flash

file.exe

Status: finished
Submission Time: 2022-11-30 00:11:12 +01:00
Suspicious
Ransomware
Trojan
Spyware
Evader
BrowserHistorySpy Tool, Quasar

Comments

Tags

  • exe

Details

  • Analysis ID:
    756299
  • API (Web) ID:
    1123575
  • Analysis Started:
    2022-11-30 00:13:28 +01:00
  • Analysis Finished:
    2022-11-30 00:40:29 +01:00
  • MD5:
    2816bacd01b0d8c48f1d8714c6aa6f0f
  • SHA1:
    474ae88d9cf093dcb9789cb7b79513e0dbd38388
  • SHA256:
    637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

suspicious
38/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

suspicious
26/100

IPs

IP Country Detection
8.8.8.8
United States
172.217.168.68
United States
172.217.168.46
United States
Click to see the 3 hidden entries
34.240.252.91
United States
89.187.165.194
Czech Republic
108.156.60.5
United States

URLs

Name Detection
https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_sloven
https://api.release.cyclonis.net/v1/download?app=cyclonis-backup&os=win
Click to see the 97 hidden entries
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf:
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf29t
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
https://www.enigmasoftware.com/program-uninstall-steps/.
https://www.enigmasoftware.com/enigmasoft-discount-terms/.
https://installer.enigmas
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
http://www.bulla.com
https://myaccount.enigmasoftware.com/forgot-password/85000.0doc
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf/msv0t8
http://installer.enigmasoftware.com/sh5/latest.ecfH
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
http://installer.enigmasoftware.com/sh5/def/latest_def.ecf
https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O750x01xDa
https://purchase.enigmasoftware.com
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
https://www.enigmasoftware.com/spyhunter-eula/.
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecfPAt
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfp
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecfR
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
https://www.enigmasoftware.com/spyhunter-remover-details/#windows
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf1c6
https://installer.enigmasoftware.com/sh5/5.13.15.81/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecffdiyHxtN/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecfg
https://www.enigmasoftware.com/sh/license.txt.
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecfiEp
https://www.enigmasoftware.com/spyhunter5-special-promotion-terms/
http://svc-stats.linkury.com/StateStatisticsService.svc/V1/JSON/GetDistributorIdFromNameHttpGet?dist
http://installer.enigmasoftware.com/log_collect.cfgH
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf6
http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfG
https://installer.enigmasoftware.com/sh5/def/latest_def.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf--
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecfD
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
https://installer.enigmasB
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
http://wwwigmasoftware.com
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwa
https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecfR
https://installer.enigmasoftware.com/sh5/5.13.15.81/M
http://installer.enigmas
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecfQsTb
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
https://dev.virtualearth.net/REST/v1/Routes/Transit
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecfecf7O
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
https://dynamic.t
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
http://www.entrust.net/CRL/net1.crl0
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf)
https://dev.virtualearth.net/REST/v1/Locations
http://ocsp.rootca1.amazontrust.com0:
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
https://www.enigmasoftware.com/support/
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecfDVD
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf.ecf
http://installer.enigmasoftware.com/sh5/5.13.15.81/

Dropped files

Name File Type Hashes Detection
C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng
OpenPGP Public Key
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng
data
#
Click to see the 55 hidden entries
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng
OpenPGP Secret Key
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\Program Files\EnigmaSoft\SpyHunter\data\CrCache.dat
data
#
C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat
data
#
C:\sh5ldr\initrd.gz
gzip compressed data, was "newinitrd", last modified: Fri Feb 9 17:19:34 2018, from Unix, original size modulo 2^32 4180998130
#
C:\sh5ldr\vmlinuz
Linux kernel x86 boot executable bzImage, version 3.18.5ESGi (enigma@enigma-mindo-xdev) #3 SMP Wed Feb 4 13:13:25 EET 2015, RO-rootFS, swap_dev 0X2, Normal VGA
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng
OpenPGP Secret Key
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng
OpenPGP Public Key
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng
data
#
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng
data
#
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)
XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
#
C:\sh5ldr\shldr.mbr
DOS/MBR boot sector
#
C:\sh5ldr\shldr
DOS executable (COM)
#
C:\Windows\System32\drivers\EnigmaFileMonDriver.sys
PE32+ executable (native) x86-64, for MS Windows
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\Windows\Logs\waasmedic\waasmedic.20221130_081446_547.etl
data
#
C:\Users\user\AppData\Local\Temp\esg_setup.log
data
#
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml
XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
#
C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files\EnigmaSoft\SpyHunter\purl.dat
data
#
C:\Program Files\EnigmaSoft\SpyHunter\license.txt
Unicode text, UTF-8 text, with very long lines (1644), with CRLF line terminators
#
C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat
data
#
C:\Program Files\EnigmaSoft\SpyHunter\data\ScanHistory.dat-journal
SQLite Rollback Journal
#
C:\Program Files\EnigmaSoft\SpyHunter\Native.exe
PE32+ executable (native) x86-64, for MS Windows
#
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
PE32+ executable (console) x86-64, for MS Windows
#