File name: | apilog19pub.zip |
Full analysis: | https://app.any.run/tasks/151433d8-7417-48cb-bad1-9fc755c2aad8 |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 22:58:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | F015075225FACC7C852251151179793C |
SHA1: | 6D60C264A212C74CBA064234F1A8A38812FAAC9D |
SHA256: | 50F45FFD70B8E74213387E75BD124C0BEE87CA8B77B3616A2C3D558239F112AB |
SSDEEP: | 6144:tmNj4mcp4ZynQPP1KU++nQPP1K8vq/nInDJziMA6h57Cp6JAdO+EVtrEO8NKqV:wNj4mcp7nQPP1KUHnQPP1K8vq+9mMAio |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | test.exe |
---|---|
ZipUncompressedSize: | 1536 |
ZipCompressedSize: | 444 |
ZipCRC: | 0xb6c7bb40 |
ZipModifyDate: | 2004:12:09 18:57:09 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1928 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\apilog19pub.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3604 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2480 | "C:\Users\admin\Desktop\apilog19pub\apilogger.exe" | C:\Users\admin\Desktop\apilog19pub\apilogger.exe | — | explorer.exe |
User: admin Company: http://blackninja2000.narod.ru Integrity Level: MEDIUM Description: API Logger Injector Exit code: 0 Version: 1, 9, 0, 0 | ||||
2676 | C:\Users\admin\Desktop\apilog19pub\x32.exe | C:\Users\admin\Desktop\apilog19pub\x32.exe | apilogger.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3221225477 | ||||
3580 | C:\Windows\system32\WerFault.exe -u -p 2676 -s 68 | C:\Windows\system32\WerFault.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1276 | C:\Users\admin\Desktop\apilog19pub\x32.exe | C:\Users\admin\Desktop\apilog19pub\x32.exe | apilogger.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3221225477 | ||||
3016 | C:\Windows\system32\WerFault.exe -u -p 1276 -s 68 | C:\Windows\system32\WerFault.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2016 | "C:\Users\admin\Desktop\apilog19pub\x32.exe" | C:\Users\admin\Desktop\apilog19pub\x32.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM | ||||
4088 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\apilog19pub\db.txt | C:\Windows\system32\NOTEPAD.EXE | — | apilogger.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1272 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\apilog19pub\x32.exe.apilog.txt | C:\Windows\system32\NOTEPAD.EXE | — | apilogger.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\pluginsdk\DirectX_Logger\dxplugdb.txt | text | |
MD5:F7728DFBA2967D32FC184FDB58821AA5 | SHA256:1B7667A8C302112CC7027834E6C2AFBC55D712C422874B34FE457788A114D28F | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\src\intruder.cpp | text | |
MD5:57DF8108DC29CAFBEF52D4FE85B3CC77 | SHA256:22400359A438BB43885980B508DF2A753C5EB515C1356412F5940CE9086564C1 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\src\stdafx.cpp | text | |
MD5:C333A5C71323A6CEC0B4E219736DC390 | SHA256:818DFEBF087F5816A4A1BB4BC37C82334471687BF6BC703BC7740A3FD9FD03D0 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\test.exe | executable | |
MD5:7087C67F33EF721B473953FB4B503CF4 | SHA256:F128D1CFC980776558E4FE1FECBDFE6D3A837D3F0D041BF2B8C905BE9793EC78 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\src\intruder.sln | text | |
MD5:33C557A7C524FA7B78A0E145355BFE97 | SHA256:BF7D2D48B6985B4981DD48A853596E999D021AB13C2DFDE0F3E45784A17275F6 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\src\intruder.h | text | |
MD5:6B047558F5C41AD604066820A86CF508 | SHA256:A4F6A4E5870B756DC48D99F95E94E1BA658B5432920BEB3AD3787009CF69C745 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\readme.txt | text | |
MD5:87300A5C19E4AA73BA7ACFB6E72C72F8 | SHA256:365B8559F643AD92392930F6AECEB7DE6EDC83E07134406094C3DAA7B855F44B | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\src\intruder.vcproj | xml | |
MD5:1BD27EBD4514EBD47E9C04E87E3F42C7 | SHA256:023AC8BFB6D3149EA5AB325F0ABE39DC05C1F219DB3FA61020BB0A4F28239EA2 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\pluginsdk\dxlogplug\dxlogger.h | text | |
MD5:72DC8CBE9D5B8DCD7813C9017FC0B3D3 | SHA256:315797ADB1F2DB5E7B5108E103D9EA2389BF246235B4F1913B5C7895C43EFE58 | |||
1928 | WinRAR.exe | C:\Users\admin\Desktop\apilog19pub\dxwrapper\src\intruder.rc | text | |
MD5:049F5C4F76B38FB429E61558EB31E0DE | SHA256:CAAE4855268E1C9E820946471EF630DEE795B254B931280BB8F9FC60C50DBE0E |