File name: | 9.rar |
Full analysis: | https://app.any.run/tasks/13beef36-c95d-4b5e-8604-0f097885127c |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 09:24:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | B4828B159982713DA866FCEC12ADF8A5 |
SHA1: | B88A3D7740138C8853652E6D904DD670C4116FD0 |
SHA256: | 4F06DDE969983014D5A5070BF563AF3DB97CAF0DD047D65FCC8893A0B4FD5BE1 |
SSDEEP: | 98304:Bwgd8Clk2IV0TlSYwwho5vfaOeawhIVQ9QycZH4VdV3MHKKvss6WG54:2gJu7ecY05vfwhIVLy3VjFKv5m2 |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | Proxy Tools\Gather Proxy 9.0 Premium\Data\autosp.ini |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2014:07:05 04:27:16 |
OperatingSystem: | Win32 |
UncompressedSize: | 188 |
CompressedSize: | 225 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3580 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\9.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2044 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3080 | "C:\Users\admin\Desktop\Proxy Tools\uProxy Tool 2.0\uProxy Tool.exe" | C:\Users\admin\Desktop\Proxy Tools\uProxy Tool 2.0\uProxy Tool.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: uProxy Tool Exit code: 0 Version: 2.0 | ||||
3316 | "C:\Users\admin\Desktop\Proxy Tools\Proxy v0.3 Checker By X-SLAYER\Proxy v0.3 Checker By X-SLAYER.exe" | C:\Users\admin\Desktop\Proxy Tools\Proxy v0.3 Checker By X-SLAYER\Proxy v0.3 Checker By X-SLAYER.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: Checker By X-SLAYER Exit code: 0 Version: 1.0.0.0 | ||||
3156 | "C:\Users\admin\Desktop\Proxy Tools\Proxy Tool by DarkneS's Cracked By 3xLink1337\Proxy_Tools_Cracked by Alphacrack.exe" | C:\Users\admin\Desktop\Proxy Tools\Proxy Tool by DarkneS's Cracked By 3xLink1337\Proxy_Tools_Cracked by Alphacrack.exe | — | explorer.exe |
User: admin Company: DarkneS's Integrity Level: MEDIUM Description: Proxy Tools 2017 Version: 1.0.3.0 | ||||
936 | "C:\Users\admin\Desktop\Proxy Tools\Gather Proxy 9.0 Premium\Gather Proxy.exe" | C:\Users\admin\Desktop\Proxy Tools\Gather Proxy 9.0 Premium\Gather Proxy.exe | explorer.exe | |
User: admin Company: GatherProxy.com Integrity Level: MEDIUM Description: Gather Proxy 9.0 - Free Pro Proxy and Socks Scraper Exit code: 0 Version: 9.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Proxy Tool by DarkneS's Cracked By 3xLink1337\Proxy_Tools_Cracked by Alphacrack.exe | executable | |
MD5:CD7E9728A3358F079666F6B56AC5B4ED | SHA256:336A410F1269B64C8EF501FE96EBCD6C5B8467D11289C84B45D7C883268193D1 | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\Gather Proxy.exe | executable | |
MD5:849D2C2C5901D04670864139D7114DA4 | SHA256:B8F8AD67F05C7A0B444FAC86E35BAFB1488E3FE9550BD74CA2155962B964DE9E | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\FacebookAPIClass.dll | executable | |
MD5:5FB4FB4609E5F71AE0B910A7F3F9F53D | SHA256:59A5EE5FD24EFA9C328B5741DCAEAFF590B0031B513C2B38A6B97862399A5841 | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\Data\configs.gp | text | |
MD5:04FB832C2B301EDA0B8EBC6A17FC7298 | SHA256:87FE2C57089B7C4A487646F81AEB4645B1D66098169191CC9E89D3B2DB61AC05 | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Proxy v0.3 Checker By X-SLAYER\Proxy v0.3 Checker By X-SLAYER.exe | — | |
MD5:— | SHA256:— | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\Data\autosp.ini | text | |
MD5:0AB7386476BFD6E6A7FDCAA91DA04D4F | SHA256:BA4DB1C4843A36822F68556D4F2AC5B815F3E7B063D28D8905FD6084B594EC40 | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\MaxMind.Db.dll | executable | |
MD5:4D1FC03277F904C3172A4C23ED36B032 | SHA256:68540771C4099BAB7A26AB31F59F92E12182B9050D84E625BE7BD5778871F475 | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\Data\ref.ref | text | |
MD5:EDF1E41F9FE226BE3E61845B747A2C6E | SHA256:C78BA0953491DCCBD7EE2B03CF6AE3A295676715D524B278345FBB31245FBCD5 | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\RestSharp.dll | executable | |
MD5:07187F3DD0263CDCABA9C800444379A5 | SHA256:317690CB0B82E5632E132AA384843729CD31E24CCC4B1FA00BA8157CB8D82F7E | |||
3580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3580.29064\Proxy Tools\Gather Proxy 9.0 Premium\Newtonsoft.Json.dll | executable | |
MD5:5E02DDAF3B02E43E532FC6A52B04D14B | SHA256:78BEDD9FCE877A71A8D8FF9A813662D8248361E46705C4EF7AFC61D440FF2EEB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
936 | Gather Proxy.exe | GET | 200 | 97.74.233.74:80 | http://update.snaware.com/auth/?k=ZarOPefp0ICq%2fqjeSZrr54Nuvqy%2bpdmTuPiyaqYlEFJRsPXfhSR83ElUHaSVfsSgK%2bQeWtSPuYG9RvxI4vyeX9IJIINkUCXYOUdK8lhQ8M0n5Y3jLZbKFNl48cKJDKbs%2bEw35xFRDeoGQ9uqdn2Yg4tawdx%2bwAfAGEqEyQn40NBOGzE8NzMDsPcdW0JlDIIi | US | text | 1.31 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3080 | uProxy Tool.exe | 151.101.0.133:443 | raw.githubusercontent.com | Fastly | US | malicious |
936 | Gather Proxy.exe | 97.74.233.74:80 | update.snaware.com | GoDaddy.com, LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
raw.githubusercontent.com |
| shared |
www.jackktutorials.com |
| malicious |
update.snaware.com |
| malicious |