File name:

FlashWriterVer401.zip

Full analysis: https://app.any.run/tasks/e021108f-4153-4cc6-abbd-62f3796a3e56
Verdict: No threats detected
Analysis date: January 08, 2020, 09:28:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

C8A3511227FEEBCD84D5C9C31F15F1AF

SHA1:

C523298ED84EA26523DE1D21F8F3CB1E74D841FD

SHA256:

F3AFBF6BB9EBC5FD6E8856F87CC0638E0CB16D2DE9568531F91DB80506707DF2

SSDEEP:

12288:faF3cgsDklte4nmERKncG4Mon6AOxVVp4DdUmM+ZtneO2:faFcgYkltNR7MdAOxVi4+nr2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • FPFlashWriter.exe (PID: 3036)

    • Starts NET.EXE for service management

      • FPFlashWriter.exe (PID: 3036)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2452)

  • INFO

    • Manual execution by user

      • FPFlashWriter.exe (PID: 3036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: Deflated
ZipModifyDate: 2011:12:08 13:28:14
ZipCRC: 0xb8086070
ZipCompressedSize: 78
ZipUncompressedSize: 174
ZipFileName: Ver401/FPFlashWriter.csv
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe fpflashwriter.exe no specs net.exe no specs net1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
932C:\Windows\system32\net1 stop "spooler"C:\Windows\system32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
1972net stop "spooler"C:\Windows\system32\net.exeFPFlashWriter.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
2
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
2452"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FlashWriterVer401.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3036"C:\Users\admin\Desktop\Temp\FPFlashWriter.exe" C:\Users\admin\Desktop\Temp\FPFlashWriter.exeexplorer.exe
User:
admin
Company:
SEIKO EPSON CORPORATION
Integrity Level:
MEDIUM
Description:
FPFlashWriter for Windows
Exit code:
0
Version:
4.1.0.0
Modules
Images
c:\users\admin\desktop\temp\fpflashwriter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
Total events
514
Read events
482
Write events
32
Delete events
0

Modification events

(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2452) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\FlashWriterVer401.zip
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2452) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Temp
Executable files
1
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2452WinRAR.exeC:\Users\admin\Desktop\Temp
MD5:
SHA256:
2452WinRAR.exeC:\Users\admin\Desktop\Temp\FPFlashWriter.csvtext
MD5:C15580043BE3729B7AE196D9DAA7FB17
SHA256:345E352C1EE0F6E5CCD1E4D188F1FA573ACDAC817378D5161F2C67F4D237B40D
2452WinRAR.exeC:\Users\admin\Desktop\Temp\ReadMeE.txttext
MD5:6AF830FC5DBE92413E3E79C43FE077F0
SHA256:4B50CECB5DC132781A90F962503F6BBEA15C6CF3B8CFBA0B4B9BDDA094EFF59A
2452WinRAR.exeC:\Users\admin\Desktop\Temp\FPFlashWriter.initext
MD5:606FE59A94B46B972375B12DC6A3DD1E
SHA256:154D9A27673DD71CC491C07EB265FEB08E17DBB426560A65D51F4F04717F31EC
2452WinRAR.exeC:\Users\admin\Desktop\Temp\ReadMeJ.txttext
MD5:710451A30DBD4C3683B89613FDF75417
SHA256:BD23A7D5FC9C17707B1351F93C23B34F0AB7E725E7EAFDE56A13BCC4F772B82F
2452WinRAR.exeC:\Users\admin\Desktop\Temp\FPFlashWriter.exeexecutable
MD5:394E19CF306254EC002B78B00967D549
SHA256:551C286389F36254E749117BA43CC588A948E8E2386B6F42623AD199EED6129C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FlashWriterVer401.zip