File name: | HQTYK.rar |
Full analysis: | https://app.any.run/tasks/6daeb029-8092-4ab4-9837-47fa61d6b7da |
Verdict: | Malicious activity |
Analysis date: | January 23, 2019, 08:51:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | EC3AFF3566A5E5332EEC8BF93F6D6A6C |
SHA1: | C153ADB4644D45FE10E856C0E77F23EBB634788C |
SHA256: | 7426711453DAE875DAECF8A2E3F21373CB85EEACD4EBD4114260812A6BC22219 |
SSDEEP: | 3072:plmal9jtbg3Beh6VW7AX5EjcGD/pgHt3fXyb0UcHsuxWdjLel43lMT4MNhSGmSoP:BBKjY7+KjdDeHtvXyfZshiGM |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | HQTYK\c1.dll |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2008:09:20 16:41:29 |
OperatingSystem: | Win32 |
UncompressedSize: | 110592 |
CompressedSize: | 51306 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2972 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\HQTYK.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1520 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
4064 | "C:\Users\admin\Desktop\HQTYK\Server.exe" | C:\Users\admin\Desktop\HQTYK\Server.exe | explorer.exe | |
User: admin Company: Startsoft Integrity Level: MEDIUM Description: FlashControl Server Version: 3, 1, 0, 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\s1.dll | executable | |
MD5:3456424B3B3BFE09B0DE9CB966F2A28A | SHA256:91F0BFF6FF2C8EBD5F97F3BE972D3EA6950EAFACCDB1E90F9C15BDD939C68152 | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\Client.exe | executable | |
MD5:12FBDEF44A31B0209317A6312638B7C7 | SHA256:F81CE54ED9657C850BD1933063D0E33843C7480084D29901056A3C337969CB81 | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\sc.dll | executable | |
MD5:6BCC75365C3494FDD87C920B89A9B322 | SHA256:48E2D2EC725AC72B0541E56606FEC1A012AE428AAA079B8D90B72086413F5A76 | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\server.dat | binary | |
MD5:5E28BA7BF5140F80AB6521709721AEBD | SHA256:DA1A68D263619E955587FFEFF70DE3694BE0DBF1E05A09861900EB90BE9A46BC | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\Server.exe | executable | |
MD5:CEC467595944E97F1BDF9BC6F871F697 | SHA256:10DABD7FA1C5019E00C11960DD5810E95159E3E63E1D3670366B0007F66E04C7 | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\Setup.exe | executable | |
MD5:2BA72DD1658665A254CEF1F4F7692335 | SHA256:B573F85785002D2C8C44D3E105A5180E633E5916226CD99DD32EB89C15BA486D | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\c1.dll | executable | |
MD5:D453BC9E9940B22F01EB0FE683E3E410 | SHA256:C5BD0C262C1D9F066B4370A6A4CED9DD872D74E8B2823374016CC36CCC204151 | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\QHSock.dll | executable | |
MD5:C5433978C599E2C2B50C9E539C162B84 | SHA256:053E75DDA007FCDE0E15D5CA42F449E287F7DBCC603510A4E9467E433D0291C9 | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\s2.dll | executable | |
MD5:3E5C3C30D374966FDEBDE646907566F8 | SHA256:E328AC99FCBF1392A54CC3DF2027A6DEB3B8C04F92499110893F838F7451542B | |||
2972 | WinRAR.exe | C:\Users\admin\Desktop\HQTYK\c2.dll | executable | |
MD5:84F171CDEFCE63CF15513788A0BD2A82 | SHA256:57468268CE1F8645EBFAE84C26A49F28B8FE744DF5FC3AEA218D34E84AEE52AA |
Process | Message |
---|---|
Server.exe | send input thread start. |
Server.exe | ListenThread start. |
Server.exe | recv thread start. |