analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip.zip

Full analysis: https://app.any.run/tasks/cdd9c933-0cd4-49fc-8439-866fc3ac9f40
Verdict: Malicious activity
Analysis date: June 18, 2019, 21:55:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

EB864353493275C76AA887A8AA8AAB55

SHA1:

F4DE46D9486EDA5F92262ABBCF37EA82F3AAF12C

SHA256:

925DB90A254A4DA03FA99DB11F72397CCBC1C7ADC8B9F6C79A55FC649ECE84EE

SSDEEP:

196608:8zWXYeqEujwf9KVFU2M8VBdNjHlGSrDKiUtsJYhp2pQ:DpujAMVC2MSPZHL/KiJgP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3184)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 4016)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 2180)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3092)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3980)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3688)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3952)
  • SUSPICIOUS

    • Application launched itself

      • WinRAR.exe (PID: 3016)
      • WinRAR.exe (PID: 3140)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3832)
  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 3832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 788
ZipBitFlag: 0x0001
ZipCompression: None
ZipModifyDate: 2019:06:18 23:16:16
ZipCRC: 0x2e61c63d
ZipCompressedSize: 9291882
ZipUncompressedSize: 9291882
ZipFileName: Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
14
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe no specs winrar.exe no specs winrar.exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe

Process information

PID
CMD
Path
Indicators
Parent process
3016"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3140"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3016.49011\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip"C:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3832"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3140.1582\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar"C:\Program Files\WinRAR\WinRAR.exe
WinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2180"C:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
3688"C:\Users\admin\AppData\Local\Temp\Rar$EXa3832.4061\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3832.4061\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
2328"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3832.4617\readme.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2664"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3832.5371\account.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3376"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3832.5745\readme.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2384"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3832.6251\settings.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3980"C:\Users\admin\AppData\Local\Temp\Rar$EXa3832.7062\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3832.7062\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Total events
4 389
Read events
4 302
Write events
0
Delete events
0

Modification events

No data
Executable files
84
Suspicious files
1
Text files
31
Unknown types
0

Dropped files

PID
Process
Filename
Type
3140WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3140.1582\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar
MD5:
SHA256:
3016WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3016.49011\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zipcompressed
MD5:CE0EF1D6B0F5D8536630988B8485A029
SHA256:D1919BB7DA770F0726F019EA935085EFEA1DDF000B4314149A4554BD8D04C956
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\settings.txttext
MD5:930940734DDB28327CF707AAFC15BF92
SHA256:4020C2B8D11A7F19C695FB16863542BE218F4953C32D38FC636E9C6D88BC10D4
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\ssleay32.dllexecutable
MD5:2A3A220A50972A9E78F10B5085204C3D
SHA256:C873C0DF4C854EF4F675DC931820DB2913F640C8D846FDAACB8FBB5EB0CB9AC5
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\platforms\qwindows.dllexecutable
MD5:A9A84F6EB068D561BF34F61216FFF71C
SHA256:8886A5E377EB5470CEB49AFD41D283B764CF74D8227ED40D2308594DE6A57295
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.4061\cudart64_60.dllexecutable
MD5:FAAD9C823EDB11ECEA64C2BA9BEFDC4F
SHA256:C23167C90D7B7B410CD87DB20EADBE46DC13100EF2FE9CE5DB495785AB7734C5
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\libeay32.dllexecutable
MD5:F9ECF79E96560B14FF941DBC9CEE5C0C
SHA256:B3BD997E176870C5E68DB8BA5C0024B80CE93C356C1868C2FBBB83B2CFD5AC4F
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\msvcp110.dllexecutable
MD5:7CAA1B97A3311EB5A695E3C9028616E7
SHA256:27F394AE01D12F851F1DEE3632DEE3C5AFA1D267F7A96321D35FD43105B035AD
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\Lizenz-Deutsch.txttext
MD5:4A916074230757545A519A59E19106D0
SHA256:F6192E1CF939F09F340F6923E78450416C92861CA7987B5AE07E4A75915BD909
3832WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3832.3456\readme.txttext
MD5:FFD3870B864DDD61BF395BCB4656B82E
SHA256:357B2D2F9B2956AE07E2A4DC151CBBD5A406B6CD460BEC3F083F84383826306D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
7
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3184
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3092
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3980
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3688
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
2180
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3952
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
4016
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2180
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3980
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
4016
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3092
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3688
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3952
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3184
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious

DNS requests

Domain
IP
Reputation
www.babatools.com
  • 173.254.28.147
unknown

Threats

No threats detected
No debug info