File name:

Epson L5190 + Keygen-nosware.com.zip

Full analysis: https://app.any.run/tasks/a1197793-4116-43aa-923f-eb801a184a53
Verdict: Malicious activity
Analysis date: July 13, 2022, 14:01:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

652717F147E7DABA98EA8EF71B8CB722

SHA1:

18EEC6D21EF7E9E1AEAD67DA1751A50465ECB518

SHA256:

7C4CC2DF02F0F8456B8A7854818A47E2F1A773164A815C5278F4CDBFBCA4FEB1

SSDEEP:

98304:1nVUkG9kLvKxTShS4nt/IG3pVWTUcH2iy0eHyf2j1JhITRpTguJSuoDoPM73iTmK:xVeC2xTW53EUcH7yfy+jGLSoNwSdt5kM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Adjprog.exe (PID: 1536)
      • WLGen_Epson L5190.exe (PID: 3060)

    • Loads dropped or rewritten executable

      • Adjprog.exe (PID: 1536)
      • WLGen_Epson L5190.exe (PID: 3060)

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 3244)

  • SUSPICIOUS

    • Creates files in the program directory

      • Adjprog.exe (PID: 1536)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 3244)

    • Reads the computer name

      • WinRAR.exe (PID: 3244)
      • WLGen_Epson L5190.exe (PID: 3060)

    • Checks supported languages

      • WinRAR.exe (PID: 3244)
      • Adjprog.exe (PID: 1536)
      • WLGen_Epson L5190.exe (PID: 3060)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3244)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Epson L5190 + Keygen-nosware.com/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2020:06:21 08:23:15
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe adjprog.exe wlgen_epson l5190.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1536"C:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\Adjprog.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\Adjprog.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Adjustment program for EPSON Inkjet Printer / Scanner
Exit code:
2
Version:
1, 0, 0, 0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3244.3788\epson l5190 + keygen-nosware.com\l5190 onepc\adjprog.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
3060"C:\Users\admin\AppData\Local\Temp\Rar$EXa3244.5041\Epson L5190 + Keygen-nosware.com\Specific Generators\EXE\WLGen_Epson L5190.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3244.5041\Epson L5190 + Keygen-nosware.com\Specific Generators\EXE\WLGen_Epson L5190.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3244.5041\epson l5190 + keygen-nosware.com\specific generators\exe\wlgen_epson l5190.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3244"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Epson L5190 + Keygen-nosware.com.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 221
Read events
1 203
Write events
18
Delete events
0

Modification events

(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3244) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Epson L5190 + Keygen-nosware.com.zip
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
16
Suspicious files
11
Text files
23
Unknown types
4

Dropped files

PID
Process
Filename
Type
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\Adjprog.exeexecutable
MD5:
SHA256:
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\headid.bmpimage
MD5:BD2D076F0D4C5CB4E4DD622EDEFF72B3
SHA256:268119E12AE85210E6DA2D1E98C8D66B267C8696CC3A9E590B79B9546D9363AF
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\apdadrv.dllexecutable
MD5:7BC6071301F011EDFE115026A5E3A20D
SHA256:F2277C9F1F477A6BD06B4645BD818E241CE8352395B4D67BAB87583AAEBD36FD
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\LimitSample.exe.configxml
MD5:6FF09217336C85CE71456B1C79B56B66
SHA256:B9F388E388FB855999926F8BA0E6997F3917285A3AF83A96C249FC529F341975
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\caution.bmpimage
MD5:29158633EF078D5D4AE7D1C76165A0A9
SHA256:D9461C3292A2283EADC730E2EAEFB42A4EAC2C48B98397BAD0F7B918C86F3893
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\nw_resetdata.dattext
MD5:4B8033954B4440361C2479863C051C4A
SHA256:1587151474592C2CF4BCDAE0A1CAA10185B1AAB07F02390ADC9ABAF7C2F14CE6
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\Specific Generators\DLL\COFF\CustomWinLicenseSDK.libobj
MD5:DB92795AA5E48EE56B3CF9CDAC664CEA
SHA256:882107707F13EA3D40C9C5EE4BFCEFDC2133F542628ED55D918B06BEC812068F
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\EditText.datini
MD5:5B1E183F5CAD1ADF0799B514F5D31295
SHA256:85D5F3B287A4C34CA1FA3C6B221C1635689B53668571D05B6EDCCE55992B2BBB
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\ErrorDetail.datini
MD5:62776BE9A152B466B3D86D2D266F9D42
SHA256:4C38555FB1AE9A16F7BE0132261F666B4570FDFF457C3CEFC5ED36D8F2AE6974
3244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3244.3788\Epson L5190 + Keygen-nosware.com\L5190 onePC\LimitSample.exeexecutable
MD5:A8D3728F36A5CEEDA695F62CC7382D9E
SHA256:412DF15CF48EAF8C274D349CE980C9B728CD4F997254983ECA7DD552843CAF8F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
Adjprog.exe
%s------------------------------------------------ --- WinLicense Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Epson L5190 + Keygen-nosware.com.zip