File name:

SLAYER Leecher v0.5.rar

Full analysis: https://app.any.run/tasks/0752bdf7-40f0-44b0-8c77-bf59ca7fe5df
Verdict: Malicious activity
Analysis date: November 23, 2023, 07:50:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

6184623C476C51873E9A4000F5B8E764

SHA1:

23AADDBD0DCB51649ECE1180C8BD7EF72808459D

SHA256:

8E1EAE6ECAB72EC20C3AA1E90E4C670E2BA32AB0A34B4E386B1254299D44BB32

SSDEEP:

49152:U3kknrx44E13BuhnrXG1hb5aFZEeWmdTq2cde5tsbqtySFwGMyIvOjkdm6YAZQb9:zyx44E9BAGrbcIeWmdTttsbE27FvDd1I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

  • SUSPICIOUS

    • Reads the Internet Settings

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

    • Reads settings of System Certificates

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

  • INFO

    • Checks supported languages

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

    • Reads the computer name

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3372)

    • Reads the machine GUID from the registry

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

    • Creates files or folders in the user directory

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)

    • Reads Environment values

      • SLAYER Leecher v0.5 By X-SLAYER.exe (PID: 3508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

MPEG

MPEGAudioVersion: 2
AudioLayer: 3
AudioBitrate: 48 kbps
SampleRate: 16000
ChannelMode: Single Channel
MSStereo: On
IntensityStereo: On
CopyrightFlag: -
OriginalMedia: -
Emphasis: 50/15 ms

Composite

Duration: 0:03:13 (approx)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs slayer leecher v0.5 by x-slayer.exe

Process information

PID
CMD
Path
Indicators
Parent process
3372"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SLAYER Leecher v0.5.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3508"C:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\SLAYER Leecher v0.5 By X-SLAYER.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\SLAYER Leecher v0.5 By X-SLAYER.exe
WinRAR.exe
User:
admin
Company:
Iheb Briki
Integrity Level:
MEDIUM
Description:
SLAYER Leecher
Exit code:
0
Version:
0.4.1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3372.34870\slayer leecher v0.5\slayer leecher v0.5 by x-slayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
4 256
Read events
4 217
Write events
39
Delete events
0

Modification events

(PID) Process:(3372) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3372) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
4
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3372WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\Keywords & Regex\Keywords.txttext
MD5:47A04EDE025EA68051E15A4139F393EA
SHA256:1F0DC0620FC73DA35873F759DA3D7A1CCC75EBE2597DE44C135E3DD35B29CDE2
3372WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\Keywords & Regex\Regex List.rtftext
MD5:31025A21B63C80C8C235B28BB03F04BE
SHA256:888C359087D562D7790A027C49B764B09254A49B1C4565F481E8BE3B4274482B
3372WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\SkinSoft.VisualStyler.dllexecutable
MD5:2D84A619D4BD339F860CB48AF0C9B6C8
SHA256:365FFDE7DF914840EB21C96F34C39912A4B031E3814B8E902B67ACEE6DFF65A1
3372WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\xNet.dllexecutable
MD5:3DF8D87A482EFAD957D83819ADB3020F
SHA256:2AC175B4D44245EE8E7AEE9CC36DF86925EF903D8516F20A2C51D84E35F23DA4
3508SLAYER Leecher v0.5 By X-SLAYER.exeC:\Users\admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x86\ssapihook.dllexecutable
MD5:D7F644C06B4CDE60651D02AED6B4174D
SHA256:A99EA2F5759B34859B484AFA3A58CE82A7F3BF792886A6C838DB852D517D9C0D
3372WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\SLAYER Leecher v0.5 By X-SLAYER.exeexecutable
MD5:B6D2A0E9584D3F7AE696AC83FC94713E
SHA256:54BA0C1FB0E81FA1F796531AE506FD184DEA10628AB9F35AB9066DF86B43C3A6
3372WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3372.34870\SLAYER Leecher v0.5\READ THIS PLZ !!.rtftext
MD5:2190677D3726AC9F17CBCBF508429063
SHA256:5E687D8F017DFD179B50860B431BC0B5B7F2CCCDA3DCB5C1EE1E26A8A44BBBA5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3508
SLAYER Leecher v0.5 By X-SLAYER.exe
104.20.68.143:443
pastebin.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
pastebin.com
  • 104.20.68.143
  • 172.67.34.170
  • 104.20.67.143
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SLAYER Leecher v0.5.rar