File name: | kb3r1p.rar |
Full analysis: | https://app.any.run/tasks/bfc8d8ce-bd6d-436c-9b6b-833843f12151 |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 14:44:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 06EFD1354B7418198C66A78FF3E68E59 |
SHA1: | 666C0EF12715E0D554FF4080CCDC6AF8898CBC65 |
SHA256: | 783B2EEFDB90EB78CFDA475073422EE86476ACA65D67FF2C9CF6A6F9067BA5FA |
SSDEEP: | 98304:1TyTT2A10WTUnbxQiJbTYQjhvAFl+MVCPmNh8:60WobxQUbEQjJwdri |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | ?????\botep\.gitignore |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2016:03:24 11:20:17 |
OperatingSystem: | Win32 |
UncompressedSize: | 957 |
CompressedSize: | 390 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1492 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\kb3r1p.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3496 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\kb3r1p.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1732 | "C:\Users\admin\Desktop\сорцы\server\bin\debug\makecert.exe" | C:\Users\admin\Desktop\сорцы\server\bin\debug\makecert.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: ECM MakeCert Exit code: 4294967295 Version: 6.2.9200.16384 (win8_rtm.120725-1247) | ||||
2564 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\kb3r1p.rar | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1492) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: |
PID | Process | Filename | Type | |
---|---|---|---|---|
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\main.h | text | |
MD5:53B1E6698294ED62B8D7AEE5A9084F41 | SHA256:DC80E4EDCA628B62F824E319D7B7F956552C578A90239B8480CE573AB95208FD | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\service.h | text | |
MD5:B55D0D68496A89181290EF053A565923 | SHA256:36952A71F06000DB06EA8028E01223F43023032D98B7B724B2E2D303F4B35A63 | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\MonitoringProcesses.h | text | |
MD5:32E83DD834E61D9E4464C412078C8C80 | SHA256:BF9CB2C74D068CDC5E19233EE1165BA333524521BC77AAD4473DA8314AE89DCD | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\info.h | text | |
MD5:B501C41939C8BE0944D330FD4031AE41 | SHA256:206F5E7251BF10B6DAC0B29D48859F7FAE7A3D680A965E68EF1318043A2A9D70 | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\bot.vcxproj | xml | |
MD5:4B5C1457E3259653324DD2D573EB242D | SHA256:8C509AAE196FC0114337193AC38F8A1D530A215448E213D9CDBFF9884BF547A6 | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\Manager.h | text | |
MD5:444008023881AAC9CF563294A0127BD1 | SHA256:9699CDD35E481A0EBED2639541A01B9F21D282E69E26C685EE8CADF8CC4A5733 | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\AV.h | text | |
MD5:DE27D0E35110E32E52C922540B3BF8D0 | SHA256:390B99111F3E4051C1061AF5C06C2B312FF3233A6F9948D2960670B5313155B0 | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\.gitignore | text | |
MD5:B0DFC2552001501660AE4D91D49FD414 | SHA256:1901AC02CC9DBE96CEF516107F127EE767197B7DA8807457AFE095E662032BAE | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\plugins.h | text | |
MD5:1739DC7819DB8A53217D49EBC191C0D3 | SHA256:E493C0FF6D9BC461386ADC21B47398F5A8287A013FD90545914C839097B6DE90 | |||
1492 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1492.21489\сорцы\botep\bot\include\system.h | text | |
MD5:62B8F70195DE5B9505C67080C74A8A4C | SHA256:A2196BC92003BB6629CACBFB33B8A57342A168B968E961209FA50B857925F3BF |