+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Antivirus & Protection (https://sinister.ly/Forum-Antivirus-Protection)
+--- Thread: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar (/Thread-Virus-setup-hacxx-anonymous-file-search-v4-2210634171-rar)
[Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - hacxx - 04-13-2020
Can anyone reverse this program and find out if there is any hidden gem?
Last time i scanned a file from this source i got a command line firewall bypass...
Download:
https://userscloud.com/0y7vm9ay3cua
Virus Scan: (22/71)
https://www.virustotal.com/gui/file/b0c034184c4efda264baa746b13ff8017571f9b0171775d5f9105fc0b1414e17/detection
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - mothered - 04-14-2020
I'll quote @"miso".
He's RE'd a lot of programs, so hopefully he'll do the same with this.
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - miso - 04-14-2020
(04-14-2020, 03:48 AM)mothered Wrote: I'll quote @"miso".
He's RE'd a lot of programs, so hopefully he'll do the same with this.
thanks for mentioning me
When installing, it will open a fake youtube-like webpage
extracting the installer shows a bunch of file that just have a bunch of repeated word, the only exception is with the only .exe file, which cannot be launched (file cannot be loaded in windows and ExePeInfo says it is corrupted)
I think the detections are just from the installer loading a scammy url, however, i've loaded the installer into a sandbox, when installed on a vm for example, the files my have different data except that i really doubt it)
![[Image: MLEA1z9DQxS6ABy-iIlwYQ.png]](https://image.prntscr.com/image/MLEA1z9DQxS6ABy-iIlwYQ.png)
![[Image: 6McjykVxQiSoH4GVGkC5nQ.png]](https://image.prntscr.com/image/6McjykVxQiSoH4GVGkC5nQ.png)
btw it never loads, clicking anywhere on that page makes it fullscreen, waiting a bit will redirect you into other scammy sites
tools used:
HxD, InnoExtractor, ExePeInfo, Sandboxie
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - hacxx - 04-14-2020
Ok thanks. Last time i research a file from this service i got something similar to the code below
Code:
netsh.exe advfirewall firewall add rule name="rundll32" dir=out action=allow protocol=any program="c:\windows\rundll32.exe"Also are you sure you tried correctly?
In my advertiser panel i have my install which was around 2AM and nothing else.
May have virtual machine protection.
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - mothered - 04-14-2020
(04-14-2020, 07:48 PM)miso Wrote: thanks for mentioning me
You're welcome, and thanks for your prompt response.
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - miso - 04-14-2020
(04-14-2020, 08:40 PM)hacxx Wrote: Ok thanks. Last time i research a file from this service i got something similar to the code below
Code:netsh.exe advfirewall firewall add rule name="rundll32" dir=out action=allow protocol=any program="c:\windows\rundll32.exe"
Also are you sure you tried correctly?
In my advertiser panel i have my install which was around 2AM and nothing else.
May have virtual machine protection.
i can't run vms due to my hardware not being able to run them (it cant run shit lol)
here's the files that i've extracted from the installer:
Download (mega.nz)
VirusTotal [1/61]
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - hacxx - 04-15-2020
For some reason when i executed the file on my computer it download and executed this two installers.
- SevenZip.exe - A clone of 7Zip
- Avast.exe - Avast installer
Here is the download link:
https://mfilecloud.com/ZnZveHNqenNxX2JOU1A3
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - mothered - 04-15-2020
(04-14-2020, 11:52 PM)miso Wrote: i can't run vms due to my hardware not being able to run them (it cant run shit lol)
VMs are predominantly CPU & Ram dependent.
What's your specs pertaining to the above? We'll move back on-topic after your reply.
RE: [Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar - miso - 04-15-2020
x64, 4GB RAM, Dual-core CPU
![[Image: config.png]](https://i.ibb.co/GPN1D6W/config.png)