File name: | CREIS_ClientV2.1.rar |
Full analysis: | https://app.any.run/tasks/22ea22e4-0f77-443c-955a-d94a1dc38659 |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 09:06:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 9650A4C73C655E9B1177A506AEF37BBD |
SHA1: | AD7C0D12CA265C5D22F5C56A1CA964A0DD365C7C |
SHA256: | EFEC3B7D87E69E351E3A3C431A79E53A5432D89713C173EB637CA72071EC9E13 |
SSDEEP: | 12288:nQ4rp1IdY+BlatxKXCrcnF2ZByPgRUvCRoCVg+cd+4w8rpIwS7epMgsKIX:nQ4rTeYWlaZ02ZBykqwvhcdnHFA7zgsZ |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 732137 |
---|---|
UncompressedSize: | 846415 |
OperatingSystem: | Win32 |
ModifyDate: | 2018:01:08 16:27:08 |
PackingMethod: | Normal |
ArchivedFileName: | CREIS_ClientV2.1.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
916 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CREIS_ClientV2.1.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3176 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa916.22535\CREIS_ClientV2.1.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa916.22535\CREIS_ClientV2.1.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
1936 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa916.22535\CREIS_ClientV2.1.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa916.22535\CREIS_ClientV2.1.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3680 | "C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\Soufun_Creisdata_Landers.exe" | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\Soufun_Creisdata_Landers.exe | CREIS_ClientV2.1.exe | |
User: admin Integrity Level: HIGH Description: Industry_Landers_CN Version: 2.1.0.0 | ||||
2344 | C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe | C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe | — | services.exe |
User: LOCAL SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: PresentationFontCache.exe Version: 3.0.6920.4902 built by: NetFXw7 |
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\CREIS_ClientV2.1.rar | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\CREIS_ClientV2.1 | |||
(PID) Process: | (916) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\Local\Temp\nsx880A.tmp\modern-header.bmp | image | |
MD5:EB59E405A4749D0F97BBB50DEF424308 | SHA256:B999346ED4B201C221E41827655C2CE14C4A2D0336D9EDF42168FD1603D62730 | |||
916 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\CREIS_ClientV2.1\CREIS_ClientV2.1.exe | executable | |
MD5:8A63B225229AC617C54D3E2A99B097C2 | SHA256:A73DD1D11BC147557278AE1F936E68EBF172EF9F93456558EEDE311A0D99D349 | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\Local\Temp\nsx880A.tmp\ioSpecial.ini | text | |
MD5:7737D12C9B59168FC6CA003AE47A6551 | SHA256:1F64FC232D01CCC8DADCC2BEEB42D4E4182C2E778B8ED67D0DB6524580CB3835 | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\config.xml | xml | |
MD5:B3415D79D8629005919087473687D2B8 | SHA256:CD18C2EBBEF3B8CC93E3578A8199041ABA51F78F5AA52777E1E47CD81DCF4365 | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\Soufun_Creisdata_Landers.exe | executable | |
MD5:3C2BB940FEC7CC9A1696D97AB1751871 | SHA256:D8D96A15F52CAD42756F075218EE0BC3122FBFDB90A2BCD31562DDC7FC54649B | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\img\bg.png | image | |
MD5:49A63229A7D2731B3A1F538FA23B603C | SHA256:616E429B482EC26C1696150C02EC69A531455D4E56FEA55A4A9A37B10343334F | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\AutoUpdater.exe | executable | |
MD5:AA84A954C2AC864F8F422DF66A87C96D | SHA256:421EA811967415369BC27A1470E26E78BAED6F804E829DDA2D072C4921C8263F | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\img\256.ico | image | |
MD5:FB5E4B7988AAD4473BA3D2B90B4D2D0D | SHA256:48FC7200CB9EB14F3B92A819414FBEBF53879639B16EE3686ECD8A0FFD2A9FB4 | |||
916 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa916.22535\CREIS_ClientV2.1.exe | executable | |
MD5:8A63B225229AC617C54D3E2A99B097C2 | SHA256:A73DD1D11BC147557278AE1F936E68EBF172EF9F93456558EEDE311A0D99D349 | |||
1936 | CREIS_ClientV2.1.exe | C:\Users\admin\AppData\local\CREISÖÐÖ¸´óÊý¾Ý¿Í»§¶Ë\CREISÖÐÖ¸´óÊý¾Ý\Soufun_Creisdata_Landers.exe.config | xml | |
MD5:A210314E0783204D085AB1B46AC5A7BB | SHA256:6373BEBB185D180D068EC64527267E57ABDC2FE008C1FC158E903CFCD0B02C6D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3680 | Soufun_Creisdata_Landers.exe | GET | 200 | 163.171.136.65:80 | http://js.soufunimg.com/industry/creisdata/Update/Landers_CN/update.xml?v=20190425100713 | US | xml | 285 b | malicious |
3680 | Soufun_Creisdata_Landers.exe | GET | 200 | 163.171.136.65:80 | http://js.soufunimg.com/industry/creisdata/Update/Landers_CN/update.xml?v=20190425100713 | US | xml | 285 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3680 | Soufun_Creisdata_Landers.exe | 163.171.136.65:80 | js.soufunimg.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
js.soufunimg.com |
| malicious |