File name:

adobe.snr.patch.v2.0-painter.zip

Full analysis: https://app.any.run/tasks/d53c12f8-ad20-49eb-abc6-417ee36e5758
Verdict: Malicious activity
Analysis date: April 14, 2020, 03:07:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

4ED23E6F5520F290CE5C91C515313902

SHA1:

D8CD9355EA54BF27C3665EAAF2C5BD32C664B27D

SHA256:

81804246C3D365A9D8BCBBA34D4D5C401D17CCA988B93A53B6E90B86C2CD6D3F

SSDEEP:

12288:cmr99NVzVbgZRK1Lq+RCIYPxfqsgo/4H1WYcmMC+BsEjf8Xda02xmKp:cmDdEH+bYPljgo/8kvso8XdkkKp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • adobe.snr.patch.v2.0-painter.exe (PID: 2436)

    • Application was dropped or rewritten from another process

      • adobe.snr.patch.v2.0-painter.exe (PID: 2436)
      • adobe.snr.patch.v2.0-painter.exe (PID: 1916)

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 3884)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3884)
      • adobe.snr.patch.v2.0-painter.exe (PID: 2436)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2016:12:12 22:22:11
ZipCRC: 0xbcf93708
ZipCompressedSize: 807
ZipUncompressedSize: 1880
ZipFileName: changelog.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe adobe.snr.patch.v2.0-painter.exe no specs adobe.snr.patch.v2.0-painter.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1916"C:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\adobe.snr.patch.v2.0-painter.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\adobe.snr.patch.v2.0-painter.exeWinRAR.exe
User:
admin
Company:
PainteR
Integrity Level:
MEDIUM
Description:
Universal Adobe Patcher
Exit code:
3221226540
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3884.48409\adobe.snr.patch.v2.0-painter.exe
c:\systemroot\system32\ntdll.dll
2436"C:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\adobe.snr.patch.v2.0-painter.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\adobe.snr.patch.v2.0-painter.exe
WinRAR.exe
User:
admin
Company:
PainteR
Integrity Level:
HIGH
Description:
Universal Adobe Patcher
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3884.48409\adobe.snr.patch.v2.0-painter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2752"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3884.689\Readme.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3884"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\adobe.snr.patch.v2.0-painter.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
959
Read events
889
Write events
69
Delete events
1

Modification events

(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3884) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\adobe.snr.patch.v2.0-painter.zip
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3884) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:@C:\Windows\system32\msinfo32.exe,-10001
Value:
System Information File
(PID) Process:(3884) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
2
Suspicious files
0
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
3884WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\Readme.txttext
MD5:
SHA256:
3884WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\file_id.diztext
MD5:5DCCE195DB29635777AE84D6C18DBA9C
SHA256:93596DE1286A819BF599D48A774B59F82F4FF0428A53813B12D847B36D41B236
3884WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\adobe.snr.patch.v2.0-painter.exeexecutable
MD5:B31679DB7DB878992B4553290A9E6C7C
SHA256:256C2A409C97448D168F3EB1BFB89AF3D259DFC05A510A3F464D8E4B348116D4
3884WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\changelog.txttext
MD5:4B2D5F72CBCF32FB287A4500C746A06D
SHA256:9A42940065A010FA5BA4286B4C68769732C1697E54B81945349EB909CE352D73
3884WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3884.689\Readme.txttext
MD5:
SHA256:
2436adobe.snr.patch.v2.0-painter.exeC:\Users\admin\AppData\Local\Temp\vgm_player.dllexecutable
MD5:47361F2E1CE562953C36C1E3E4509C06
SHA256:C5F76741A5B02C7373A05C13F44B47AF60D130F2B2D1A510E7DF270BD2E4D62A
3884WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3884.48409\painter.nfotext
MD5:F52DB05E737789CB5DDE8E9707864F84
SHA256:C67578B40AB730E7F6950CE8BE64755251B948E7A3D4DE5E6DEDDE77D5ED5984
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adobe.snr.patch.v2.0-painter.zip