download: | SIO-U232-59_Windows_7_through_2K.zip |
Full analysis: | https://app.any.run/tasks/31b37d6d-1bf6-4cd5-8d4f-a0cd36858c15 |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 12:55:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 1BC5A19C28D55CDB4B7E26CF817B8612 |
SHA1: | 37E0441A0132B3BF8DA273AB42477017BC9F15D9 |
SHA256: | 6F8A6EFAB1CD875461A2D06837C669D737ECCB711086B3543DB920511EBF097D |
SSDEEP: | 49152:J32fKzwoOTT4Fz+DoS9WSsm3Pr63V+JmrmVx0T70F+Ta+T9nTeozRCXi5oS:J32fyhFniWpw63YErm70TY+Tx9TeotCM |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | win2000 xp64 server2003 2008x64 Vista x64/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2011:05:31 16:25:02 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3008 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SIO-U232-59_Windows_7_through_2K.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3708 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2844 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\SETUP.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\SETUP.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2148 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\SETUP.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\SETUP.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Exit code: 1 | ||||
3348 | "C:\Users\admin\AppData\Local\Temp\ckz_QPLR\OS_Detect.exe" | C:\Users\admin\AppData\Local\Temp\ckz_QPLR\OS_Detect.exe | — | SETUP.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3172 | "C:\Users\admin\AppData\Local\Temp\ckz_QPLR\DPInst_Monx86.exe" | C:\Users\admin\AppData\Local\Temp\ckz_QPLR\DPInst_Monx86.exe | — | OS_Detect.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3492 | "C:\Users\admin\AppData\Local\Temp\ckz_QPLR\DPInstx86.exe" | C:\Users\admin\AppData\Local\Temp\ckz_QPLR\DPInstx86.exe | DPInst_Monx86.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Driver Package Installer Exit code: 512 Version: 2.1 | ||||
3268 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{10123aaf-eeeb-4496-5147-3b1cf24e554a}\ftdibus.inf" "0" "6271cb14b" "000002A0" "WinSta0\Default" "0000048C" "208" "c:\users\admin\appdata\local\temp\ckz_qplr" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
928 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{10123aaf-e44a-5fc7-8eff-866b7f35a730}\ftdiport.inf" "0" "624cb962b" "0000048C" "WinSta0\Default" "000005BC" "208" "c:\users\admin\appdata\local\temp\ckz_qplr" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3876 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3008.49506\LogoVerificationReport.pdf" | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | WinRAR.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\amd64\ftser2k.sys | executable | |
MD5:121AF3148CDDA212CFFBC4F6240699C2 | SHA256:866D8CA649144502DCF2975905100ABC8BA068C6A1AAF503421B2FA97FFD2514 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\amd64\ftdibus.sys | executable | |
MD5:7442BCA60ED46CC31C2F39728BBDD9AD | SHA256:0218349E24AC059C502009432A0EC51086E1F9A895E7367CAC1FC6A6C8187B2B | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\amd64\ftbusui.dll | executable | |
MD5:49424524EC55EDCB9F448239DCAC04F5 | SHA256:B4C5A11AC96F61F04A1AF46BBC7507FA9E356EE928D5662E5303B23A0EDDA834 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\i386\ftlang.dll | executable | |
MD5:A7BD75938F91C815EA0BDC991A207C68 | SHA256:43D220695201DC92BA818C7BC998BDE201DC7676D26388261AEFA8A75E8A71F0 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\ftdibus.inf | binary | |
MD5:F4302A452767A833B6CE545953D51263 | SHA256:28C5D483663F238EEB286D53D9A61E1618BFA914AC3128E774623BD09BB04600 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\ftd2xx.h | text | |
MD5:3B584F7365B32F928C1A8924D0E1B402 | SHA256:C1E81B4B9BE73BB1AAF7BBF2D086377C45EA590024417BA0EE60D0F6BB8D46C0 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\amd64\ftserui2.dll | executable | |
MD5:BADB676621EE28E1C87EA39D7E7BE179 | SHA256:32E3F24C267137549EE23C0BF4DA1DA28E07CFE04C56F6D2E6D309214B06B101 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\i386\ftd2xx.lib | obj | |
MD5:3A24931A3A1124AE8D7D5262EAEE396A | SHA256:14F31558E5E43D14F4DE19FFC0FAD2016C583AA1FA9237365BCB71130F9C004B | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\amd64\ftcserco.dll | executable | |
MD5:F23C05F647A3A8EADCD53107E8F3C12A | SHA256:9004408BBFC81E35A21C444F7C1F6B41C422EB8CEDB54A4C610CA6036ABD29E7 | |||
3008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3008.48819\win2000 xp64 server2003 2008x64 Vista x64\amd64\ftd2xx64.dll | executable | |
MD5:BC0FD46D9E9D8578053D02511CEBDF2A | SHA256:CE1FF346E4BB51A605A99AE6E51FB7929D176A31A24EE536FB95C08BEE037FD0 |