File name:

WinRAR.v4.11_KEYGEN-FFF.zip

Full analysis: https://app.any.run/tasks/028f08cb-09d9-4978-bfbc-b932d97c8c28
Verdict: Malicious activity
Analysis date: March 10, 2018, 20:05:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

8DD551330006BD18441479067A424396

SHA1:

86DCFF4292C0829552195A8DA25E26998ED727C1

SHA256:

A12BFEAC7D8D511A4BB8E8B8F7533ECE66F9F0D3CE714CF55ABF4D3960B6279F

SSDEEP:

6144:Oa251so+oc8sNFP7t+TeQZxyLdl0xXrTl:Oz1Coc8sD70Tnx6dl0xXfl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • WinRAR.v4.11_KEYGEN-FFF.exe (PID: 2196)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: Deflated
ZipModifyDate: 2012:05:06 14:21:03
ZipCRC: 0xf88789dd
ZipCompressedSize: 218550
ZipUncompressedSize: 220672
ZipFileName: WinRAR.v4.11_KEYGEN-FFF.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start 7zfm.exe winrar.v4.11_keygen-fff.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2196"C:\Users\admin\AppData\Local\Temp\7zO43BED822\WinRAR.v4.11_KEYGEN-FFF.exe" C:\Users\admin\AppData\Local\Temp\7zO43BED822\WinRAR.v4.11_KEYGEN-FFF.exe7zFM.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\7zo43bed822\winrar.v4.11_keygen-fff.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
2868"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\admin\AppData\Local\Temp\WinRAR.v4.11_KEYGEN-FFF.zip"C:\Program Files\7-Zip\7zFM.exe
explorer.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip File Manager
Exit code:
0
Version:
16.04
Modules
Images
c:\program files\7-zip\7zfm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
946
Read events
871
Write events
73
Delete events
2

Modification events

(PID) Process:(2868) 7zFM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2868) 7zFM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
Operation:writeName:MRUListEx
Value:
FFFFFFFF
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
02000000010000000900000000000000080000000300000006000000070000000500000004000000FFFFFFFF
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
Operation:writeName:MRUListEx
Value:
000000000200000001000000FFFFFFFF
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg
Operation:writeName:TV_FolderType
Value:
{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg
Operation:writeName:TV_TopViewID
Value:
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg
Operation:writeName:TV_TopViewVersion
Value:
0
(PID) Process:(2196) WinRAR.v4.11_KEYGEN-FFF.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\8F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
28687zFM.exeC:\Users\admin\AppData\Local\Temp\7zO43BED822\WinRAR.v4.11_KEYGEN-FFF.exeexecutable
MD5:
SHA256:
2196WinRAR.v4.11_KEYGEN-FFF.exeC:\Users\admin\Desktop\rarreg.keytext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinRAR.v4.11_KEYGEN-FFF.zip