Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\RarSFX0\data\bootinst.exe 87,552 bytes MD5: 0x70C5F6F69CDC6C5B8240622CF7D90380
SHA-1: 0xD7FA00497A3D3279B547DFC913E23052B9287060
(not available)
2 %Temp%\RarSFX0\data\bootrest.exe 87,552 bytes MD5: 0xE1921DEA226B244F83AC5F59681D48A2
SHA-1: 0xA4A7798C05B6E4B47D7804978614A1E67F3462AA
(not available)
3 %Temp%\RarSFX0\data\Certificate.xrm-ms 2,731 bytes MD5: 0xF25832AF6A684360950DBB15589DE34A
SHA-1: 0x17FF1D21005C1695AE3DCBDC3435017C895FFF5D
(not available)
4 %Temp%\RarSFX0\data\lang.ini 1,870 bytes MD5: 0x63EDBD0147485CC173900753F46A3B90
SHA-1: 0xDACA2B9FE560CDAC55FC87FCA1A459C5DF91A5DD
(not available)
5 %Temp%\RarSFX0\data\READ_ME.txt 2,054 bytes MD5: 0x75162E7093C2FA72A9AA3C3B52359D77
SHA-1: 0xE42E66D04F07F37B5076D25FDB6E928B64567FFB
(not available)
6 %Temp%\RarSFX0\WIN7 Activation.exe 466,944 bytes MD5: 0xDB32449409F446C5F68E99EEB40321C1
SHA-1: 0x2791C3E1EE87E0428945AA2B06A6330ED54AE66F
packed with UPX [Kaspersky Lab]
7 [file and pathname of the sample #1] 713,396 bytes MD5: 0xE1D3E20E41B850F35FB2C41715B690C5
SHA-1: 0x3451B86A8DBBB7309E8D228C6031D115BA18303D
HackTool:Win32/Keygen [Microsoft]
packed with UPX [Kaspersky Lab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]262,144 bytes
win7 activation.exe%Temp%\rarsfx0\win7 activation.exe1,134,592 bytes
bootinst.exe%Temp%\rarsfx0\data\bootinst.exe102,400 bytes
bootrest.exe%Temp%\rarsfx0\data\bootrest.exe102,400 bytes

 

Other details

China
Russian Federation

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2018 ThreatExpert. All rights reserved.