File name: | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.zip |
Full analysis: | https://app.any.run/tasks/6e81fe96-d520-483e-86fe-499d3a127e13 |
Verdict: | Malicious activity |
Threats: | GuLoader is an advanced downloader written in shellcode. It’s used by criminals to distribute other malware, notably trojans, on a large scale. It’s infamous for using anti-detection and anti-analysis capabilities. |
Analysis date: | May 30, 2020, 13:49:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 723C28A1BD28B7FF9D624084A8D6BB9B |
SHA1: | 66FB5AA6DA297D9A87F22D9182770233ED333DC2 |
SHA256: | FB69EBBB65C1426AE5126A06467C3681BD1F756FA94FBBC5719AEF0DA2FDB12B |
SSDEEP: | 768:ESdUfOmv9Cshhed+4CEEAX4hUGvNPwSOE:XA2d+jESakP1OE |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0003 |
ZipCompression: | Unknown (99) |
ZipModifyDate: | 2020:05:30 13:39:27 |
ZipCRC: | 0x0911a108 |
ZipCompressedSize: | 28299 |
ZipUncompressedSize: | 65536 |
ZipFileName: | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2120 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2332 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2120.44703\f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2120.44703\f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | WinRAR.exe | |
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Exit code: 0 Version: 3.00.0008 | ||||
4064 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2120.44703\f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2120.44703\f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | |
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Version: 3.00.0008 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2332 | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | C:\Users\admin\AppData\Local\Temp\~DF99A69F71116366F8.TMP | binary | |
MD5:4E6C1559A7A347A529D7767E3C473011 | SHA256:102339844EC6EB2D1AFF3D1A81996DA8637C14A1860C7539AC243A7660ECF3AA | |||
2120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2120.44703\f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | executable | |
MD5:4C4F3C4C8145B2BB3F79DC1A79F013A9 | SHA256:F9F9B4E7ABF29743486AEB210D474FEE24B38A0E2F97D082AB0FE3DABC14B47B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4064 | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | GET | — | 162.144.97.35:80 | http://pashupatiexports.com/bin_hzgJnJgi173.bin | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4064 | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | 162.144.97.35:80 | pashupatiexports.com | Unified Layer | US | malicious |
Domain | IP | Reputation |
---|---|---|
pashupatiexports.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
4064 | f9f9b4e7abf29743486aeb210d474fee24b38a0e2f97d082ab0fe3dabc14b47b.exe | A Network Trojan was detected | MALWARE [PTsecurity] EJNT_Loader |