flash

mandiant_ioc_finder.exe

Status: finished
Submission Time: 14.02.2020 15:50:54
Suspicious
Evader

Comments

Tags

Details

  • Analysis ID:
    208470
  • API (Web) ID:
    314291
  • Analysis Started:
    14.02.2020 16:09:10
  • Analysis Finished:
    14.02.2020 16:18:51
  • MD5:
    7fde1ca2f77a0361a15875a06a7c9e17
  • SHA1:
    520b901184af0185ac739ef9735d785d5dece024
  • SHA256:
    31e401faa6d40a6d3d2c6cd71eaa8aaef19770c24ffb83d43fdc3c4932503d00
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

suspicious
22/100

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Run Condition: Cmdline fuzzy

clean
16/100

URLs

Name Detection
http://xmlsoft.org/XSLT/xsltExtFunctionTest:
http://schemas.mandiant.com/2011/07/taskitem.xsdw32tasks$
http://schemas.mandiant.com/2011/07/prefetchitem.xsdw32prefetch
Click to see the 47 hidden entries
http://schemas.mandiant.com/2011/07/serviceitem.xsdw32services
http://schemas.mandiant.com/2011/07/BatchResult.xsd
http://schemas.mandiant.com/2011/07/eventlogitem.xsdapplication/xmlhttp://schemas.mandiant.com/2011/
http://schemas.mandiant.com/2011/07/systemrestoreitem.xsd1.4.41.0w32systemrestore
http://schemas.mandiant.com/2011/07/issuelist.xsd
http://schemas.mandiant.com/2011/07/mir.w32ports.xsdPort
http://schemas.mandiant.com/2011/07/mir.w32processes.xsdZwQueryInformationThreadZwQueryInformationPr
http://schemas.mandiant.com/2011/07/BatchResult.xsd%hshttp://schemas.mandiant.com/2011/07/batchresul
http://www.openssl.org/support/faq.html.
http://schemas.mandiant.com/2011/07/formhistoryitem.xsdformhistoryhttp://schemas.mandiant.com/2011/0
http://xqilla.sourceforge.net/FunctionsX
http://www.openssl.org/support/faq.html
http://www.oreans.com
http://schemas.mandiant.com/2011/07/registryitem.xsdw32registryraw1.4.36.0http://schemas.mandiant.co
http://www.mandiant.com/schemas/FileItem.xsd1.4.27.0http://schemas.mandiant.com/2011/07/portitem.xsd
http://schemas.mandiant.com/2011/07/systeminfoitem.xsdw32systemCurrentBuildNumberInstallDateProductN
http://schemas.mandiant.com/2011/07/issuelist.xsdhttp://schemas.mandiant.com/2011/07/issues.xsdIssue
http://home.netscape.com/NC-rdf#
http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI
http://schemas.mandiant.com/2011/07/mir.w32tasks.xsdExecProgramSha256sumExecProgramSha1sumExecProgra
http://schemas.mandiant.com/2011/07/processitem.xsdw32processes-APIWinsta.dllWinStationGetProcessSid
http://icl.com/saxonFound
http://schemas.mandiant.com/2011/07/mir.w32services.xsdbad
http://apache.org/xml/UknownNSUCS4UCS-4UCS_4UTF-32ISO-10646-UCS-4UCS-4
http://exslt.org/common
http://schemas.mandiant.com/2011/07/mir.w32useraccounts.xsdFailed
http://exslt.org/commonxsl:sort
http://www.mandiant.com/schemas/issue.xsdgeneratorgeneratorVersionitemSchemaLocationhrefIssuesThere
http://wibu.com/us/
http://www.netscape.com/newsref/std/cookie_spec.html
http://xmlsoft.org/XSLT/
http://xmlsoft.org/XSLT/namespace
http://schemas.mandiant.com/2011/07/useritem.xsdw32useraccounts1.4.36.0Error
http://relaxng.org/ns/structure/1.0allocating
http://schemas.mandiant.com/2011/07/hookitem.xsdw32kernel-hookdetectionhttp://schemas.mandiant.com/2
http://www.winimage.com/zLibDllr
http://schemas.mandiant.com/2011/07/routeentryitem.xsdw32network-routehttp://schemas.mandiant.com/20
http://schemas.mandiant.com/2011/07/issues.xsd
http://www.jclark.com/xt
http://www.jclark.com/xtnode-sethttp://xmlsoft.org/XSLT/namespacexsltNewAttrVTPtr
http://schemas.mandiant.com/2011/07/batchresult.xsd
http://icl.com/saxon
http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHxmlxml
http://schemas.mandiant.com/2011/07/registryitem.xsdapplication/xmlhttp://schemas.mandiant.com/2011/
http://www.winimage.com/zLibDll
http://relaxng.org/ns/structure/1.0
http://schemas.mandiant.com/2011/07/mir.w32system.xsdSystemInfoItemdirectorymachinetotalphysicalavai

Dropped files

Name File Type Hashes Detection
\Device\ConDrv
ASCII text, with CRLF line terminators
#