download:

Fluxus.zip

Full analysis: https://app.any.run/tasks/8df8c0fe-53a0-43b9-b29f-2545675a8e0a
Verdict: Malicious activity
Analysis date: April 08, 2020, 09:57:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

85B734AA97A2DC217C25DAF50739063E

SHA1:

97FD4FA871C14669A2F21B7CAA25F7AA8237213E

SHA256:

F38E41D53111A8EC9605142CAFD09A75D300F09860F5FE8E55BAEB3C411C838F

SSDEEP:

24576:Sxl5kGVnmG8XRVmc8Dm9XSS3oxihIChfTU3SuXEn05wrj20BwRr/:NGVnoXRHOSSiHU3n4o

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 4084)
      • FluxusBlue.exe (PID: 548)
      • Fluxus.exe (PID: 3980)

    • Application was dropped or rewritten from another process

      • FluxusBlue.exe (PID: 548)
      • Fluxus.exe (PID: 3980)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2948)
      • Fluxus.exe (PID: 3980)

    • Reads internet explorer settings

      • FluxusBlue.exe (PID: 548)

    • Changes IE settings (feature browser emulation)

      • FluxusBlue.exe (PID: 548)

    • Reads Internet Cache Settings

      • FluxusBlue.exe (PID: 548)

    • Reads Environment values

      • Fluxus.exe (PID: 3980)

  • INFO

    • Manual execution by user

      • FluxusBlue.exe (PID: 548)
      • Fluxus.exe (PID: 3980)

    • Reads settings of System Certificates

      • FluxusBlue.exe (PID: 548)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:03:24 12:47:29
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Fluxus (MAIN UI)/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs fluxusblue.exe fluxus.exe

Process information

PID
CMD
Path
Indicators
Parent process
548"C:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\FluxusBlue.exe" C:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\FluxusBlue.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
FluxusExampleUI
Exit code:
4294967295
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\fluxus (temp ui (use if main ui fails to work))\fluxusblue.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2948"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Fluxus.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3980"C:\Users\admin\Desktop\Fluxus (MAIN UI)\Fluxus.exe" C:\Users\admin\Desktop\Fluxus (MAIN UI)\Fluxus.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Fluxus
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\fluxus (main ui)\fluxus.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
4084"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
896
Read events
820
Write events
76
Delete events
0

Modification events

(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2948) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Fluxus.zip
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2948) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(4084) SearchProtocolHost.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
6
Suspicious files
6
Text files
21
Unknown types
3

Dropped files

PID
Process
Filename
Type
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\Monaco.htmlhtml
MD5:78019D0B917D86F4FD518DCB5EA6DA4F
SHA256:B36138C997939DFC2CAAB580EC7259315CB03A7F2070F3C3CCCB2294DB97F5D7
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (MAIN UI)\Fluxus.exeexecutable
MD5:605FB97BF0217DE1090C1B7BA8ECAE2D
SHA256:5DF6662AFC8BD212DCCDF21923848951B3CBBAF4EE258A2171AE12DAF3213497
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\editor\contrib\suggest\media\String_16x.svgimage
MD5:48E754CB54C78A85DCC9AAEA9A27847E
SHA256:D1AA361F33564E8F9D527A01A66C7CE35D73F23417432E80DDF51F562770EE79
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\basic-languages\lua\lua.jstext
MD5:8706D861294E09A1F2F7E63D19E5FCB7
SHA256:FC2D6FB52A524A56CD8AC53BFE4BAD733F246E76DC73CBEC4C61BE32D282AC42
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\base\worker\workerMain.jstext
MD5:27EAD90C7702154755785E0E53398755
SHA256:BDF9433692A08851E13DD58504EEF19F51BD2EC7241923A68EDF5772E0E53AF5
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\editor\editor.main.jstext
MD5:9399A8EAA741D04B0AE6566A5EBB8106
SHA256:93D28520C07FBCA09E20886087F28797BB7BD0E6CF77400153AAB5AE67E3CE18
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\editor\editor.main.nls.de.jstext
MD5:4D83BC1BCED6F773423BE6F939472CFE
SHA256:0DEE462D5FB231F169F6CBC432465A43FD445C011FE650E29F5FB2BCCC31EAAE
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\editor\editor.main.nls.it.jstext
MD5:A8855A662EB4D3A771FDAB7BA6287DEF
SHA256:F67CEC6DBF98C98C834638D20DF53C5A770EDADA7F26EBF6D0B7DFEC60F7A4AB
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\editor\contrib\suggest\media\String_inverse_16x.svgimage
MD5:6E5C0CE7EC09969F07EA6EE078EF8AD6
SHA256:7D23C0F30CB9C05C81BB15785A3299772AE3CFBE51F3E04895AA1F23FFBEBA5B
2948WinRAR.exeC:\Users\admin\Desktop\Fluxus (TEMP UI (use if main UI fails to work))\bin\Monaco\vs\editor\editor.main.csstext
MD5:233217455A3EF3604BF4942024B94F98
SHA256:2EC118616A1370E7C37342DA85834CA1819400C28F83ABFCBBB1EF50B51F7701
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
8
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
548
FluxusBlue.exe
GET
200
151.139.128.14:80
http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D
US
der
471 b
whitelisted
548
FluxusBlue.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEESdv3pClq0bcSaWGwue8Dw%3D
US
der
280 b
whitelisted
548
FluxusBlue.exe
GET
200
151.139.128.14:80
http://crl.comodoca.com/COMODOECCCertificationAuthority.crl
US
der
355 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
548
FluxusBlue.exe
162.159.135.233:443
cdn.discordapp.com
Cloudflare Inc
shared
548
FluxusBlue.exe
151.139.128.14:80
ocsp.trust-provider.com
Highwinds Network Group, Inc.
US
suspicious
3980
Fluxus.exe
104.23.99.190:443
pastebin.com
Cloudflare Inc
US
malicious
3980
Fluxus.exe
104.28.16.193:443
fluxteam.xyz
Cloudflare Inc
US
shared
3980
Fluxus.exe
162.159.135.233:443
cdn.discordapp.com
Cloudflare Inc
shared

DNS requests

Domain
IP
Reputation
cdn.discordapp.com
  • 162.159.135.233
  • 162.159.129.233
  • 162.159.133.233
  • 162.159.130.233
  • 162.159.134.233
shared
ocsp.trust-provider.com
  • 151.139.128.14
whitelisted
ocsp.comodoca4.com
  • 151.139.128.14
whitelisted
crl.comodoca.com
  • 151.139.128.14
whitelisted
fluxteam.xyz
  • 104.28.16.193
  • 104.28.17.193
suspicious
pastebin.com
  • 104.23.99.190
  • 104.23.98.190
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Fluxus.zip