File name:

ares-2-5-8.exe

Full analysis: https://app.any.run/tasks/642cc95d-663f-4cca-a939-3a62be52a3b6
Verdict: Malicious activity
Analysis date: March 01, 2024, 18:29:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

2356C5C743FE4206FEE884956F9ED491

SHA1:

5F018F3A4F288396B90411CDE2552E40E1F40304

SHA256:

477212379359B29A23FAC43D6974EBA310A416E74AB80D1BF259BB4E47B01AF4

SSDEEP:

98304:pAdaBx03TdCc3V5MbB8r2RDJsxrZNXFTjCf+uE+Jgvk1KMLew9gdemt8rSBytp1u:AFkeMyl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ares-2-5-8.exe (PID: 3708)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ares-2-5-8.exe (PID: 3708)

    • Executable content was dropped or overwritten

      • ares-2-5-8.exe (PID: 3708)

    • The process creates files with name similar to system file names

      • ares-2-5-8.exe (PID: 3708)

  • INFO

    • Checks supported languages

      • ares-2-5-8.exe (PID: 3708)

    • Reads the computer name

      • ares-2-5-8.exe (PID: 3708)

    • Create files in a temporary directory

      • ares-2-5-8.exe (PID: 3708)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:52+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.5.8.3084
ProductVersionNumber: 2.5.8.3084
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Windows, Latin1
FileDescription: Ares p2p for windows
FileVersion: 2.5.8.3084
LegalCopyright: GPL OpenSource Software
OriginalFileName: aresregular258_installer.exe
ProductName: Ares p2p for windows
ProductVersion: 2.5
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ares-2-5-8.exe ares-2-5-8.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2472"C:\Users\admin\AppData\Local\Temp\ares-2-5-8.exe" C:\Users\admin\AppData\Local\Temp\ares-2-5-8.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Ares p2p for windows
Exit code:
3221226540
Version:
2.5.8.3084
Modules
Images
c:\users\admin\appdata\local\temp\ares-2-5-8.exe
c:\windows\system32\ntdll.dll
3708"C:\Users\admin\AppData\Local\Temp\ares-2-5-8.exe" C:\Users\admin\AppData\Local\Temp\ares-2-5-8.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Ares p2p for windows
Exit code:
0
Version:
2.5.8.3084
Modules
Images
c:\users\admin\appdata\local\temp\ares-2-5-8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 316
Read events
2 316
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3708ares-2-5-8.exeC:\Users\admin\AppData\Local\Temp\nsqF657.tmp\LangDLL.dllexecutable
MD5:9384F4007C492D4FA040924F31C00166
SHA256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
3708ares-2-5-8.exeC:\Users\admin\AppData\Local\Temp\nsqF657.tmp\modern-header.bmpimage
MD5:0BA8A43196A39B23D8DFF13D9D589CEF
SHA256:DBA7A75EE73421EF9AF25A6EB3297B12B626A16B2879D0F8B54461F77E94DB8A
3708ares-2-5-8.exeC:\Users\admin\AppData\Local\Temp\nsqF657.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
3708ares-2-5-8.exeC:\Users\admin\AppData\Local\Temp\nsqF657.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
3708ares-2-5-8.exeC:\Users\admin\AppData\Local\Temp\nsqF657.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ares-2-5-8.exe