Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
208.67.105.179 | United States | |
193.122.6.168 | United States |
Name | IP | Detection |
---|---|---|
checkip.dyndns.org | 0.0.0.0 | |
checkip.dyndns.com | 193.122.6.168 |
Name | Detection |
---|---|
http://208.67.105.179/arinzezx.exe | |
http://208.67.105.179/arinzezx.exemmC: | |
http://208.67.105.179/arinzezx.exej | |
Click to see the 8 hidden entries | |
http://checkip.dyndns.org | |
http://checkip.dyndns.orgP | |
http://checkip.dyndns.org/ | |
http://checkip.dyndns.com | |
https://api.telegram.org/bot | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://208.67.105.179/arinzezx.exeC: | |
http://checkip.dyndns.org/q |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\arinzezx[1].exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\rinzearec84736.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.CVE-2018-0798.4.11301.24836.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:56 2022, mtime=Tue Mar 8 15:45:56 2022, atime=Tue Nov 29 23:50:14 2022, length=14484, window=hide | # | |
Click to see the 3 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
Generic INItialization configuration [misc] | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$curiteInfo.com.Exploit.CVE-2018-0798.4.11301.24836.rtf |
data | # |