Source: http://www.iziu.net/hfs/ | Avira URL Cloud: Label: malware |
Source: http://www.iziu.net/hfs/ | virustotal: Detection: 15% | Perma Link |
Source: www.iziu.net | virustotal: Detection: 7% | Perma Link |
Source: http://www.iziu.net/hfs/ | virustotal: Detection: 15% | Perma Link |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hfs[1].exe | virustotal: Detection: 49% | Perma Link |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\hfs.exe.afx14b2.partial | virustotal: Detection: 49% | Perma Link |
Source: global traffic | TCP traffic: 192.168.2.5:49793 -> 103.27.110.43:80 |
Source: global traffic | HTTP traffic detected: GET /hfs/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.iziu.netConnection: Keep-Alive |
Source: unknown | DNS traffic detected: queries for: www.iziu.net |
Source: hfs[1].exe.3.dr | Static PE information: Resource name: RT_BITMAP type: DOS executable (COM, 0x8C-variant) |
Source: hfs.exe.afx14b2.partial.3.dr | Static PE information: Resource name: RT_BITMAP type: DOS executable (COM, 0x8C-variant) |
Source: hfs[1].exe.3.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: hfs.exe.afx14b2.partial.3.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: classification engine | Classification label: mal64.win@3/8@1/1 |
Source: C:\Program Files\internet explorer\iexplore.exe | File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High | Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe | File created: C:\Users\user\AppData\Local\Temp\~DF92231360EC7FA273.TMP | Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe | File read: C:\Users\desktop.ini | Jump to behavior |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding | |
Source: unknown | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2912 CREDAT:17410 /prefetch:2 | |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2912 CREDAT:17410 /prefetch:2 | Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files\internet explorer\iexplore.exe | Automated click: Run |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dll | Jump to behavior |
Source: initial sample | Static PE information: section name: UPX0 |
Source: initial sample | Static PE information: section name: UPX1 |
Source: initial sample | Static PE information: section name: UPX0 |
Source: initial sample | Static PE information: section name: UPX1 |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\hfs.exe.afx14b2.partial | Jump to dropped file |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hfs[1].exe | Jump to dropped file |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.