File name:

Jays Booter v6.0.zip

Full analysis: https://app.any.run/tasks/07fcec4c-d615-441b-b7b7-d46284784f87
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: August 21, 2020, 06:31:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
opendir
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

2E07B126128123AEE1810DE6FF46AE1F

SHA1:

575962C866C5AB24E5C826CE48DFD90DCC0F2955

SHA256:

FDCE9250CA474A61A0F9B528E821F8A7E698918AFEF02FFB5F9FABA9ADD13344

SSDEEP:

98304:4VjWfy9dJKiVbaPvkacpUQCqDGpWM8vJlQiLMzWoSL:4VWfy9d08Tc8VUWoU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to CnC server

      • Jays Booter.exe (PID: 3004)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by user

      • Jays Booter.exe (PID: 3004)

    • Reads settings of System Certificates

      • Jays Booter.exe (PID: 3004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: None
ZipModifyDate: 2010:09:24 22:58:04
ZipCRC: 0xd9cc98b0
ZipCompressedSize: 4370432
ZipUncompressedSize: 4370432
ZipFileName: Jays Booter v6.0/DevComponents.DotNetBar2.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs jays booter.exe

Process information

PID
CMD
Path
Indicators
Parent process
2496"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Jays Booter v6.0.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3004"C:\Users\admin\Desktop\Jays Booter v6.0\Jays Booter.exe" C:\Users\admin\Desktop\Jays Booter v6.0\Jays Booter.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Jays Booter
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\jays booter v6.0\jays booter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
417
Read events
380
Write events
37
Delete events
0

Modification events

(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2496) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2496) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Jays Booter v6.0.zip
(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2496) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3004) Jays Booter.exeKey:HKEY_CURRENT_USER\Software\A Sub Name
Operation:writeName:Enemies List
Value:
47.104.88.106*|^
Executable files
0
Suspicious files
5
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
2496WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2496.34715\Jays Booter v6.0\DevComponents.DotNetBar2.dll
MD5:
SHA256:
2496WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2496.34715\Jays Booter v6.0\Jays Booter.exe
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\CabB4BC.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\TarB4BD.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\CabB4CD.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\TarB4CE.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\CabB55C.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\TarB55D.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\CabB5CB.tmp
MD5:
SHA256:
3004Jays Booter.exeC:\Users\admin\AppData\Local\Temp\TarB5CC.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
111
TCP/UDP connections
119
DNS requests
40
Threats
109

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3004
Jays Booter.exe
GET
201.144.204.153:80
http://201.144.204.153/grn.php?act=engine&host=Victims%20Ip&time=30
MX
malicious
3004
Jays Booter.exe
GET
217.6.136.144:80
http://217.6.136.144/webdav/shell.php?act=phptools&host=Victims%20Ip&time=30
DE
malicious
3004
Jays Booter.exe
GET
82.233.159.108:80
http://82.233.159.108/swerve.php?act=phptools&host=Victims%20Ip&time=30
FR
malicious
3004
Jays Booter.exe
GET
210.212.58.232:80
http://210.212.58.232/webdav/Shell.php?act=phptools&port=80&host=Victims%20Ip&time=30
IN
malicious
3004
Jays Booter.exe
GET
67.134.12.12:80
http://67.134.12.12/webdav/udp.php?act=phptools&host=Victims%20Ip&time=30
US
malicious
3004
Jays Booter.exe
GET
201.120.128.144:80
http://201.120.128.144/grn.php?act=engine&host=Victims%20Ip&time=30
MX
malicious
3004
Jays Booter.exe
GET
202.136.60.51:80
http://202.136.60.51/webdav/uxampp.php?act=phptools&port=80&ip=Victims%20Ip&time=30
CN
malicious
3004
Jays Booter.exe
GET
124.106.114.243:80
http://124.106.114.243/grn.php?act=engine&host=Victims%20Ip&time=30
PH
malicious
3004
Jays Booter.exe
GET
201.120.128.144:80
http://201.120.128.144/grn.php?act=engine&host=Victims%20Ip&time=30
MX
malicious
3004
Jays Booter.exe
GET
124.106.114.243:80
http://124.106.114.243/grn.php?act=engine&host=Victims%20Ip&time=30
PH
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3004
Jays Booter.exe
124.106.114.243:80
Philippine Long Distance Telephone Company
PH
malicious
3004
Jays Booter.exe
77.92.84.127:80
UK-2 Limited
GB
malicious
3004
Jays Booter.exe
202.136.60.51:80
Qingdao Cable TV Network Center
CN
malicious
3004
Jays Booter.exe
210.212.58.232:80
National Internet Backbone
IN
malicious
3004
Jays Booter.exe
85.125.196.44:80
Liberty Global Operations B.V.
AT
malicious
3004
Jays Booter.exe
199.119.204.181:80
Psychz Networks
US
malicious
3004
Jays Booter.exe
200.37.255.246:80
Telefonica del Peru S.A.A.
PE
malicious
3004
Jays Booter.exe
82.233.159.108:80
Free SAS
FR
malicious
3004
Jays Booter.exe
217.6.136.144:80
Deutsche Telekom AG
DE
malicious
3004
Jays Booter.exe
87.139.183.231:80
Deutsche Telekom AG
DE
malicious

DNS requests

Domain
IP
Reputation
cuacuonhuythanh.com
  • 45.119.212.227
malicious
gabriel-vores-engel.dk
unknown
www.baofa-lighters.com
  • 175.29.233.223
malicious
freehotlayouts.us
malicious
www.guccibags-australia.com
unknown
charminarconnection.org
  • 192.185.225.43
malicious
www.tkdaz.com
  • 107.180.20.80
malicious
apexhealthliving.com
  • 206.198.226.16
malicious
tolva.dk
  • 94.231.109.205
malicious
mot.gov.ye
  • 35.214.162.186
malicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
106 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Jays Booter v6.0.zip