File name: | Cyberghost Latest Version [Cracked] (1).rar |
Full analysis: | https://app.any.run/tasks/22297505-a682-497a-b1d1-609a2adc62a9 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2018, 09:15:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 8C49252FB9FD5EF3F4644D7A4C96D605 |
SHA1: | 5758F16F35BD2B6608CED7F3F3F46F3734248CB0 |
SHA256: | 6D469A023AE548C7B80BEAC3BFCB2E1B7E45D5DBF4C9C943AC02DFF2B9F8E31F |
SSDEEP: | 393216:zzZZ/HTs8FYJa2QdVwz2XUu17vapO1bHWEcZ/u5S//lkk99QexkcvI8:zznbs8+JB/ziUI7ipO1bH6J/ya5qcA8 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3984 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Cyberghost Latest Version [Cracked] (1).rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3028 | "C:\Users\admin\Desktop\Cyberghost Latest Version [Cracked]\Setup\Full CyberGhost_6.0.6.2540_Cracksu.com.exe" | C:\Users\admin\Desktop\Cyberghost Latest Version [Cracked]\Setup\Full CyberGhost_6.0.6.2540_Cracksu.com.exe | explorer.exe | |
User: admin Company: CyberGhost S.R.L. Integrity Level: HIGH Description: CyberGhost 6 Version: 6.0.4 | ||||
3252 | "C:\Users\admin\AppData\Local\Temp\is-R9G5K.tmp\Full CyberGhost_6.0.6.2540_Cracksu.com.tmp" /SL5="$901DE,15011427,150528,C:\Users\admin\Desktop\Cyberghost Latest Version [Cracked]\Setup\Full CyberGhost_6.0.6.2540_Cracksu.com.exe" | C:\Users\admin\AppData\Local\Temp\is-R9G5K.tmp\Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | Full CyberGhost_6.0.6.2540_Cracksu.com.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Version: 51.1052.0.0 | ||||
2560 | "C:\Program Files\CyberGhost 6\CyberGhost.exe" /install | C:\Program Files\CyberGhost 6\CyberGhost.exe | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | |
User: admin Company: CyberGhost S.R.L. Integrity Level: HIGH Description: CyberGhost Version: 6.0.6.2540 | ||||
3112 | "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" --install | C:\Program Files\CyberGhost 6\CyberGhost.Service.exe | — | CyberGhost.exe |
User: admin Company: CyberGhost S.R.L Integrity Level: HIGH Description: CyberGhost Service Exit code: 0 Version: 6.0.6.2540 | ||||
2620 | "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" | C:\Program Files\CyberGhost 6\CyberGhost.Service.exe | services.exe | |
User: SYSTEM Company: CyberGhost S.R.L Integrity Level: SYSTEM Description: CyberGhost Service Version: 6.0.6.2540 | ||||
2036 | "C:\Program Files\CyberGhost 6\Data\OpenVPN\tap-windows-9.21.2.exe" /S | C:\Program Files\CyberGhost 6\Data\OpenVPN\tap-windows-9.21.2.exe | CyberGhost.exe | |
User: admin Integrity Level: HIGH | ||||
3120 | "C:\Users\admin\AppData\Local\Temp\nslCEF4.tmp\nsCF15.tmp" "C:\Program Files\TAP-Windows\bin\tapinstall.exe" hwids tap0901 | C:\Users\admin\AppData\Local\Temp\nslCEF4.tmp\nsCF15.tmp | — | tap-windows-9.21.2.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3988 | "C:\Program Files\TAP-Windows\bin\tapinstall.exe" hwids tap0901 | C:\Program Files\TAP-Windows\bin\tapinstall.exe | — | nsCF15.tmp |
User: admin Company: Windows (R) Win 7 DDK provider Integrity Level: HIGH Description: Windows Setup API Exit code: 0 Version: 6.1.7600.16385 built by: WinDDK | ||||
1880 | "C:\Users\admin\AppData\Local\Temp\nslCEF4.tmp\nsD06D.tmp" "C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901 | C:\Users\admin\AppData\Local\Temp\nslCEF4.tmp\nsD06D.tmp | — | tap-windows-9.21.2.exe |
User: admin Integrity Level: HIGH |
PID | Process | Filename | Type | |
---|---|---|---|---|
3984 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3984.8149\Cyberghost Latest Version [Cracked]\Setup\Full CyberGhost_6.0.6.2540_Cracksu.com.exe | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-ED6BE.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-SG843.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-P3MJM.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-KM36T.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-QKV16.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-0027Q.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-FMIP7.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-RQG1I.tmp | — | |
MD5:— | SHA256:— | |||
3252 | Full CyberGhost_6.0.6.2540_Cracksu.com.tmp | C:\Program Files\CyberGhost 6\is-S7V1E.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1100 | wyUpdate.exe | GET | 404 | 108.177.127.82:80 | http://wyupdate.googlecode.com/files/client.net4.wys | US | html | 1.54 Kb | whitelisted |
1100 | wyUpdate.exe | GET | 301 | 104.20.63.85:80 | http://wyday.com/files/wyupdate/updates/client.net4.wys | US | html | 162 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1100 | wyUpdate.exe | 104.20.27.8:443 | download.cyberghostvpn.com | Cloudflare Inc | US | shared |
1100 | wyUpdate.exe | 104.20.63.85:443 | wyday.com | Cloudflare Inc | US | shared |
1100 | wyUpdate.exe | 104.20.63.85:80 | wyday.com | Cloudflare Inc | US | shared |
1100 | wyUpdate.exe | 108.177.127.82:80 | wyupdate.googlecode.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
download.cyberghostvpn.com |
| whitelisted |
wyupdate.googlecode.com |
| whitelisted |
wyday.com |
| unknown |
Process | Message |
---|---|
CyberGhost.Service.exe | Checking for Update on https://download.cyberghostvpn.com/windows/updates/6/
|