File name:

ida-pro-keygen.zip

Full analysis: https://app.any.run/tasks/258d7bd1-4c51-4440-ba02-6746dcc2efe4
Verdict: Malicious activity
Analysis date: May 16, 2023, 17:55:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

6D09767F95B113001291539AA5CF3846

SHA1:

B31BB29801CD465ADD6C3F52415C56EA00CC5AE4

SHA256:

B2B66F0AC642BAC85AF44C6BB0C471F3A8E6C95CA78E441F5E66A6B5C4646DC2

SSDEEP:

6144:1+crC9Tlu8grH9cSPzDlKJnW3W9Qm7ylA+ZXS:1+O+yHqSPYA3WB7ylS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ida_key.exe (PID: 3608)
      • anon_idb.exe (PID: 2624)
      • patch_ida.exe (PID: 2180)
      • patch_ida.exe (PID: 4092)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • anon_idb.exe (PID: 2624)
      • ida_key.exe (PID: 3608)
      • patch_ida.exe (PID: 2180)

    • Manual execution by a user

      • anon_idb.exe (PID: 2624)
      • ida_key.exe (PID: 3608)
      • patch_ida.exe (PID: 2180)
      • notepad.exe (PID: 2692)
      • patch_ida.exe (PID: 4092)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: IDA-Pro-KeyGen/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2019:01:17 01:24:50
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe anon_idb.exe no specs ida_key.exe no specs patch_ida.exe no specs patch_ida.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2180"C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\ida-pro-keygen\patch_ida.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
2624"C:\Users\admin\Desktop\IDA-Pro-KeyGen\anon_idb.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\anon_idb.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
Modules
Images
c:\users\admin\desktop\ida-pro-keygen\anon_idb.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
2692"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\IDA-Pro-KeyGen\README.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3608"C:\Users\admin\Desktop\IDA-Pro-KeyGen\ida_key.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\ida_key.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\ida-pro-keygen\ida_key.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
3944"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\ida-pro-keygen.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
4092"C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\ida-pro-keygen\patch_ida.exe
c:\windows\system32\ntdll.dll
Total events
979
Read events
960
Write events
19
Delete events
0

Modification events

(PID) Process:(3944) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3944) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
4
Suspicious files
3
Text files
14
Unknown types
0

Dropped files

PID
Process
Filename
Type
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\md5.htext
MD5:C5BBD6D9186B4444B99109BCD9E7E6AE
SHA256:FB936CF1E3BF447E4DA9350D1C35E0AA24CFF05C70921CF3F0F7B8C51AA87CBD
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\bigint.htext
MD5:A9799CE9903C107D2D33E3BC0A114EEF
SHA256:1D9C9CCAC0768DB6DFA7AC77F22CC3DC25776305B74BB14E3C70A0C0A0F2E633
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\base64.ctext
MD5:7B02F8A3826312BF9616DB31E373850F
SHA256:B55764E71A30C63887B12F524A046F33C385F6A24CAD93164F972F77549DD6C7
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\bigint.ctext
MD5:B22EA49405B6BBFBC39E8F73614E481B
SHA256:BD57D73544BFB72A83E662F32231CEF7587CD73166C93D02CC986D1E3AA2DD01
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\ida_key.exeexecutable
MD5:59D683AAFB8D1FD2ACE9D6D09290602F
SHA256:04E6520C0A12C2EBBC26E9E0E793E11E82B6B3D5EF40B2AC945153EDA2AC2B2E
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\Makefiletext
MD5:451D1E7003AB55731CD313992F51ACF6
SHA256:2661C80ACFAEEED1290029C0820B23A270181281F8662DDFDB60E96159296A01
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\ida_keybinary
MD5:DD959A3DAA400CF6EAB1D51A951B2A0D
SHA256:952F80A427D6F431C2E787F37C3E6E98DA0B56E968CF38A397AAE1636998D756
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\patch_idabinary
MD5:F7DB0071D81D4F3EAB387A96998A3ACC
SHA256:27AF0CA5674898A99EF2506C98A0FC22719E463A7E67EA41E437109F0F7C439B
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\patch_ida.ctext
MD5:3929C1FBAE516D97AE8DC16D6C845B83
SHA256:3CB18CFD1EFE6153470B9F129F80E1DE2CD04CF93E15A37C643F43C2166A945C
3944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3944.23357\IDA-Pro-KeyGen\src\md5.ctext
MD5:517F124FB4D2895404A4DBF5A934D505
SHA256:68100E08FBE267738EA1853618F5433AEBC381FE36DC47136F25E730001C9958
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1076
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3404
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ida-pro-keygen.zip