file.exe

Status: finished

Submission Time: 2022-11-30 00:11:12 +01:00

Suspicious

Ransomware

Trojan

Spyware

Evader

BrowserHistorySpy Tool, Quasar

Comments

Details

Analysis ID:
756299
API (Web) ID:
1123575
Analysis Started:

2022-11-30 00:13:28 +01:00
Analysis Finished:

2022-11-30 00:40:29 +01:00
MD5:
2816bacd01b0d8c48f1d8714c6aa6f0f
SHA1:
474ae88d9cf093dcb9789cb7b79513e0dbd38388
SHA256:
637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211		38/100
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 Run Condition: Run with higher sleep bypass		26/100

IPs

IP	Country	Detection
8.8.8.8	United States
172.217.168.68	United States
172.217.168.46	United States
Click to see the 3 hidden entries
34.240.252.91	United States
89.187.165.194	Czech Republic
108.156.60.5	United States

URLs

Name	Detection
https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_sloven
https://api.release.cyclonis.net/v1/download?app=cyclonis-backup&os=win
Click to see the 97 hidden entries
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf:
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf29t
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
https://www.enigmasoftware.com/program-uninstall-steps/.
https://www.enigmasoftware.com/enigmasoft-discount-terms/.
https://installer.enigmas
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
http://www.bulla.com
https://myaccount.enigmasoftware.com/forgot-password/85000.0doc
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf/msv0t8
http://installer.enigmasoftware.com/sh5/latest.ecfH
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
http://installer.enigmasoftware.com/sh5/def/latest_def.ecf
https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O750x01xDa
https://purchase.enigmasoftware.com
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
https://www.enigmasoftware.com/spyhunter-eula/.
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecfPAt
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfp
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecfR
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
https://www.enigmasoftware.com/spyhunter-remover-details/#windows
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf1c6
https://installer.enigmasoftware.com/sh5/5.13.15.81/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecffdiyHxtN/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecfg
https://www.enigmasoftware.com/sh/license.txt.
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecfiEp
https://www.enigmasoftware.com/spyhunter5-special-promotion-terms/
http://svc-stats.linkury.com/StateStatisticsService.svc/V1/JSON/GetDistributorIdFromNameHttpGet?dist
http://installer.enigmasoftware.com/log_collect.cfgH
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf6
http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfG
https://installer.enigmasoftware.com/sh5/def/latest_def.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf--
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecfD
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
https://installer.enigmasB
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
http://wwwigmasoftware.com
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwa
https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecfR
https://installer.enigmasoftware.com/sh5/5.13.15.81/M
http://installer.enigmas
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecfQsTb
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
https://dev.virtualearth.net/REST/v1/Routes/Transit
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecfecf7O
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
https://dynamic.t
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
http://www.entrust.net/CRL/net1.crl0
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf)
https://dev.virtualearth.net/REST/v1/Locations
http://ocsp.rootca1.amazontrust.com0:
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
https://www.enigmasoftware.com/support/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecfDVD
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/

Dropped files

Name	File Type	Hashes
C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng	OpenPGP Public Key	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng	data	#
Click to see the 55 hidden entries
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng	OpenPGP Secret Key	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Program Files\EnigmaSoft\SpyHunter\data\CrCache.dat	data	#
C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat	data	#
C:\sh5ldr\initrd.gz	gzip compressed data, was "newinitrd", last modified: Fri Feb 9 17:19:34 2018, from Unix, original size modulo 2^32 4180998130	#
C:\sh5ldr\vmlinuz	Linux kernel x86 boot executable bzImage, version 3.18.5ESGi (enigma@enigma-mindo-xdev) #3 SMP Wed Feb 4 13:13:25 EET 2015, RO-rootFS, swap_dev 0X2, Normal VGA	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng	OpenPGP Secret Key	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	OpenPGP Public Key	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng	data	#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng	data	#
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)	XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators	#
C:\sh5ldr\shldr.mbr	DOS/MBR boot sector	#
C:\sh5ldr\shldr	DOS executable (COM)	#
C:\Windows\System32\drivers\EnigmaFileMonDriver.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Windows\Logs\waasmedic\waasmedic.20221130_081446_547.etl	data	#
C:\Users\user\AppData\Local\Temp\esg_setup.log	data	#
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml	XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	#
C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	data	#
C:\Program Files\EnigmaSoft\SpyHunter\license.txt	Unicode text, UTF-8 text, with very long lines (1644), with CRLF line terminators	#
C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat	data	#
C:\Program Files\EnigmaSoft\SpyHunter\data\ScanHistory.dat-journal	SQLite Rollback Journal	#
C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	PE32+ executable (native) x86-64, for MS Windows	#
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	PE32+ executable (console) x86-64, for MS Windows	#

file.exe

Comments

Tags

Available tags:

Details

IPs

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

IPs

URLs

Dropped files

Search started

Yara Super Rule creation started

file.exe