XShSI2OXaC.exe

Status: finished

Submission Time: 2022-11-03 12:26:19 +01:00

Malicious

Trojan

Evader

GuLoader

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211		60/100
				System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering		68/100
						6/72
						10/25

IP	Country	Detection
194.55.186.93	Germany

Name	Detection
http://subca.ocsp-certum.com05
http://194.55.186.93/vUKwYAjoM37.ocx
http://194.55.186.93/vUKwYAjoM37.ocx1
Click to see the 29 hidden entries
http://194.55.186.93/vUKwYAjoM37.ocxr
http://www.certum.pl/CPS0
http://194.55.186.93/vUKwYAjoM37.ocxl
http://194.55.186.93/vUKwYAjoM37.ocxi
http://194.55.186.93/vUKwYAjoM37.ocxj
http://194.55.186.93/vUKwYAjoM37.ocx7DJ5
http://repository.certum.pl/ctnca2.cer09
http://crl.certum.pl/ctnca2.crl0l
http://194.55.186.93/vUKwYAjoM37.ocxf
http://subca.ocsp-certum.com01
http://194.55.186.93/vUKwYAjoM37.ocxa
http://subca.ocsp-certum.com02
http://194.55.186.93/vUKwYAjoM37.ocxb
http://194.55.186.93/vUKwYAjoM37.ocx)Dp5
http://repository.certum.pl/ctsca2021.cer0
http://194.55.186.93/
http://194.55.186.93/vUKwYAjoM37.ocxV
http://nsis.sf.net/NSIS_ErrorError
http://194.55.186.93/vUKwYAjoM37.ocxft
http://194.55.186.93/vUKwYAjoM37.ocxH
http://194.55.186.93/vUKwYAjoM37.ocxD
http://crl.certum.pl/ctnca.crl0k
http://194.55.186.93/vUKwYAjoM37.ocxw
http://194.55.186.93/vUKwYAjoM37.ocxx
http://repository.certum.pl/ctnca.cer09
http://194.55.186.93/vUKwYAjoM37.ocx9
http://194.55.186.93/vUKwYAjoM37.ocx4S
http://crl.certum.pl/ctsca2021.crl0o
http://194.55.186.93/vUKwYAjoM37.ocx2S

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\hale4r.lnk	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	#
C:\Users\user\AppData\Local\Temp\nszEF27.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Contentness\Filialbestyrerens\Talkability\Platybrachycephalous\Plugin_Status.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Contentness\Filialbestyrerens\Talkability\Platybrachycephalous\vfslog.c	C source, ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Coronoid.Ano	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Parfaits\Produktoversigts\Newcomers\Igennen\view-more-horizontal-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#

XShSI2OXaC.exe Options