analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

ida-pro-keygen.zip

Full analysis: https://app.any.run/tasks/bd6bcd6c-6677-434d-bafd-5215ad9ca73b
Verdict: Malicious activity
Analysis date: January 15, 2022, 03:08:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

6D09767F95B113001291539AA5CF3846

SHA1:

B31BB29801CD465ADD6C3F52415C56EA00CC5AE4

SHA256:

B2B66F0AC642BAC85AF44C6BB0C471F3A8E6C95CA78E441F5E66A6B5C4646DC2

SSDEEP:

6144:1+crC9Tlu8grH9cSPzDlKJnW3W9Qm7ylA+ZXS:1+O+yHqSPYA3WB7ylS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ida_key.exe (PID: 3484)
      • patch_ida.exe (PID: 2340)
      • patch_ida.exe (PID: 1444)
      • anon_idb.exe (PID: 2132)
      • innounp.exe (PID: 3776)
  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 1256)
      • patch_ida.exe (PID: 2340)
      • ida_key.exe (PID: 3484)
      • anon_idb.exe (PID: 2132)
      • innounp.exe (PID: 3776)
    • Reads the computer name

      • WinRAR.exe (PID: 1256)
    • Drops a file with too old compile date

      • WinRAR.exe (PID: 1256)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1256)
  • INFO

    • Manual execution by user

      • patch_ida.exe (PID: 1444)
      • ida_key.exe (PID: 3484)
      • patch_ida.exe (PID: 2340)
      • innounp.exe (PID: 3776)
      • anon_idb.exe (PID: 2132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: IDA-Pro-KeyGen/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2019:01:17 01:24:25
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
6
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe patch_ida.exe no specs patch_ida.exe ida_key.exe no specs anon_idb.exe no specs innounp.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1256"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\ida-pro-keygen.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
1444"C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
2340"C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\patch_ida.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Exit code:
0
3484"C:\Users\admin\Desktop\IDA-Pro-KeyGen\ida_key.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\ida_key.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
2132"C:\Users\admin\Desktop\IDA-Pro-KeyGen\anon_idb.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\anon_idb.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
3776"C:\Users\admin\Desktop\IDA-Pro-KeyGen\repack\innounp.exe" C:\Users\admin\Desktop\IDA-Pro-KeyGen\repack\innounp.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
InnoUnp - Inno Setup Unpacker
Exit code:
1
Version:
0.47
Total events
986
Read events
976
Write events
10
Delete events
0

Modification events

(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1256) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\ida-pro-keygen.zip
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1256) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
4
Suspicious files
0
Text files
14
Unknown types
3

Dropped files

PID
Process
Filename
Type
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\bigint.htext
MD5:A9799CE9903C107D2D33E3BC0A114EEF
SHA256:1D9C9CCAC0768DB6DFA7AC77F22CC3DC25776305B74BB14E3C70A0C0A0F2E633
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\anon_idb.ctext
MD5:C785315244F09987E69A2FFCEE48478B
SHA256:7D0BC7A81DE11981E5374D8AE66FFCEC4B7528F930224AB71EEB7B87509C1FC6
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\ida-tmplv5.keytext
MD5:58E93B77F9158DBA0F37849B582A11DA
SHA256:F2D2F16341F6338DFEBD9B91D78FD476A7F97ACDCA334BB293CA19023B1BCD63
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\base64.ctext
MD5:7B02F8A3826312BF9616DB31E373850F
SHA256:B55764E71A30C63887B12F524A046F33C385F6A24CAD93164F972F77549DD6C7
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\md5.htext
MD5:C5BBD6D9186B4444B99109BCD9E7E6AE
SHA256:FB936CF1E3BF447E4DA9350D1C35E0AA24CFF05C70921CF3F0F7B8C51AA87CBD
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\anon_idbo
MD5:D4E4BFB91FC91DCC34C854B4C287156D
SHA256:4EC90FDD475FCED8864CC3BFA7883F3B972CD75D30731EED2F0FEBD35C78C649
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\patch_idao
MD5:F7DB0071D81D4F3EAB387A96998A3ACC
SHA256:27AF0CA5674898A99EF2506C98A0FC22719E463A7E67EA41E437109F0F7C439B
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\ida_keyo
MD5:DD959A3DAA400CF6EAB1D51A951B2A0D
SHA256:952F80A427D6F431C2E787F37C3E6E98DA0B56E968CF38A397AAE1636998D756
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\bigint_impl.htext
MD5:43224B50A7B50AB27800665336FBA8C2
SHA256:C4C7A964859F16DE8AD8EA6054B77CD9682288F4BF76D889C5B879B774D24200
1256WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1256.27789\IDA-Pro-KeyGen\src\patch_ida.ctext
MD5:3929C1FBAE516D97AE8DC16D6C845B83
SHA256:3CB18CFD1EFE6153470B9F129F80E1DE2CD04CF93E15A37C643F43C2166A945C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info