File name:

OkProg proxy leecher @Xreactor.org.rar

Full analysis: https://app.any.run/tasks/9365ddae-f397-4d28-9f95-a6ca31aceeb4
Verdict: Malicious activity
Analysis date: October 30, 2020, 15:50:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

754C43A894FBB30BB0FC0FDD224361CE

SHA1:

1D3FEC37F0F89466032E8388F89860333C3ADB21

SHA256:

2E6CEAA89511D21C11EB17FA0266FDDD2812DF28BA45264F2BEFFB7765452767

SSDEEP:

12288:oipvf5QUp/V+y324ZoQyEEjKeB0k80wSV7e0oeplzXy0V1haaV/Zup:XcEnmm6B0bSNeuzXhLIaVRup

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Environment values

      • Elite proxy leecher by OkProg.exe (PID: 3356)

    • Executable content was dropped or overwritten

      • Elite proxy leecher by OkProg.exe (PID: 3356)

  • INFO

    • Manual execution by user

      • Elite proxy leecher by OkProg.exe (PID: 3356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 755114
UncompressedSize: 968704
OperatingSystem: Win32
ModifyDate: 2020:10:27 16:32:05
PackingMethod: Normal
ArchivedFileName: OkProg proxy leecher\Elite proxy leecher by OkProg.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs elite proxy leecher by okprog.exe

Process information

PID
CMD
Path
Indicators
Parent process
1004"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OkProg proxy leecher @Xreactor.org.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3356"C:\Users\admin\Desktop\OkProg proxy leecher\Elite proxy leecher by OkProg.exe" C:\Users\admin\Desktop\OkProg proxy leecher\Elite proxy leecher by OkProg.exe
explorer.exe
User:
admin
Company:
Microsoft
Integrity Level:
MEDIUM
Description:
Elite proxy leecher by OkProg
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\desktop\okprog proxy leecher\elite proxy leecher by okprog.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
1 043
Read events
970
Write events
72
Delete events
1

Modification events

(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1004) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\OkProg proxy leecher @Xreactor.org.rar
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(1004) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
1
Suspicious files
0
Text files
235
Unknown types
0

Dropped files

PID
Process
Filename
Type
1004WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1004.39147\OkProg proxy leecher\Elite proxy leecher by OkProg.exe
MD5:
SHA256:
1004WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1004.39147\OkProg proxy leecher\Readme.txt
MD5:
SHA256:
3356Elite proxy leecher by OkProg.exeC:\Users\admin\Desktop\OkProg proxy leecher\Leecher results-[2020.10.30_15.51.18]\HTTP proxies.txttext
MD5:
SHA256:
3356Elite proxy leecher by OkProg.exeC:\Users\admin\AppData\Local\SkinSoft\VisualStyler\2.4.59444.6\x86\ssapihook.dllexecutable
MD5:9E7F44B8F1512476AA896E977C58830B
SHA256:8E6195B50BB0D22E4D346263F708F166DB726C84884FE78A6BB477CAED19E708
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
5
DNS requests
4
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3356
Elite proxy leecher by OkProg.exe
GET
200
216.58.205.243:80
http://www.proxyserverlist24.top/feeds/posts/default
US
xml
269 Kb
whitelisted
3356
Elite proxy leecher by OkProg.exe
GET
200
23.254.165.218:80
http://rootjazz.com/proxies/proxies.txt
US
text
5.91 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3356
Elite proxy leecher by OkProg.exe
188.165.229.135:443
www.proxyscan.io
OVH SAS
FR
unknown
3356
Elite proxy leecher by OkProg.exe
23.254.165.218:80
rootjazz.com
Hostwinds LLC.
US
malicious
3356
Elite proxy leecher by OkProg.exe
216.58.205.243:80
www.proxyserverlist24.top
Google Inc.
US
whitelisted
3356
Elite proxy leecher by OkProg.exe
91.134.128.45:443
api.proxyscrape.com
OVH SAS
FR
suspicious

DNS requests

Domain
IP
Reputation
www.proxyscan.io
  • 188.165.229.135
malicious
rootjazz.com
  • 23.254.165.218
unknown
www.proxyserverlist24.top
  • 216.58.205.243
whitelisted
api.proxyscrape.com
  • 91.134.128.45
suspicious

Threats

PID
Process
Class
Message
1044
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
3356
Elite proxy leecher by OkProg.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OkProg proxy leecher @Xreactor.org.rar