flash

file.exe

Status: finished
Submission Time: 2022-11-03 12:21:53 +01:00
Malicious
Trojan
Evader
Nymaim

Comments

Tags

  • exe

Details

  • Analysis ID:
    736956
  • API (Web) ID:
    1104293
  • Analysis Started:
    2022-11-03 12:32:49 +01:00
  • Analysis Finished:
    2022-11-03 12:45:49 +01:00
  • MD5:
    9156fa044ec274f670095e43e205d137
  • SHA1:
    62107d1bd3cb01d59924433f1c8a97c7096d5fb7
  • SHA256:
    861751b8c762f3332f12c1f4ff45c3108357b1debbde2a07a5e9d44e806ce88d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
96/100

malicious
10/26

IPs

IP Country Detection
45.139.105.1
Italy
85.31.46.167
Germany
45.139.105.171
Italy
Click to see the 2 hidden entries
107.182.129.235
Reserved
171.22.30.106
Germany

URLs

Name Detection
http://171.22.30.106/library.php
http://www.fn-group.info/-
http://www.remobjects.com/?psU
Click to see the 16 hidden entries
http://www.fn-group.info/fnsearcher/download.htmlw
http://www.fn-group.info/8
http://107.182.129.235/storage/ping.php
http://www.kungsoft.com
http://www.fn-group.info/fnsearcher/help.htmlB
http://www.remobjects.com/?ps
http://107.182.129.235/storage/extension.php
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=start&substream=mixinte
http://www.fn-group.info/fnsearcher/download.html
http://www.fn-group.info/
http://www.fn-group.info/fnsearcher/help.html
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
http://www.fn-group.info/fnsearcher/help.html1
http://www.fn-group.info/-http://www.fn-group.info/fnsearcher/help.html1http://www.fn-group.info/fns
http://www.n-group.info
http://www.innosetup.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\0JzI2az.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\fnSearcher\fnsearcher68.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 28 hidden entries
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
#
C:\Program Files (x86)\fnSearcher\is-6KAKC.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_iscrypt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\fnSearcher\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\fnSearcher\unins000.dat
InnoSetup Log FNSearcher {b264a18E-91B4-4910-9006-8bf37124b695}, version 0x2d, 3779 bytes, 367706\user, "C:\Program Files (x86)\fnSearcher"
#
C:\Program Files (x86)\fnSearcher\reset.bat (copy)
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ping[1].htm
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\count[1].htm
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\library[1].htm
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fuckingdllENCR[1].dll
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\count[1].htm
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\library[1].htm
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_RegDLL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Program Files (x86)\fnSearcher\unins.ico (copy)
MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
#
C:\Program Files (x86)\fnSearcher\checksums.txt (copy)
ASCII text, with CRLF line terminators
#
C:\Program Files (x86)\fnSearcher\license_ru.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
#
C:\Program Files (x86)\fnSearcher\license_en.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
#
C:\Program Files (x86)\fnSearcher\is-S6A9T.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
#
C:\Program Files (x86)\fnSearcher\is-OS12U.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
#
C:\Program Files (x86)\fnSearcher\is-E8ARN.tmp
ASCII text, with CRLF line terminators
#
C:\Program Files (x86)\fnSearcher\is-DS22N.tmp
MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
#
C:\Program Files (x86)\fnSearcher\is-8S345.tmp
ASCII text, with no line terminators
#
C:\Program Files (x86)\fnSearcher\is-7C4Q3.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
#
C:\Program Files (x86)\fnSearcher\is-51KLJ.tmp
data
#
C:\Program Files (x86)\fnSearcher\is-15O1T.tmp
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
#
C:\Program Files (x86)\fnSearcher\history.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
#
C:\Program Files (x86)\fnSearcher\completed.wav (copy)
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
#