File name:

Screamer.exe

Full analysis: https://app.any.run/tasks/dfd0e76f-14cf-488c-9883-b67cbbaf34b0
Verdict: Malicious activity
Threats:

XWorm is a remote access trojan (RAT) sold as a malware-as-a-service. It possesses an extensive hacking toolset and is capable of gathering private information and files from the infected computer, hijacking MetaMask and Telegram accounts, and tracking user activity. XWorm is typically delivered to victims' computers through multi-stage attacks that start with phishing emails.

Malware Trends Tracker     >>>
Analysis date: January 16, 2024, 14:08:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
xworm
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B97C0CFD8969E399099FE980B3AC4038

SHA1:

F3DED2E027DCE4E8A15D1D31802D5561F5D34606

SHA256:

BD419F5FB482CA5C66DDB2765206177F09246417A9C5E4B671400B6C5304682E

SSDEEP:

98304:xU4efhp0yahKWW2xFK02pU6mvGxnNk/E+EJqJXp8ph/uYCVmsNYsTWkS422qOfjz:re5l+PgdWWgFK3owg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Screamer.exe (PID: 1432)
      • iEK.exe (PID: 392)
      • Screamer.exe (PID: 2032)
      • Screamer.exe (PID: 2044)
      • Screamer.exe (PID: 2668)
      • Screamer.exe (PID: 2580)
      • Screamer.exe (PID: 2884)
      • Screamer.exe (PID: 3208)
      • Screamer.exe (PID: 2492)
      • Screamer.exe (PID: 2972)
      • Screamer.exe (PID: 3856)
      • Screamer.exe (PID: 2556)
      • Screamer.exe (PID: 2104)
      • Screamer.exe (PID: 1824)
      • Screamer.exe (PID: 2084)
      • Screamer.exe (PID: 2440)
      • Screamer.exe (PID: 2372)
      • Screamer.exe (PID: 2052)
      • Screamer.exe (PID: 3188)
      • Screamer.exe (PID: 2824)
      • Screamer.exe (PID: 2692)
      • Screamer.exe (PID: 3824)
      • Screamer.exe (PID: 3084)
      • Screamer.exe (PID: 1404)
      • Screamer.exe (PID: 1936)
      • Screamer.exe (PID: 1824)
      • Screamer.exe (PID: 2100)
      • Screamer.exe (PID: 3072)
      • Screamer.exe (PID: 3452)
      • Screamer.exe (PID: 2984)
      • Screamer.exe (PID: 116)
      • Screamer.exe (PID: 3748)
      • Screamer.exe (PID: 1632)
      • Screamer.exe (PID: 1536)
      • Screamer.exe (PID: 1540)
      • Screamer.exe (PID: 2688)
      • Screamer.exe (PID: 2468)
      • Screamer.exe (PID: 3204)
      • Screamer.exe (PID: 3148)
      • Screamer.exe (PID: 3840)
      • Screamer.exe (PID: 3140)
      • Screamer.exe (PID: 3524)
      • Screamer.exe (PID: 668)
      • Screamer.exe (PID: 2164)
      • Screamer.exe (PID: 2312)
      • Screamer.exe (PID: 3252)
      • Screamer.exe (PID: 2548)
      • Screamer.exe (PID: 3148)
      • Screamer.exe (PID: 3500)
      • Screamer.exe (PID: 1888)

    • XWORM has been detected (YARA)

      • nvxdsync.exe (PID: 2076)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Screamer.exe (PID: 1432)
      • Screamer.exe (PID: 2032)
      • iEK.exe (PID: 392)
      • Screamer.exe (PID: 2044)
      • Screamer.exe (PID: 2668)
      • Screamer.exe (PID: 2580)
      • Screamer.exe (PID: 3208)
      • Screamer.exe (PID: 2492)
      • Screamer.exe (PID: 2972)
      • Screamer.exe (PID: 2104)
      • Screamer.exe (PID: 2556)
      • Screamer.exe (PID: 3856)
      • Screamer.exe (PID: 2084)
      • Screamer.exe (PID: 1824)
      • Screamer.exe (PID: 2440)
      • Screamer.exe (PID: 2884)
      • Screamer.exe (PID: 2052)
      • Screamer.exe (PID: 2372)
      • Screamer.exe (PID: 3188)
      • Screamer.exe (PID: 2824)
      • Screamer.exe (PID: 3824)
      • Screamer.exe (PID: 2692)
      • Screamer.exe (PID: 3084)
      • Screamer.exe (PID: 1404)
      • Screamer.exe (PID: 1936)
      • Screamer.exe (PID: 1824)
      • Screamer.exe (PID: 2100)
      • Screamer.exe (PID: 3072)
      • Screamer.exe (PID: 116)
      • Screamer.exe (PID: 2984)
      • Screamer.exe (PID: 3452)
      • Screamer.exe (PID: 3748)
      • Screamer.exe (PID: 1536)
      • Screamer.exe (PID: 1632)
      • Screamer.exe (PID: 1540)
      • Screamer.exe (PID: 2688)
      • Screamer.exe (PID: 2468)
      • Screamer.exe (PID: 3148)
      • Screamer.exe (PID: 3204)
      • Screamer.exe (PID: 3140)
      • Screamer.exe (PID: 2312)
      • Screamer.exe (PID: 3524)
      • Screamer.exe (PID: 668)
      • Screamer.exe (PID: 3840)
      • Screamer.exe (PID: 2164)
      • Screamer.exe (PID: 2548)
      • Screamer.exe (PID: 3148)
      • Screamer.exe (PID: 3500)
      • Screamer.exe (PID: 1888)
      • Screamer.exe (PID: 3252)

    • Reads the Internet Settings

      • Screamer.exe (PID: 1432)
      • Screamer.exe (PID: 2044)
      • iEK.exe (PID: 392)
      • Screamer.exe (PID: 2032)
      • Screamer.exe (PID: 1380)
      • iEK.exe (PID: 784)
      • Screamer.exe (PID: 1264)
      • Screamer.exe (PID: 1652)
      • iEK.exe (PID: 956)
      • Screamer.exe (PID: 2128)
      • Screamer.exe (PID: 2344)
      • Screamer.exe (PID: 632)
      • Screamer.exe (PID: 1736)
      • iEK.exe (PID: 1540)

    • Checks for external IP

      • nvxdsync.exe (PID: 2076)

  • INFO

    • Checks supported languages

      • Screamer.exe (PID: 2044)
      • Screamer.exe (PID: 1432)
      • iEK.exe (PID: 392)
      • Screamer.exe (PID: 2032)
      • nvxdsync.exe (PID: 2076)
      • Screamer.exe (PID: 1380)
      • iEK.exe (PID: 784)
      • Screamer.exe (PID: 1652)
      • nvxdsync.exe (PID: 1604)
      • iEK.exe (PID: 956)
      • Screamer.exe (PID: 1264)
      • nvxdsync.exe (PID: 712)
      • Screamer.exe (PID: 2128)
      • Screamer.exe (PID: 1736)
      • iEK.exe (PID: 1540)
      • Screamer.exe (PID: 2344)
      • nvxdsync.exe (PID: 2248)
      • Screamer.exe (PID: 632)
      • iEK.exe (PID: 2644)

    • Create files in a temporary directory

      • Screamer.exe (PID: 2044)
      • Screamer.exe (PID: 1432)
      • Screamer.exe (PID: 2032)
      • iEK.exe (PID: 392)
      • Screamer.exe (PID: 1380)
      • Screamer.exe (PID: 1264)
      • Screamer.exe (PID: 1736)
      • Screamer.exe (PID: 632)

    • Reads the computer name

      • Screamer.exe (PID: 1432)
      • Screamer.exe (PID: 2044)
      • iEK.exe (PID: 392)
      • nvxdsync.exe (PID: 2076)
      • Screamer.exe (PID: 2032)
      • Screamer.exe (PID: 1380)
      • iEK.exe (PID: 784)
      • nvxdsync.exe (PID: 1604)
      • Screamer.exe (PID: 1652)
      • Screamer.exe (PID: 1264)
      • iEK.exe (PID: 956)
      • nvxdsync.exe (PID: 712)
      • Screamer.exe (PID: 2128)
      • Screamer.exe (PID: 1736)
      • iEK.exe (PID: 1540)
      • Screamer.exe (PID: 2344)
      • nvxdsync.exe (PID: 2248)
      • Screamer.exe (PID: 632)
      • iEK.exe (PID: 2644)

    • Reads the machine GUID from the registry

      • iEK.exe (PID: 392)
      • nvxdsync.exe (PID: 2076)
      • iEK.exe (PID: 784)
      • nvxdsync.exe (PID: 1604)
      • iEK.exe (PID: 956)
      • nvxdsync.exe (PID: 712)
      • iEK.exe (PID: 1540)
      • nvxdsync.exe (PID: 2248)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

XWorm

(PID) Process(2076) nvxdsync.exe
C2NzeVH8A+qbXA/3bJ6E+yGNwQoFzdYvhKhoCR1Z9tgfGVKX1In6TDysGlQE6uiwGI:%IP%
Keys
AES%Port%
Options
Splitter2yZ7GbaMiIRNGIc5+hxmnQ==
USB drop nameHXo5912TZYitLe7MflomwA==
Mutex3
No Malware configuration.

TRiD

.exe | Win32 Executable Borland Delphi 6 (93.8)
.dll | Win32 Dynamic Link Library (generic) (2.3)
.exe | Win32 Executable (generic) (1.6)
.exe | Win16/32 Executable Delphi generic (0.7)
.exe | Generic Win/DOS Executable (0.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:20 00:22:17+02:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 29696
InitializedDataSize: 10752
UninitializedDataSize: -
EntryPoint: 0x80e4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
277
Monitored processes
241
Malicious processes
4
Suspicious processes
5

Behavior graph

Click at the process to see the details
start screamer.exe screamer.exe iek.exe screamer.exe #XWORM nvxdsync.exe screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs nvxdsync.exe no specs screamer.exe screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe screamer.exe no specs nvxdsync.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe nvxdsync.exe no specs screamer.exe no specs iek.exe no specs screamer.exe no specs nvxdsync.exe no specs screamer.exe iek.exe no specs nvxdsync.exe no specs screamer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Users\admin\AppData\Local\Temp\Screamer.exe" C:\Users\admin\AppData\Local\Temp\Screamer.exe
Screamer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
268"C:\Users\admin\AppData\Local\Temp\iEK.exe" C:\Users\admin\AppData\Local\Temp\iEK.exeScreamer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
1.0.0.0
296"C:\Users\admin\AppData\Local\Temp\nvxdsync.exe" C:\Users\admin\AppData\Local\Temp\nvxdsync.exeiEK.exe
User:
admin
Company:
NVIDIA Corporation
Integrity Level:
MEDIUM
Description:
NVIDIA User Experience Driver Component
Exit code:
0
Version:
8.17.13.4200
316"C:\Users\admin\AppData\Local\Temp\Screamer.exe" C:\Users\admin\AppData\Local\Temp\Screamer.exeScreamer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
392"C:\Users\admin\AppData\Local\Temp\iEK.exe" C:\Users\admin\AppData\Local\Temp\iEK.exe
Screamer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\iek.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
584"C:\Users\admin\AppData\Local\Temp\iEK.exe" C:\Users\admin\AppData\Local\Temp\iEK.exeScreamer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
1.0.0.0
604"C:\Users\admin\AppData\Local\Temp\iEK.exe" C:\Users\admin\AppData\Local\Temp\iEK.exeScreamer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
1.0.0.0
632"C:\Users\admin\AppData\Local\Temp\3582-490\Screamer.exe" C:\Users\admin\AppData\Local\Temp\3582-490\Screamer.exeScreamer.exe
User:
admin
Company:
LuckyKazya
Integrity Level:
MEDIUM
Description:
Pack Jokes
Exit code:
0
Version:
1.2.3.4
Modules
Images
c:\users\admin\appdata\local\temp\3582-490\screamer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
632"C:\Users\admin\AppData\Local\Temp\nvxdsync.exe" C:\Users\admin\AppData\Local\Temp\nvxdsync.exeiEK.exe
User:
admin
Company:
NVIDIA Corporation
Integrity Level:
MEDIUM
Description:
NVIDIA User Experience Driver Component
Exit code:
0
Version:
8.17.13.4200
668"C:\Users\admin\AppData\Local\Temp\Screamer.exe" C:\Users\admin\AppData\Local\Temp\Screamer.exe
Screamer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Total events
33 971
Read events
33 499
Write events
472
Delete events
0

Modification events

(PID) Process:(2044) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2044) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2044) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2044) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1432) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1432) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1432) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1432) Screamer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(392) iEK.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(392) iEK.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
92
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1432Screamer.exeC:\Users\admin\AppData\Local\Temp\iEK.exeexecutable
MD5:A553E3BCB967EEAC5205E1B7E6BD3E45
SHA256:E2A8E96EBD34610F14051AF451567754528116420039B6374C5850F3A68520F4
2044Screamer.exeC:\MSOCache\All Users\{90140000-006E-040C-0000-0000000FF1CE}-C\DW20.EXEexecutable
MD5:02EE6A3424782531461FB2F10713D3C1
SHA256:EAD58C483CB20BCD57464F8A4929079539D634F469B213054BF737D227C026DC
2044Screamer.exeC:\MSOCache\All Users\{90140000-006E-0407-0000-0000000FF1CE}-C\DW20.EXEexecutable
MD5:02EE6A3424782531461FB2F10713D3C1
SHA256:EAD58C483CB20BCD57464F8A4929079539D634F469B213054BF737D227C026DC
2044Screamer.exeC:\MSOCache\All Users\{90140000-006E-0407-0000-0000000FF1CE}-C\dwtrig20.exeexecutable
MD5:CF6C595D3E5E9667667AF096762FD9C4
SHA256:593E60CC30AE0789448547195AF77F550387F6648D45847EA244DD0DD7ABF03D
2044Screamer.exeC:\MSOCache\All Users\{90140000-003D-0000-0000-0000000FF1CE}-C\setup.exeexecutable
MD5:566ED4F62FDC96F175AFEDD811FA0370
SHA256:E17CD94C08FC0E001A49F43A0801CEA4625FB9AEE211B6DFEBEBEC446C21F460
2044Screamer.exeC:\MSOCache\All Users\{90140000-006E-0411-0000-0000000FF1CE}-C\DW20.EXEexecutable
MD5:02EE6A3424782531461FB2F10713D3C1
SHA256:EAD58C483CB20BCD57464F8A4929079539D634F469B213054BF737D227C026DC
2044Screamer.exeC:\MSOCache\All Users\{90140000-006E-0410-0000-0000000FF1CE}-C\DW20.EXEexecutable
MD5:02EE6A3424782531461FB2F10713D3C1
SHA256:EAD58C483CB20BCD57464F8A4929079539D634F469B213054BF737D227C026DC
2044Screamer.exeC:\MSOCache\All Users\{90140000-006E-040C-0000-0000000FF1CE}-C\dwtrig20.exeexecutable
MD5:CF6C595D3E5E9667667AF096762FD9C4
SHA256:593E60CC30AE0789448547195AF77F550387F6648D45847EA244DD0DD7ABF03D
392iEK.exeC:\Users\admin\AppData\Local\Temp\nvxdsync.exeexecutable
MD5:4D1E730F295FA155D1C1D443C6CEBAC7
SHA256:FD1C5568637BE7087AA3BBF8BFFF867276200DD90DFBFB3DB40284C9A53C6F46
2032Screamer.exeC:\Users\admin\AppData\Local\Temp\3582-490\Screamer.exeexecutable
MD5:92B6561A108B9943BDAAC9AC9BC71426
SHA256:B6499966B61573BFCB04D457AF927A28E1BC1ADC29267BD145F05BCEA29D0ACF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
1
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2076
nvxdsync.exe
GET
200
208.95.112.1:80
http://ip-api.com/line/?fields=hosting
unknown
text
5 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2076
nvxdsync.exe
208.95.112.1:80
ip-api.com
TUT-AS
US
unknown

DNS requests

Domain
IP
Reputation
ip-api.com
  • 208.95.112.1
shared

Threats

PID
Process
Class
Message
2076
nvxdsync.exe
Potential Corporate Privacy Violation
AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
2076
nvxdsync.exe
Device Retrieving External IP Address Detected
POLICY [ANY.RUN] External Hosting Lookup by ip-api
2076
nvxdsync.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Process
Message
nvxdsync.exe
CLR: Managed code called FailFast without specifying a reason.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Screamer.exe