File name: | Gather Proxy 9.0 Premium.rar |
Full analysis: | https://app.any.run/tasks/2fb0e389-8f16-4a89-9b11-a255e10d175d |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 13:40:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 8708157FE0691BDA48AEADA429D4DABE |
SHA1: | 44125CC1DA2211521A5036F4D4F2F886DE08F905 |
SHA256: | AC0D5355CBC7B4586D0435D00F4825430330E8EC55B83D79C6A2A25979AB3AF0 |
SSDEEP: | 98304:rWR737uW6k3gjpIxZJBp72rWZR7YSRUXazL:Sxi43PJBp7WYR7YSy0 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3136 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Gather Proxy 9.0 Premium.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2596 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Gather Proxy.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Gather Proxy.exe | WinRAR.exe | |
User: admin Company: GatherProxy.com Integrity Level: MEDIUM Description: Gather Proxy 9.0 - Free Pro Proxy and Socks Scraper Version: 9.0.0.0 |
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Gather Proxy 9.0 Premium.rar | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (3136) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Data\configs.gp | text | |
MD5:937834BC0AFFB94C1A06E17CB7F26935 | SHA256:7403CFC2F436643FAB29A32F9D4FCD89CB6E9D6FE91959F821BB696FB63C51AF | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\FacebookAPIClass.dll | executable | |
MD5:5FB4FB4609E5F71AE0B910A7F3F9F53D | SHA256:59A5EE5FD24EFA9C328B5741DCAEAFF590B0031B513C2B38A6B97862399A5841 | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Data\geo.mmdb | mpg | |
MD5:B3AD53256708B3A42E223F506A7792FF | SHA256:E3B77E008345EDE8AF053FD660B915BEF1D1D956BD34921935A0C08FFF4837B8 | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Data\referrals.txt | text | |
MD5:B5CE4C46FD94C0F038FB7E04B1EF6666 | SHA256:04983579DE0B2559D6E55E6447AB60FA1AC97A8DE7FC91B79899DB496571736F | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Gather Proxy.exe | executable | |
MD5:AB1B77A56C68A03D9FADE55B88C2A981 | SHA256:62E2F0198859120C64ECAB5A0C034CFF7DB3B222B621F2A87C375351BDB3F26B | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\MaxMind.Db.dll | executable | |
MD5:4D1FC03277F904C3172A4C23ED36B032 | SHA256:68540771C4099BAB7A26AB31F59F92E12182B9050D84E625BE7BD5778871F475 | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Data\cv | text | |
MD5:E1DFFC8709F31A4987C8A88334107E89 | SHA256:DEAE2D4D75857C1081F113BCFC950DCA567DD5A2E14E6AC8FB8E5785FF4DD5EC | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Newtonsoft.Json.dll | executable | |
MD5:5E02DDAF3B02E43E532FC6A52B04D14B | SHA256:78BEDD9FCE877A71A8D8FF9A813662D8248361E46705C4EF7AFC61D440FF2EEB | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Data\country.txt | text | |
MD5:F349544550AB3FA73C515A02B1E28A46 | SHA256:3E1DF9E1B2BCDD9223B8092D216F22472685788255441144F935795193454E24 | |||
3136 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3136.49376\Gather Proxy 9.0 Premium\Data\agents.txt | text | |
MD5:8520DC38FF84C55CEFA74D492D271DA4 | SHA256:FC73F46883AECB0AC9C944A2756CA2CF1AC0E60F963D92700C0DD62EADC3D72B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2596 | Gather Proxy.exe | GET | 200 | 97.74.233.74:80 | http://update.snaware.com/auth/?k=R8Vq4kkYaooa0Iqshk%2betBU2qIZYMupMml3vsaGJ310JktNnTkcxcuFxUn8KmfOUqkXLbevh5O42UwKTFNJ9pGw8dwWbo3%2f9YXGaXTcGqGayeJ4qQn8tR1%2bz1Yw1%2bm%2fgpGKFpWEA%2fBjkb8PmS5umIY8P4%2b%2b9bppwK50RmJpNGRWSlAWbm4ioPD5PtOQypLxQ | US | text | 1.31 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2596 | Gather Proxy.exe | 97.74.233.74:80 | update.snaware.com | GoDaddy.com, LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
update.snaware.com |
| malicious |