General Info

File name

ida-pro-keygen.zip

Full analysis
https://app.any.run/tasks/bd6bcd6c-6677-434d-bafd-5215ad9ca73b
Verdict
Malicious activity
Analysis date
15/01/2022, 03:08:34
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v1.0 to extract
MD5

6d09767f95b113001291539aa5cf3846

SHA1

b31bb29801cd465add6c3f52415c56ea00cc5ae4

SHA256

b2b66f0ac642bac85af44c6bb0c471f3a8e6c95ca78e441f5e66a6b5c4646dc2

SSDEEP

6144:1+crC9Tlu8grH9cSPzDlKJnW3W9Qm7ylA+ZXS:1+O+yHqSPYA3WB7ylS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • patch_ida.exe (PID: 1444)
  • patch_ida.exe (PID: 2340)
  • ida_key.exe (PID: 3484)
  • anon_idb.exe (PID: 2132)
  • innounp.exe (PID: 3776)
Checks supported languages
  • WinRAR.exe (PID: 1256)
  • patch_ida.exe (PID: 2340)
  • innounp.exe (PID: 3776)
  • ida_key.exe (PID: 3484)
  • anon_idb.exe (PID: 2132)
Reads the computer name
  • WinRAR.exe (PID: 1256)
Drops a file with too old compile date
  • WinRAR.exe (PID: 1256)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 1256)
Manual execution by user
  • patch_ida.exe (PID: 1444)
  • patch_ida.exe (PID: 2340)
  • ida_key.exe (PID: 3484)
  • anon_idb.exe (PID: 2132)
  • innounp.exe (PID: 3776)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
10
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2019:01:17 01:24:25
ZipCRC:
0x00000000
ZipCompressedSize:
null
ZipUncompressedSize:
null
ZipFileName:
IDA-Pro-KeyGen/

Screenshots

Processes

Total processes
46
Monitored processes
6
Malicious processes
0
Suspicious processes
2

Behavior graph

+
start winrar.exe patch_ida.exe no specs patch_ida.exe ida_key.exe no specs anon_idb.exe no specs innounp.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1256
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\ida-pro-keygen.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\windows\system32\setupapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dui70.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\duser.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\imageres.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winsta.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\drprov.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll

PID
1444
CMD
"C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe"
Path
C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\ida-pro-keygen\patch_ida.exe

PID
2340
CMD
"C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe"
Path
C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\users\admin\desktop\ida-pro-keygen\patch_ida.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\lpk.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sfc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wininet.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll

PID
3484
CMD
"C:\Users\admin\Desktop\IDA-Pro-KeyGen\ida_key.exe"
Path
C:\Users\admin\Desktop\IDA-Pro-KeyGen\ida_key.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\ida-pro-keygen\ida_key.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll

PID
2132
CMD
"C:\Users\admin\Desktop\IDA-Pro-KeyGen\anon_idb.exe"
Path
C:\Users\admin\Desktop\IDA-Pro-KeyGen\anon_idb.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\users\admin\desktop\ida-pro-keygen\anon_idb.exe
c:\windows\system32\kernelbase.dll

PID
3776
CMD
"C:\Users\admin\Desktop\IDA-Pro-KeyGen\repack\innounp.exe"
Path
C:\Users\admin\Desktop\IDA-Pro-KeyGen\repack\innounp.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Description
InnoUnp - Inno Setup Unpacker
Version
0.47
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\users\admin\desktop\ida-pro-keygen\repack\innounp.exe
c:\windows\system32\comdlg32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\ole32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll

Registry activity

Total events
986
Read events
0
Write events
10
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
1256
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
2
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\ida-pro-keygen.zip
1256
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
1
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip

Files activity

Executable files
4
Suspicious files
0
Text files
14
Unknown types
3

Dropped files

PID
Process
Filename
Type
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\ida_key.exe
executable
MD5: 59d683aafb8d1fd2ace9d6d09290602f
SHA256: 04e6520c0a12c2ebbc26e9e0e793e11e82b6b3d5ef40b2ac945153eda2ac2b2e
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\repack\innounp.exe
executable
MD5: f3086190cc67a075d2bede91805daf3c
SHA256: 0cb5bf67743ad60cc9b1f8ecac3d58af39ea8b405796b44c44dcfadcd2099581
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\patch_ida.exe
executable
MD5: a5d3e910d17cd0f7e5f582e37c27ac1f
SHA256: 47d9a9c06e2bc1c584e4a00f663503bb1468366177fb0a410f46e79856fe0036
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\anon_idb.exe
executable
MD5: a8c1bc24e57867d7afaf0cb396ef4376
SHA256: ef78c88f0eda6ca6a2ccd6639dbfe011f804da5449f399bcb1cfd1dffe185856
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\repack\install_script.iss_dif
text
MD5: b1c7f23bd9f7df5cfaa8294f425d2feb
SHA256: 5f1064f9daf3b36f09f689158eb560ddb7f586649eeefa6f081b5351a3ff0057
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\anon_idb
o
MD5: d4e4bfb91fc91dcc34c854b4c287156d
SHA256: 4ec90fdd475fced8864cc3bfa7883f3b972cd75d30731eed2f0febd35c78c649
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\ida-tmplv6v7.key
text
MD5: 0719978c81fb47017d16dce09131b8fa
SHA256: 51cfa49889a8722df14de961e1e803fc1e9601b28e22c5bbb573a48a1b18b5f8
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\ida-tmplv5.key
text
MD5: 58e93b77f9158dba0f37849b582a11da
SHA256: f2d2f16341f6338dfebd9b91d78fd476a7f97acdca334bb293ca19023b1bcd63
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\README.txt
text
MD5: e9305316b8eb6ff169590d9f6555ad7b
SHA256: d09e5a270b3322ebc102eb007aab6af37ec4ff80468439760b113b8cd3a18bb1
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\anon_idb.c
text
MD5: c785315244f09987e69a2ffcee48478b
SHA256: 7d0bc7a81de11981e5374d8ae66ffcec4b7528f930224ab71eeb7b87509c1fc6
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\ida_key
o
MD5: dd959a3daa400cf6eab1d51a951b2a0d
SHA256: 952f80a427d6f431c2e787f37c3e6e98da0b56e968cf38a397aae1636998d756
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\md5.h
text
MD5: c5bbd6d9186b4444b99109bcd9e7e6ae
SHA256: fb936cf1e3bf447e4da9350d1c35e0aa24cff05c70921cf3f0f7b8c51aa87cbd
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\bigint.h
text
MD5: a9799ce9903c107d2d33e3bc0a114eef
SHA256: 1d9c9ccac0768db6dfa7ac77f22cc3dc25776305b74bb14e3c70a0c0a0f2e633
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\patch_ida
o
MD5: f7db0071d81d4f3eab387a96998a3acc
SHA256: 27af0ca5674898a99ef2506c98a0fc22719e463a7e67ea41e437109f0f7c439b
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\patch_ida.c
text
MD5: 3929c1fbae516d97ae8dc16d6c845b83
SHA256: 3cb18cfd1efe6153470b9f129f80e1de2cd04cf93e15a37c643f43c2166a945c
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\bigint.c
text
MD5: b22ea49405b6bbfbc39e8f73614e481b
SHA256: bd57d73544bfb72a83e662f32231cef7587cd73166c93d02cc986d1e3aa2dd01
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\base64.c
text
MD5: 7b02f8a3826312bf9616db31e373850f
SHA256: b55764e71a30c63887b12f524a046f33c385f6a24cad93164f972f77549dd6c7
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\ida_key.c
text
MD5: 84ee38a90024cd9f0248ce99345cd4d7
SHA256: 3d977e282213342b17313f4dcd333c77898cbe97c04daef7d898416dcbeffef5
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\Makefile
text
MD5: 451d1e7003ab55731cd313992f51acf6
SHA256: 2661c80acfaeeed1290029c0820b23a270181281f8662ddfdb60e96159296a01
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\md5.c
text
MD5: 517f124fb4d2895404a4dbf5a934d505
SHA256: 68100e08fbe267738ea1853618f5433aebc381fe36dc47136f25e730001c9958
1256
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\bigint_impl.h
text
MD5: 43224b50a7b50ab27800665336fba8c2
SHA256: c4c7a964859f16de8ad8ea6054b77cd9682288f4bf76d889c5b879b774d24200

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.