flash

Quzn0r4YUG.exe

Status: finished
Submission Time: 27.02.2020 09:25:06
Malicious
Phishing
Trojan
Spyware
Evader
HawkEye

Comments

Tags

Details

  • Analysis ID:
    211418
  • API (Web) ID:
    320017
  • Analysis Started:
    27.02.2020 09:25:06
  • Analysis Finished:
    27.02.2020 09:35:07
  • MD5:
    3fe7d81139bd40361330a07f47bb99e1
  • SHA1:
    391bc516fe8e1feae96fb3c7c31bcccec4fa20e6
  • SHA256:
    4945a1a4f65271de23a99eaad0b4a08b472b2dcb60a60a5b06f26afad49da181
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
20/71

malicious
10/47

malicious

URLs

Name Detection
http://www.apache.org/licenses/LICENSE-2.0
http://pomf.cat/upload.php&https://a.pomf.cat/
http://pomf.cat/upload.php
Click to see the 22 hidden entries
http://www.founder.com.cn/cn/bThe
http://www.tiro.com
http://www.nirsoft.net
http://www.goodfont.co.kr
https://github.com/MaayanFarchi
http://bot.whatismyipaddress.com/
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
https://a.pomf.cat/
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.msn.com/de-ch/?ocid=iehpHLMEMh
http://www.jiyu-kobo.co.jp/
https://login.yahoo.com/config/login
http://www.fonts.com
http://www.sandoll.co.kr
http://www.nirsoft.net/
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://pomf.cat/upload.phpCContent-Disposition:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Quzn0r4YUG.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\062e60df-a0bc-782b-5a2c-b789d5ef42ba
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmpEF8C.tmp
Little-endian UTF-16 Unicode text, with no line terminators
#