analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

uProxy Tool 2.1.rar

Full analysis: https://app.any.run/tasks/2678e0cd-2a8b-4170-903a-507f4d319c32
Verdict: Malicious activity
Analysis date: November 30, 2020, 03:02:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

42DC6EA34D7629510C6E1009755288F6

SHA1:

A00769E924AB1E61F58DB33FE0B68DD23CD4D2C9

SHA256:

550F01B088AD0CB19B69B0B3ADE9D70D571FF2EBB021B8ACC5BF1CF6A6F50BA7

SSDEEP:

49152:nSoQTEpRZzOzaDJuQ6XrnGH44qRjviem55jqbqmMJSrdkxntfn+Jr/o:nbQ8TyatuQKSYzR7655jmg+shv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • uProxy Tool.exe (PID: 3208)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Manual execution by user

      • uProxy Tool.exe (PID: 3208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs uproxy tool.exe

Process information

PID
CMD
Path
Indicators
Parent process
2196"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\uProxy Tool 2.1.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3208"C:\Users\admin\Desktop\uProxy Tool.exe" C:\Users\admin\Desktop\uProxy Tool.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
uProxy Tool
Version:
2.1
Total events
500
Read events
467
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
2196WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2196.21390\Data\Source.txt
MD5:
SHA256:
2196WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2196.21390\uProxy Tool.exe
MD5:
SHA256:
2196WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2196.21390\Data\Country.mmdbmpg
MD5:917FA457274651B5F23DFECBC9286A6D
SHA256:588FF7098075F0B3823300C2DE9B5C670552E7E43A0D9BBD23B2B46BA0F85A49
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
7
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3208
uProxy Tool.exe
GET
216.58.212.179:80
http://www.live-socks.net/feeds/posts/default
US
whitelisted
3208
uProxy Tool.exe
GET
23.254.165.218:80
http://rootjazz.com/proxies/proxies.txt
US
malicious
3208
uProxy Tool.exe
GET
301
104.27.166.4:80
http://proxyape.com/
US
whitelisted
3208
uProxy Tool.exe
GET
200
172.217.23.147:80
http://www.proxyserverlist24.top/feeds/posts/default
US
xml
269 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3208
uProxy Tool.exe
151.101.128.133:443
raw.githubusercontent.com
Fastly
US
suspicious
3208
uProxy Tool.exe
216.58.212.179:80
www.live-socks.net
Google Inc.
US
whitelisted
3208
uProxy Tool.exe
104.18.59.79:443
proxyunique.com
Cloudflare Inc
US
shared
3208
uProxy Tool.exe
104.27.166.4:80
proxyape.com
Cloudflare Inc
US
unknown
3208
uProxy Tool.exe
23.254.165.218:80
rootjazz.com
Hostwinds LLC.
US
malicious
3208
uProxy Tool.exe
172.217.23.147:80
www.proxyserverlist24.top
Google Inc.
US
whitelisted
3208
uProxy Tool.exe
104.27.166.4:443
proxyape.com
Cloudflare Inc
US
unknown

DNS requests

Domain
IP
Reputation
raw.githubusercontent.com
  • 151.101.128.133
  • 151.101.64.133
  • 151.101.0.133
  • 151.101.192.133
shared
www.proxyserverlist24.top
  • 172.217.23.147
whitelisted
proxyunique.com
  • 104.18.59.79
  • 172.67.142.222
  • 104.18.58.79
suspicious
sslproxies24.blogspot.in
whitelisted
rootjazz.com
  • 23.254.165.218
unknown
www.live-socks.net
  • 216.58.212.179
whitelisted
proxyape.com
  • 104.27.166.4
  • 104.27.167.4
  • 172.67.136.27
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
3208
uProxy Tool.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info