Analysis of Archer.exe Malware to Identify Potential Threats on Operating Systems Using the Hybrid Analysis Method

Abstract

Cybersecurity has become a primary concern in the digital era, particularly regarding malware attacks targeting the Windows operating system. This study aims to analyze a Remote Access Trojan (RAT)-type malware named archer.exe, obtained from the Any.run platform. The method used is hybrid analysis, a combination of static analysis and dynamic analysis, to provide a comprehensive understanding of the malware's structure and behavior. Static analysis results show that archer.exe is a Portable Executable (PE) file with a size of 829.35 KB and employs packing techniques to conceal its payload. Meanwhile, dynamic analysis reveals that the malware modifies system registry keys, spawns child processes such as rundll32.exe and cmd.exe, and establishes a network connection to a Command and Control (C2) server at IP address 192.169.69.26 via the domain dominoduck2101.duckdns.org. These findings indicate that archer.exe poses a high risk of remote system access, data theft, and malicious background activity without user awareness. This study demonstrates that the hybrid analysis method is effective in identifying hidden threats and malicious behavior of RAT-type malware on Windows 10 systems.