File name:

McQuay-Duct-Sizer-1.zip

Full analysis: https://app.any.run/tasks/a24ba02c-0140-4cdb-acb8-8ff9122d869d
Verdict: Malicious activity
Analysis date: October 05, 2023, 13:20:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

EFD3AA0B70DB1BF976124AE317661622

SHA1:

91898D7FF90AD4DBEABE4D5FC05179245E4C32D5

SHA256:

EF5C20DF7D7F2539C049D74431BE29FA9E3C1679DFB71F9BEA0C2E9E996315AA

SSDEEP:

6144:/todgyzO63vYmLMZ7NA12fxkMdydtpFaevT9M/EEFg7c10sdTv5SteKhp8p:/taOGYEoO2RwFae41ftv5SkcWp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DuctSizer.exe (PID: 1992)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3624)

    • Manual execution by a user

      • DuctSizer.exe (PID: 1992)

    • Reads the machine GUID from the registry

      • DuctSizer.exe (PID: 1992)

    • Create files in a temporary directory

      • DuctSizer.exe (PID: 1992)

    • Checks supported languages

      • DuctSizer.exe (PID: 1992)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:10:28 09:28:24
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: McQuay Duct Sizer/McQuay Duct Sizer/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs ductsizer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1992"C:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\DuctSizer.exe" C:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\DuctSizer.exeexplorer.exe
User:
admin
Company:
NaSoft, contact Nafziger@nonline.net
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.00
Modules
Images
c:\users\admin\desktop\mcquay duct sizer\mcquay duct sizer\ductsizer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
3624"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\McQuay-Duct-Sizer-1.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 032
Read events
1 008
Write events
24
Delete events
0

Modification events

(PID) Process:(3624) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3624) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
Executable files
2
Suspicious files
1
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3624WinRAR.exeC:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\VBRUN300.DLLexecutable
MD5:82AA757DE7D80FAFF99179B457AA0FA0
SHA256:EB66F71DD14B01EB3DF7409B0AD73E41589046AD5BF16152F06617093F63087E
3624WinRAR.exeC:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\DuctSizer.exeexecutable
MD5:C6D187BBD5422656405360CDE4450B07
SHA256:2B5619FB9D93D7AEBE1DF4AF020D363D6D8DE04F81D74705223FBA2BA585381A
3624WinRAR.exeC:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\MCQUAY.DLLimage
MD5:12181C9D00D05E0F663128ED584EFB8A
SHA256:B1156A248E3747829903941F77E000D521D11D4B38AC1899069B3F0247E2FEE1
3624WinRAR.exeC:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\DT_DUCT.DLLbinary
MD5:CB33E875A22231DF940F8004EDD92D24
SHA256:279A7572825673311AF37D7B225DF3037EF6F34AB6F17B335E2D94FEF92BE701
3624WinRAR.exeC:\Users\admin\Desktop\McQuay Duct Sizer\McQuay Duct Sizer\www.hvacsimplified.in.txttext
MD5:6B7DE6DD93D117867930DCFC74048C3A
SHA256:050FFF513746EA39CE28519B0C5A2F7F5A5F702A9848DF28DC180E0652D26A35
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2656
svchost.exe
239.255.255.250:1900
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
McQuay-Duct-Sizer-1.zip