File name:

IPTV Panel Cracker.zip

Full analysis: https://app.any.run/tasks/7cb73fb4-f923-4c6d-85e3-0948f851147e
Verdict: Malicious activity
Analysis date: July 29, 2022, 19:43:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

A715E10E65C3A1F2C9F9236D544D8ED5

SHA1:

66A8D0E123D87820C67346102F2BAC8C30735478

SHA256:

EE0494E04DF59E8127F3B85E575010D1F5E97D0FC43FB8F7000536CDCC51D18C

SSDEEP:

24576:5cmPMqxr+Sg8BAiYudULHI0ynf2fxeNizrzNNweS1:rxr+SgOhGunf+xeNizrzN21

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 1440)

    • Application was dropped or rewritten from another process

      • IPTV Panel Cracker.exe (PID: 2328)

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 3104)

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 3104)
      • IPTV Panel Cracker.exe (PID: 2328)

    • Checks supported languages

      • WinRAR.exe (PID: 3104)
      • IPTV Panel Cracker.exe (PID: 2328)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 3104)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3104)

  • INFO

    • Manual execution by user

      • IPTV Panel Cracker.exe (PID: 2328)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: WinlicenseSDK.dll
ZipUncompressedSize: 219136
ZipCompressedSize: 118634
ZipCRC: 0x416b06e8
ZipModifyDate: 2021:09:05 15:34:27
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs iptv panel cracker.exe

Process information

PID
CMD
Path
Indicators
Parent process
1440"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2328"C:\Users\admin\Desktop\IPTV Panel Cracker.exe" C:\Users\admin\Desktop\IPTV Panel Cracker.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft.DebugEngineHost
Exit code:
0
Version:
16.5.10403.1
Modules
Images
c:\users\admin\desktop\iptv panel cracker.exe
c:\windows\system32\mscoree.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3104"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\IPTV Panel Cracker.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 260
Read events
1 250
Write events
10
Delete events
0

Modification events

(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3104) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\IPTV Panel Cracker.zip
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3104) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
5
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3104.49206\IPTV Panel Cracker.exeexecutable
MD5:
SHA256:
3104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3104.49206\demangler.dllexecutable
MD5:CC74EA40BB1B4EB866F6EE84F6B41A79
SHA256:47D5B5BF9FB06BE2FEF9F60DA10E4B538E4D034937CB98CEA143FFBF923C7D02
3104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3104.49206\libspv.dllexecutable
MD5:6C8042AF9E749F6406B7BD7DCF98D7EB
SHA256:8338DE9A14E5BEA902708B00D25C16EC5549639167B96AE162DCDD22F65EC955
3104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3104.49206\WinlicenseSDK.dllexecutable
MD5:89CF33CBE62F8B7C15D0CB47D3AE4FFD
SHA256:9063DC5B7A3E57FC94B8B753E4AA869EFCAB683637776335F5723C4140A751E3
3104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3104.49206\vcomp140.dllexecutable
MD5:6B2739F7A5238C8FB4442355DCFDBB0D
SHA256:41DB8AB344BDE359137D6A7D5BE5DBF79C4BF2B52D8263C4FAD3EAC525606AB9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IPTV Panel Cracker.zip