File name:

Ulitmate_Virus_Maker_Tool_Pack_2.zip

Full analysis: https://app.any.run/tasks/99650214-d0a8-4adb-bb95-a66e9b1de532
Verdict: Suspicious activity
Analysis date: June 22, 2020, 07:32:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D1F8E210D8551A0C62283559AB511BF9

SHA1:

B8BD1C3AF74987054A43E79EFA407584D7A35143

SHA256:

51F2C46E67961B61AD524782823EFCCCA3E31729A4106023A9C41EFCFF74ED79

SSDEEP:

49152:IWq8MpcDXnEpGHd5hEa32413n1eyDe9NZ5yK:Ix1pcDXEEHd5GgL1ljy9F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • virus maker .exe (PID: 2680)
      • Virus_Maker.exe (PID: 2832)
      • SonicBat.exe (PID: 2956)
      • HICHKAS.exe (PID: 2676)
      • $MOOTHiE's Macro Virus Creator Ver. 1.0.exe (PID: 3900)
      • Ultimate Virus Builder.exe (PID: 3968)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2972)

    • Starts CMD.EXE for commands execution

      • virus maker .exe (PID: 2680)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2013:08:12 09:42:07
ZipCRC: 0xd8e830cc
ZipCompressedSize: 80176
ZipUncompressedSize: 165376
ZipFileName: Ultimate Virus Builder.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
10
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start drop and start drop and start start winrar.exe virus_maker.exe no specs virus maker .exe no specs cmd.exe no specs ultimate virus builder.exe dw20.exe no specs sonicbat.exe no specs hichkas.exe no specs $moothie's macro virus creator ver. 1.0.exe no specs msg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2668dw20.exe -x -s 368C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeUltimate Virus Builder.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Error Reporting Shim
Exit code:
0
Version:
2.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\dw20.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
2676"C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.1450\HICHKAS.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.1450\HICHKAS.exeWinRAR.exe
User:
admin
Company:
Virus Maker Software .
Integrity Level:
MEDIUM
Description:
Programmer : Mehran Rasa
Exit code:
0
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2972.1450\hichkas.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2680"C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.389\virus maker .exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.389\virus maker .exeWinRAR.exe
User:
admin
Company:
www.realhackings.com
Integrity Level:
MEDIUM
Description:
can be used to make simple batch virus
Exit code:
0
Version:
01.00.00.00
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2972.389\virus maker .exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2832"C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\Virus_Maker.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\Virus_Maker.exeWinRAR.exe
User:
admin
Company:
andreinick05
Integrity Level:
MEDIUM
Description:
Batch Virus Maker
Exit code:
0
Version:
0.0.0.2
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2972.099\virus_maker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2956"C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.975\SonicBat.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.975\SonicBat.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Batch File Virus Maker
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2972.975\sonicbat.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2972"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ulitmate_Virus_Maker_Tool_Pack_2.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3292msg * Command Added to your virus !C:\Windows\system32\msg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Message Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winsta.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3372cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\2680KBP9.cmd" "C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.389\virus maker .exe" "C:\Windows\system32\cmd.exevirus maker .exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3900"C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.1766\$MOOTHiE's Macro Virus Creator Ver. 1.0.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.1766\$MOOTHiE's Macro Virus Creator Ver. 1.0.exeWinRAR.exe
User:
admin
Company:
Zero Gravity
Integrity Level:
MEDIUM
Description:
Costom Macro Virus Creator
Exit code:
0
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2972.1766\$moothie's macro virus creator ver. 1.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3968"C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.541\Ultimate Virus Builder.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2972.541\Ultimate Virus Builder.exe
WinRAR.exe
User:
admin
Company:
HackApps
Integrity Level:
MEDIUM
Description:
Ultimate Virus Builder
Exit code:
3762507597
Version:
1.0.0.9
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2972.541\ultimate virus builder.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
488
Read events
475
Write events
13
Delete events
0

Modification events

(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2972) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2972) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Ulitmate_Virus_Maker_Tool_Pack_2.zip
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
48
Suspicious files
1
Text files
5
Unknown types
1

Dropped files

PID
Process
Filename
Type
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\$MOOTHiE's Macro Virus Creator Ver. 1.0.exeexecutable
MD5:BA8E425C41DB31AC3517095283121DAE
SHA256:DF7744898ED8617ACFF8A9CFCBEB07221B51D9747D296A7CB2172312ACA56005
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\virus maker .exeexecutable
MD5:1D38ED88BCDD11E0F5D657AB3542C918
SHA256:75773722494446DFA60651A2B93D568B8C6CC18AA78E8E0D03F0C8514FEBEBD9
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\SonicBat.exeexecutable
MD5:15BEB2A9E80F559C4C65B84C513EB42D
SHA256:9F57E8D0544A05DC0799A91342CF5D2C07BC8EB308DA6BBBC2AD354C1FA70CE8
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\dark horse trojan virus maker\COMCTL32.OCXexecutable
MD5:EB5F811C1F78005B3C147599A0CCCF51
SHA256:BF4147F8A12BEC3D54E3EF941475E29D852A1876117C6CE88F47B882EF6D4A03
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\HICHKAS.exeexecutable
MD5:B191AD6DB9B7AF9BA384DAE487386736
SHA256:3DAB4DC1BFAEFE2FE8317778D17D8C7E9DEAE6228818BF7CFB87074C3F8288FC
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\Virus_Maker.exeexecutable
MD5:83A5B7BC2F149EA64755EFAA332FB18D
SHA256:53CCD7DFB40E152FA560050403A67E2BF8912B012518D5230394B3357D085D65
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.099\dark horse trojan virus maker\DarkHorseTrojanVirusMaker.exeexecutable
MD5:C8C538CC07718D0ADABFA0AFEC212B8C
SHA256:A1366F71067BA4E4CE55078CE257F3656A6A02926A3D50652EB55575A3582950
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.389\Ultimate Virus Builder.exeexecutable
MD5:82D82F90205F0EDF2071F8B72C570278
SHA256:3609CC9DF65CDBC4145074756A2B47D316255317EB07957238644349EA162CE1
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.389\$MOOTHiE's Macro Virus Creator Ver. 1.0.exeexecutable
MD5:BA8E425C41DB31AC3517095283121DAE
SHA256:DF7744898ED8617ACFF8A9CFCBEB07221B51D9747D296A7CB2172312ACA56005
2972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2972.389\Virus_Maker.exeexecutable
MD5:83A5B7BC2F149EA64755EFAA332FB18D
SHA256:53CCD7DFB40E152FA560050403A67E2BF8912B012518D5230394B3357D085D65
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ulitmate_Virus_Maker_Tool_Pack_2.zip