analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

Havij-v1.16-Pro-Portable-_ed.7z

Full analysis: https://app.any.run/tasks/83b2c8b5-7109-48a5-ad15-8d238053691e
Verdict: Malicious activity
Analysis date: November 08, 2018, 14:52:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.3
MD5:

8110374F1B2BB8208C364B09DA10F067

SHA1:

5CB04D950D222769AAF90139E284B45A8BD994B5

SHA256:

8B3BF9ADD68356B4B7141A75C5A314B5713E354D9E696BF344A4F59B1931A0AE

SSDEEP:

98304:rI58g3QgN5AmMA9OAE+tJ7qhmlz1APwIe1qsfSKSHKWO91W:858QQgN5nr9Ek+hmV1APw6sfSKu/EW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe (PID: 3700)
      • Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe (PID: 3712)
      • Havij.exe (PID: 1336)

    • Application was dropped or rewritten from another process

      • Havij.exe (PID: 1336)
      • Havij_Load.exe (PID: 2796)

  • SUSPICIOUS

    • Creates files in the Windows directory

      • Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe (PID: 3700)

    • Executable content was dropped or overwritten

      • Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe (PID: 3700)
      • Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe (PID: 3712)

    • Low-level read access rights to disk partition

      • Havij.exe (PID: 1336)

    • Creates files in the user directory

      • Havij.exe (PID: 1336)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (gen) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs havij v1.16 pro portable cracked by service manual [ aore team ].exe havij v1.16 pro portable cracked by service manual [ aore team ].exe havij_load.exe no specs havij.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
700"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Havij-v1.16-Pro-Portable-_ed.7z"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3712"C:\Users\admin\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe" C:\Users\admin\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
3700"C:\Users\admin\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe" C:\Users\admin\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
2796C:\Windows\system32\HavijPro\Havij_Load.exeC:\Windows\system32\HavijPro\Havij_Load.exeHavij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
1336"C:\Windows\system32\HavijPro\Havij.exe" C:\Windows\system32\HavijPro\Havij.exeHavij_Load.exe
User:
admin
Company:
ITSecTeam
Integrity Level:
HIGH
Description:
Advanced SQL Injection Tool
Version:
1.16
Total events
2 093
Read events
1 471
Write events
0
Delete events
0

Modification events

No data
Executable files
9
Suspicious files
0
Text files
7
Unknown types
2

Dropped files

PID
Process
Filename
Type
700WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa700.31675\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe
MD5:
SHA256:
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Windows\system32\HavijPro\Read Me.txttext
MD5:11EC6EB7965B25EF6E909FC33B521D8C
SHA256:A85824CF8BF32C3D2440D9F32C8906A7C665FF607F9F227CD5F2D7224FB9ADA2
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Windows\system32\Mswinsck.ocxexecutable
MD5:E8A2190A9E8EE5E5D2E0B599BBF9DDA6
SHA256:80AB0B86DE58A657956B2A293BD9957F78E37E7383C86D6CD142208C153B6311
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Windows\system32\HavijPro\Havij_Load.exeexecutable
MD5:C54226211F2A5C979BA14B7B8D3C6B3A
SHA256:AB1A59FC8991B7A4372B68AF0415D20C27E6A1DE5C15F701D55ADBC8E837B399
3712Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Users\admin\AppData\Local\Temp\IRANTK.INFOexecutable
MD5:0DAB1380431FF8A5BFE52797D4240DA8
SHA256:9E5453882DF10F54E8E9F8CFDFB99D919654479665D17F589DBC3D8622C0E256
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Windows\system32\HavijPro\Help.chmchm
MD5:D22FD197CB0F86058A4CC1E7BC712EF1
SHA256:FD3AFCE9F48E0E18601864F53FE996FA34F1B261E2B0E3B5ED3CCFA78D565F96
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Windows\system32\RICHTX32.OCXexecutable
MD5:722435BA4D18F1704B43E823A12E489A
SHA256:7D59A8CC7A5C16B3B0E0E67C65CF98C45158909F95CA3A5C96B946FDEE42C095
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\Windows\system32\HavijPro\columns.txttext
MD5:D728B72F71468FCC57E3560D74972DFB
SHA256:55589AB69216A8D9A1AA175255EB03BC90B4B8FAFFB469893FBFBA677C06313F
3700Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exeC:\users\admin\appdata\local\temp\REG-SM-AoRE.bmpimage
MD5:618EF93D12F1C201313F3E9DF0D34C2C
SHA256:0DE8FBD0686F6434F03DCB7EF2ED622980902D495E7483105F2ABB8318C8303C
1336Havij.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\699c4b9cdebca7aaea5193cae8a50098_90059c37-1320-41a4-b58d-2b75a9850d2fdbf
MD5:5B63D4DD8C04C88C0E30E494EC6A609A
SHA256:4D93C22555B3169E5C13716CA59B8B22892C69B3025AEA841AFE5259698102FD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Havij-v1.16-Pro-Portable-_ed.7z