[Virus] setup_hacxx_anonymous_file_search_v4_2210634171.rar

Can anyone reverse this program and find out if there is any hidden gem?
Last time i scanned a file from this source i got a command line firewall bypass...

Download:

[To see links please register here]

Virus Scan: (22/71)

[To see links please register here]

I'll quote @"miso".

He's RE'd a lot of programs, so hopefully he'll do the same with this.

(04-14-2020, 03:48 AM)mothered Wrote:

[To see links please register here]

I'll quote @"miso".

He's RE'd a lot of programs, so hopefully he'll do the same with this.

thanks for mentioning me

When installing, it will open a fake youtube-like webpage
extracting the installer shows a bunch of file that just have a bunch of repeated word, the only exception is with the only .exe file, which cannot be launched (file cannot be loaded in windows and ExePeInfo says it is corrupted)

I think the detections are just from the installer loading a scammy url, however, i've loaded the installer into a sandbox, when installed on a vm for example, the files my have different data except that i really doubt it)




btw it never loads, clicking anywhere on that page makes it fullscreen, waiting a bit will redirect you into other scammy sites

tools used:
HxD, InnoExtractor, ExePeInfo, Sandboxie

Ok thanks. Last time i research a file from this service i got something similar to the code below

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Also are you sure you tried correctly?
In my advertiser panel i have my install which was around 2AM and nothing else.
May have virtual machine protection.

(04-14-2020, 07:48 PM)miso Wrote:

[To see links please register here]

thanks for mentioning me

You're welcome, and thanks for your prompt response.

(04-14-2020, 08:40 PM)hacxx Wrote:

[To see links please register here]

Ok thanks. Last time i research a file from this service i got something similar to the code below

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Also are you sure you tried correctly?
In my advertiser panel i have my install which was around 2AM and nothing else.
May have virtual machine protection.

i can't run vms due to my hardware not being able to run them (it cant run shit lol)

here's the files that i've extracted from the installer:

[To see links please register here]

[To see links please register here]

For some reason when i executed the file on my computer it download and executed this two installers.
- SevenZip.exe - A clone of 7Zip
- Avast.exe - Avast installer

Here is the download link:

[To see links please register here]

(04-14-2020, 11:52 PM)miso Wrote:

[To see links please register here]

i can't run vms due to my hardware not being able to run them (it cant run shit lol)

VMs are predominantly CPU & Ram dependent.

What's your specs pertaining to the above? We'll move back on-topic after your reply.

x64, 4GB RAM, Dual-core CPU