File name:

Poinex_Protector_Crack.rar

Full analysis: https://app.any.run/tasks/85ee4ef2-43dd-46e1-a348-9ecd35ed2b66
Verdict: Malicious activity
Threats:

NanoCore is a Remote Access Trojan or RAT. This malware is highly customizable with plugins which allow attackers to tailor its functionality to their needs. Nanocore is created with the .NET framework and it’s available for purchase for just $25 from its “official” website.

Malware Trends Tracker     >>>
Analysis date: February 10, 2019, 17:10:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
rat
nanocore
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

1D69ADDD20435255C22F4C4C326ED6AD

SHA1:

63CC9D0B7ED24D80454DA3E1BFE46AE2934FEFB9

SHA256:

50F452009FAAA3EF443A201B17C2ACB7739F42B787BB26C050546D0748DA9D77

SSDEEP:

98304:wOvigXND3AijcFsVMiU2VoWARfHIPSzMpq:x6ulpcFsVMi1A1HsCQq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Poinex Protector Crack.exe (PID: 3144)
      • dotNET_Reactor.exe (PID: 3712)
      • mpress.exe (PID: 2504)

    • NanoCore was detected

      • RegAsm.exe (PID: 2428)

    • Changes the autorun value in the registry

      • Poinex Protector Crack.exe (PID: 3144)

    • Loads dropped or rewritten executable

      • dotNET_Reactor.exe (PID: 3712)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3072)
      • Poinex Protector Crack.exe (PID: 3144)
      • dotNET_Reactor.exe (PID: 3712)

    • Creates files in the user directory

      • Poinex Protector Crack.exe (PID: 3144)
      • RegAsm.exe (PID: 2428)
      • dotNET_Reactor.exe (PID: 3712)

    • Application launched itself

      • RegAsm.exe (PID: 2428)

    • Creates files in the program directory

      • dotNET_Reactor.exe (PID: 3712)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
6
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe poinex protector crack.exe #NANOCORE regasm.exe no specs regasm.exe dotnet_reactor.exe mpress.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2428"{path}"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Poinex Protector Crack.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Assembly Registration Utility
Exit code:
0
Version:
4.6.1055.0 built by: NETFXREL2
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2504"C:\Users\admin\Desktop\mpress.exe" C:\Users\admin\Desktop\mpress.exeexplorer.exe
User:
admin
Company:
MATCODE Software
Integrity Level:
MEDIUM
Description:
Matcode comPRESSor
Exit code:
1
Version:
2.19
Modules
Images
c:\users\admin\desktop\mpress.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msvcrt.dll
2700"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
RegAsm.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Assembly Registration Utility
Exit code:
0
Version:
4.6.1055.0 built by: NETFXREL2
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
3072"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Poinex_Protector_Crack.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3144"C:\Users\admin\AppData\Local\Temp\Rar$EXa3072.18558\Poinex Protector Crack.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3072.18558\Poinex Protector Crack.exe
WinRAR.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Update Setup
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3072.18558\poinex protector crack.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3712"C:\Users\admin\Desktop\dotNET_Reactor.exe" C:\Users\admin\Desktop\dotNET_Reactor.exe
explorer.exe
User:
admin
Company:
EZIRIZ
Integrity Level:
MEDIUM
Description:
.NET Reactor
Exit code:
0
Version:
4.4.7.5
Modules
Images
c:\users\admin\desktop\dotnet_reactor.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
521
Read events
483
Write events
38
Delete events
0

Modification events

(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3072) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Poinex_Protector_Crack.rar
(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3144) Poinex Protector Crack.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3144) Poinex Protector Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Google Service
Value:
C:\Users\admin\AppData\Roaming\Google Update\Google Update.exe
Executable files
6
Suspicious files
4
Text files
2
Unknown types
1

Dropped files

PID
Process
Filename
Type
3072WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3072.24482\Extensions\dotNET_Reactor.exe
MD5:
SHA256:
3072WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3072.24482\Extensions\mpress.exe
MD5:
SHA256:
3712dotNET_Reactor.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be0d863bc6a6168bd3d445f568518309_90059c37-1320-41a4-b58d-2b75a9850d2f
MD5:
SHA256:
3072WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3072.18558\Poinex Protector Crack.exeexecutable
MD5:
SHA256:
3144Poinex Protector Crack.exeC:\Users\admin\AppData\Roaming\Google Update\Google Update.exeexecutable
MD5:
SHA256:
2428RegAsm.exeC:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\run.dattext
MD5:
SHA256:
3712dotNET_Reactor.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\d27d17407ceee51793eb01d84bec195a_90059c37-1320-41a4-b58d-2b75a9850d2fbinary
MD5:
SHA256:
3712dotNET_Reactor.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f64079fec74e82c3b76586e364ff0fba_90059c37-1320-41a4-b58d-2b75a9850d2fbinary
MD5:
SHA256:
3072WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3072.18558\SkinSoft.VisualStyler.dllexecutable
MD5:69E6563E0E7EA843E9B37D58819F4136
SHA256:F9FA9F508B9350ED12ED3AA5B7F24AED901A6434B1B02D1F0EE301B8EEA54B06
3072WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3072.18558\Extensions\dotNET_Reactor.exeexecutable
MD5:A7D69D6DDBE2586D698EBDF7F49C1AFA
SHA256:79F190A51AF8A463F13DDD5A76947CF7BA2ADFB8E231B37C5E0968602217A62B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Poinex_Protector_Crack.rar