28925FC99070DD57B4C6
SHA256:2407943193116B4A8A989E49B5470E200D23FB0803F0E80AF8DC95F134A7C8C4
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\Results\Result 26-07-19 17-00-38\Valid_accounts.txttext
MD5:CB6305A6EB94806D10BC1328928396CC
SHA256:68A04D6690757CD6AED1ADB89E92B3466E5B94C0EE5281B82BC15C67C25E9525
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\Results\Result 21-07-19 17-21-58\Valid_accounts.txttext
MD5:E7CDA6CB49D981EDAB82CFABA8790CD6
SHA256:BA2C7D6F0D537CC49A83B25EC9C944E5C11828F2935F0367D10338F1713610D8
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\debug.logtext
MD5:A44E043496D620BE833549FEBDBF8020
SHA256:1E014A6649FC3AB76CDE25B5794C5F787BECF2D349AE15F3893CE4D59013DA21
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\Results\Result 25-07-19 21-19-05\Valid_accounts.txttext
MD5:4CA1038BD6BF1150BD7367CEEC55AFFB
SHA256:8A1765C8BD73F505757B9A1F19DB606BC3F4CC41BE6D020EC2C3504D49F81FA7
1632NETFLIX Checker Account By X-KILLER.exeC:\Users\admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x86\ssapihook.dllexecutable
MD5:D7F644C06B4CDE60651D02AED6B4174D
SHA256:A99EA2F5759B34859B484AFA3A58CE82A7F3BF792886A6C838DB852D517D9C0D
1720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1720.45360\NETFLIX Checker Account By X-KILLER\xNet.dllexecutable
MD5:3DF8D87A482EFAD957D83819ADB3020F
SHA256:2AC175B4D44245EE8E7AEE9CC36DF86925EF903D8516F20A2C51D84E35F23DA4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NETFLIX Checker Account By X-KILLER.rar