top title background image
flash

Waybill(3).exe

Status: finished
Submission Time: 2020-04-09 17:44:28 +02:00
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    221554
  • API (Web) ID:
    339841
  • Analysis Started:
    2020-04-09 17:44:29 +02:00
  • Analysis Finished:
    2020-04-09 17:58:16 +02:00
  • MD5:
    d7d8919e0008c9dd47feae3703ace504
  • SHA1:
    c46500bb461bf6581cc1f82a87f641c224ca2a6b
  • SHA256:
    3112eb41bb7e2b09550028d626bd613ebe924ba20673fc457657b285fb799fe6
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
146.148.51.99
United States
146.148.44.194
United States
34.70.181.198
United States
Click to see the 3 hidden entries
35.223.225.73
United States
23.251.156.34
United States
146.148.35.162
United States

Domains

Name IP Detection
update.digitalwaybill.com
146.148.51.99
defaultrelay.digitalwaybill.com
23.251.156.34
site-cdn.onenote.net
0.0.0.0

URLs

Name Detection
http://www.dobsonsw.com)Code128bWinCode128bWinMediumMediumFontForge
http://www.dobsonsw.com)Created
http://www.digitalwaybill.com/DW/Mobile/Android.html
Click to see the 15 hidden entries
http://www.digitalwaybill.com/DW/GM/GoogleMapsMapD.html
http://www.winzip.comPostal
http://crl.thawte.com/ThawtePremiumServerCA.crl0
http://update.digitalwaybill.com/Client/Client.zip
http://www.dobsonsw.com)
http://www.winzip.com
http://freeimage.sourceforge.net
http://www.catalyst.com/0
http://ocsp.thawte.com0
http://update.digitalwaybill.com/Client/Version.txt
http://www.digitalwaybill.com/DW/Mobile/Android.htmlJ----_=_NextPart_002_01C9FA8A.A6B2FE50
http://www.digitalwaybill.com/DW/GM/GoogleMapsMap.html
http://freeimage.sourceforge.netD
http://crl.thawte.com/ThawteCodeSigningCA.crl02
http://www.digitalwaybill.com/DW/GM/GoogleMapsMap.htmlnhttp://www.digitalwaybill.com/DW/GM/GoogleMap

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ST6UNST Uninstaller.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Apr 9 23:44:56 2020, mtime=Thu Apr 9 23:44:56 2020, atime=Thu (…)
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6STKIT.DLL
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\VBPrnDlg.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
Click to see the 32 hidden entries
C:\Users\user\AppData\Local\Temp\msftqws.pdw\cstcpctl.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\info.dat
zlib compressed data
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\st6unst.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\version.dat
ASCII text, with CRLF, LF line terminators
#
C:\Users\user\AppData\Roaming\Digital Waybill\2000175240\ST6UNST.LOG
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Digital Waybill\2000175240\temp.000
data
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\MSCOMCTL.OCX
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\Public\Desktop\Relay Distributing.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 20 17:25:22 2016, mtime=Wed Jan 20 17:25:22 2016, atime=Wed Jan 20 17:25:22 2016, length (…)
#
C:\Windows\DigitalWaybill1.CAB
Microsoft Cabinet archive data, 3147841 bytes, 18 files
#
C:\Windows\DigitalWaybill2.cab
Microsoft Cabinet archive data, 10147 bytes, 1 file
#
C:\Windows\SETUP.LST
ASCII text, with CRLF, CR line terminators
#
C:\Windows\ST6UNST.000
ASCII text, with CRLF line terminators
#
C:\Windows\Setup1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\SysWOW64\temp.000
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\temp.000
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DCSysTray.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Client.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\WZSE0.TMP\DigitalWaybill1.CAB
Microsoft Cabinet archive data, 3147841 bytes, 18 files
#
C:\Users\user\AppData\Local\Temp\WZSE0.TMP\DigitalWaybill2.cab
Microsoft Cabinet archive data, 10147 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.LST
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\WZSE0.TMP\setup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\AsyncDNS.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\COMDLG32.OCX
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\ColumnHeaders.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Relay Distributing Digital Waybill\Relay Distributing.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 20 17:25:22 2016, mtime=Wed Jan 20 17:25:22 2016, atime=Wed Jan 20 17:25:22 2016, length (…)
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DWBarcode.ttf
TrueType Font data, 12 tables, 1st "OS/2", 21 names, Unicode, Created by Brian Dobson (http://www.dobsonsw.com) rae yBinDbo ht:/w.osnwcm
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DWFreeImage.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DWbszip.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DWzlib.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DXDBGrid.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\DigitalWaybill.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\msftqws.pdw\MSCOMCT2.OCX
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#