File name:

RuBot Cracked.zip

Full analysis: https://app.any.run/tasks/08b3d1f1-9e9e-4761-8038-a8c8c9c6bb81
Verdict: Malicious activity
Analysis date: August 09, 2020, 01:09:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

37D2DAD58754B27D4B9250D179E24440

SHA1:

6AF1ADE87A1E14E4F6EB997EF1540C5377B86546

SHA256:

673134EFE7B5694843693657BCA52144AE668DC5C1E99421A03FE9E11AA520C0

SSDEEP:

12288:/UCkdYOaD3wrb8IxQMAu06iqUzdwSMOtF3yHDskgfHkBjR18VKecFajgMTV2nTpn:/YdY/cQVxqUzdwwICHkVfecZmgpMm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3464)
      • RuBot2Copy.exe (PID: 2740)

    • Application was dropped or rewritten from another process

      • RuBot2Copy.exe (PID: 2740)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2820)

  • INFO

    • Manual execution by user

      • RuBot2Copy.exe (PID: 2740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2018:03:24 11:21:20
ZipCRC: 0x834fc351
ZipCompressedSize: 15
ZipUncompressedSize: 15
ZipFileName: RuBot Cracked/New Text Document.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs rubot2copy.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2740"C:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot2Copy.exe" C:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot2Copy.exeexplorer.exe
User:
admin
Company:
RuBot.OVH
Integrity Level:
MEDIUM
Description:
RuBot_Tools
Exit code:
0
Version:
6.1.0.0
Modules
Images
c:\users\admin\desktop\rubot cracked\rubot\rubot2copy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2820"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\RuBot Cracked.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3464"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
782
Read events
767
Write events
15
Delete events
0

Modification events

(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2820) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2820) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\RuBot Cracked.zip
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2820) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
Executable files
5
Suspicious files
1
Text files
15
Unknown types
2

Dropped files

PID
Process
Filename
Type
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\New Text Document.txttext
MD5:
SHA256:
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\README - HOW TO USE.txttext
MD5:
SHA256:
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\.vs\RuBot Tools\v15\.suobinary
MD5:72047AF58DB7B8A1FEE383AA420C6779
SHA256:F508439301484AA31277BB4C49BC0A14AD95235F8E96C6FFBB0422DEC737A8B6
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\Chat Bots Texts\chatBot 3.txttext
MD5:0E2054A055CE9434A5855CCA28C15FD6
SHA256:F8342ED8D6C1CEB2DF7F01541B004286A570640B7C45620CA4386EE4645F6856
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\Chat Bots Texts\chatBot1.txttext
MD5:C789D5B6C6FF9F572E01190D47AE7650
SHA256:545446DEC55B7D26D36E8C41FACDDBF3613AF32276F473D545E7CA2E486A7010
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\Proxys\proxies.txttext
MD5:C6EC62612DC9E7261AD57F780D38D4EA
SHA256:A54A5BF6BFD8B524E763F4AF856DE8E991090DA6471B85C1E67F9CD83B1E93D3
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot Tools.exe.configxml
MD5:CEBFE157098995082112604CA8730110
SHA256:DFDF5ECD6291CB0D74B89746B733BC8B1F6E74F00A253DEE15D14891A2CF5BA0
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\MetroFramework.dllexecutable
MD5:34EA7F7D66563F724318E322FF08F4DB
SHA256:C2C12D31B4844E29DE31594FC9632A372A553631DE0A0A04C8AF91668E37CF49
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\Chat Bots Texts\GERMAN CHATBOT.txttext
MD5:10988A198328FC7AF11DD9CDBDB4C52D
SHA256:942C78CF9CA4423E62EA1B6F5D0FD88D955BBAC39F8A52519A54F1C99E734C31
2820WinRAR.exeC:\Users\admin\Desktop\RuBot Cracked\RuBot\eXtremeNet.dllexecutable
MD5:613E35243D0F608D7A03A5500CF2F08B
SHA256:91F6647B19613C3F58CF5D75B320CC4F794318906C24D095C78964AA004CE844
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RuBot Cracked.zip