File name: | Inferno Stresser[3.1].zip |
Full analysis: | https://app.any.run/tasks/fca0bf63-837b-4f62-b7dc-8bb6667ee295 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 07:49:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | F3D7C89D4BE9EE88B267E9F15FF83E30 |
SHA1: | 3957C08B6B79101A21DB8563D69C56B2689F79AD |
SHA256: | 90E5ECD5BF7CCEC925A0001199F66AC456459F8E55237F0EE672CF223E6B1F1A |
SSDEEP: | 196608:ceMVWiRvQ09RYNu5W3UEdcHXLZSo0hKAKdIzJOZOMxzwwerIRnCziaD0aB8GNKru:CVWS4SYc5W3zyLV0RKdgJKDzwwe8RuRD |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Inferno Stresser[3.1].exe |
---|---|
ZipUncompressedSize: | 11379200 |
ZipCompressedSize: | 10858385 |
ZipCRC: | 0x28fb05f0 |
ZipModifyDate: | 2018:05:20 11:00:16 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3244 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Inferno Stresser[3.1].zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2148 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.11892\[Password Inside][ReadME].txt | C:\Windows\system32\NOTEPAD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2504 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\Inferno Stresser[3.1].exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\Inferno Stresser[3.1].exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: Inferno-Stresser Version: 3.0.0.0 | ||||
3128 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.17667\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt | C:\Windows\system32\NOTEPAD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1860 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.18683\IT WONT OPEN IF YOU FORGET EXTRACT geckofx-13.dll TO THE SAME FOLDER!!!.txt | C:\Windows\system32\NOTEPAD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3824 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\[Password Inside][ReadME].txt | text | |
MD5:585A5DDC0ACB1C2B5CDCC87EA2377B6D | SHA256:686FC8C90CB07242B038829EFB2A317FE5AC80E26930E1600222EC5418C54C38 | |||
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt | text | |
MD5:2D18D9A143976CCD96C8ED037887D2C0 | SHA256:A62CBAC993BEADFD206C730B3B922F3F3346A406C5E8C5FC8CD2C3631CE4BCA5 | |||
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.17667\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt | text | |
MD5:2D18D9A143976CCD96C8ED037887D2C0 | SHA256:A62CBAC993BEADFD206C730B3B922F3F3346A406C5E8C5FC8CD2C3631CE4BCA5 | |||
2504 | Inferno Stresser[3.1].exe | C:\Users\admin\AppData\Roaming\xul.zip | compressed | |
MD5:079F60AC7631FD01155B6BC7B898AEAB | SHA256:D7848FA0C6F08985B30FE8215679CD7E2B23A57B9CEE00733E7A361336C4C683 | |||
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\Inferno Stresser[3.1].exe | executable | |
MD5:2E576B45F650BE5FBB12FB919A1BD58A | SHA256:C035E71BC91E1F5B7ED35B4A1D8DFF2B45CCC5620941C320AB3CA19B21E1B5D7 | |||
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\IT WONT OPEN IF YOU FORGET EXTRACT geckofx-13.dll TO THE SAME FOLDER!!!.txt | text | |
MD5:2833157CC74290CA657DCF3A685B2355 | SHA256:DB6C42FC1461D7107AB410F899362EA70E4C2582A7B9BB5C1C82B6FE671E8021 | |||
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.11892\[Password Inside][ReadME].txt | text | |
MD5:585A5DDC0ACB1C2B5CDCC87EA2377B6D | SHA256:686FC8C90CB07242B038829EFB2A317FE5AC80E26930E1600222EC5418C54C38 | |||
2504 | Inferno Stresser[3.1].exe | C:\Users\admin\AppData\Roaming\xulrunner\freebl3.dll | executable | |
MD5:5664FE215846AFD441E1D45EA8842C3A | SHA256:E3CD9604E3A27288E1821537D9FE20FABD3A6089105FC66ADCE0A2BC117F0198 | |||
3244 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\geckofx-13.dll | executable | |
MD5:E00B8D01C276BEC209E7DD6DF484F066 | SHA256:98334D7F1D645CC4E992CCADF892E7289CB4A7820F19B874AF70B88E939AFE10 | |||
2504 | Inferno Stresser[3.1].exe | C:\Users\admin\AppData\Roaming\xulrunner\gkmedias.dll | executable | |
MD5:EFE4042E5891E254235AC15C86B47EDB | SHA256:1BA841C090D45BF6060C806BE6EF9241F3068EA3C977B1A90D61354D8476DA47 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.217.21.194:80 | http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | US | text | 32.2 Kb | whitelisted |
2504 | Inferno Stresser[3.1].exe | GET | 404 | 104.31.65.8:80 | http://inferno-stress.com/account/ | US | html | 956 b | suspicious |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.104.29.90:80 | http://www.supercounters.com/css/ie.css | US | text | 777 b | malicious |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.104.29.90:80 | http://www.supercounters.com/online/1029205 | US | binary | 4.33 Kb | malicious |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.217.21.194:80 | http://pagead2.googlesyndication.com/pagead/show_ads.js | US | text | 23.2 Kb | whitelisted |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.217.21.194:80 | http://pagead2.googlesyndication.com/pagead/js/r20190513/r20190131/show_ads_impl.js | US | text | 75.8 Kb | whitelisted |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.104.29.90:80 | http://www.supercounters.com/images/logo.png | US | image | 12.4 Kb | malicious |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.104.29.90:80 | http://www.supercounters.com/css/print.css | US | text | 671 b | malicious |
2504 | Inferno Stresser[3.1].exe | GET | 404 | 104.31.65.8:80 | http://inferno-stress.com/account/sys_cpanel/images/bottombody.jpg | US | html | 959 b | suspicious |
2504 | Inferno Stresser[3.1].exe | GET | 200 | 172.104.29.90:80 | http://www.supercounters.com/js/g.js | US | text | 2.70 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2504 | Inferno Stresser[3.1].exe | 66.102.1.157:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 172.217.21.194:80 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 172.217.21.194:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 104.31.65.8:80 | inferno-stress.com | Cloudflare Inc | US | shared |
2504 | Inferno Stresser[3.1].exe | 172.217.23.130:443 | googleads.g.doubleclick.net | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 172.217.16.206:443 | apis.google.com | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 172.217.22.100:443 | www.google.com | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 172.217.18.174:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 157.240.20.19:80 | connect.facebook.net | Facebook, Inc. | US | whitelisted |
2504 | Inferno Stresser[3.1].exe | 172.104.29.90:80 | www.supercounters.com | Linode, LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
ftp.mozilla.org |
| whitelisted |
swaggy-freddy.in |
| unknown |
inferno-stress.com |
| suspicious |
www.supercounters.com |
| malicious |
pagead2.googlesyndication.com |
| whitelisted |
s7.addthis.com |
| whitelisted |
googleads.g.doubleclick.net |
| whitelisted |
connect.facebook.net |
| whitelisted |
apis.google.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2504 | Inferno Stresser[3.1].exe | Misc activity | SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7) |
Process | Message |
---|---|
Inferno Stresser[3.1].exe | %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s |