File name:

Trojan.Sinowal.zip

Full analysis: https://app.any.run/tasks/275ddb0d-fbb6-4949-8174-3a8884617701
Verdict: No threats detected
Analysis date: September 12, 2020, 01:25:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

9538A123B2E1489B39C5F86BE4C11010

SHA1:

E9018A9E6AC7B89564B9E758F18F11A249084F5A

SHA256:

E5D4C1D746C193E655C51FC2B07E6AEB1BC8DEB55EB894BC809FA5DB2F4C4388

SSDEEP:

24576:fRNm0+bjvMpaYucSPI/eJwl4P2wmT5ke12rqC7DoJo0jPHeRuvrd:fRNv+UYYuHP2uwOODT5ko2rxX90jHewh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2356)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2014:12:19 15:12:21
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Torpig miniloader-samp/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe

Process information

PID
CMD
Path
Indicators
Parent process
2356"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Trojan.Sinowal.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
436
Read events
425
Write events
11
Delete events
0

Modification events

(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2356) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\139\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Trojan.Sinowal.zip
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(2356) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
1
Executable files
8
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_0F82964CF39056402EE2DE9193635B34executable
MD5:0F82964CF39056402EE2DE9193635B34
SHA256:70484A2A2BA530D910CA3F3919B2E128579EDA1C4F55248D865412D85DDF15CF
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_87851480DEB151D3A0AA9A425FD74E61executable
MD5:87851480DEB151D3A0AA9A425FD74E61
SHA256:5F54E7CEA69962C932927DD3D71CEC1943539F1E13C1D84A971450D0FF109901
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_4A3543E6771BC78D32AE46820AED1391executable
MD5:4A3543E6771BC78D32AE46820AED1391
SHA256:EA8C6A377C474BCF7C34F642B8F6829591761DA5B32D7A92BA1570AE498FB31B
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_809910F29AA63913EFA76D00FA8C7C0Bexecutable
MD5:809910F29AA63913EFA76D00FA8C7C0B
SHA256:624BA7CE581BF395D6B8F12547F900D58CA8C0C66EA6C20D66E532D3E8650187
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_83419EEA712182C1054615E4EC7B8CBEexecutable
MD5:83419EEA712182C1054615E4EC7B8CBE
SHA256:22E681906D77BEF7AC343A41BE08C40974E7EAB45886AB47512855F24CC85EB8
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_011C1CA6030EE091CE7C20CD3AAECFA0executable
MD5:011C1CA6030EE091CE7C20CD3AAECFA0
SHA256:9261BBA9F30195328E8563020E92008CDCE2369111368B4B6D6985EAE269E9FF
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_2DACC4556FAD30027A384875C8D9D900executable
MD5:2DACC4556FAD30027A384875C8D9D900
SHA256:3362BC975707C33550F037A84E59033A117B2ABB5DED6F8C3539A92C98B8C6E2
2356WinRAR.exeC:\Users\admin\Desktop\Torpig miniloader-samp\Torpig miniloader_C3366B6006ACC1F8DF875EAA114796F0executable
MD5:C3366B6006ACC1F8DF875EAA114796F0
SHA256:E8DC8FC7E3B763C2D70D8A714213D5D0FC79D04102881A80011CD073588DF6E6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Trojan.Sinowal.zip