flash

HousecallLauncher64-new.exe

Status: finished
Submission Time: 23.07.2020 21:48:17
Malicious
Ransomware
Trojan
Spyware
Evader
Miner
HawkEye Nanocore Remcos Tinynuke / Nukebot Ako AveMaria Clop Ransomware Coinhive CryLock DualShot Gandcrab GhostRat Gocoder Hermes Jigsaw LilithRAT Meterpreter Nemty Netwalker Njrat PXJ Ransomware PayDay Poisonivy Ryuk Tron ComRAT Xmrig

Comments

Tags

Details

  • Analysis ID:
    250430
  • API (Web) ID:
    396742
  • Analysis Started:
    23.07.2020 21:50:36
  • Analysis Finished:
    23.07.2020 22:04:50
  • MD5:
    135e977e0355a958da5e63111a659233
  • SHA1:
    42b50b8391172cab171a26ecf798015a2a9d8a3c
  • SHA256:
    fc02c4ed513e50d1d46cec284fbd76c7b8ee1313036ad91e9cee7d15a7d85a80
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious

IPs

IP Country Detection
44.233.111.149
United States

Domains

Name IP Detection
fbs.prod.spn.a1q7.net
44.233.111.149
housecall8.icrc.trendmicro.com
0.0.0.0
housecall800-en.fbs20.trendmicro.com
0.0.0.0
Click to see the 2 hidden entries
housecall-ctp-p.activeupdate.trendmicro.com
0.0.0.0
go.trendmicro.com
0.0.0.0

URLs

Name Detection
http://infecteds.zapto.org/
http://search.chol.com/favicon.ico
http://www.merlin.com.pl/favicon.ico
Click to see the 97 hidden entries
http://www.dailymail.co.uk/
https://wwwss.bradesco.com.br/scripts/ib2k1.dll/
http://%s/check/checkin.php?cid=%d&aid=%d&time=E
http://crl.affirmtrust.com/crl/aftov1ca.crlr
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/icrc/ioth1611900.sig
HTTP://AA.INTO4.INFO/022
https://www.trendmicro.com/en_us/about/legal/privacy-policy-product.htmlClick
http://housecall-ctp-p.activeupdate.trendmicro.com:80/activeupdate/pattern/tscptn.zip
http://hi.baidu.com/13240912/blog/item/6fb8f23f06b529d0d46225f1.html
HTTP://WWW.FLOODAD.COM/WEB/DOWNLOAD/
http://66.90.73.4/?gv=666165658560678160846655146D383C3CFC3E5F55
http://in.search.yahoo.com/
http://patch.dn.sdo.com/sndalist/sndalist_new.xmlE
HTTP://WWW.FS43.COM:777/MYUNBOUNDMB.UIB
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/tscptn.zip
http://serverbenc.dominiotemporario.com/tomada20.exeT
https://github.com/supreF
http://img-save.xyz/
http://www.55l.com/debug
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/engine/engv_x64dll_v12000-1008.zipC:
http://treestompertime.net/mirinda/E
http://msk.afisha.ru/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://www.114116.infoG
http://www.niudoudou.com/web/download/http://w
HTTP://WWW.61RR.COM/DOWN/G
http://www.ya.com/favicon.ico
http://www.etmall.com.tw/favicon.ico
HTTP://WWW.1
http://it.search.dada.net/favicon.ico
http://cloudfront.fullpcF
http://cgi.search.biglobe.ne.jp/favicon.ico
http://www.%s/w.php?id=E
http://crl.affirmtrust.com/crl/aftov1ca.crl0
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/ini_xml.zip
http://buscar.ozu.es/
http://%s/%d/checkin.php?cid=%d&ai
HTTP://WWW.D
http://www.ask.com/
http://merlin.xlphp.net/login.php?use=G
http://www.google.it/
http://changeman.net.cn/
http://ocsp.affirmtrust.com
http://search.auction.co.kr/
http://www.symauth.com/rpa00
https://housecall8.icrc.trendmicro.com/ss/
http://housecall-ctp-p.activeupdate.trendmicro.com/
http://www.pchome.com.tw/favicon.ico
http://www.rambler.ru/favicon.ico
http://search.yahoo.co.jp/favicon.ico
http://web.manazery.cz/modules/inflos.phpF
http://www.netgy.com/cpG
http://www.hardcoreporn.com/
http://91.207.116.44/FZ
http://cl.chnsystemG
http://www.soso.com/
http://busca.orange.es/
http://sv.symcb.
http://auto.search.msn.com/response.asp?MT=
http://www.target.com/
http://www.coolshow8.com/mscps.pdfE
http://www.redirserver.com/update4.cfm?tid=&cn_id=
HTTP://QUN.QQ.COM/CGI/SVD
http://service2.bfast.com/
http://www.news.com.au/favicon.ico
http://www.cdiscount.com/
http://www.tiscali.it/favicon.ico
http://it.search.yahoo.com/
http://www.ceneo.pl/favicon.ico
http://www.servicios.clarin.com/
http://search.daum.net/favicon.ico
http://go.trendmicro.com/free-tools/feedback/n_cleaMqt6
http://www.kkbox.com.tw/
https://housecall800-en.fbs20.trendmicro.com:443/2.5/fb_blobSID=HouseCall_001
http://%u.%u.%u.%u:81/s.txtF
http://list.taobao.com/
http://www.taobao.com/favicon.ico
HTTP://%S/.SYSTb
HTTP://IETAB.CO.KR/?ID=%S
http://www.etmall.com.tw/
http://ie.search.yahoo.com/os?command=
http://www.cnet.com/favicon.ico
http://www.linternaute.com/favicon.ico
https://www.affirmtrust.com/repository0I
http://www.amazon.co.uk/
http://saveimage.pw/
http://search.gismeteo.ru/
https://esupport.trendmicro.com/en-us/home/index.aspx
http://taobao.ttver.netg
http://yEr.jpg
http://www.univision.com/favicon.ico
http://www.auction.co.kr/auction.ico
http://www.orange.fr/
http://ad79.co.kr
http://www.founder.com.cn/cn
HTTP://yD3.JPGyD
http://download.uusee.com/pop2/pc/UUSee_SEO1_Setup_10.exeE

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v12000-1008.zip
Zip archive data, at least v2.0 to extract
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1611900.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\HCBackup\temp_bf_1100000000_2041001900_1595566365
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\README.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\3\1082130432\tmwlchk.ptn
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\3\1208221744\HCClean.ptn
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\3\2048\tsc.ptn
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AU_Down\engine\dce-dll-mssign-x64-v75-1035.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AU_Down\engine\engv_x64dll_v12000-1008.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AU_Down\pattern\HCClean_113701.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AU_Down\pattern\icrc\ioth1611900.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AU_Down\pattern\tscptn.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\Setup.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\icrc.dat
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\icrc_fulldwn.dat
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\libcurl.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\libeay32.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\ssleay32.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v12000-1008.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1611900.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_177300.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_177300.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip.etag
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\hcpackage64.exe.tmp
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HCBackup\hcversion64.xml.tmp
ASCII text
#
C:\Users\user\AppData\Local\Temp\HCBackup\patchretry.dat
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\HCBackup\temp_bf_1100000000_2041001900_1595566365.len
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\HCBackup\temp_bf_1100000000_2041001900_1595566365.retry
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\HCLauncher.log
ASCII text
#
C:\Users\user\AppData\Local\Temp\HouseCall\AU_Backup\AuBackup.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\BPMNT.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\Config.xml
Non-ISO extended-ASCII text, with very long lines, with NEL line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\HomeDeviceGuard_Downloader.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\HouseCallX.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\MustFBExts.conf
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\ScanPaths.conf
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\atse64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\curl-ca-bundle.crt
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\housecall810_SHA2.cert
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\patterns\tml00001.ptn
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\patterns\tmwlchk.ptn
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\tmblack.233
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\tmfbeng.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\tmwlutil.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trendx.112
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trendxl.102
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trendxv.103
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trxhandler.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trxhandler_log.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\ICRCHdler.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\LanguageMap.xml
exported SGML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\License.txt
ISO-8859 text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\LinkRule.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\TMEBC.inf
Windows setup INFormation, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\TMEBC64.sys
PE32+ executable (native) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\TSC.INI
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\TmEngDrv.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\Tmcomm.inf
Windows setup INFormation, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\Tmcomm.sys
PE32+ executable (native) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\curl-ca-bundle.crt
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\dbghelp.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\hc_core.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\hcversion64.xml
ASCII text
#
C:\Users\user\AppData\Local\Temp\HouseCall\housecall.bin
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\HouseCall\housecall.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\housecall800.cert
data
#
C:\Users\user\AppData\Local\Temp\HouseCall\interface\css\buttons.css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\interface\css\container.css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\HouseCall\interface\css\datatable.css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Log\TmuDump.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\2\1073872896\tscdll64.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\2\536871168\BPMNT.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\2\536871168\vsapi64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\3\1082130432\tmwlchk.cat
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\3\1208090624\icrc$oth.119
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\3\1208221744\ptn$agg.999
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AU_Down\pattern\tmwlchk_177300.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AuPatch.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\AuResult.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\ini_xml.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\AU_Data\AU_Temp\4404_2632\server.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\GetServer.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\TmUpdate64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\aucfg.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\cert5.db
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\ciuas64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\ciussi64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\patch64.exe
PE32+ executable (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\patchw64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\AU\x500.db
data
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\DLConfig.xml
Non-ISO extended-ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\HouseCall_downloader.bmp
PC bitmap, Windows 3.x format, 500 x 171 x 24
#
C:\Users\user\AppData\Local\Temp\7zS0062E943\dlstr.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#