flash

sharks.exe

Status: finished
Submission Time: 30.06.2020 18:10:26
Malicious
Spyware

Comments

Tags

Details

  • Analysis ID:
    242351
  • API (Web) ID:
    380421
  • Analysis Started:
    30.06.2020 18:13:58
  • Analysis Finished:
    30.06.2020 18:22:52
  • MD5:
    4d868d8f1290580434ff3e66b8731a37
  • SHA1:
    cd2b71f632ddd7397eb99a4fb880d3a079b66f4f
  • SHA256:
    4e7f1474285c9cbabdd5b2618f0b6881dc24471f13dd11c4603a2250fe5e4da9
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
76/100

malicious
42/69

malicious
33/47

malicious

IPs

IP Country Detection
208.91.196.145
Virgin Islands (BRITISH)
95.211.75.25
Netherlands

Domains

Name IP Detection
dl.installiq.com
95.211.75.25
9145.searchmagnified.com
208.91.196.145
ww1.installiq.com
0.0.0.0

URLs

Name Detection
http://dl.installiq.com/api/detectionrequest.aspxlle
http://dl.installiq.com/api/detectionrequest.aspx?keyid=1&shortname=sharks&langid=0x0409ttp://d
http://dl.installiq.com/api/detectionrequest.aspx
Click to see the 44 hidden entries
http://dl.installiq.com/api/detectionrequest.aspx?keyid=1&shortname=sharks&langid=0x0409
http://dl.installiq.com/postback/V1/landing.aspx
http://stats.norton.com/n/pSCC
http://dl.installiq.com/ping/installping.aspxs7
http://search.yahoo.com/favicon.ico
http://dl.installiq.c
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ4d
http://dl.installiq.com/ping/installping.aspx
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ4
http://dl.devinstalliq.com/api/detectionrequest.aspx
http://ww1.ins
http://dl.installiq.com/ping/installping.aspxkeeplogP
http://policy.installiqlearnmore.com/privacypolicy.html
http://www.symantec.com
http://download.freeze.com/lm/2
http://ww1.installiq.com/
http://cps.qalabs.symantec.com/teams/isp/symccishttp://liveupdate.symantecliveupdate.com/upgrade/NSS
http://download.freeze.com/lm//promofeed/text()/postbackurl/text()/silentpostback/text()/alternateth
http://dl.ins
http://dl.installiq.com/postback/V1/landing.aspx_76p
http://Vista.NoCookiesVista.GetCookieFailInternetGetCookie
https://installer.freeze.com/LogError.aspx8
http://dl.devinstalliq.com/lm-dev/unittest/test.html
http://ff.search.yahoo.com/gossip?output=fxjson&command=
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ4dWB5kwFzbiI77KEW3r7owND5lLiRx6fhFP
http://download.freeze.com/lm/
http://dl.installiq.com/postback/V1/landing.aspx0
http://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_frz.2004.06.01.exe
https://installer.freeze.com/LogError.aspx2f80
http://www.winimage.com/zLibDll3.7.5
https://installer.freeze.com/LogError.aspx
http://ww1.in4
http://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_freeze_uber3.exe
http://www.winimage.com/zLibDll
http://search.yahoo.com/search?p=
http://ww1.installiq.com/h
http://dl.devinstalliq.com/lm-dev/unittest/SpySweeperSNRSetup_EN.exe
http://installer.freeze.com/testpost.asp
http://dl.devinstalliq.com/api/detectionrequest.aspxGetDefaultBrowserIdGetDefaultBrowserRegValueGetD
http://installer.freeze.com/testpost.asphttp://dl.installiq.com/postback/V1/landing.aspxSoftware
http://toolbar.yahoo.com0
http://search.yahoo.com/favicon.icoYahoo
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ
http://dl.devinstalliq.com/lm-dev/unittest/test.htmlhttp://dl.devinstalliq.com/lm-dev/unittest/Inter

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\cookies
SQLite 3.x database, last written using SQLite version 3024000
#
C:\Users\user\AppData\Local\Temp\cookies.sqlite
SQLite 3.x database, user version 9, last written using SQLite version 3024000
#
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\autorun.txt
Microsoft Windows Autorun file, ASCII text, with CRLF line terminators
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\detectionrules.dat
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\sharks.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\stub.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\timings.txt
ASCII text, with CR line terminators
#
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\wrapper.xml
ASCII text, with CRLF line terminators
#