File name:

BlTools Cracked.rar

Full analysis: https://app.any.run/tasks/5351b638-727b-4c3e-9974-63a160e6deff
Verdict: Malicious activity
Analysis date: June 19, 2022, 11:21:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

6F83819D322329F898D2F11926990FDD

SHA1:

8FD4D5228CC6A58077E49C467AF4099AE1CD3B84

SHA256:

94F3464AB83376C5D68F57EA2BAD349762274353E474B476C2FDAE23CA4F9057

SSDEEP:

24576:J1mzau3Q5JT1bAJCQ940hCqiXr0MSm0y46Tuk1XxmTGIhgWHHZv0diDE8ZV:+zau3MpCCq4i6r0MSm0yx1Xx6hZHHZvx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3628)
      • [Cracked By Grizzly] BLTools.exe (PID: 3868)
      • [Cracked By Grizzly] BLTools.exe (PID: 1248)
      • [Cracked By Grizzly] BLTools.exe (PID: 3696)

    • Application was dropped or rewritten from another process

      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2604)
      • [Cracked By Grizzly] BLTools.exe (PID: 3868)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 3896)
      • [Cracked By Grizzly] BLTools.exe (PID: 3696)
      • [Cracked By Grizzly] BLTools.exe (PID: 1248)

    • Changes the autorun value in the registry

      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2952)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 2952)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2604)
      • [Cracked By Grizzly] BLTools.exe (PID: 3868)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 3896)
      • [Cracked By Grizzly] BLTools.exe (PID: 3696)
      • [Cracked By Grizzly] BLTools.exe (PID: 1248)

    • Reads the computer name

      • WinRAR.exe (PID: 2952)
      • [Cracked By Grizzly] BLTools.exe (PID: 3868)
      • [Cracked By Grizzly] BLTools.exe (PID: 3696)
      • [Cracked By Grizzly] BLTools.exe (PID: 1248)

    • Starts itself from another location

      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)

    • Executable content was dropped or overwritten

      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)
      • WinRAR.exe (PID: 2952)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2952)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)

    • Creates files in the program directory

      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)

  • INFO

    • Manual execution by user

      • [Cracked By Grizzly] BLTools Activator.exe (PID: 2432)
      • [Cracked By Grizzly] BLTools.exe (PID: 3868)
      • [Cracked By Grizzly] BLTools.exe (PID: 3696)
      • [Cracked By Grizzly] BLTools.exe (PID: 1248)
      • [Cracked By Grizzly] BLTools Activator.exe (PID: 3896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
8
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start winrar.exe searchprotocolhost.exe no specs [cracked by grizzly] bltools activator.exe [cracked by grizzly] bltools activator.exe no specs [cracked by grizzly] bltools.exe [cracked by grizzly] bltools.exe [cracked by grizzly] bltools activator.exe no specs [cracked by grizzly] bltools.exe

Process information

PID
CMD
Path
Indicators
Parent process
1248"C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools.exe" C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
3762504530
Version:
1.5.2.0
Modules
Images
c:\users\admin\desktop\bltools cracked\[cracked by grizzly] bltools.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2432"C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools Activator.exe" C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools Activator.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\bltools cracked\[cracked by grizzly] bltools activator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2604"C:\ProgramData\[Cracked By Grizzly] BLTools Activator\[Cracked By Grizzly] BLTools Activator.exe" --runC:\ProgramData\[Cracked By Grizzly] BLTools Activator\[Cracked By Grizzly] BLTools Activator.exe[Cracked By Grizzly] BLTools Activator.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\programdata\[cracked by grizzly] bltools activator\[cracked by grizzly] bltools activator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
2952"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\BlTools Cracked.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3628"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3696"C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools.exe" C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
0
Version:
1.5.2.0
Modules
Images
c:\users\admin\desktop\bltools cracked\[cracked by grizzly] bltools.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3868"C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools.exe" C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
3762504530
Version:
1.5.2.0
Modules
Images
c:\users\admin\desktop\bltools cracked\[cracked by grizzly] bltools.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3896"C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools Activator.exe" C:\Users\admin\Desktop\BlTools Cracked\[Cracked By Grizzly] BLTools Activator.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\bltools cracked\[cracked by grizzly] bltools activator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
1 915
Read events
1 890
Write events
25
Delete events
0

Modification events

(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2952) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\BlTools Cracked.rar
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
6
Suspicious files
0
Text files
4
Unknown types
2

Dropped files

PID
Process
Filename
Type
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\Extreme.Net.libobj
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\Settings.initext
MD5:1EDBCE62BCAB359F0C7104CB690829AF
SHA256:94E21D10F06A353692AF6638835008B80E4581C99DD19EEC68270C0655F7DDEE
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\AlphaFS.libobj
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\ServicesSettings.initext
MD5:B4E59BFE8C3B8976879A8650437874F9
SHA256:6FB6F51FCD89497E2756B3040B75EE7D92052387AD9EFFCE4C0BA5C92B24BBA0
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\AlphaFS.dllexecutable
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\[Cracked By Grizzly] BLTools Activator.exeexecutable
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\Extreme.Net.dllexecutable
MD5:
SHA256:
2432[Cracked By Grizzly] BLTools Activator.exeC:\ProgramData\[Cracked By Grizzly] BLTools Activator\[Cracked By Grizzly] BLTools Activator.exeexecutable
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\Read me.txttext
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2952.35150\BlTools Cracked\[Cracked By Grizzly] BLTools.exeexecutable
MD5:ADBE188BDEB56E9DE21EB22840CB1ECC
SHA256:30634E675EDDB8A0B953DAC342B0B93958809BDAF3577F85A46C4D5D4E3EA539
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BlTools Cracked.rar