File name: | oalinst.zip |
Full analysis: | https://app.any.run/tasks/0cc28cfb-1977-41dd-9771-2b6346e67358 |
Verdict: | Malicious activity |
Analysis date: | December 09, 2021, 14:43:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 47F53B4B655A9F8124687141B0F94D92 |
SHA1: | 45E08368C6755C58902B7746FF3E51AD2DF8A8B8 |
SHA256: | D165BCB7628FD950D14847585468CC11943B2A1DA92A59A839D397C68F9D4B06 |
SSDEEP: | 12288:F5dCT73wdMvAnwcXpj9338SChgvPfG1jiqNB12p3Ev9l3H:F5rOvkwcXb8SChg3fY+2B1Hv33 |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | oalinst.exe |
---|---|
ZipUncompressedSize: | 809496 |
ZipCompressedSize: | 590314 |
ZipCRC: | 0x154bebc3 |
ZipModifyDate: | 2009:06:03 11:25:07 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4040 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\oalinst.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3064 | "C:\Users\admin\Desktop\oalinst.exe" | C:\Users\admin\Desktop\oalinst.exe | — | Explorer.EXE |
User: admin Company: Creative Labs Inc. Integrity Level: MEDIUM Description: OpenAL Installer Exit code: 3221226540 Version: 2, 0, 7, 0 | ||||
344 | "C:\Users\admin\Desktop\oalinst.exe" | C:\Users\admin\Desktop\oalinst.exe | Explorer.EXE | |
User: admin Company: Creative Labs Inc. Integrity Level: HIGH Description: OpenAL Installer Exit code: 0 Version: 2, 0, 7, 0 |
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\oalinst.zip | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (4040) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
344 | oalinst.exe | C:\Windows\system32\tmp47C5.tmp | executable | |
MD5:694F54BD227916B89FC3EB1DB53F0685 | SHA256:B8F39714D41E009F75EFB183C37100F2CBABB71784BBD243BE881AC5B42D86FD | |||
344 | oalinst.exe | C:\Windows\system32\tmp47D6.tmp | executable | |
MD5:694F54BD227916B89FC3EB1DB53F0685 | SHA256:B8F39714D41E009F75EFB183C37100F2CBABB71784BBD243BE881AC5B42D86FD | |||
344 | oalinst.exe | C:\Program Files\OpenAL\oalinst.exe | executable | |
MD5:694F54BD227916B89FC3EB1DB53F0685 | SHA256:B8F39714D41E009F75EFB183C37100F2CBABB71784BBD243BE881AC5B42D86FD | |||
4040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4040.20335\oalinst.exe | executable | |
MD5:694F54BD227916B89FC3EB1DB53F0685 | SHA256:B8F39714D41E009F75EFB183C37100F2CBABB71784BBD243BE881AC5B42D86FD | |||
344 | oalinst.exe | C:\Windows\system32\OpenAL32.new | executable | |
MD5:235355A8DD26903E75D5E812ECF50E53 | SHA256:1797D150A2E23AF4F390F5C33EB598C6F58D0454011D74941F5316ADD900BBDD | |||
344 | oalinst.exe | C:\Windows\system32\wrap_oal.new | executable | |
MD5:D494267BC169604FAC5E3679B9A97FED | SHA256:A4E46E6D09C4B0966824A2F6628EBF738E813672692A52A0D63D982E1030EF4F |