flash

Shippinginfo.jar

Status: finished
Submission Time: 14.01.2020 23:28:05
Malicious
Trojan
Exploiter
Evader

Comments

Tags

Details

  • Analysis ID:
    201036
  • API (Web) ID:
    299862
  • Analysis Started:
    14.01.2020 23:28:06
  • Analysis Finished:
    15.01.2020 00:10:12
  • MD5:
    2dd76a3b2b94ed06e94bda51c66b978b
  • SHA1:
    7481cfcb488e22463426e7d7059f0e83ee551810
  • SHA256:
    1e0d128a5017e0c0630ce85cd1d3f12ffb2255ad8f9dbd24ab38a310250efc0c
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
88/100

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Without Tracing

malicious
88/100

malicious
22/60

IPs

IP Country Detection
192.169.69.25
United States

Domains

Name IP Detection
ssgwire.duckdns.org
192.169.69.25

URLs

Name Detection
http://apache.org/xml/features/xincludes
http://apache.org/xml/properties/internal/validator/dtd:
http://www.quovadisglobal.com/cps0
Click to see the 97 hidden entries
http://apache.org/xml/features/allow-java-encodings
http://apache.org/xml/features/dom/include-ignorable-whitespace/
http://apache.org/xml/features/create-cdata-nodesK
http://www.oracle.com/feature/use-service-mechanism
http://apache.org/xml/properties/internal/stax-entity-resolveriz=
http://javax.xml.XMLConstants/property/accessExternalDTD
http://apache.org/xml/properties/input-buffer-sizenent
http://apache.org/xml/xmlschema/1.0/anonymousTypes
http://java.sun.com/dtd/properties.dtdk~
http://apache.org/xml/features/validation/schema/normalized-value
http://apache.org/xml/features/xinclude/fixup-language
http://java.sun.com/xml/stream/properties/ignore-external-dtdanu
http://java.sun.com/xml/dom/properties/(
http://apache.org/xml/features/validation/schema/augment-psvi
http://apache.org/xml/properties/input-buffer-size
http://xml.org/sax/features/namespacesST
http://apache.org/xml/features/allow-java-encodings.org/9
http://www.chambersign.org1
http://repository.swisssign.com/0
http://apache.org/xml/properties/schema/external-schemaLocation(
http://apache.org/xml/properties/internal/entity-manager
http://apache.org/xml/properties/internal/symbol-tableQ
http://apache.org/xml/features/internal/parser-settings
http://apache.org/xml/properties/internal/validator/schemaWith
http://apache.org/xml/features/dom/include-ignorable-whitespace
http://apache.org/xml/features/xinclude/fixup-languageTT;
http://java.sun.com/xml/dom/properties/
http://apache.org/xml/properties/internal/stax-entity-resolver
http://apache.org/xml/features/validation/schemaC
http://java.sun.com/xml/stream/properties/reader-in-defined-stateassNotF
http://apache.org/xml/features/3
http://www.oracle.com/hotspot/jvm/vm/compiler/id
http://apache.org/xml/features/xinclude/fixup-base-uris
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
http://apache.org/xml/properties/internal/error-reporter
http://www.oracle.com/feature/use-service-mechanismutil/
http://apache.org/xml/features/xinclude/fixup-base-uris#d
http://www.oracle.com/hotspot/jvm/java/monitor/address
http://apache.org/xml/features/#
http://apache.org/xml/properties/k
http://apache.org/xml/features/include-comments
http://apache.org/xml/features/scanner/notify-char-refs
http://apache.org/xml/properties/internal/error-handlerk
http://java.sun.com/xml/dom/properties/#v
http://apache.org/xml/properties/dom/current-element-node9
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
http://policy.camerfirma.com0
http://apache.org/xml/features/create-cdata-nodess
http://apache.org/xml/features/validation/schema/normalized-valueB
http://apache.org/xml/properties/dom/current-element-nodeF
http://java.sun.com/xml/stream/properties/ignore-external-dtd
http://apache.org/xml/features/continue-after-fatal-error
http://apache.org/xml/features/standard-uri-conformant
http://apache.org/xml/properties/internal/document-scanner
http://apache.org/xml/features/validation/schema/normalized-valuedom/NodB
http://apache.org/xml/features/validation/warn-on-undeclared-elemdefrefi:
http://apache.org/xml/features/generate-synthetic-annotationsss-9
http://java.sun.com/xml/dom/properties/k
http://java.sun.com/xml/stream/properties/C
http://apache.org/xml/features/scanner/notify-builtin-refsC
http://bugreport.sun.com/bugreport/
http://java.oracle.com/
http://apache.org/xml/features/
http://apache.org/xml/features/generate-synthetic-annotations
http://www.oracle.com/technetwork/java/javaseproducts/C:
http://apache.org/xml/features/validate-annotationscm
http://xml.org/sax/features/allow-dtd-events-after-endDTD
http://java.sun.com/xml/dom/properties/ancestor-checker;
http://apache.org/xml/features/validation/schema/normalized-value#
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
http://apache.org/xml/features/validation/schema/element-defaultSj
http://apache.org/xml/properties/internal/namespace-binder
http://javax.xml.XMLConstants/property/accessExternalDTD;
http://www.oracle.com/hotspot/jvm/vm/gc/id
http://apache.org/xml/properties/internal/validation/schema/dv-factoryta7
http://apache.org/xml/features/namespace-growthC
http://apache.org/xml/features/validation/balance-syntax-treesC
http://java.sun.com/xml/dom/properties/I(
http://apache.org/xml/properties/internal/validator/dtdE:
http://apache.org/xml/properties/security-manager
http://www.oracle.com/technetwork/java/javaseproducts/
http://apache.org/xml/features/validate-annotations0x
http://java.sun.com/xml/dom/properties/ancestor-check
http://www.oracle.com/hotspot/jvm/
http://apache.org/xml/features/validation/balance-syntax-trees1
http://apache.org/xml/features/validation/dynamick
http://apache.org/xml/features/create-cdata-nodes:
http://apache.org/xml/features/xinclude
http://apache.org/xml/features/validation/schema-full-checking
http://javax.xml.XMLConstants/property/
http://apache.org/xml/features/validate-annotationsc
http://apache.org/xml/features/dom/include-ignorable-whitespaceK
http://apache.org/xml/properties/internal/dtd-scanner8
http://openjdk.java.net/jeps/220).
http://apache.org/xml/properties/internal/grammar-pool
http://javax.xml.XMLConstants/property/accessExternalSchemaD
http://java.sun.com/xml/stream/properties/reader-in-defined-state

Dropped files

Name File Type Hashes Detection
C:\Users\user\Oracle\bin\plugin2\msvcr100.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\PDeRD\VONrc.class
Java archive data (JAR)
#
C:\ProgramData\Oracle\Java\.oracle_jre_usage\9dfa1db1901a4753.timestamp
ASCII text, with CRLF line terminators
#
Click to see the 35 hidden entries
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d80db.timestamp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\QXYSwihFuW5181872119363116970.xml
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\UBeILSkxxa4259610451599432739.xml
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\XTugPEgJFD7468964115117734558.xml
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\xifnWktlbk2534677074309087140.xml
data
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1002\83aa4cc77f591dfc2374580bbd95f6ba_59407d34-c8c5-44df-a766-ba8a11cb1cb0
data
#
C:\Users\user\Oracle\COPYRIGHT
ISO-8859 text
#
C:\Users\user\Oracle\LICENSE
UTF-8 Unicode text, with very long lines
#
C:\Users\user\Oracle\bin\api-ms-win-core-console-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\Oracle\bin\client\classes.jsa
data
#
C:\Users\user\Oracle\bin\concrt140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\Oracle\bin\dt_shmem.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Oracle\bin\dtplugin\deployJava1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Oracle\bin\policytool.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\Oracle\lib\accessibility.properties
data
#
C:\Users\user\Oracle\lib\cmm\CIEXYZ.pf
Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
#
C:\Users\user\Oracle\lib\content-types.properties
data
#
C:\Users\user\Oracle\lib\deploy.jar
Java archive data (JAR)
#
C:\Users\user\Oracle\lib\deploy\ffjcext.zip
Zip archive data, at least v1.0 to extract
#
C:\Users\user\Oracle\lib\ext\access-bridge-32.jar
Java archive data (JAR)
#
C:\Users\user\Oracle\lib\flavormap.properties
data
#
C:\Users\user\Oracle\lib\fonts\LucidaBrightDemiBold.ttf
TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright De
#
C:\Users\user\Oracle\lib\hijrah-config-umalqura.properties
ASCII text
#
C:\Users\user\Oracle\lib\i386\jvm.cfg
ASCII text
#
C:\Users\user\Oracle\lib\images\cursors\cursors.properties
data
#
C:\Users\user\Oracle\lib\javafx.properties
data
#
C:\Users\user\Oracle\lib\jfr.jar
Java archive data (JAR)
#
C:\Users\user\Oracle\lib\jfr\default.jfc
XML 1.0 document, ASCII text
#
C:\Users\user\Oracle\lib\management-agent.jar
Java archive data (JAR)
#
C:\Users\user\Oracle\lib\management\jmxremote.access
ASCII text
#
C:\Users\user\Oracle\lib\security\blacklist
data
#
C:\Users\user\Oracle\lib\security\policy\limited\local_policy.jar
Zip archive data, at least v2.0 to extract
#
C:\Users\user\Oracle\lib\sound.properties
data
#
C:\Windows\SysWOW64\IbeFw
ASCII text, with very long lines, with no line terminators
#
C:\cmdlinestart.log
data
#