flash

URGENT PRODUCTS WE NEED.pif.exe

Status: finished
Submission Time: 16.06.2020 12:04:13
Malicious
Trojan
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    238831
  • API (Web) ID:
    373576
  • Analysis Started:
    16.06.2020 12:04:13
  • Analysis Finished:
    16.06.2020 12:12:10
  • MD5:
    cacbd45701bb05bac8a5d1dbde770e02
  • SHA1:
    b77656cc8a0d352c56564c4be87331663dba5908
  • SHA256:
    4f7a7b673cd661ed298c3b4265d9e67934c4f7df14d7a698f366cce81b4dd284
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
20/74

malicious
8/48

Domains

Name IP Detection
www.herbalberkah.net
0.0.0.0
www.dztdjt.com
0.0.0.0
www.ferreteriaalinor.com
0.0.0.0
Click to see the 1 hidden entries
www.inrenuil-jp.com
0.0.0.0

URLs

Name Detection
http://www.inrenuil-jp.comReferer:
http://www.inrenuil-jp.com/ltp/
http://www.inrenuil-jp.com
Click to see the 76 hidden entries
http://www.inrenuil-jp.com/ltp/www.dztdjt.com
http://www.jamiesclafaneconsulting.com
http://www.ferreteriaalinor.com/ltp/
http://www.gobeyondtraining.com/ltp/
http://www.%s.comPA
http://www.fonts.com
http://www.sandoll.co.kr
http://www.ferreteriaalinor.comReferer:
http://www.dztdjt.com/ltp/
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.instacoolbooth.com/ltp/
http://www.multigelomt.com
http://www.multigelomt.comReferer:
http://www.jamiesclafaneconsulting.comReferer:
http://www.gobeyondtraining.com
http://www.heli4k.info
http://www.apache.org/licenses/LICENSE-2.0
http://www.pgs-service.com/ltp/
http://www.masteryourcreativepower.comReferer:
http://www.spatren.comReferer:
http://www.pgs-service.comReferer:
http://www.dztdjt.com/ltp/www.herbalberkah.net
http://www.frontiermade.infoReferer:
http://www.taro-otani.net/ltp/
http://www.masteryourcreativepower.com/ltp/www.frontiermade.info
http://www.taro-otani.net/ltp/www.casinos.watch
http://www.carterandcone.coml
http://www.instacoolbooth.com/ltp/www.jamiesclafaneconsulting.com
http://www.casinos.watchReferer:
http://www.taro-otani.net
http://www.founder.com.cn/cn
http://www.masteryourcreativepower.com
http://www.casinos.watch
http://www.herbalberkah.net
http://www.ferreteriaalinor.com
http://www.jiyu-kobo.co.jp/
http://www.death-star.online
http://www.instacoolbooth.comReferer:
http://www.frontiermade.info/ltp/
http://www.dztdjt.com
http://www.multigelomt.com/ltp/
http://www.dztdjt.comReferer:
http://www.gobeyondtraining.comReferer:
http://www.pgs-service.com/ltp/www.masteryourcreativepower.com
http://www.casinos.watch/ltp/www.death-star.online
http://www.herbalberkah.netReferer:
http://www.spatren.com
http://www.taro-otani.netReferer:
http://www.casinos.watch/ltp/
http://www.death-star.onlineReferer:
http://www.jamiesclafaneconsulting.com/ltp/www.heli4k.info
http://www.ferreteriaalinor.com/ltp/www.spatren.com
http://www.pgs-service.com
http://www.founder.com.cn/cn/bThe
http://www.heli4k.info/ltp/
http://www.spatren.com/ltp/
http://www.heli4k.infoReferer:
http://www.instacoolbooth.com
http://www.tiro.com
http://www.frontiermade.info/ltp/www.multigelomt.com
http://www.multigelomt.com/ltp/www.gobeyondtraining.com
http://www.death-star.online/ltp/
http://www.goodfont.co.kr
http://www.masteryourcreativepower.com/ltp/
http://www.herbalberkah.net/ltp/
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://fontfabrik.com
http://www.gobeyondtraining.com/ltp/www.instacoolbooth.com
http://www.herbalberkah.net/ltp/www.ferreteriaalinor.com
http://www.spatren.com/ltp/www.pgs-service.com
http://www.frontiermade.info
http://www.jamiesclafaneconsulting.com/ltp/
http://www.heli4k.info/ltp/www.taro-otani.net

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\URGENT PRODUCTS WE NEED.pif.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2AAD.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\oayNIZ.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\oayNIZ.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#