flash

Securemailapp.exe

Status: finished
Submission Time: 01.04.2020 16:37:57
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    219536
  • API (Web) ID:
    335938
  • Analysis Started:
    01.04.2020 16:46:53
  • Analysis Finished:
    01.04.2020 17:03:40
  • MD5:
    e4cfaff8f10b2c4dcdf7687773b5f5ba
  • SHA1:
    2b82d3782f6e6248a0d8ef6a5c67058976fc8d3d
  • SHA256:
    24593f3180a0766aa26ed91e6e79d6cf796aeaf27cc134a9eabf4a5da752c20e
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
46/71

malicious
22/47

IPs

IP Country Detection
116.202.9.166
Germany
35.242.251.130
United States
202.254.239.144
Japan
Click to see the 6 hidden entries
217.76.128.35
Spain
184.168.131.241
United States
199.192.22.148
United States
208.91.197.46
Virgin Islands (BRITISH)
104.28.0.58
United States
23.20.239.12
United States

Domains

Name IP Detection
www.agaroseresins.com
217.76.128.35
skylineluxuryhomeschicago.com
184.168.131.241
www.ardrome.com
116.202.9.166
Click to see the 16 hidden entries
balancer.wixdns.net
35.242.251.130
www.cszlhz.com
104.28.0.58
www.xn--u9j813lsxe15po01b.com
202.254.239.144
www.your-date-here.com
208.91.197.46
www.covpsychiz.info
199.192.22.148
www.artysancr.com
0.0.0.0
www.xn--estyxk34aq4mspbq7if9a.com
0.0.0.0
www.sumomedia.ltd
0.0.0.0
www.proteinefficient.com
0.0.0.0
www.skylineluxuryhomeschicago.com
0.0.0.0
www.kong.florist
0.0.0.0
www.apology.ltd
0.0.0.0
www.ukapak.ink
0.0.0.0
www.thescarfhut.com
0.0.0.0
HDRedirect-LB5-1afb6e2973825a56.elb.us-east-1.amazonaws.com
23.20.239.12
www.frakkeforhandler.com
104.31.88.253

URLs

Name Detection
http://www.cszlhz.com/hx212/?Ev=2H5oEqApcZqqJ6qLyjFERWiUI7bCbufBKCMghUsAFeTsJ5P0iZtpaBZczhNc8rDwu6V1&ljo=MDKPFFDXDxJXypBP
http://www.xn--u9j813lsxe15po01b.com/hx212/?Ev=7w0YytMHoI4nsjP+y0IMrc86PWQ/iAHGw4E6AnUW3tdwa4iK0mJdGm+TIKrUlQMYe/Zk&ljo=MDKPFFDXDxJXypBP
http://www.artysancr.com/hx212/
Click to see the 44 hidden entries
http://www.xn--u9j813lsxe15po01b.com/hx212/
http://www.cszlhz.com/hx212/
http://www.ardrome.com/hx212/?Ev=wKfpUO9plDGv2T++KqO84WhM5OOWvYWxYhu9D8K5Zh6fySGSwmXnDP6Ufhr7dtYnSq9Q&ljo=MDKPFFDXDxJXypBP
http://www.thescarfhut.com/hx212/?Ev=sml3n6l49EPSCa7vMPh/SuuWi1599qVmQUcMIo3tt8Fu8A6Qgu0IlzGyXmIb1Url3LIn&ljo=MDKPFFDXDxJXypBP
http://www.covpsychiz.info/hx212/
http://www.covpsychiz.info/hx212/?Ev=8sUyA4WO5fe1gCDgOO3DHmlO4MdYzsfah5NcuQxOl3hW/0/R9dWPAXciXHbnM6Y/IAid&ljo=MDKPFFDXDxJXypBP
http://www.thescarfhut.com/hx212/
http://www.agaroseresins.com/hx212/
http://www.ardrome.com/hx212/
http://www.your-date-here.com/hx212/?Ev=yuATxVRg6V03zt9fmkHVG7SVgWpl6/Z6tDeIEtza45Xi+B/vKHFgBV6ZVx3ahKEkFxT0&ljo=MDKPFFDXDxJXypBP
http://www.agaroseresins.com/hx212/?Ev=chNEXokLq7hW8HvKkY2dcNEQeJ5GKWGLAWl1+X6aOcyDV8302CPyRRACxVQRPL3iiqaQ&ljo=MDKPFFDXDxJXypBP
http://www.skylineluxuryhomeschicago.com/hx212/
http://www.skylineluxuryhomeschicago.com/hx212/?Ev=bM4Xun1pI6ZOV5ZHYseigAPkvvck2Cij1ewApu5ohFDlZ8aGsxAg5ufu1RC6vK+1jaDm&ljo=MDKPFFDXDxJXypBP
http://www.artysancr.com/hx212/?Ev=ZsyByF5b0EkK3lQ42YrSke2rzN/49RgUkpyRf/X/Lp8mJH7kxaV2xoRALuGc5Mm0xYDM&ljo=MDKPFFDXDxJXypBP
https://ogs.go
http://www.apache.org/licenses/LICENSE-2.0
http://www.msn.com/?ocid=iehp%
https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=19
http://www.founder.com.cn/cn/bThe
http://www.msn.com/de-ch/?ocid=iehpLMEMh
http://www.tiro.com
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
http://www.goodfont.co.kr
http://www.msn.com/ocid=iehp
http://www.google.ch/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1LMEM
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
https://www.google.ch/?gws_rd=sslLMEMhh_
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM
http://fontfabrik.com
http://www.founder.com.cn/cn
https://www.google.ch/favicon.ico
http://ns.adob1
http://www.jiyu-kobo.co.jp/
http://www.fonts.com
http://www.sandoll.co.kr
https://contextual.media.net/medianet.php?ci
http://www.google.ch/q
http://www.zhongyicts.com.cn
http://www.sakkal.com
https://www.google.ch/?gws_rd=ssl

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D12.tmp.dmp
empty
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5446.tmp.WERInternalMetadata.xml
empty
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER54B5.tmp.xml
empty
#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\chkdskuda.exe.log
empty
#
C:\Users\user\AppData\Local\Temp\Nolt\chkdskuda.exe
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logrf.ini
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logri.ini
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logrv.ini
empty
#
\Device\ConDrv
empty
#