File name:

Advanced BAT to EXE Converter PRO v2.83 _ Keygen.rar.zip

Full analysis: https://app.any.run/tasks/beb1655b-1d3c-4cc2-b885-b4242689f6bb
Verdict: Malicious activity
Analysis date: August 01, 2022, 22:34:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

150F66D72DE4356E0DFD9B052675395A

SHA1:

1395510F786375615CF3F367E3EA879358CEE1F9

SHA256:

7D12835AA508EC85F9C7BE447431FD4A16CD7ABAC14CBBB958C873486EEAEC31

SSDEEP:

24576:tjJSFn2OBu2FLwKNEUEOpSaWcAQl674mEH/ssvYP:LSFfu2FEKCUtptWcAC6GHEuq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 3068)
      • WinRAR.exe (PID: 1228)
      • advbattoexepro.exe (PID: 2880)

    • Application was dropped or rewritten from another process

      • Twitch.exe (PID: 3096)
      • Keygen.exe (PID: 3656)
      • advbattoexepro.exe (PID: 292)
      • advbattoexepro.exe (PID: 2880)
      • setupinf.exe (PID: 3956)
      • activate.exe (PID: 2936)
      • aB2Econv.exe (PID: 2964)
      • activate.exe (PID: 280)
      • activate.exe (PID: 320)
      • ab2econv.exe (PID: 2016)
      • aB2Econv.exe (PID: 2948)
      • activate.exe (PID: 2108)

    • Loads dropped or rewritten executable

      • advbattoexepro.exe (PID: 2880)
      • aB2Econv.exe (PID: 2964)
      • ab2econv.exe (PID: 2016)
      • aB2Econv.exe (PID: 2948)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3068)
      • WinRAR.exe (PID: 1228)
      • advbattoexepro.exe (PID: 2880)

    • Reads the computer name

      • WinRAR.exe (PID: 3068)
      • WinRAR.exe (PID: 1228)
      • Twitch.exe (PID: 3096)
      • Keygen.exe (PID: 3656)
      • advbattoexepro.exe (PID: 2880)
      • aB2Econv.exe (PID: 2964)
      • activate.exe (PID: 320)
      • aB2Econv.exe (PID: 2948)
      • ab2econv.exe (PID: 2016)

    • Checks supported languages

      • WinRAR.exe (PID: 3068)
      • WinRAR.exe (PID: 1228)
      • Twitch.exe (PID: 3096)
      • Keygen.exe (PID: 3656)
      • advbattoexepro.exe (PID: 2880)
      • setupinf.exe (PID: 3956)
      • activate.exe (PID: 2108)
      • aB2Econv.exe (PID: 2964)
      • activate.exe (PID: 320)
      • ab2econv.exe (PID: 2016)
      • aB2Econv.exe (PID: 2948)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 3068)
      • WinRAR.exe (PID: 1228)
      • advbattoexepro.exe (PID: 2880)

    • Creates a directory in Program Files

      • advbattoexepro.exe (PID: 2880)

    • Creates a software uninstall entry

      • advbattoexepro.exe (PID: 2880)

    • Creates files in the program directory

      • advbattoexepro.exe (PID: 2880)

    • Changes default file association

      • setupinf.exe (PID: 3956)

    • Reads default file associations for system extensions

      • ab2econv.exe (PID: 2016)

  • INFO

    • Manual execution by user

      • WinRAR.exe (PID: 1228)
      • Twitch.exe (PID: 3096)
      • Keygen.exe (PID: 3656)
      • advbattoexepro.exe (PID: 292)
      • advbattoexepro.exe (PID: 2880)
      • aB2Econv.exe (PID: 2964)
      • aB2Econv.exe (PID: 2948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: keygen.rar
ZipUncompressedSize: 906111
ZipCompressedSize: 906111
ZipCRC: 0xfc2dc038
ZipModifyDate: 2021:06:28 19:08:06
ZipCompression: None
ZipBitFlag: 0x0001
ZipRequiredVersion: 788
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
14
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start winrar.exe winrar.exe twitch.exe no specs keygen.exe no specs advbattoexepro.exe no specs advbattoexepro.exe setupinf.exe no specs ab2econv.exe no specs activate.exe no specs activate.exe ab2econv.exe no specs activate.exe no specs activate.exe ab2econv.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
280"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exeaB2Econv.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
MEDIUM
Description:
BDargo Software Activation
Exit code:
3221226540
Version:
1.01.0002
292"C:\Users\admin\Desktop\advbattoexepro.exe" C:\Users\admin\Desktop\advbattoexepro.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
320"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exe
aB2Econv.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
HIGH
Description:
BDargo Software Activation
Exit code:
0
Version:
1.01.0002
1228"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\keygen.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
2016"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\ab2econv.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\ab2econv.exeactivate.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
HIGH
Description:
Advanced BAT to EXE Converter PRO
Exit code:
0
Version:
2.08.0003
2108"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exe
aB2Econv.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
HIGH
Description:
BDargo Software Activation
Exit code:
0
Version:
1.01.0002
2880"C:\Users\admin\Desktop\advbattoexepro.exe" C:\Users\admin\Desktop\advbattoexepro.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Exit code:
0
2936"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\activate.exeaB2Econv.exe
User:
admin
Company:
Brandon Dargo
Integrity Level:
MEDIUM
Description:
BDargo Software Activation
Exit code:
3221226540
Version:
1.01.0002
2948"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\aB2Econv.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\aB2Econv.exeExplorer.EXE
User:
admin
Company:
Brandon Dargo
Integrity Level:
MEDIUM
Description:
Advanced BAT to EXE Converter PRO
Exit code:
0
Version:
2.08.0003
2964"C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\aB2Econv.exe" C:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\aB2Econv.exeExplorer.EXE
User:
admin
Company:
Brandon Dargo
Integrity Level:
MEDIUM
Description:
Advanced BAT to EXE Converter PRO
Exit code:
0
Version:
2.08.0003
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
24
Suspicious files
7
Text files
48
Unknown types
5

Dropped files

PID
Process
Filename
Type
1228WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1228.48585\Advanced.BAT.to.EXE.Converter.PRO.v2.83.RETAIL.INCL_KEYGEN-FFF\advbattoexepro.exeexecutable
MD5:
SHA256:
1228WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1228.48585\Advanced.BAT.to.EXE.Converter.PRO.v2.83.RETAIL.INCL_KEYGEN-FFF\FILE_ID.DIZtext
MD5:
SHA256:
1228WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1228.48585\Advanced.BAT.to.EXE.Converter.PRO.v2.83.RETAIL.INCL_KEYGEN-FFF\Keygen.exeexecutable
MD5:
SHA256:
2880advbattoexepro.exeC:\Users\admin\AppData\Local\Temp\gentee00\setup_temp.geabs
MD5:
SHA256:
1228WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1228.48585\Advanced.BAT.to.EXE.Converter.PRO.v2.83.RETAIL.INCL_KEYGEN-FFF\FFF.NFOtext
MD5:
SHA256:
3068WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3068.47064\Twitch.exeexecutable
MD5:5E8EFD2FA8AE4D464DE6A4BC83FF7697
SHA256:1176423A05CD98B100C4BFE98B40E6A084140C1A266E8857A8E1E5FF186379B0
3068WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3068.47272\keygen.rarcompressed
MD5:BE8EB085385D87ADEA27C9D9FFD23FAC
SHA256:085690A637FEB9CD46F55A3A6FE8D7471594BE9B68694F6AA86E43D2483EE18B
2880advbattoexepro.exeC:\Users\admin\AppData\Local\Temp\gentee00\gentee.dllexecutable
MD5:30439E079A3D603C461D2C2F4F8CB064
SHA256:D6D0535175FB2302E5B5A498119823C37F6BDDFF4AB24F551AA7E038C343077A
2880advbattoexepro.exeC:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\advex15.battext
MD5:
SHA256:
2880advbattoexepro.exeC:\Program Files\Advanced BAT to EXE Converter PRO v2.83\ab2econv283pro\aB2Econv.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Advanced BAT to EXE Converter PRO v2.83 _ Keygen.rar.zip