File name: | NordVpn Checker V1.2 by Alpha_.rar |
Full analysis: | https://app.any.run/tasks/9d8a31a3-a972-49cc-b228-654cce63f9ca |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 17:16:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | CB7A87CF81D46DAB1914BCFA8F5F69BF |
SHA1: | FC140FC4D5CEA073B4907B0A08FA12E4D71E0CE3 |
SHA256: | B2FDCE30FF9B8D0D96482F6DF2A299F02F968A56D3CD7F36E5B830E7AB26C6EF |
SSDEEP: | 6144:3BLwcHeHudN2pedpxAMZWJMRBMuy8JpqP2X+A:3B82emN8osMwJ+Muy8JMP2X+A |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2936 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NordVpn Checker V1.2 by Alpha_.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1248 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2556 | "C:\Users\admin\Desktop\NordVpn Checker v1.2 By Alphacrack.exe" | C:\Users\admin\Desktop\NordVpn Checker v1.2 By Alphacrack.exe | — | explorer.exe |
User: admin Company: Samad.Dz Integrity Level: MEDIUM Description: NordVpn Checker v1.1 Exit code: 0 Version: 1.1.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2936 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\Read Me.txt | text | |
MD5:38E8017DB44CFC28EF656042B397C67F | SHA256:15F7D67449997E2CCE85B9ACC70F495B970A09A0FA705C8B034A11E148CE1CA8 | |||
2936 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\Result [00_28_26]\Bads.txt | text | |
MD5:D2D9CB20DC33ED1E6BF4F7496C6D33EB | SHA256:5C4B5118761E972A1CF46524E86536E21D3076C4407F5BA9AAF8D73C3C26749D | |||
2936 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\NordVpn Checker v1.2.pdb | pdb | |
MD5:4827199D809C62E59B83249DE44DB2CF | SHA256:214688513C8C4ED11EEEA382747DA2036BC71E5967222B90BF7935027C5D3751 | |||
2936 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\NordVpn Checker v1.2 By Alphacrack.exe | executable | |
MD5:2BA8D5C1BC7C08D411DF8990DFA8C6AB | SHA256:5C2F1EED5150B52D828AB4272F2F28B9DCD14A0A7482F3F0EFEDE4F4179C6C15 | |||
2936 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\Leaf.Net.dll | executable | |
MD5:C98DE72CD4374C4210EB5C0102E1C2AF | SHA256:77EBB46EB03ACE07790B535020DBD1170C5C5EEFC249F55FE27C9F19561BEB8B |