File name: | 14078161556897.rar |
Full analysis: | https://app.any.run/tasks/fcecb5f1-3a28-42e3-9c9b-54b0e3f4a377 |
Verdict: | Malicious activity |
Analysis date: | January 23, 2019, 04:55:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | D820F709AA54B60D1CE40F68F3897DDE |
SHA1: | EAF2B01A382B3F53D200F32E8268F069D642F6A7 |
SHA256: | 7D539985943A088D23B88238BEC3803D087A3E2428FC329143FE91F24B4A70CC |
SSDEEP: | 24576:ZJGIO5KhUJujMuyFGiAX6dRL86yEuJlNZCcdCsfC5pc:TG65jMuyFS6dq6ynLq5pc |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | VirTest5.0\clear.bat |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2011:04:16 23:11:16 |
OperatingSystem: | Win32 |
UncompressedSize: | 101 |
CompressedSize: | 122 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3012 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\14078161556897.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3088 | "C:\Users\admin\Desktop\VirTest5.0\VirTest.exe" | C:\Users\admin\Desktop\VirTest5.0\VirTest.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\UnitFrmOk.dfm | text | |
MD5:07845328D1B5A7309FA14D3B5A502AE2 | SHA256:0A19428DD5627865F909B8D06B4B8D8CE451A43ABB7F18361B1AFCA455860F5E | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\clear.bat | text | |
MD5:9D9A3F39D19AA0427611377A7F1C594F | SHA256:EA000042AC7CE9540555523877C2E9E0CAA83E9C8DA2D1C794065B130EE973ED | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\样本\gui6.0.vir | binary | |
MD5:B751D851B507735D00149B8E8770243A | SHA256:C23399F6E46DDD23849BB1760A671223AABAEC309F0E36633097244205192ECD | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\ico\DelForExp.cfg | binary | |
MD5:6BAA9E9720E3E7E785B2556E648C3657 | SHA256:7B1ED8C6B29478A58685E582DDACA821FE5A3FA75F16F215BA97639E39A927B2 | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\vir\1290BFC7.exe | executable | |
MD5:7C600314586543A0E0BEC0381CCE5D06 | SHA256:05F1A5BBA2D48F0F209C8C1DFCC8D6074E076D7685F12CBB794DC1142A0A3114 | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\UnitFrmMain.dfm | text | |
MD5:F6C390CD32EDE7A18BAF772130BF4FE6 | SHA256:CE7CC51854C4BBE36299E4977441B4A1C32F296DAF086DA940F4D0D7307AA27E | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\VirTest.dpr | text | |
MD5:324CA1C21B1BBDA52365DAE3022B774E | SHA256:0AA254E62FC86FA66C196B6D316401936BA1F4CAACCCCCB16C81A6149FA5D1DB | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\VirTest.res | res | |
MD5:F752534585327BB57D3EF6C9E3846D94 | SHA256:D454C63453F84EA0A065F425C53485759D8E5FFFDDE9F72138AE5C3DE8250CC2 | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\UnitFrmAbout.dfm | text | |
MD5:0CE21593A2BF38147B5F98FF649A99DF | SHA256:6B26E5D52042E68A9AF79B6B41D79D35B4A45BFF552A59D45A69A7195E6DE369 | |||
3012 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3012.35691\VirTest5.0\VirTest5.0.rar | compressed | |
MD5:2BDD61EBE82A904245D6617DB5890314 | SHA256:0D1F3F7858EAD718D0A4440FBA3109970A019EB68304B069A33EEF9D1FA3CA15 |