flash

setup.exe

Status: finished
Submission Time: 29.06.2020 13:19:02
Malicious
E-Banking Trojan
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    241985
  • API (Web) ID:
    379690
  • Analysis Started:
    29.06.2020 13:19:02
  • Analysis Finished:
    29.06.2020 13:25:37
  • MD5:
    eb320243d41500647b767f567a285401
  • SHA1:
    ffe46db953bc5227f323baf29008a8eb79ed8dc9
  • SHA256:
    3fe5fdbdc141727dc6b70a7c8e2c7700a0eef1ee6236d7a5cb62b15c75ab9f26
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
16/72

malicious
11/48

IPs

IP Country Detection
172.217.22.6
United States
185.64.190.80
United Kingdom
212.82.100.176
United Kingdom
Click to see the 21 hidden entries
52.213.155.56
United States
152.199.21.65
United States
3.87.126.14
United States
152.199.21.71
United States
54.152.208.155
United States
35.178.2.28
United States
87.248.118.22
United Kingdom
152.195.51.15
United States
87.248.118.23
United Kingdom
152.195.39.165
United States
188.125.72.139
United Kingdom
18.156.0.31
United States
3.126.56.137
United States
35.158.60.52
United States
51.210.87.125
France
152.199.23.180
United States
212.82.100.182
United Kingdom
141.136.36.13
Lithuania
87.248.100.136
United Kingdom
212.82.100.140
United Kingdom
87.248.100.137
United Kingdom

Domains

Name IP Detection
geo.moatads.com
0.0.0.0
apx.moatads.com
0.0.0.0
sb.scorecardresearch.com
0.0.0.0
Click to see the 40 hidden entries
prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
18.156.0.31
edge.gycpi.b.yahoodns.net
87.248.118.22
cs964199420.wpc.mucdn.net
152.199.23.180
nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
52.213.155.56
udc.yahoo.com
0.0.0.0
ad.doubleclick.net
0.0.0.0
service.idsync.analytics.yahoo.com
0.0.0.0
us.y.atwola.com
0.0.0.0
tag.idsync.analytics.yahoo.com
0.0.0.0
ups.analytics.yahoo.com
0.0.0.0
opus.analytics.yahoo.com
0.0.0.0
tag.sp.advertising.com
0.0.0.0
geo.yahoo.com
0.0.0.0
s.yimg.com
0.0.0.0
mail.yahoo.com
0.0.0.0
image2.pubmatic.com
0.0.0.0
cms.analytics.yahoo.com
0.0.0.0
fc.yahoo.com
0.0.0.0
pixel.advertising.com
0.0.0.0
login.yahoo.com
0.0.0.0
aka-cdn.adtechus.com
0.0.0.0
pr-bh.ybp.yahoo.com
0.0.0.0
fam-geo-atsv2.prod.media.g03.yahoodns.net
188.125.72.139
dart.l.doubleclick.net
172.217.22.6
spcms-global.pbp.gysm.yahoodns.net
212.82.100.182
pug-lhr.pubmatic.com
185.64.190.80
sdarlasplitroute.gapx.yahoodns.net
87.248.118.23
nado-ecs-lb-eu-west-2-768621275.eu-west-2.elb.amazonaws.com
35.178.2.28
prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
35.158.60.52
pool8.moatads.com
54.152.208.155
ds-ats.member.g02.yahoodns.net
212.82.100.140
line.ehrlum.com
51.210.87.125
cs815200983.wac.omegacdn.net
152.195.51.15
pool3.moatads.com
3.87.126.14
cs1696.wpc.thetacdn.net
152.199.21.65
ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.136
cs1935.wpc.thetacdn.net
152.199.21.71
ds-pr-bh.ybp.gysm.yahoodns.net
212.82.100.176
cs747173190.wac.omegacdn.net
152.195.39.165
service.sp-ats.aolp-ds-prd.aws.oath.cloud
3.126.56.137

URLs

Name Detection
http://commercialtype.com/licenseYahoo
http://commercialtype.com/licenseCopyright
http://www.nytimes.com/
Click to see the 34 hidden entries
http://commercialtype.com/license
https://s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico
http://line.ehrlum.com/images/KDaaNc0Su1e0oWXBLDn/8FwOuN2QLrn1DsJOg7UGoJ/TL_2FG_2BuYvm/kbUZjCU0/V6jvbzejjNcZd6lOmt0nQl5/upDpEu1Ag6/mMX8pXLU1tntdcjYw/8x7wGWp_2Fv4/_2BQCRSRau6/7fQqJFGzu8xtCq/amIq_2BEdo/O.avi
https://s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico~
https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=
http://www.amazon.com/
http://nsis.sf.net/NSIS_ErrorError
http://www.twitter.com/
https://geo.moatads.com/n.js?
https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=794200018&ns_c&#x3D
https://www.yahoo.com/
http://commercialtype.comhttp://www.timripper.comNot
https://z.moatads.com/omidverificationclient/verification-client-v1.js
https://policies.oath.com/us/en/oath/privacy/index.html
https://z.moatads.com/px2/client.js
https://apx.moatads.com/pixel.gif?e=24&d=data%3Adata%3Adata%3Adata&i=
https://mb.moatads.com/a.js?yd=
https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4
http://nsis.sf.net/NSIS_Error
http://l.yimg.com/d/
http://www.youtube.com/
https://z.moatads.com/swf/p6.v3.swf
http://www.wikipedia.com/
https://s.yimg.com/wm/mbr/js/rapid-3.53.17.js
https://login.yahoo.com/?.src=ym&.lang=en-US&.intl=us&.done=https%3A%2F%2Fmail.yahoo.com%2Fd%2Fimage
http://www.live.com/
https://s.yimg.com/lq/
https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
http://line.ehrlum.com/images/KDaaNc0Su1e0oWXBLDn/8FwOuN2QLrn1DsJOg7UGoJ/TL_2FG_2BuYvm/kbUZjCU0/V6jv
http://www.reddit.com/
https://policies.oath.com/us/en/oath/terms/otos/index.html
https://apx.moatads.com
https://s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\D2690C92-2385-4724-B0A7-33D2093ACB64[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\OH2I0YVB.htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\UCNFCIGK.js
very short file (no magic)
#
Click to see the 70 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bvr[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\g-r-min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\n[1].htm
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\opus-frame[1].htm
HTML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\pixels[1].json
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\pixels[2].json
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\sp[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\yahoo-favicon-img-v0.0.2[1].ico
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x[1].png
PNG image data, 240 x 72, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x[1].png
PNG image data, 240 x 72, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\QHNP84JW.htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RBWM84JR.js
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Yahoo_Sans-Italic[1].eot
Embedded OpenType (EOT), Yahoo Sans Regular family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Yahoo_Sans-Regular[1].eot
Embedded OpenType (EOT), Yahoo Sans Regular family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bid-apid-idsync[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fuji-spinner-dark-1.0.0[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\pixel[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\r-sf[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\rapid-3.53.17[1].js
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\sp-frame[1].htm
HTML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x[1].png
PNG image data, 240 x 72, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Yahoo_Sans-Black[1].eot
Embedded OpenType (EOT), Yahoo Sans Black family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Yahoo_Sans-ExtraBold[1].eot
Embedded OpenType (EOT), Yahoo Sans ExtraBold family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Yahoo_Sans-ExtraLight[1].eot
Embedded OpenType (EOT), Yahoo Sans ExtraLight family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Yahoo_Sans-Light[1].eot
Embedded OpenType (EOT), Yahoo Sans Light family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\bid-apid-idsync[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\n[1].htm
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\opus-frame[1].htm
HTML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\pixel[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\r-csc[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\B24289788[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Yahoo_Sans-Bold[1].eot
Embedded OpenType (EOT), Yahoo Sans Bold family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Yahoo_Sans-Medium[1].eot
Embedded OpenType (EOT), Yahoo Sans Semibold family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Yahoo_Sans-Semibold[1].eot
Embedded OpenType (EOT), Yahoo Sans Semibold family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\boot[1].js
exported SGML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mcompi_1440x1024_VERIZON_22_06_2020[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1440x1024, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\moatad[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\sfext-min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Temp\87263763
data
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nssEEAD.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\~DF1CF7BFF90A1EE8AE.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF2365DDB61D86E9A2.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF48F0564494D3AC86.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFAF279CA67F9F42C7.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFDBE4D5120AC248A5.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFF6C208E4C9B813A1.TMP
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\tag.idsync.analytics.yahoo[1].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\opus.analytics.yahoo[1].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E4C7E37-BA46-11EA-AADE-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3F14A7E-BA45-11EA-AADE-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF599420-BA45-11EA-AADE-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E4C7E39-BA46-11EA-AADE-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3F14A80-BA45-11EA-AADE-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF599422-BA45-11EA-AADE-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat
data
#