File name:

AzureusTor.exe

Full analysis: https://app.any.run/tasks/8da230f8-5e05-4a01-9795-1c3930ad6484
Verdict: Malicious activity
Analysis date: April 25, 2025, 18:26:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
MD5:

755DB270D19284A0783151F394E7A73D

SHA1:

842EFB1A141DAA3636FE668EF0B3A256419F9818

SHA256:

B54ECEC42419FB311F05F0CAA9AE089FDB1CD2406BDC11C271162C30EED824FA

SSDEEP:

24576:1YOLJ27hbjWriap9RAgT1X2CbcPS2ORed1Vm2qWhbU1xQr/z7uBUSRgS:CIJ2792Ca2LVm27N8QLm/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • AzureusTor.exe (PID: 2060)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • AzureusTor.exe (PID: 2060)

    • Connects to unusual port

      • AzureusTor.exe (PID: 2060)

  • INFO

    • Reads the computer name

      • AzureusTor.exe (PID: 2060)

    • Checks supported languages

      • AzureusTor.exe (PID: 2060)

    • Creates files or folders in the user directory

      • AzureusTor.exe (PID: 2060)

    • UPX packer has been detected

      • AzureusTor.exe (PID: 2060)

    • Reads the machine GUID from the registry

      • AzureusTor.exe (PID: 2060)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (39.3)
.exe | Win32 EXE Yoda's Crypter (38.6)
.dll | Win32 Dynamic Link Library (generic) (9.5)
.exe | Win32 Executable (generic) (6.5)
.exe | Generic Win/DOS Executable (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1970:01:03 17:59:32+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.25
CodeSize: 1552384
InitializedDataSize: 4096
UninitializedDataSize: 2891776
EntryPoint: 0x43d6d0
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start azureustor.exe

Process information

PID
CMD
Path
Indicators
Parent process
2060"C:\Users\admin\AppData\Local\Temp\AzureusTor.exe" C:\Users\admin\AppData\Local\Temp\AzureusTor.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\azureustor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
432
Read events
432
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2060AzureusTor.exeC:\Users\admin\AppData\Roaming\tor\statetext
MD5:2FCB2C0D14B45959275FC097730E7E9F
SHA256:5740436641B8BB09E1ED25F3F8A6E643C766549602D68708D1A1F66FB6369035
2060AzureusTor.exeC:\Users\admin\AppData\Roaming\tor\unverified-microdesc-consensustext
MD5:F16567E45FFBAD3CB7D17E5C4529F23C
SHA256:8282EDC5F3B3F19ABE2AA3F62C7DD13AC17FAC8B29148CA2B4ED4B8B9037F37A
2060AzureusTor.exeC:\Users\admin\AppData\Roaming\tor\state.tmptext
MD5:2FCB2C0D14B45959275FC097730E7E9F
SHA256:5740436641B8BB09E1ED25F3F8A6E643C766549602D68708D1A1F66FB6369035
2060AzureusTor.exeC:\Users\admin\AppData\Roaming\tor\unverified-microdesc-consensus.tmptext
MD5:F16567E45FFBAD3CB7D17E5C4529F23C
SHA256:8282EDC5F3B3F19ABE2AA3F62C7DD13AC17FAC8B29148CA2B4ED4B8B9037F37A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
23
DNS requests
2
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
2060
AzureusTor.exe
86.59.119.88:443
Hutchison Drei Austria GmbH
AT
unknown
2060
AzureusTor.exe
37.221.162.226:9001
Voxility LLP
RO
unknown
2060
AzureusTor.exe
185.66.250.141:9001
CLDIN B.V.
NL
unknown
2060
AzureusTor.exe
199.254.238.52:443
RISEUP
US
unknown
2060
AzureusTor.exe
198.50.191.95:443
OVH SAS
CA
unknown
2060
AzureusTor.exe
171.25.193.9:80
Foreningen for digitala fri- och rattigheter
SE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted

Threats

PID
Process
Class
Message
2060
AzureusTor.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 344
2060
AzureusTor.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 236
2060
AzureusTor.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 344
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AzureusTor.exe