File name: | 1.rar |
Full analysis: | https://app.any.run/tasks/b5f537ce-c39c-4582-9d2a-92895b6416cf |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 15:10:06 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 36421EDE11A144AD707DC4A8F055EDCF |
SHA1: | 99291F97E49B0403EE3841171FCF37C0E7F1A5A2 |
SHA256: | 5C48CA53280880FB8A012E6C89B4E6B32995FC83DA461FCA9FF4718C95EDDCF6 |
SSDEEP: | 49152:iX8Lmfiufb3xOuO5UEXTLQGD4Y7o1wltke:zqiuVn4tTLQGT3 |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 3420 |
---|---|
UncompressedSize: | 24576 |
OperatingSystem: | Win32 |
ModifyDate: | 2017:09:25 17:28:09 |
PackingMethod: | Normal |
ArchivedFileName: | 0-37.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4036 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\1.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3824 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\AC Protect 2.0.rar" "C:\Users\admin\Desktop\AC Protect 2.0\" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
772 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2180 | "C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\ACProtect_2.0.exe" | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\ACProtect_2.0.exe | explorer.exe | |
User: admin Company: RiScO Integrity Level: MEDIUM Description: Anti-Crack Protection Exit code: 0 Version: 2.0.1.864 | ||||
3644 | "C:\Users\admin\Desktop\0-371.exe" | C:\Users\admin\Desktop\0-371.exe | — | explorer.exe |
User: admin Company: amd Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
3116 | "C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe" | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe | — | explorer.exe |
User: admin Company: amd Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
1420 | "C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe" | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe | — | explorer.exe |
User: admin Company: amd Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
3560 | "C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe" | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe | — | explorer.exe |
User: admin Company: amd Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
2928 | "C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe" | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe | — | explorer.exe |
User: admin Company: amd Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
4072 | "C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe" | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\0-371.exe | — | explorer.exe |
User: admin Company: amd Integrity Level: MEDIUM Exit code: 0 Version: 1.00 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2180 | ACProtect_2.0.exe | C:\Users\admin\Desktop\0-37.exe.bak | — | |
MD5:— | SHA256:— | |||
2180 | ACProtect_2.0.exe | C:\Users\admin\Desktop\tmp.acp | — | |
MD5:— | SHA256:— | |||
2180 | ACProtect_2.0.exe | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\tmp | — | |
MD5:— | SHA256:— | |||
2180 | ACProtect_2.0.exe | C:\Users\admin\Desktop\0-37.exe | executable | |
MD5:D4B38362B1BB95986AFDC7E7A25E5A77 | SHA256:223F947371FFE510E94550DC28BB6193484AE7C7B936FE07F4EAC02E35A12D82 | |||
3824 | WinRAR.exe | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\jcalg1.dll | executable | |
MD5:967765E9564E08B6C9B98C82D961527E | SHA256:9319617AB040AF29FBBC220043A5AA92D5F723CCBA84462A6B1EFE30526FFD26 | |||
2180 | ACProtect_2.0.exe | C:\Users\admin\AppData\Local\Temp\perplex.dll | executable | |
MD5:8885590BE20DEC972DF9A79D6B4693F6 | SHA256:160CCA4EE96178D06E7F5B0F272D422CDA2CD8550B7119A307F67FA60341AA11 | |||
3824 | WinRAR.exe | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\ACProtect_2.0.exe | executable | |
MD5:A8839BD046E84EEBDFB9E5C223FD76BD | SHA256:92ACA260ACCFC7F27641266378D91092AB72245E159CA9B4D4265AD8274AEFB4 | |||
4036 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4036.43627\0-37.exe | executable | |
MD5:BD0389A192DF79807BF9A7B56A36E4D5 | SHA256:F73E1DFCA3C3FD3176B4C8AAE0C95124410A6F8088CC3B93D918696850F128CC | |||
2272 | 0-371.exe | C:\Users\admin\AppData\Local\VirtualStore\sgtxey.ogb | text | |
MD5:5FB8E7274C618DF6146D26AF6ED40A54 | SHA256:BA0030669785FAB9AF335ADDEDFF8124DE764736D5771447CEE7BDC7D01D8856 | |||
3824 | WinRAR.exe | C:\Users\admin\Desktop\AC Protect 2.0\AC Protect 2.0\tmp.acp | executable | |
MD5:2FFFEBE4F9295EADFEE024C4F7A1F1CC | SHA256:A13F8BE3EE2CE2111CE5583A43FDF65FD6207F8FD463D0DE8A2E07A3DDA22679 |