File name: | q3 hook_[unknowncheats.me]_.rar |
Full analysis: | https://app.any.run/tasks/54691186-0172-4449-abd2-8de06dcb8a8e |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 12:26:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | E4846958829B6A86B52AF1EB04946A02 |
SHA1: | A78FE115613226C2CE4E1566B86E40DA4458AA58 |
SHA256: | DAB215D74D9A89A5AB3E7C862F58FB079396D87C0495A8D39F837CEC41844CAF |
SSDEEP: | 1536:AT8s5JUG+E/3M2qGW+31zwRq4hX/084bz80ME1ddnkO/4dAWh1gxazYf/oW:Aw8UB882tW+F8RPhPvYoqbnhuvwfAW |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 22089 |
---|---|
UncompressedSize: | 26624 |
OperatingSystem: | Win32 |
ModifyDate: | 2004:02:05 01:46:00 |
PackingMethod: | Normal |
ArchivedFileName: | Q3 Hook.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2752 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\q3 hook_[unknowncheats.me]_.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
352 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3476 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2416 | "C:\Users\admin\Desktop\New folder\Q3 Hook.exe" | C:\Users\admin\Desktop\New folder\Q3 Hook.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
436 | -game cstrike | C:\Windows\SOUNDMAN.EXE | — | Q3 Hook.exe |
User: admin Company: Realtek Semiconductor Corp. Integrity Level: MEDIUM Description: Realtek Sound Manager Version: 6, 0, 0, 5 | ||||
2456 | rundll32.exe shell32.dll,Control_RunDLL alsndmgr.cpl,,104 | C:\Windows\system32\rundll32.exe | — | SOUNDMAN.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2752 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2752.42779\Q3 Hook.exe | — | |
MD5:— | SHA256:— | |||
2752 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2752.42779\Q3 Hook.dll | — | |
MD5:— | SHA256:— | |||
2752 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2752.42779\save.cfg | — | |
MD5:— | SHA256:— | |||
2752 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2752.42779\menu.txt | — | |
MD5:— | SHA256:— | |||
2416 | Q3 Hook.exe | C:\Users\admin\Desktop\New folder\Q3 Hook.ini | text | |
MD5:BBD684C31D0B44A8BFA0EA7F0A81BFBB | SHA256:AE5DB3B186DDA4029494C2C9949DAE26A2A99E7435FA367B5C8029BED49A7374 | |||
352 | explorer.exe | C:\Users\admin\Desktop\New folder\menu.txt | text | |
MD5:06A72A7F9C1A3D752D27EB8E2BE5478B | SHA256:FDF6C32E9E8602426B8146D2F2EAFF30CD4FDA724CA9BDC41BFFB1B8586FCB7A | |||
352 | explorer.exe | C:\Users\admin\Desktop\New folder\save.cfg | text | |
MD5:4C433DFE2D7DA604AF6DB8367F311919 | SHA256:C5FD9B5DD41315916151D286567A8FE23F5E78CC78A7C6255EFFC7876C9F6BFF | |||
352 | explorer.exe | C:\Users\admin\Desktop\New folder\Q3 Hook.dll | executable | |
MD5:6BF9385A0E4FD6E95E913C33121C4D7D | SHA256:4F3F4247F30C289B666CE77E96EEA809D84D0AF0ECCAD7ADA8A0211E49D4F14B | |||
352 | explorer.exe | C:\Users\admin\Desktop\New folder\Q3 Hook.exe | executable | |
MD5:E0E79DE72893C35758750AD08F66CBEB | SHA256:DE8013614D6C10E360F9F21688307FF4BA39717B4469DD057C48E7142096D679 |