File name:

UFS Explorer Professional Recovery 8.2.0.5670.rar

Full analysis: https://app.any.run/tasks/bb87b6d3-e2ae-42bd-a11e-66b384bcdb98
Verdict: Malicious activity
Analysis date: May 15, 2021, 14:00:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

4BC35D4F9B8DD7C9E01328B5B0CBD991

SHA1:

7AD65CBF303C5544D3EB10B7A9FB38F0AC485A3E

SHA256:

90FA454B3C8718CA5EE9D44CC6ACE16D5DF233D81BA0F80AF11B5B36E106BEAC

SSDEEP:

196608:nywSkq7bkW9+eHhfkDI4pUMWvNYAe/hkQMakYN6DxJPYojELqNZ35nTSQOvEjPw+:rSz8teNFEdADrPXEi35nTSV0dX7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • patch.exe (PID: 1704)
      • patch.exe (PID: 2948)
      • ufsxpci.exe (PID: 3896)
      • ufsxpci.exe (PID: 3668)
      • ufs-explorer-pro.exe (PID: 2656)
      • softmanager.exe (PID: 3100)
      • ufs-explorer-pro.exe (PID: 2104)
      • patch.exe (PID: 2660)
      • patch.exe (PID: 2204)
      • patch.exe (PID: 2756)
      • ufsxpci.exe (PID: 2688)
      • patch.exe (PID: 2916)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 3356)

  • SUSPICIOUS

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 1504)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 1504)
      • ufsxpci.exe (PID: 3668)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1504)
      • ufsxpci.exe (PID: 3668)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 3356)

    • Creates a directory in Program Files

      • ufsxpci.exe (PID: 3668)

    • Creates files in the program directory

      • ufsxpci.exe (PID: 3668)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 3356)

    • Creates a software uninstall entry

      • ufsxpci.exe (PID: 3668)

    • Creates files in the user directory

      • ufs-explorer-pro.exe (PID: 2656)

    • Low-level read access rights to disk partition

      • ufs-explorer-pro.exe (PID: 2656)

  • INFO

    • Manual execution by user

      • WinRAR.exe (PID: 1504)
      • patch.exe (PID: 1704)
      • patch.exe (PID: 2948)
      • ufsxpci.exe (PID: 3668)
      • ufsxpci.exe (PID: 3896)
      • patch.exe (PID: 2660)
      • ufsxpci.exe (PID: 2688)
      • patch.exe (PID: 2756)
      • ufs-explorer-pro.exe (PID: 2104)
      • patch.exe (PID: 2916)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 3356)
      • patch.exe (PID: 2204)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
73
Monitored processes
16
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs winrar.exe patch.exe no specs patch.exe ufsxpci.exe no specs ufsxpci.exe ufs-explorer-pro.exe no specs softmanager.exe patch.exe no specs patch.exe ufsxpci.exe no specs ufs-explorer-pro.exe no specs patch.exe no specs patch.exe patch.exe no specs patch.exe

Process information

PID
CMD
Path
Indicators
Parent process
1504"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\UFS Explorer Professional Recovery 8.2.0.5670.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1704"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
2104"C:\Program Files\Data Recovery\ufs-explorer-pro.exe" C:\Program Files\Data Recovery\ufs-explorer-pro.exeexplorer.exe
User:
admin
Company:
LLC SysDev Laboratories
Integrity Level:
MEDIUM
Description:
UFS Explorer Professional Recovery
Exit code:
3221226540
Version:
8.2.0.5669
Modules
Images
c:\program files\data recovery\ufs-explorer-pro.exe
c:\systemroot\system32\ntdll.dll
2204"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
2396"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\UFS Explorer Professional Recovery 8.2.0.5670.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2656"C:\Program Files\Data Recovery\ufs-explorer-pro.exe" C:\Program Files\Data Recovery\ufs-explorer-pro.exeufsxpci.exe
User:
admin
Company:
LLC SysDev Laboratories
Integrity Level:
HIGH
Description:
UFS Explorer Professional Recovery
Exit code:
0
Version:
8.2.0.5669
Modules
Images
c:\program files\data recovery\ufs-explorer-pro.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2660"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
2688"C:\Users\admin\Desktop\ufsxpci.exe" C:\Users\admin\Desktop\ufsxpci.exeexplorer.exe
User:
admin
Company:
LLC SysDev Laboratories
Integrity Level:
MEDIUM
Description:
UFS Explorer Professional Recovery
Exit code:
3221226540
Version:
8.2.0.5670
Modules
Images
c:\users\admin\desktop\ufsxpci.exe
c:\systemroot\system32\ntdll.dll
2756"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
2916"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
Total events
3 478
Read events
2 858
Write events
613
Delete events
7

Modification events

(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2396) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\UFS Explorer Professional Recovery 8.2.0.5670.rar
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
8
Suspicious files
10
Text files
1
Unknown types
2

Dropped files

PID
Process
Filename
Type
3668ufsxpci.exeC:\Program Files\Data Recovery\ufs-explorer-pro.exe.tmp
MD5:
SHA256:
3668ufsxpci.exeC:\Program Files\Common Files\SysDev Laboratories\softmanager.exe.tmp
MD5:
SHA256:
3668ufsxpci.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysDev Laboratories\Software Packages management.lnklnk
MD5:
SHA256:
1504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1504.12201\readme.txttext
MD5:
SHA256:
1504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1504.12201\ufsxpci.exeexecutable
MD5:
SHA256:
1504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1504.12201\Crack_Patch\patch.rarcompressed
MD5:
SHA256:
3668ufsxpci.exeC:\Program Files\Data Recovery\ufs-explorer-pro.exeexecutable
MD5:
SHA256:
3668ufsxpci.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Recovery\UFS Explorer Professional Recovery.lnklnk
MD5:
SHA256:
3668ufsxpci.exeC:\ProgramData\SysDev Laboratories\sdl\installbinary
MD5:
SHA256:
2656ufs-explorer-pro.exeC:\Users\admin\AppData\Roaming\SysDev Laboratories\sdl\updatesbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3100
softmanager.exe
31.28.161.98:80
www.sysdevlabs.com
7heaven LLC
UA
unknown

DNS requests

Domain
IP
Reputation
www.sysdevlabs.com
  • 31.28.161.98
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UFS Explorer Professional Recovery 8.2.0.5670.rar