File name:

X2-Software.rar

Full analysis: https://app.any.run/tasks/daba9d70-59c2-478d-9846-2e084f6ae847
Verdict: Malicious activity
Analysis date: November 11, 2019, 07:37:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

572B5FDFCE2EB377BCA06298A55BE9F8

SHA1:

A201CA0F2E4BD82EE71BD85B247FAABD6DCBB938

SHA256:

879450B2A8141AB47163256D736257C5AFFBE674634CD3F71BF14D4336BE79B3

SSDEEP:

98304:lMugZDX1eGNWknTkKVPPGQAkEjum+Pwmhf8J7:2uggknY23GiCg4KfC7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3416)
      • X2soft.exe (PID: 4072)

    • Application was dropped or rewritten from another process

      • X2soft.exe (PID: 4072)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1812)

  • INFO

    • Manual execution by user

      • X2soft.exe (PID: 4072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs x2soft.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1812"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\X2-Software.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3416"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
4072"C:\Users\admin\Desktop\X2-Software\X2soft.exe" C:\Users\admin\Desktop\X2-Software\X2soft.exeexplorer.exe
User:
admin
Company:
<X2 ICQ: 652228289>
Integrity Level:
MEDIUM
Description:
<X2>
Exit code:
2
Version:
1.1.0.1
Modules
Images
c:\users\admin\desktop\x2-software\x2soft.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\x2-software\sqlite3.dll
c:\windows\system32\msvcrt.dll
c:\users\admin\desktop\x2-software\globalplatform.dll
c:\users\admin\desktop\x2-software\zlib1.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
790
Read events
769
Write events
21
Delete events
0

Modification events

(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1812) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\X2-Software.rar
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
8
Suspicious files
4
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\X2.pdb
MD5:
SHA256:
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\Bin.dbsqlite
MD5:
SHA256:
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\sqlite3.dllexecutable
MD5:2DB34C7D07707168429B0B2633FF75C0
SHA256:B645921E5D6EF89A1899D5CDE3F3A54CAEC9280416290922C9D3638D3ECF49AB
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\zlib1.dllexecutable
MD5:B8A9E91134E7C89440A0F95470D5E47B
SHA256:42967A768F341D9CE5174EB38A4D63754C3C41739E7D88F4E39CD7354C1FAC71
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\GlobalPlatform.dllexecutable
MD5:4696B9FAE32C96D487DAA887D830261B
SHA256:D516E641E63F4195C374ECEDBEE074C345AF178D703FA0761C990141E056B992
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\X2soft.exeexecutable
MD5:
SHA256:
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\mac.datcompressed
MD5:3709E18B229E3DB113BF5C7863C59DB4
SHA256:9DC70002E82C78EE34C813597925C6CF8AA8D68B7E9CE5BCC70EA9BCAB9DBF4A
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\GPPcScConnectionPlugin.dllexecutable
MD5:D65463FC8A37261B6BF5AFBC4139BDD5
SHA256:789734BBAB7B606E27FAB43F4706250399108DBA98E4428D1B95589DB0A42EA2
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\X2.expexp
MD5:9658F4486DF81E316B74ED4FD729AA44
SHA256:13A2DEEDC0FC750D4221332747DAD7ACB00EA0F02AD4C0361473FB3D82043BDE
1812WinRAR.exeC:\Users\admin\Desktop\X2-Software\MacGyver.capcompressed
MD5:3709E18B229E3DB113BF5C7863C59DB4
SHA256:9DC70002E82C78EE34C813597925C6CF8AA8D68B7E9CE5BCC70EA9BCAB9DBF4A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
X2-Software.rar