File name:

EXE_Bomb_Windows.exe

Full analysis: https://app.any.run/tasks/5057c487-e0dd-4467-a243-9ea28c044e04
Verdict: Malicious activity
Analysis date: June 17, 2024, 05:02:29
OS: Ubuntu 22.04.2
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

321A25C61BB513862F8FFFB5DB7A4489

SHA1:

F7A1949EBCD01C1CE4175A32CCD1E1DAE9E5811B

SHA256:

A3E48CF8947F839D542B4AE3B735D204266B143F1D586B1318367BF3CF7F7FC5

SSDEEP:

98304:4StJF80nVgIYHcz8Z3NaeNQarak9Sz4yEtZxrSxdG2i+6Y0YTShZMPeZznZXgD5r:RTLKZUbmIaD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks DMI information (probably VM detection)

      • systemd-hostnamed (PID: 12953)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2020:01:05 12:15:46+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14
CodeSize: 134656
InitializedDataSize: 259584
UninitializedDataSize: -
EntryPoint: 0x8ef8
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: SebastianEPH
FileDescription: [Virus troyano, (Fines educativos)]
FileVersion: 1.0 (win7sp1_rtm.101119-1850)
InternalName: EXEBombWindows
LegalCopyright: SebastianEPH©.
OriginalFileName: EXE_Bomb_Windows.exe
ProductName: EXE Bomb Windows®
ProductVersion: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
237
Monitored processes
24
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
systemctl no specs systemctl no specs systemctl no specs systemctl no specs sh no specs file no specs sh no specs sudo no specs nautilus no specs locale-check no specs systemd-hostnamed no specs systemctl no specs systemctl no specs nautilus no specs file-roller no specs 7z no specs nm-dispatcher no specs 01-ifupdown no specs run-parts no specs wireless-tools no specs wpasupplicant no specs 01-ifupdown no specs 01-ifupdown no specs iwconfig no specs

Process information

PID
CMD
Path
Indicators
Parent process
12931systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12932systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12933systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12934systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12935sh -c "file --mime-type /tmp/EXE_Bomb_Windows\.exe"/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12936file --mime-type /tmp/EXE_Bomb_Windows.exe/usr/bin/filesh
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12937/bin/sh -c "DISPLAY=:0 sudo -iu user nautilus /tmp/EXE_Bomb_Windows\.exe "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
12938sudo -iu user nautilus /tmp/EXE_Bomb_Windows.exe/usr/bin/sudosh
User:
user
Integrity Level:
UNKNOWN
12939nautilus /tmp/EXE_Bomb_Windows.exe/usr/bin/nautilussudo
User:
user
Integrity Level:
UNKNOWN
12940/usr/bin/locale-check C.UTF-8/usr/bin/locale-checknautilus
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Executable files
0
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
12939nautilus/home/user/.local/share/recently-used.xbelxml
MD5:
SHA256:
12965file-roller/home/user/.local/share/recently-used.xbelxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
11
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.49:80
http://connectivity-check.ubuntu.com/
unknown
unknown
GET
204
91.189.91.49:80
http://connectivity-check.ubuntu.com/
unknown
unknown
GET
204
91.189.91.49:80
http://connectivity-check.ubuntu.com/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.49:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
195.181.170.18:443
odrs.gnome.org
Datacamp Limited
DE
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
473
NetworkManager
91.189.91.97:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
unknown

DNS requests

Domain
IP
Reputation
odrs.gnome.org
  • 195.181.170.18
  • 212.102.56.182
  • 156.146.33.138
  • 156.146.33.141
  • 156.146.33.15
  • 195.181.175.16
  • 195.181.175.40
  • 212.102.56.179
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::22
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::10
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
  • 195.181.170.19
  • 156.146.33.137
  • 156.146.33.14
  • 195.181.175.15
  • 195.181.175.41
  • 212.102.56.178
unknown
api.snapcraft.io
  • 185.125.188.54
  • 185.125.188.58
  • 185.125.188.55
  • 185.125.188.59
unknown
59.100.168.192.in-addr.arpa
unknown
connectivity-check.ubuntu.com
  • 91.189.91.49
  • 185.125.190.48
  • 185.125.190.17
  • 91.189.91.98
  • 185.125.190.96
  • 91.189.91.97
  • 91.189.91.48
  • 185.125.190.97
  • 91.189.91.96
  • 185.125.190.18
  • 185.125.190.98
  • 185.125.190.49
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::96
  • 2001:67c:1562::23
  • 2620:2d:4000:1::23
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::2b
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::22
  • 2620:2d:4002:1::196
  • 2001:67c:1562::24
unknown
dashboard.snapcraft.io
  • 185.125.188.62
  • 185.125.188.61
unknown
appstream.ubuntu.com
  • 185.125.188.36
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EXE_Bomb_Windows.exe