flash

wCBF18f9qE.exe

Status: finished
Submission Time: 22.05.2020 07:15:42
Malicious
Phishing
E-Banking Trojan
Trojan
Spyware
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    232329
  • API (Web) ID:
    360911
  • Analysis Started:
    22.05.2020 07:15:43
  • Analysis Finished:
    22.05.2020 07:22:37
  • MD5:
    a51e01aea30de8b559438d2cfc051af0
  • SHA1:
    15442aa7beb997dc9333a7a09ca773443ac66e58
  • SHA256:
    b9a3270fb18059176da80a1ed62a5ae44542fae7887167b4369329f5b16190bf
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
60/72

malicious
26/38

malicious
26/29

malicious

URLs

Name Detection
http://https://file://USER.ID%lu.exe/upd
http://www.typography.netD
http://www.autoitscript.com/autoit3/J
Click to see the 20 hidden entries
http://www.founder.com.cn/cn/cThe
http://www.apache.org/licenses/LICENSE-2.0
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.founder.com.cn/cn/bThe
http://constitution.org/usdeclar.txt
http://ns.adobp/y
http://www.jiyu-kobo.co.jp/
http://constitution.org/usdeclar.txtC:
http://ns.micro/1Y
http://www.tiro.com
http://ns.adobe.ux9
http://ns.adobe.cmg
http://www.fonts.com
http://www.sandoll.co.kr
http://www.goodfont.co.kr
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.carterandcone.coml
http://www.sajatypeworks.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6c4zjj0s.default\prefs.js
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Authtenc\atmftstr.exe
data
#