analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

FakeActivation.zip

Full analysis: https://app.any.run/tasks/8e047972-447c-4248-a896-40bacf0225db
Verdict: Malicious activity
Analysis date: October 14, 2019, 16:33:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

6DB8A7DA4E8DC527D445B7A37D02D5D6

SHA1:

4FCC7CFF8B49A834858D8C6016C3C6F109C9C794

SHA256:

7CC43D4259F9DBE6806E1C067EBD1784EAAF56A026047D9380BE944B71E5B984

SSDEEP:

6144:slA1Q2B6SIHODfBeO6706bWyFyA3tvZqfgP6mJJtkvnBM1KgHWR:iCQ2B3IHO1e3WeGoHJJtkvnBOi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2016:01:22 20:15:24
ZipCRC: 0x00b8d682
ZipCompressedSize: 281609
ZipUncompressedSize: 405748
ZipFileName: [email protected]
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs [email protected] no specs [email protected] free youtube downloader.exe no specs free youtube downloader.exe no specs free youtube downloader.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2396"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FakeActivation.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
392"C:\Users\admin\Desktop\[email protected]" C:\Users\admin\Desktop\[email protected]explorer.exe
User:
admin
Company:
Free Youtube Downloader
Integrity Level:
MEDIUM
Description:
Free Youtube Downloader 4.1.1.1 Installation
Exit code:
3221226540
Version:
4.1.1.1
2580"C:\Users\admin\Desktop\[email protected]" C:\Users\admin\Desktop\[email protected]
explorer.exe
User:
admin
Company:
Free Youtube Downloader
Integrity Level:
HIGH
Description:
Free Youtube Downloader 4.1.1.1 Installation
Exit code:
0
Version:
4.1.1.1
2788"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe[email protected]
User:
admin
Integrity Level:
HIGH
Description:
Free YouTube Downloader
Exit code:
1073807364
Version:
4.1.1.1
2584"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Free YouTube Downloader
Exit code:
1073807364
Version:
4.1.1.1
1212"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Free YouTube Downloader
Exit code:
1073807364
Version:
4.1.1.1
Total events
637
Read events
595
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
1
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
2396WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2396.32938\[email protected]
MD5:
SHA256:
2580[email protected]C:\Users\admin\AppData\Local\Temp\$inst\temp_0.tmp
MD5:
SHA256:
2580[email protected]C:\Users\admin\Desktop\Free Youtube Downloader.lnklnk
MD5:C9CD5E83BA0D6FC43A12A3D1469BF7ED
SHA256:3AF24C344007327706AE3BCD1C0B6F6B4FCD95DF7233057976CAC93C9EA2A7D0
2580[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exeexecutable
MD5:F33A4E991A11BAF336A2324F700D874D
SHA256:A87524035509FF7AA277788E1A9485618665B7DA35044D70C41EC0F118F3DFD7
2580[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exeexecutable
MD5:1BB4DD43A8AEBC8F3B53ACD05E31D5B5
SHA256:A2380A5F503BC6F5FCFD4C72E5B807DF0740A60A298E8686BF6454F92E5D3C02
2580[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exeexecutable
MD5:139DF873521412F2AEBC4B45DA0BC3E9
SHA256:EFE6BD2E0FC7030994FC2837B389DA22C52A7B0BBDBD41852FCAF4308A23DA10
2580[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.initext
MD5:2059CA65DCEB7B8D4952017D04D846EF
SHA256:A549548626AD771B4A3C336B2BAF9E57775795BF76420058A0B9FFC425FD4623
2580[email protected]C:\Users\admin\AppData\Local\Temp\$inst\2.tmpcompressed
MD5:8708699D2C73BED30A0A08D80F96D6D7
SHA256:A32E0A83001D2C5D41649063217923DAC167809CAB50EC5784078E41C9EC0F0F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
FakeActivation.zip