File name: | uProxy Tool 2.1.rar |
Full analysis: | https://app.any.run/tasks/2678e0cd-2a8b-4170-903a-507f4d319c32 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 03:02:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 42DC6EA34D7629510C6E1009755288F6 |
SHA1: | A00769E924AB1E61F58DB33FE0B68DD23CD4D2C9 |
SHA256: | 550F01B088AD0CB19B69B0B3ADE9D70D571FF2EBB021B8ACC5BF1CF6A6F50BA7 |
SSDEEP: | 49152:nSoQTEpRZzOzaDJuQ6XrnGH44qRjviem55jqbqmMJSrdkxntfn+Jr/o:nbQ8TyatuQKSYzR7655jmg+shv |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2196 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\uProxy Tool 2.1.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3208 | "C:\Users\admin\Desktop\uProxy Tool.exe" | C:\Users\admin\Desktop\uProxy Tool.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: uProxy Tool Version: 2.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2196 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2196.21390\Data\Source.txt | — | |
MD5:— | SHA256:— | |||
2196 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2196.21390\uProxy Tool.exe | — | |
MD5:— | SHA256:— | |||
2196 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2196.21390\Data\Country.mmdb | mpg | |
MD5:917FA457274651B5F23DFECBC9286A6D | SHA256:588FF7098075F0B3823300C2DE9B5C670552E7E43A0D9BBD23B2B46BA0F85A49 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3208 | uProxy Tool.exe | GET | — | 216.58.212.179:80 | http://www.live-socks.net/feeds/posts/default | US | — | — | whitelisted |
3208 | uProxy Tool.exe | GET | — | 23.254.165.218:80 | http://rootjazz.com/proxies/proxies.txt | US | — | — | malicious |
3208 | uProxy Tool.exe | GET | 301 | 104.27.166.4:80 | http://proxyape.com/ | US | — | — | whitelisted |
3208 | uProxy Tool.exe | GET | 200 | 172.217.23.147:80 | http://www.proxyserverlist24.top/feeds/posts/default | US | xml | 269 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3208 | uProxy Tool.exe | 151.101.128.133:443 | raw.githubusercontent.com | Fastly | US | suspicious |
3208 | uProxy Tool.exe | 216.58.212.179:80 | www.live-socks.net | Google Inc. | US | whitelisted |
3208 | uProxy Tool.exe | 104.18.59.79:443 | proxyunique.com | Cloudflare Inc | US | shared |
3208 | uProxy Tool.exe | 104.27.166.4:80 | proxyape.com | Cloudflare Inc | US | unknown |
3208 | uProxy Tool.exe | 23.254.165.218:80 | rootjazz.com | Hostwinds LLC. | US | malicious |
3208 | uProxy Tool.exe | 172.217.23.147:80 | www.proxyserverlist24.top | Google Inc. | US | whitelisted |
3208 | uProxy Tool.exe | 104.27.166.4:443 | proxyape.com | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
raw.githubusercontent.com |
| shared |
www.proxyserverlist24.top |
| whitelisted |
proxyunique.com |
| suspicious |
sslproxies24.blogspot.in |
| whitelisted |
rootjazz.com |
| unknown |
www.live-socks.net |
| whitelisted |
proxyape.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
3208 | uProxy Tool.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |