download:

Combo_Leecher_By_GodFather.rar

Full analysis: https://app.any.run/tasks/337ee6eb-ae35-4688-a686-2879b0d64eab
Verdict: Malicious activity
Analysis date: November 01, 2018, 19:01:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

C6B158D7FBF3D339CD1DCDBB1F84CCD9

SHA1:

BB2E2BB44683E29A4FF913A2FBDE35F277120F14

SHA256:

71A5740AE03835ED34D957E40FAA848D91B2A431950EA2C4758286E8D8844D40

SSDEEP:

192:c1h31qskT8ooTGRfi4sTCJTeglzVBjYc5mKOEq:c1h3c1rDfivCJCSVBjYc5mD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Combo Leecher By GodFather.exe (PID: 2768)
      • Combo Leecher By GodFather.exe (PID: 3852)
      • Combo Leecher By GodFather.exe (PID: 3700)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 8428
UncompressedSize: 19968
OperatingSystem: Win32
ModifyDate: 2018:01:26 16:40:07
PackingMethod: Normal
ArchivedFileName: Combo Leecher By GodFather.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs combo leecher by godfather.exe combo leecher by godfather.exe combo leecher by godfather.exe

Process information

PID
CMD
Path
Indicators
Parent process
920"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Combo_Leecher_By_GodFather.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2768"C:\Users\admin\Desktop\Combo Leecher By GodFather.exe" C:\Users\admin\Desktop\Combo Leecher By GodFather.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Combo Leecher
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\combo leecher by godfather.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3700"C:\Users\admin\Desktop\Combo Leecher By GodFather.exe" C:\Users\admin\Desktop\Combo Leecher By GodFather.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Combo Leecher
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\combo leecher by godfather.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3852"C:\Users\admin\Desktop\Combo Leecher By GodFather.exe" C:\Users\admin\Desktop\Combo Leecher By GodFather.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Combo Leecher
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\combo leecher by godfather.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
653
Read events
591
Write events
62
Delete events
0

Modification events

(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(920) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Combo_Leecher_By_GodFather.rar
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
0
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
920WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa920.44095\Combo Leecher By GodFather.exe
MD5:
SHA256:
920WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa920.44095\Discord.txt
MD5:
SHA256:
920WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa920.44095\Youtube.txt
MD5:
SHA256:
2768Combo Leecher By GodFather.exeC:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
9
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2768
Combo Leecher By GodFather.exe
104.20.208.21:443
pastebin.com
Cloudflare Inc
US
shared
2768
Combo Leecher By GodFather.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3852
Combo Leecher By GodFather.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3852
Combo Leecher By GodFather.exe
104.20.208.21:443
pastebin.com
Cloudflare Inc
US
shared
3700
Combo Leecher By GodFather.exe
104.20.208.21:443
pastebin.com
Cloudflare Inc
US
shared
3700
Combo Leecher By GodFather.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 131.253.33.200
  • 13.107.22.200
whitelisted
pastebin.com
  • 104.20.208.21
  • 104.20.209.21
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Combo_Leecher_By_GodFather.rar