File name:

Re-Loader_2.2.E_M_A.zip

Full analysis: https://app.any.run/tasks/861d298e-a374-453c-a24d-bd00f7a6b2e8
Verdict: Malicious activity
Analysis date: May 21, 2022, 10:33:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

4AD97213F92C5A65F64DA72B5A168A53

SHA1:

2ED8A07092F476155ECFDF6962CD70F772794F99

SHA256:

CB7A1E88EBEEF643537CA8ACEDFF68F8EA5BE7802A7768813B4D2EACBC4B5368

SSDEEP:

24576:wEK6GoKe1iMRwQAp/U3seqXs+fqtWg0UspguYR2lnTnrUGh1OGo:lZKewMRwQ3pqDfqQgFuo2xTRhBo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Re-LoaderByR@1n.exe (PID: 940)
      • Re-LoaderByR@1n.exe (PID: 3664)

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2976)

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 2976)
      • Re-LoaderByR@1n.exe (PID: 940)

    • Checks supported languages

      • WinRAR.exe (PID: 2976)
      • Re-LoaderByR@1n.exe (PID: 940)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2976)

    • Reads Environment values

      • Re-LoaderByR@1n.exe (PID: 940)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2976)

    • Reads Windows Product ID

      • Re-LoaderByR@1n.exe (PID: 940)

  • INFO

    • Manual execution by user

      • Re-LoaderByR@1n.exe (PID: 3664)
      • Re-LoaderByR@1n.exe (PID: 940)

    • Reads Microsoft Office registry keys

      • Re-LoaderByR@1n.exe (PID: 940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: SetupComplete.cmd
ZipUncompressedSize: 331
ZipCompressedSize: 176
ZipCRC: 0xcc3b0923
ZipModifyDate: 2015:03:10 14:28:20
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
3
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe re-loaderbyr@1n.exe no specs re-loaderbyr@1n.exe

Process information

PID
CMD
Path
Indicators
Parent process
940"C:\Users\admin\Desktop\Re-LoaderByR@1n.exe" C:\Users\admin\Desktop\Re-LoaderByR@1n.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Description:
Activator
Exit code:
0
Version:
2.2.3.0
Modules
Images
c:\users\admin\desktop\re-loaderbyr@1n.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2976"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Re-Loader_2.2.E_M_A.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3664"C:\Users\admin\Desktop\Re-LoaderByR@1n.exe" C:\Users\admin\Desktop\Re-LoaderByR@1n.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
Activator
Exit code:
3221226540
Version:
2.2.3.0
Modules
Images
c:\users\admin\desktop\re-loaderbyr@1n.exe
c:\windows\system32\ntdll.dll
Total events
1 423
Read events
1 403
Write events
20
Delete events
0

Modification events

(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Re-Loader_2.2.E_M_A.zip
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
1
Suspicious files
0
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2976.41039\Readme\自述.txttext
MD5:932390B97A626CFFCAC17E821CCE1013
SHA256:3616FFEA81B4193A3C4A78CF25659F6B7AEC9AD57CBA5D6BEE6EE7133D828D53
2976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2976.41039\Readme\Leggimi.txttext
MD5:40FE72F3FE7A700E6809201308CDC888
SHA256:0DBDA4AA5446490825E80B2B4432134EA263E78FFB614F9FFDD808E951E9CC91
2976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2976.41039\SetupComplete.cmdtext
MD5:21A93C0F93EE99F60ADF82478FC19C65
SHA256:353413C1C76EF3FB63EE05414474A1B90537B34E0D1584BD79D159A0B0602AEA
2976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2976.41039\Readme\Readme.txttext
MD5:963F908CE0ED3D8EB251F2205F91139F
SHA256:46AFEE6C920CE80769A0C845CDCB4B4E2F571E0E238FA6087A14BC71171E7F06
2976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2976.41039\Re-LoaderByR@1n.exeexecutable
MD5:3C8289913E7994117532856CAEE1C06C
SHA256:391C989D2103DD488D9D4C2C8E1776BC6264F613656BB5BEBCD7722DB22160E7
2976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2976.41039\Readme\Lisezmoi.txttext
MD5:E2C6426E8F78CF30F14D93968A90CF7F
SHA256:E08EA033BF758F3F9601D6AA2D23ACA55EE307473B42DB9A63367597C048D07A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Re-Loader_2.2.E_M_A.zip