analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

superscan3.zip

Full analysis: https://app.any.run/tasks/1e639e65-83de-4645-ae14-60e687ebe973
Verdict: Malicious activity
Analysis date: October 29, 2019, 11:55:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

F90B0E30C0BD15279210F6D0E33A4C48

SHA1:

7AAFDF9E5724DE529D0F773448BFD01953954A65

SHA256:

852A2BCB7D358A9354BB80D5B360372693A454345F4ACA7659DAC95B1C36CC19

SSDEEP:

3072:d2P4Qe3HOpTaW4xMRS2cxbfJSP8DMRCK18KqNgxi9odmOqGFPKCbC/Ia0bbz+5YS:d+2OIhP2kbfJU8DtAxstO7FNbCobbzDS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • superscan.exe (PID: 1552)
      • ws2check.exe (PID: 3768)
      • superscan.exe (PID: 2136)
      • scanner.exe (PID: 1160)

  • SUSPICIOUS

    • Creates files in the program directory

      • superscan.exe (PID: 2136)

    • Executable content was dropped or overwritten

      • superscan.exe (PID: 2136)

  • INFO

    • Manual execution by user

      • superscan.exe (PID: 2136)
      • superscan.exe (PID: 1552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: superscan.exe
ZipUncompressedSize: 251532
ZipCompressedSize: 245287
ZipCRC: 0x8b60300e
ZipModifyDate: 2010:10:01 12:36:09
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs superscan.exe no specs superscan.exe ws2check.exe no specs scanner.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1296"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\superscan3.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
1552"C:\Users\admin\Desktop\superscan.exe" C:\Users\admin\Desktop\superscan.exeexplorer.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
MEDIUM
Description:
PackageForTheWeb Stub
Exit code:
3221226540
Version:
2.02.001
Modules
Images
c:\users\admin\desktop\superscan.exe
c:\systemroot\system32\ntdll.dll
2136"C:\Users\admin\Desktop\superscan.exe" C:\Users\admin\Desktop\superscan.exe
explorer.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
PackageForTheWeb Stub
Exit code:
0
Version:
2.02.001
Modules
Images
c:\users\admin\desktop\superscan.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
3768"C:\Program Files\SuperScan\ws2check.exe"C:\Program Files\SuperScan\ws2check.exesuperscan.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\superscan\ws2check.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1160"C:\Program Files\SuperScan\scanner.exe" C:\Program Files\SuperScan\scanner.exews2check.exe
User:
admin
Company:
Foundstone Inc.
Integrity Level:
HIGH
Description:
SuperScan
Version:
3, 0, 0, 0
Modules
Images
c:\program files\superscan\scanner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
519
Read events
507
Write events
12
Delete events
0

Modification events

(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1296) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\superscan3.zip
(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1296) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3768) ws2check.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3768) ws2check.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
2
Suspicious files
1
Text files
5
Unknown types
1

Dropped files

PID
Process
Filename
Type
1296WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1296.18263\superscan.exe
MD5:
SHA256:
2136superscan.exeC:\Program Files\SuperScan\scanner.lsttext
MD5:16118E510F5ED223E097897FB23E2D03
SHA256:CC94555AB3CBA9FD37F711066EBD5F816FB7DB99F2A1C716A9D0CF15F81D0508
2136superscan.exeC:\Program Files\SuperScan\hensss.lsttext
MD5:02DADE2F049AAF7A04414045B6FC9FE0
SHA256:F9C4FAC88626E7C2C9EC5F20EBA4A00206BEC1845B9F79034D8405BD7D62B221
2136superscan.exeC:\Program Files\SuperScan\scanner.cnttext
MD5:5C6CC893670D45007D78A10B6A6D4C17
SHA256:89D46F4D6E25FF9543755DDDC5DCB9F6D0A5387A108FB4DAD9D59E7CB25141F8
2136superscan.exeC:\Program Files\SuperScan\trojans.lsttext
MD5:DAFFFEE97BC12CFA9AFEA9302420F24C
SHA256:C8F0EE711E292C1AF6DA373C5F889CE1EC02774E1C379E6A57433692FEA96959
2136superscan.exeC:\Program Files\SuperScan\scanner.initext
MD5:8ACAFF1FEC4A06B8C8A2E923B13CCD7E
SHA256:F27406224EADB67B86ADB2BD73BFFB8AD95060F12D96B20DFBEAB0E1E3167AC0
2136superscan.exeC:\Program Files\SuperScan\scanner.hlphlp
MD5:8CE1E5E6055FB0041B201D7B09156487
SHA256:D55BE44500959711452D4AE88032E708F4D3AA10A3D2A8C68148E45EF0C05DCA
2136superscan.exeC:\Program Files\SuperScan\ws2check.exeexecutable
MD5:E00FB6A3D285FF3ED482A5748E51BAA5
SHA256:15CF248082298F6770B847744D13BFE0FD1A696B20FD80AFFB1B55EAAE917B97
2136superscan.exeC:\Users\admin\AppData\Local\Temp\pft3F70~tmp\pftw1.pkgcompressed
MD5:C481D93FF0653144CEC573484AD6FC92
SHA256:792E6FABF87AF7DB9C186CDB35BB055B3194F871C92C265EFBBB80A6CF82A508
2136superscan.exeC:\Program Files\SuperScan\scanner.exeexecutable
MD5:5C7050E14E090C71B3373AEB2EE13914
SHA256:AFA241787FDE424249C8B445B1D66F40DE8B08BC7BED7BEF97C1FEC4B069E53B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
superscan3.zip