File name:

Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip.zip

Full analysis: https://app.any.run/tasks/f8a1063b-b7e5-42cf-951a-566e402cff9a
Verdict: Malicious activity
Analysis date: June 18, 2019, 22:04:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

EB864353493275C76AA887A8AA8AAB55

SHA1:

F4DE46D9486EDA5F92262ABBCF37EA82F3AAF12C

SHA256:

925DB90A254A4DA03FA99DB11F72397CCBC1C7ADC8B9F6C79A55FC649ECE84EE

SSDEEP:

196608:8zWXYeqEujwf9KVFU2M8VBdNjHlGSrDKiUtsJYhp2pQ:DpujAMVC2MSPZHL/KiJgP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3360)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 1740)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 2952)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3156)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3132)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 1088)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3484)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 344)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 1000)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3660)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3624)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 1696)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 2676)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 2560)
      • Twitch God 2018 v1.1 (Vip Pro Edition).exe (PID: 3164)

  • SUSPICIOUS

    • Application launched itself

      • WinRAR.exe (PID: 3440)
      • WinRAR.exe (PID: 3608)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2956)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 788
ZipBitFlag: 0x0001
ZipCompression: None
ZipModifyDate: 2019:06:18 23:16:16
ZipCRC: 0x2e61c63d
ZipCompressedSize: 9291882
ZipUncompressedSize: 9291882
ZipFileName: Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
19
Malicious processes
4
Suspicious processes
7

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe no specs winrar.exe no specs winrar.exe twitch god 2018 v1.1 (vip pro edition).exe notepad.exe no specs twitch god 2018 v1.1 (vip pro edition).exe no specs twitch god 2018 v1.1 (vip pro edition).exe no specs twitch god 2018 v1.1 (vip pro edition).exe no specs twitch god 2018 v1.1 (vip pro edition).exe no specs twitch god 2018 v1.1 (vip pro edition).exe no specs twitch god 2018 v1.1 (vip pro edition).exe no specs twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe twitch god 2018 v1.1 (vip pro edition).exe

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2956.4279\settings.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
344"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8062\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8062\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.8062\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
1000"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8136\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8136\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.8136\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1088"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.7950\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.7950\Twitch God 2018 v1.1 (Vip Pro Edition).exeWinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.7950\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1696"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8098\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8098\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.8098\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1740"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.3567\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.3567\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.3567\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2560"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8393\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8393\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.8393\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2676"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8328\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.8328\Twitch God 2018 v1.1 (Vip Pro Edition).exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.8328\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2952"C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.7875\Twitch God 2018 v1.1 (Vip Pro Edition).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2956.7875\Twitch God 2018 v1.1 (Vip Pro Edition).exeWinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.BabaTools.com
Integrity Level:
MEDIUM
Description:
Twitch God 2018 v1.1 (Vip Pro Edition)
Exit code:
4294967295
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2956.7875\twitch god 2018 v1.1 (vip pro edition).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2956"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3440.2990\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar"C:\Program Files\WinRAR\WinRAR.exe
WinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
5 291
Read events
5 188
Write events
103
Delete events
0

Modification events

(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3608) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip.zip
(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3608) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
Executable files
182
Suspicious files
1
Text files
62
Unknown types
0

Dropped files

PID
Process
Filename
Type
3440WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3440.2990\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar
MD5:
SHA256:
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3440.2990\__rar_2956.7208
MD5:
SHA256:
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3440.2990\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.bak2956.7211
MD5:
SHA256:
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3440.2990\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar
MD5:
SHA256:
3608WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3608.1162\Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zipcompressed
MD5:
SHA256:
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa2956.4279\settings.txttext
MD5:
SHA256:
296NOTEPAD.EXEC:\Users\admin\AppData\Local\Temp\Rar$DIa2956.4279\settings.txttext
MD5:
SHA256:
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2956.3567\settings.txttext
MD5:
SHA256:
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2956.3567\Lizenz-Deutsch.txttext
MD5:4A916074230757545A519A59E19106D0
SHA256:F6192E1CF939F09F340F6923E78450416C92861CA7987B5AE07E4A75915BD909
2956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2956.3567\vccorlib110.dllexecutable
MD5:2AEB4F8E2BD49FA46E7FCA142A1003A8
SHA256:F5F635C0CF8252B81C8283AE7063E5BDBC7D608EE8798EC6064707B489339D5D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
9
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1740
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3164
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
2560
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
1000
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
2676
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3660
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
3624
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
1696
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
344
Twitch God 2018 v1.1 (Vip Pro Edition).exe
GET
200
173.254.28.147:80
http://www.babatools.com/pool.txt
US
text
4 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1740
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3164
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
2560
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
2676
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3660
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
1696
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
344
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
3624
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious
1000
Twitch God 2018 v1.1 (Vip Pro Edition).exe
173.254.28.147:80
www.babatools.com
Unified Layer
US
malicious

DNS requests

Domain
IP
Reputation
www.babatools.com
  • 173.254.28.147
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Twitch God 2018 v1.2 (Vip Pro Edition) - Nulled.to - isssrrrraaaa.rar.zip.zip