File name: | server.zip |
Full analysis: | https://app.any.run/tasks/fe090c76-5c09-4a62-8ede-21243519a141 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 09:06:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | EED7CF8DA4C94FDA0FC0020E6F960758 |
SHA1: | 8F42C462E845BE2443D249024706B259B73DF3B9 |
SHA256: | E524FD1489A3403729A0C6E4884C567C83FD089D2E24F732738C7068FC2C7AE5 |
SSDEEP: | 196608:lvQ/jrtZBhZ99pJ2XFDWNVwApisJVHZt9fRmP:Ve/tZR99pOoNGH2fTmP |
.zip | | | ZIP compressed archive (36.3) |
---|
ZipFileName: | server/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | 2 |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2019:07:01 09:54:21 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3708 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\server.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
752 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2352 | "C:\Users\admin\Desktop\server\server.exe" | C:\Users\admin\Desktop\server\server.exe | — | explorer.exe |
User: admin Company: 西南资源网 Integrity Level: MEDIUM Description: 专用网络打字比赛-服务端 Version: 6.3.6.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+s¦-\+s¦--++¦+=-d.txt | text | |
MD5:95BC788F77E2AF4B11DBE6774FAB0B1B | SHA256:35A0DEEC992EBFA2985BB71DDDBA4FCAC13AB89278E32C9DE48C69D67E65F9E1 | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+s¦-\+s¦-+·¦º--¦=.txt | text | |
MD5:C15F42A2F27EA615D38574D06970CACE | SHA256:41D8F6C594E8C142AF5545F7078F15EE74FBF2F6480DF0F867F6B2F0C5634B84 | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\ClientIme.exe | executable | |
MD5:1C6DC05AFA3120DF2FF7285D0728FED5 | SHA256:B4EC8E9A15A30B86BFB1577CD45C99A55CFC252D72999529D658E1FCEF1E299E | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+s¦-\+s¦-86¦µ-++¦+=-d.txt | text | |
MD5:ABD97704804A3A858D6230FFD93BE6F6 | SHA256:59F7576E2E92A8118DA15623217086DD170B3258080C8C38AA2C74644185E3AE | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+s¦-\+s¦-86¦µ+²+¦+=-d.txt | text | |
MD5:B90D18038F29D723E8AB9B01D294BDC2 | SHA256:E49E8145ACB8FAB6F4A3AF60E22D587CB016B6003F95B3559A9DEA475FB695A3 | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+s¦-\+s¦-+²+¦+=-d.txt | text | |
MD5:17524920BCC6CF7C102CE2658775D5D8 | SHA256:9104C718C02D35E78CA609E63B2CA3D370080D61CAA40C39CF28553C90C83E92 | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+++G\-++¦+++G.txt | text | |
MD5:45C65E2B0141495D4BB0C9B053790C8A | SHA256:0069AB1203B570CB910EA3BBBA0A442C1E43A1DE546052AA168C85D618E24554 | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\++++¦ñ+¯-¦+˜.txt | text | |
MD5:026D5F782C65EDC729FE7BBA018B7736 | SHA256:B0BC386DFA047E140E7240DD920E64CACC41B4F0B97EE1A2C3C6FFF494327893 | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\-(¦¦\P1.mp3 | mp3 | |
MD5:E2131F7A6585B50475726818CE629F1A | SHA256:7A4FA34A54ABEC469598E92EB9DE0546B8D9D3F80C0CADC4F8ADCE6CB3002D1E | |||
3708 | WinRAR.exe | C:\Users\admin\Desktop\server\addtools\¦ú++¦¦++-S+d\+s¦-\+s¦-86¦µ+++·+·+¦.txt | text | |
MD5:AC654775A4D6A08D348CEF2D68129A91 | SHA256:125A0557CD04B0140D38EF66F0F929B2E037830482ACC8B5F3808D5BFBDD88DF |