File name:

Xenos Injector v2.2.0_mpgh.net.zip

Full analysis: https://app.any.run/tasks/f7243fe4-60f6-4dd8-9e18-c7e186f032ff
Verdict: No threats detected
Analysis date: September 13, 2020, 17:55:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

AEDD2F7494A0C60A3046572EAAB1E340

SHA1:

4943E66DE0FEAD08BC76651703C22DAA09A6872B

SHA256:

5F28E19D5802B49390F8D29D378980A34C8D7A5AA693BF61EBB81F54FEABD668

SSDEEP:

393216:wFum0p/JLxxdyQSSyyN2nvHY31s6fLxhPJaY:wFuf1JNFnyyMnw3+6fLjoY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Xenos.exe (PID: 2252)
      • Xenos.exe (PID: 3320)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Xenos.exe (PID: 2252)
      • WinRAR.exe (PID: 3504)

    • Creates or modifies windows services

      • Xenos.exe (PID: 2252)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2015:08:19 14:39:22
ZipCRC: 0x99b60727
ZipCompressedSize: 579059
ZipUncompressedSize: 1240384
ZipFileName: Xenos64.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe xenos.exe no specs xenos.exe

Process information

PID
CMD
Path
Indicators
Parent process
2252"C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
PE injector
Exit code:
1
Version:
2.2.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3504.9985\xenos.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3320"C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
PE injector
Exit code:
3221226540
Version:
2.2.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3504.9985\xenos.exe
c:\systemroot\system32\ntdll.dll
3504"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Xenos Injector v2.2.0_mpgh.net.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 495
Read events
1 123
Write events
354
Delete events
18

Modification events

(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3504) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Xenos Injector v2.2.0_mpgh.net.zip
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3504) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E
Operation:writeName:@C:\Windows\system32\notepad.exe,-469
Value:
Text Document
(PID) Process:(3504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
5
Suspicious files
0
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Changelog.txttext
MD5:
SHA256:
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Readme.txttext
MD5:
SHA256:
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos64.exeexecutable
MD5:
SHA256:
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\vcredist_x64.exeexecutable
MD5:96B61B8E069832E6B809F24EA74567BA
SHA256:E554425243E3E8CA1CD5FE550DB41E6FA58A007C74FAD400274B128452F38FB8
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\vcredist_x86.exeexecutable
MD5:0FC525B6B7B96A87523DAA7A0013C69D
SHA256:A22895E55B26202EAE166838EDBE2EA6AAD00D7EA600C11F8A31EDE5CBCE2048
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\XenosCurrentProfile.xprtext
MD5:
SHA256:
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos.exeexecutable
MD5:
SHA256:
3504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\Xenos.logtext
MD5:
SHA256:
2252Xenos.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\BlackBoneDrv7.sysexecutable
MD5:
SHA256:
2252Xenos.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3504.9985\XenosCurrentProfile.xprtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Xenos Injector v2.2.0_mpgh.net.zip