File name: | VPNHunter - IP-REC.rar |
Full analysis: | https://app.any.run/tasks/b951f396-d6d0-439c-a52c-80223b84c902 |
Verdict: | Malicious activity |
Analysis date: | January 17, 2020, 15:25:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | AAD53F8F48F25CA4E46F02DA4BF7C0B8 |
SHA1: | CCEF70315E452F1B8EEE35EB020D9258B4E1A217 |
SHA256: | F93611D1DC34BA5E3F6725D9769A637D77099D64C21FCF143A3B029FC9DFE551 |
SSDEEP: | 49152:wC1DolxcVYSPuW9OwXm1XMyPubcGmasXBNPCXlO/y7oJxc0aV0nNx9dtZS:VDobcV/uW9FIXXPPGcXB9CeXxc/KnNDA |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 72186 |
---|---|
UncompressedSize: | 180224 |
OperatingSystem: | Win32 |
ModifyDate: | 2017:09:14 10:02:26 |
PackingMethod: | Normal |
ArchivedFileName: | VPNHunter - IP-REC\ControlzEx.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2600 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\VPNHunter - IP-REC.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3368 | "C:\Users\admin\Desktop\VPNHunter - IP-REC\VPNHunter.exe" | C:\Users\admin\Desktop\VPNHunter - IP-REC\VPNHunter.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: VPNHunter Exit code: 0 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\ControlzEx.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\IPREC.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\KoiVMHelper.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\Leaf.xNet.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\MahApps.Metro.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\MaterialDesignColors.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\MaterialDesignThemes.Wpf.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\Read before using.txt | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\System.Windows.Interactivity.dll | — | |
MD5:— | SHA256:— | |||
2600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2600.29788\VPNHunter - IP-REC\VPNHunter.exe | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3368 | VPNHunter.exe | 151.101.12.193:443 | i.imgur.com | Fastly | US | malicious |
3368 | VPNHunter.exe | 162.159.133.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
3368 | VPNHunter.exe | 67.202.92.12:443 | privacyaustralia.net | Steadfast | US | malicious |
3368 | VPNHunter.exe | 91.198.174.208:443 | upload.wikimedia.org | Wikimedia Foundation, Inc. | NL | suspicious |
Domain | IP | Reputation |
---|---|---|
i.imgur.com |
| shared |
cdn.discordapp.com |
| shared |
privacyaustralia.net |
| malicious |
upload.wikimedia.org |
| whitelisted |