File name:

cm413_64 (2).zip

Full analysis: https://app.any.run/tasks/bdec9e9c-6991-44fb-a9e1-de4b2dc45743
Verdict: No threats detected
Analysis date: January 18, 2020, 12:33:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

AF4ABFC0235295976303A4214BD82957

SHA1:

EC94DE7F016C21C96BD03FB5D8E06E5E964499F4

SHA256:

EB695EEDE056B461B379D505B4D6DB9878EAD60050347F8605CC2A2E702E2201

SSDEEP:

49152:tDkRSoUqRD29gV63D6jhHpx4dCnhVtGry8sdikzCTjkehxpdDVtvUK:dkZD2U632jn/EmRzCPkUdZlUK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2512)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2018:05:22 23:19:03
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Clickermann v4.13 x64/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe

Process information

PID
CMD
Path
Indicators
Parent process
2512"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\cm413_64 (2).zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
464
Read events
441
Write events
23
Delete events
0

Modification events

(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2512) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\cm413_64 (2).zip
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2512) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:@C:\Windows\System32\hhctrl.ocx,-452
Value:
Compiled HTML Help file
(PID) Process:(2512) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:@C:\Windows\System32\ieframe.dll,-10046
Value:
Internet Shortcut
Executable files
2
Suspicious files
0
Text files
61
Unknown types
8

Dropped files

PID
Process
Filename
Type
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\config.initext
MD5:9A036DEEBAAEDB6DEA4141B6DEB291FC
SHA256:5B2AF7BB2CD2B0EACBBF9D6934F35A4A2DD8C531A8D1F8E06678C1DC3D8F0E6C
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\history.txttext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\config_editor.initext
MD5:F13AD46675DA46F947389B348EF33D67
SHA256:6FB6F19203CA198169DD160A19D61BA8ACA94BEA046BFF4CA8133F4D22911DFA
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\lang\en\qinsert_menu.txttext
MD5:DD14046C09B76E35CF4004883EBBA367
SHA256:7804D67B7DD8D44186B5DA3A142EE8C6F1880F4FAA3D2B575B3A10FF43131316
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\keywords.txttext
MD5:5EB4ACEE32F34C302464084E9A2EC8D5
SHA256:8DEC1A7E3D98F2ECB7CCCDC21ADCCC288CAD2FC962D91073F56B2BB86DAB88FE
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\lang\en\gui.txttext
MD5:44CE0B5DE1B8A6E45675682802C52EAC
SHA256:621C08DAD3EAE99ED955214059CEA28CDDF90BF49BA69004D9CF4B2DE4268DC4
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\lang\en\templates\for.txttext
MD5:4054E195CEF77424F5E92D5AE973239A
SHA256:A388A606D06866EAD71B98FF1AC8FEEAB5851F14A189D0918313795FCC121AE3
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\const.txttext
MD5:7CE5AECC10CE04264638117E9624007F
SHA256:8547D277D84DF62CF12F17BC5DF6098C9BA08ACC0CE4572FBA1312ACBF8B0A40
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\lang\en\templates\if_else.txttext
MD5:4C8B03BB7053C093C303C099F0A8F5FA
SHA256:0D69247105CE4A7E0022541808ABED1F23127FD99423E79F9DB7ABF53303ED74
2512WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2512.33217\Clickermann v4.13 x64\data\lang\ru\qinsert_menu.txttext
MD5:45F7153E71C2122199DB11034480E5BE
SHA256:B09CD4852DD25ADF4AF36A70F14DBBAB6C789A368A9C22F48B37D41AB0B81A5C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cm413_64 (2).zip