File name:

DNSBench.exe

Full analysis: https://app.any.run/tasks/391970cb-a9d0-4d0f-96cb-c8aa917993dd
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 19, 2024, 16:22:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
zloader
zeus
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5:

04177F89FA23B9D6FEC146D9BE737566

SHA1:

B95EA3C6094AFFDA5F05110D1C0AE6DAA56EBC2B

SHA256:

A1375A7ECBACF70EFD3D54C7EC3C1CEAE7166AD1C723B390AC78D7A3E1B19F92

SSDEEP:

6144:FVBTVrqwLfbHbCZKvkzdciwzy5fzrluoLFepJXuxx8LL:XBTZqwLTHbCZKszdLwzy5rrlu4WXuxxE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DNSBench.exe (PID: 3040)

  • SUSPICIOUS

    • Reads the Internet Settings

      • DNSBench.exe (PID: 3040)

    • Reads security settings of Internet Explorer

      • DNSBench.exe (PID: 3040)

    • Checks Windows Trust Settings

      • DNSBench.exe (PID: 3040)

    • Reads settings of System Certificates

      • DNSBench.exe (PID: 3040)

  • INFO

    • Checks supported languages

      • DNSBench.exe (PID: 3040)

    • Reads the computer name

      • DNSBench.exe (PID: 3040)

    • Checks proxy server information

      • DNSBench.exe (PID: 3040)

    • Reads the machine GUID from the registry

      • DNSBench.exe (PID: 3040)

    • Reads the software policy settings

      • DNSBench.exe (PID: 3040)

    • Creates files or folders in the user directory

      • DNSBench.exe (PID: 3040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (v2.x) (51)
.exe | Win32 EXE PECompact compressed (generic) (35.9)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:04:04 20:59:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 77824
InitializedDataSize: 602112
UninitializedDataSize: -
EntryPoint: 0xbd5e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.3.6668.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Author: Steve Gibson, Gibson Research Corporation, http://grc.com
BuildTimestamp: 2018/04/04 20:56 GMT
CompanyName: Gibson Research Corp.
Description: DNS Benchmark - Domain Name System Benchmarking Utility. Please see this program's built-in help for additional information.
FileDescription: Measure the performance of DNS resolvers.
FileVersion: 1.3.6668.0
InternalName: dnsbench.exe
LegalCopyright: Copyright © 2018 Gibson Research Corp.
OriginalFileName: dnsbench.exe
ProductName: "DNS Benchmark", freeware by Steve Gibson
ProductVersion: 1.3.6668.0
WebSiteforUpdates: http://www.GRC.com
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dnsbench.exe

Process information

PID
CMD
Path
Indicators
Parent process
3040"C:\Users\admin\AppData\Local\Temp\DNSBench.exe" C:\Users\admin\AppData\Local\Temp\DNSBench.exe
explorer.exe
User:
admin
Company:
Gibson Research Corp.
Integrity Level:
MEDIUM
Description:
Measure the performance of DNS resolvers.
Version:
1.3.6668.0
Modules
Images
c:\users\admin\appdata\local\temp\dnsbench.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
Total events
202 756
Read events
202 698
Write events
40
Delete events
18

Modification events

(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3040) DNSBench.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
3
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
3040DNSBench.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04der
MD5:D2A257094A612F7A2CEEC284F1ED7FAA
SHA256:BD324CD2F2D795EB43DC5F85D24F3381ADA533F7E5313B7747201A5F7B70DD3A
3040DNSBench.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2999C1B6A24F78F80E1EA61FEC97FDB8
SHA256:4EE93B3DA986B0873C573189995B05BD2BC5275DA887BB61DB46E72E752B336A
3040DNSBench.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:C8ABE2310FEFDC08800AE7E079E9E350
SHA256:93355AA444A113C47A8003606A24A178CA067349D21571376C1B5487878B446B
3040DNSBench.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ne[1]binary
MD5:519AD9B249AEAC5B8BB15D2972291285
SHA256:96F2F19EEE11641A511F55D04DBFFA5A7B47D121D933E5F32C25070B0D53968F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
11
DNS requests
7 335
Threats
72

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3040
DNSBench.exe
GET
301
4.79.142.202:80
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
unknown
3040
DNSBench.exe
GET
301
4.79.142.202:80
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
unknown
3040
DNSBench.exe
GET
301
4.79.142.202:80
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
unknown
3040
DNSBench.exe
GET
301
4.79.142.202:80
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
unknown
GET
301
4.79.142.202:80
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
unknown
3040
DNSBench.exe
GET
304
23.216.77.62:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6d971099b1cf5919
unknown
1080
svchost.exe
GET
200
23.216.77.75:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b36b6018cfb21342
unknown
3040
DNSBench.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
1080
svchost.exe
GET
304
23.216.77.75:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ed7ebecfb33b68f0
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
3040
DNSBench.exe
4.79.142.202:80
www.grc.com
LEVEL3
US
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.2:137
unknown
3040
DNSBench.exe
4.79.142.202:443
www.grc.com
LEVEL3
US
unknown
3040
DNSBench.exe
23.216.77.62:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3040
DNSBench.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
1080
svchost.exe
23.216.77.75:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
yrlupkmvkxoyd2jl40qez3wkdh.isc.org
unknown
www.grc.com
  • 4.79.142.202
unknown
isc.org
  • 149.20.2.28
unknown
besbguurm34onke1kat4k0lv5d.com
  • 49.13.77.253
unknown
www.oevb0niqcslfcffyxitglq1vre.com
  • 49.13.77.253
unknown
2.100.168.192.in-addr.arpa
unknown
net4.rebindtest.com
  • 4.4.4.4
  • ::ffff:4.4.4.4
unknown
1jhaojzrfflcf0lq2htims53cf.com
unknown
www.uau22onszavs3glgktquswxnfc.com
unknown
net10.rebindtest.com
  • 10.0.0.1
  • ::ffff:10.0.0.1
unknown

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014
A Network Trojan was detected
ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
DNSBench.exe