flash

견적 품목 리스트.exe

Status: finished
Submission Time: 01.04.2020 02:48:26
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook GuLoader

Comments

Tags

Details

  • Analysis ID:
    219336
  • API (Web) ID:
    335544
  • Analysis Started:
    01.04.2020 02:48:26
  • Analysis Finished:
    01.04.2020 03:10:40
  • MD5:
    b38df2e04686b781ba0abcecee9506db
  • SHA1:
    23e1444e1145bd57d305593fb4623770097ce8a5
  • SHA256:
    5e9a72ba9db211addc4a0408a838310bc264d620658b8c640f2e845e740f1cd6
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
19/71

malicious
18/47

IPs

IP Country Detection
157.7.107.191
Japan
120.78.54.228
China
162.213.250.169
United States
Click to see the 2 hidden entries
50.63.202.45
United States
23.20.239.12
United States

Domains

Name IP Detection
www.allixanes.com
162.213.250.169
www.breeze-iwaki.com
157.7.107.191
ontariobrokers.info
50.63.202.45
Click to see the 17 hidden entries
www.zhiguohulian.com
120.78.54.228
www.sspifgmcputactn.com
0.0.0.0
www.iloveposts.us
0.0.0.0
www.c36c.loan
0.0.0.0
www.24protrade.com
0.0.0.0
www.xiangkanla.com
0.0.0.0
www.ontariobrokers.info
0.0.0.0
www.usmantechstaffing.com
0.0.0.0
www.augmentedgame.net
0.0.0.0
www.lisacinsy.com
0.0.0.0
www.rmk8.com
0.0.0.0
www.amroech.com
0.0.0.0
www.carlekblad.net
0.0.0.0
www.unitedgamesreviews.com
0.0.0.0
HDRedirect-LB5-1afb6e2973825a56.elb.us-east-1.amazonaws.com
23.20.239.12
hmhxvw.dm.files.1drv.com
0.0.0.0
onedrive.live.com
0.0.0.0

URLs

Name Detection
http://www.unitedgamesreviews.com/sa22/?xL3hLB=mJWPVSoyqfPZs8UJSkt9FmfqvIPNq9yK3Wcj61pPIQpPL4OfnZhXtLvw2+R7wcITKeuf&aBR=nzuD_jr
http://www.allixanes.com/sa22/
http://www.zhiguohulian.com/sa22/?xL3hLB=B5PZdHLghsUOEGl3YThmAxwc5Q2JZtslVwuxmQEXEBgCU6TSZbpNnkclXQwV4rvxtjxB&aBR=nzuD_jr
Click to see the 35 hidden entries
http://www.ontariobrokers.info/sa22/?xL3hLB=NsNsxeBPlrPiTgS9PP58UUflimdpAUL5lqUDkgQyH8o5OCzmy0StWinhpygoIu1EeSbM&aBR=nzuD_jr
http://www.zhiguohulian.com/sa22/
http://www.unitedgamesreviews.com/sa22/
http://www.ontariobrokers.info/sa22/
http://www.breeze-iwaki.com/sa22/?xL3hLB=aVqR6HBe4HPb3lExG0zvWIwAu17MGRwlbJLJc79qbxuvrCEeo+JL0PcaWaEsBxFMbHEl&aBR=nzuD_jr
http://www.autoitscript.com/autoit3/J
http://www.apache.org/licenses/LICENSE-2.0
https://hmhxvw.dm.files.1drv.com/y4mDHUFfQ2g1XTQrB-cYwN_hG6Cxc6i0TPSf0h8A5pxArHU7tJntTru2LQqeUciZ-eZ
http://www.founder.com.cn/cn/bThe
https://onedrive.live.com/)
http://www.tiro.com
https://hmhxvw.dm.files.1drv.com/E
https://hmhxvw.dm.files.1drv.com/y4mCaW0IYh1142nzLVtBXWOcELews40HL9i3tI6S1VZ6BwvDTHEv88MF42IgqPKYOX8
http://www.goodfont.co.kr
https://hmhxvw.dm.files.1drv.com/y4m6mKZSuQwkXEGymg7hEk0kp6mUmdmxbOOGLs_djyrPR8HMUKzbvAr7Ilver4dVuMn
https://onedrive.live.com/download?cid=569F732A389E1EA2&resid=569F732A389E1EA2%21411&authkey=ABTtM_3
https://onedrive.live.com/
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://ocsp.digi3Am
http://www.founder.com.cn/cn/cThe
http://mscrl.%
http://fontfabrik.com
http://www.founder.com.cn/cn
https://hmhxvw.dm.files.1drv.com/U
https://hmhxvw.dm.files.1drv.com/y4mCaW0IYh1142nzLVtBXWOcELews40HL9i3tI6S1VZ6BwvDTHEv88M_
http://www.jiyu-kobo.co.jp/
https://hmhxvw.dm.files.1drv.com/g
http://www.fonts.com
http://www.sandoll.co.kr
https://hmhxvw.dm.files.1drv.com/
http://www.zhongyicts.com.cn
http://www.sakkal.com
https://hmhxvw.dm.files.1drv.com/32

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DB1
empty
#
C:\Users\user\AppData\Local\Temp\T7nhhu\gdi4hxdb6.exe
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
empty
#
Click to see the 7 hidden entries
C:\Users\user\AppData\Roaming\O7P4TUST\O7Plogim.jpeg
empty
#
C:\Users\user\AppData\Roaming\O7P4TUST\O7Plogrf.ini
empty
#
C:\Users\user\AppData\Roaming\O7P4TUST\O7Plogrg.ini
empty
#
C:\Users\user\AppData\Roaming\O7P4TUST\O7Plogri.ini
empty
#
C:\Users\user\AppData\Roaming\O7P4TUST\O7Plogrv.ini
empty
#
C:\Users\user\subfolder1\filename1.exe
empty
#
C:\Users\user\subfolder1\filename1.vbs
empty
#