flash

Health-Ebook.exe

Status: finished
Submission Time: 27.03.2020 01:03:19
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook GuLoader

Comments

Tags

Details

  • Analysis ID:
    218399
  • API (Web) ID:
    333716
  • Analysis Started:
    27.03.2020 01:03:20
  • Analysis Finished:
    27.03.2020 01:13:15
  • MD5:
    93fba794dcb6996185f8e93062c12cd4
  • SHA1:
    db73126ee8583999b121159e70e634ca23fd012d
  • SHA256:
    1e6bc511824f07c5107cb4a5075a811eb1d28f2916630bf7db1bb5c1649b0e7d
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
46/72

IPs

IP Country Detection
162.209.159.116
United States
192.0.78.24
United States
216.58.215.225
United States

Domains

Name IP Detection
kbasherphotography.com
192.0.78.24
www.michalshahar.com
162.209.159.116
www.aeaco.net
0.0.0.0
Click to see the 6 hidden entries
www.cryptosake.com
0.0.0.0
www.kbasherphotography.com
0.0.0.0
www.nacemo.com
63.250.33.106
googlehosted.l.googleusercontent.com
216.58.215.225
doc-0s-5o-docs.googleusercontent.com
0.0.0.0
doc-00-9o-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://www.michalshahar.com/w0k/?r65hj=BN90bfcptvP4SJ&3fct=vO9Vm2RARflm5p1PFXqn6eBrWTFFnunBf6X3DMkFEdmGbjkCk/pABuPtOpuxvLvCis20
http://www.kbasherphotography.com/w0k/
http://www.kbasherphotography.com/w0k/?r65hj=BN90bfcptvP4SJ&3fct=3PkPLEV8daGFL4/3pxhg1tKv6aVypEBkpsp65f+Yzy4XBcektFNWUD7dAcSGsTOSbbgw
Click to see the 17 hidden entries
http://www.typography.netD
http://www.autoitscript.com/autoit3/J
http://www.founder.com.cn/cn/cThe
http://www.apache.org/licenses/LICENSE-2.0
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.founder.com.cn/cn/bThe
http://myurl/myfile.bin
http://www.jiyu-kobo.co.jp/
http://www.tiro.com
http://www.fonts.com
http://www.sandoll.co.kr
http://www.goodfont.co.kr
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.carterandcone.coml
http://www.sajatypeworks.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Bjrnh\h8tczuli.exe
empty
#
C:\Users\user\AppData\Local\Temp\DB1
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
empty
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\O2116906\O21logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrf.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrg.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logri.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrv.ini
empty
#