analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

14078161556897.rar

Full analysis: https://app.any.run/tasks/fcecb5f1-3a28-42e3-9c9b-54b0e3f4a377
Verdict: Malicious activity
Analysis date: January 23, 2019, 04:55:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

D820F709AA54B60D1CE40F68F3897DDE

SHA1:

EAF2B01A382B3F53D200F32E8268F069D642F6A7

SHA256:

7D539985943A088D23B88238BEC3803D087A3E2428FC329143FE91F24B4A70CC

SSDEEP:

24576:ZJGIO5KhUJujMuyFGiAX6dRL86yEuJlNZCcdCsfC5pc:TG65jMuyFS6dq6ynLq5pc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • VirTest.exe (PID: 3088)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3012)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: VirTest5.0\clear.bat
PackingMethod: Normal
ModifyDate: 2011:04:16 23:11:16
OperatingSystem: Win32
UncompressedSize: 101
CompressedSize: 122
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe virtest.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3012"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\14078161556897.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3088"C:\Users\admin\Desktop\VirTest5.0\VirTest.exe" C:\Users\admin\Desktop\VirTest5.0\VirTest.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Total events
848
Read events
809
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
13
Text files
10
Unknown types
1

Dropped files

PID
Process
Filename
Type
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\UnitFrmOk.dfmtext
MD5:07845328D1B5A7309FA14D3B5A502AE2
SHA256:0A19428DD5627865F909B8D06B4B8D8CE451A43ABB7F18361B1AFCA455860F5E
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\clear.battext
MD5:9D9A3F39D19AA0427611377A7F1C594F
SHA256:EA000042AC7CE9540555523877C2E9E0CAA83E9C8DA2D1C794065B130EE973ED
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\样本\gui6.0.virbinary
MD5:B751D851B507735D00149B8E8770243A
SHA256:C23399F6E46DDD23849BB1760A671223AABAEC309F0E36633097244205192ECD
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\ico\DelForExp.cfgbinary
MD5:6BAA9E9720E3E7E785B2556E648C3657
SHA256:7B1ED8C6B29478A58685E582DDACA821FE5A3FA75F16F215BA97639E39A927B2
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\vir\1290BFC7.exeexecutable
MD5:7C600314586543A0E0BEC0381CCE5D06
SHA256:05F1A5BBA2D48F0F209C8C1DFCC8D6074E076D7685F12CBB794DC1142A0A3114
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\UnitFrmMain.dfmtext
MD5:F6C390CD32EDE7A18BAF772130BF4FE6
SHA256:CE7CC51854C4BBE36299E4977441B4A1C32F296DAF086DA940F4D0D7307AA27E
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\VirTest.dprtext
MD5:324CA1C21B1BBDA52365DAE3022B774E
SHA256:0AA254E62FC86FA66C196B6D316401936BA1F4CAACCCCCB16C81A6149FA5D1DB
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\VirTest.resres
MD5:F752534585327BB57D3EF6C9E3846D94
SHA256:D454C63453F84EA0A065F425C53485759D8E5FFFDDE9F72138AE5C3DE8250CC2
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\UnitFrmAbout.dfmtext
MD5:0CE21593A2BF38147B5F98FF649A99DF
SHA256:6B26E5D52042E68A9AF79B6B41D79D35B4A45BFF552A59D45A69A7195E6DE369
3012WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\VirTest5.0.rarcompressed
MD5:2BDD61EBE82A904245D6617DB5890314
SHA256:0D1F3F7858EAD718D0A4440FBA3109970A019EB68304B069A33EEF9D1FA3CA15
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info