File name: | Auslogics.BoostSpeed.v11.2.0.3.zip |
Full analysis: | https://app.any.run/tasks/6c30f914-5cd2-4c14-a2cc-c7313004e418 |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 22:52:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 1978408F4E6443D8D7B5D8FD3C92B0C9 |
SHA1: | ADEF60584FC0417E49A989B08FD27B8C78304520 |
SHA256: | 9429123F5DDE587D189CE92656793ADEC9A2808064896FA75F41286A848FAC87 |
SSDEEP: | 393216:25oqBMgQBFAfnNiBeXyl886wi91H4YoQmDKQj7X/ROp8e6aVY/Nbo5XvkEw4UW:OowNivdRi9x4NQqLRM8e3cU5XsE7 |
.xpi | | | Mozilla Firefox browser extension (66.6) |
---|---|---|
.zip | | | ZIP compressed archive (33.3) |
ZipFileName: | Auslogics.BoostSpeed.v11.2.0.3.exe |
---|---|
ZipUncompressedSize: | 29051371 |
ZipCompressedSize: | 29051371 |
ZipCRC: | 0x6d55d152 |
ZipModifyDate: | 2019:11:21 15:19:21 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4060 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2768 | cmd /c ""C:\Users\admin\Desktop\PORTABLE.cmd" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
4016 | mode con:cols=100 lines=15 | C:\Windows\system32\mode.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: DOS Device MODE Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1812 | "C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.exe" /S /P | C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.exe | — | cmd.exe |
User: admin Company: Auslogics Software Pty Ltd. Integrity Level: MEDIUM Description: Auslogics BoostSpeed v11.2.0.3 Exit code: 3221226540 Version: 11.2.0.3 | ||||
2232 | "C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.exe" /S /P | C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.exe | — | cmd.exe |
User: admin Company: Auslogics Software Pty Ltd. Integrity Level: MEDIUM Description: Auslogics BoostSpeed v11.2.0.3 Exit code: 3221226540 Version: 11.2.0.3 | ||||
3852 | "C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.exe" /S /P | C:\Users\admin\Desktop\Auslogics.BoostSpeed.v11.2.0.3.exe | cmd.exe | |
User: admin Company: Auslogics Software Pty Ltd. Integrity Level: HIGH Description: Auslogics BoostSpeed v11.2.0.3 Exit code: 0 Version: 11.2.0.3 | ||||
2208 | "C:\Users\admin\AppData\Local\Temp\nso289E.tmp\ns28AF.tmp" netsh.exe advfirewall firewall delete rule name="all" remoteip=95.141.193.133 | C:\Users\admin\AppData\Local\Temp\nso289E.tmp\ns28AF.tmp | — | Auslogics.BoostSpeed.v11.2.0.3.exe |
User: admin Integrity Level: HIGH Exit code: 1 | ||||
2444 | netsh.exe advfirewall firewall delete rule name="all" remoteip=95.141.193.133 | C:\Windows\system32\netsh.exe | — | ns28AF.tmp |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2084 | "C:\Users\admin\AppData\Local\Temp\nso289E.tmp\ns2BBD.tmp" route.exe delete 95.141.193.133 | C:\Users\admin\AppData\Local\Temp\nso289E.tmp\ns2BBD.tmp | — | Auslogics.BoostSpeed.v11.2.0.3.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3140 | route.exe delete 95.141.193.133 | C:\Windows\system32\route.exe | — | ns2BBD.tmp |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: TCP/IP Route Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
4060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4060.21212\Auslogics.BoostSpeed.v11.2.0.3.exe | — | |
MD5:— | SHA256:— | |||
4060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4060.21212\INSTALL.cmd | — | |
MD5:— | SHA256:— | |||
4060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4060.21212\PORTABLE.cmd | — | |
MD5:— | SHA256:— | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\AppData\Local\Temp\nso289E.tmp\ns2BBD.tmp | — | |
MD5:— | SHA256:— | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\Desktop\AuslogicsBoostSpeedPortable\AusLogicsBoostSpeed11Portable.exe | executable | |
MD5:B39878697E607DC822D5F574454CC19C | SHA256:33A5E5F3839F99589A885729D60EAF7AEF6DE61EF82FB2D321DDE0BEAD974C61 | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\Desktop\AuslogicsBoostSpeedPortable\App\BoostSpeed\ActionCenterHelper.dll | executable | |
MD5:0E3A1107B33A73D6EF9139793C55443E | SHA256:50922FD33CB5D1A6F8F9FEF05615C8C9721F3C46B83DA2A8013C8200D8D264C6 | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\Desktop\AuslogicsBoostSpeedPortable\App\BoostSpeed\CommonForms.Routine.dll | executable | |
MD5:8016AB33B2278B30A6E7ED595CECA138 | SHA256:46E0DA7C3406767A9155060748B6EFE14D7D04C4979AF973365266CA1DCDD901 | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\Desktop\AuslogicsBoostSpeedPortable\App\BoostSpeed\BrowserPluginsHelper.dll | executable | |
MD5:1CE6880C37CD66058F0863263CD29FBC | SHA256:D39A5E5007B0E2F7D78DF36B1866AF2F2B22F7A39BC9E857326C9F44EE250888 | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\Desktop\AuslogicsBoostSpeedPortable\App\BoostSpeed\AdvisorHelper.dll | executable | |
MD5:112309A226CC8ACB4DD0B809AA805424 | SHA256:70BD6D568E5EE8BE883C50E8CF3B65DB809CFBBA530B2466A3E6DB3E592B0ADA | |||
3852 | Auslogics.BoostSpeed.v11.2.0.3.exe | C:\Users\admin\Desktop\AuslogicsBoostSpeedPortable\App\BoostSpeed\ATToolsStdHelper.dll | odttf | |
MD5:A03A67B74DFD7EE2ABB43D780495BC06 | SHA256:397E41596FC071256C1918FE5D2E5FC93EBDAB6E08BC10319927D0714699F290 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 13.35.254.41:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
— | — | GET | 200 | 13.35.254.89:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA4vBMJJxPg6SKCVbxEbKkA%3D | US | der | 471 b | whitelisted |
— | — | GET | 200 | 52.222.149.158:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
— | — | GET | 200 | 143.204.208.108:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
2400 | Integrator.exe | HEAD | 200 | 45.33.8.241:80 | http://ads.auslogics.com/uploads/50af3d5413855c55b7843c2659c42f65.png | US | — | — | whitelisted |
— | — | GET | 200 | 143.204.208.196:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
— | — | GET | 200 | 205.185.216.10:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.4 Kb | whitelisted |
1080 | svchost.exe | GET | 200 | 172.217.22.99:80 | http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCC7Rp3EQG0zo | US | binary | 5 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 205.185.216.10:80 | www.download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
— | — | 13.35.254.41:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
— | — | 143.204.208.196:80 | x.ss2.us | — | US | malicious |
2400 | Integrator.exe | 52.201.171.253:443 | abs.aslgics.com | Amazon.com, Inc. | US | unknown |
— | — | 143.204.208.108:80 | ocsp.rootca1.amazontrust.com | — | US | whitelisted |
— | — | 52.222.149.158:80 | o.ss2.us | Amazon.com, Inc. | US | unknown |
— | — | 13.35.254.89:80 | ocsp.sca1b.amazontrust.com | — | US | whitelisted |
1936 | tabcarecenter.exe | 45.33.8.241:443 | ads.auslogics.com | Linode, LLC | US | malicious |
2400 | Integrator.exe | 45.33.8.241:443 | ads.auslogics.com | Linode, LLC | US | malicious |
1080 | svchost.exe | 172.217.22.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
abs.aslgics.com |
| unknown |
x.ss2.us |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |
ads.auslogics.com |
| whitelisted |
www.auslogics.com |
| whitelisted |
qa.auslogics.com |
| malicious |