File name:

roobetpredictor.zip

Full analysis: https://app.any.run/tasks/b5b29c46-bdf4-4d21-bd01-75c983e6a1c2
Verdict: Malicious activity
Analysis date: May 20, 2022, 21:58:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

97066DB6CF80BF550C6EFED931C6BAF0

SHA1:

78C070664C22B6B6071E157D733925BEE39B4385

SHA256:

677F8AA75B29EAC74289C7FB969C7661A755F8D8834C0F7B834A6A85CBD90863

SSDEEP:

49152:fxsbL/orn3BDkyp8HD+MyOAU0ZRHLdqWcWscoxRQ9aee1u:Jsboxgyp8j+doW3HERQ9aee1u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • roobet predector v.0.0.5.2.exe (PID: 3060)

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2468)

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 2468)

    • Checks supported languages

      • WinRAR.exe (PID: 2468)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2468)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2468)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: roobet predictor v.0.0.5.2/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2022:05:21 03:48:05
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe roobet predector v.0.0.5.2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2468"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\roobetpredictor.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3060"C:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
Total events
1 027
Read events
1 008
Write events
19
Delete events
0

Modification events

(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2468) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\roobetpredictor.zip
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
7
Suspicious files
0
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\acpipagr.inftxt
MD5:
SHA256:
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exeexecutable
MD5:
SHA256:
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\net7800-x64-n650f.inf_loctxt
MD5:
SHA256:
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\net8187se64.inf_loctxt
MD5:
SHA256:
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\acpipagr.sysexecutable
MD5:
SHA256:
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\_stetup.dllexecutable
MD5:
SHA256:
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\msjint40.dllexecutable
MD5:417BB0E54DB7B7208520A8E71255CECC
SHA256:FC80ED29997A29282DBC30A2A58D640B9EADDC5EE60FC25E0446289DB9B77E62
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\mswstr10.dllexecutable
MD5:AC81B22606B50A61B02F2082EA2CE187
SHA256:A132F3640C912A81DA054EDF987D7615C467D72F225EAB1B1C973E03C00D9444
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\msjter40.dllexecutable
MD5:66CFEF9459FE5771D640BDADE2840192
SHA256:C1EB4AC505F124F124754057329E0907409C3F7D9032EC16408425FCD0519F98
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\mswdat10.dllexecutable
MD5:FFEAED0E3BD67DA3559231F762B6E201
SHA256:C1FFD3391BFD3F5E0CC03B948BA2AB20C57E1B1435166C77232B34FAF7647783
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
roobetpredictor.zip