flash

Me jpg jpgjpg jpg.exe

Status: finished
Submission Time: 19.08.2020 14:23:38
Malicious
Phishing
Trojan
Spyware
Evader
Ardamax AveMaria GuLoader

Comments

Tags

  • GuLoader
  • scr

Details

  • Analysis ID:
    271446
  • API (Web) ID:
    437913
  • Analysis Started:
    20.08.2020 03:23:25
  • Analysis Finished:
    20.08.2020 03:37:49
  • MD5:
    0fefb456de0c44dbe347c9af0017e49c
  • SHA1:
    ed1ce8ba6a765c7ac221d545efa389afea44cd82
  • SHA256:
    d2b7389c9dd63fb1b147537c52572bbc09bec5c080474000e113b31aa249388a
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
192.64.118.122
United States
198.12.84.39
United States

Domains

Name IP Detection
landzro365groupe.com
192.64.118.122
onedrive.live.com
0.0.0.0
awz9ga.db.files.1drv.com
0.0.0.0

URLs

Name Detection
http://landzro365groupe.com/wp-content/ard/designs.exe
http://www.ardamax.com/keylogger/download.htmlB
http://stascorp.comDVarFileInfo$
Click to see the 10 hidden entries
https://awz9ga.db.files.1drv.com/
https://www.digicert.co
http://lame.sf.net
https://www.openssl.org/docs/faq.html
http://www.ardamax.comhttp://www.ardamax.com/keylogger/purchase.htmlhttp://www.ardamax.com/helps/key
http://ocsp.di
http://lame.sf.net64bits
https://github.com/syohex/java-simple-mine-sweeperC:
https://awz9ga.db.files.1drv.com/y4mWWpUvIZ4whS4QtvFMW0lYjE5qaUYXysTHL5ruiaS9emVXU4k3LoqWscq3ZcaRzla
https://onedrive.live.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\subfolder1\Purchase Order.scr
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\subfolder1\Purchase Order.vbs
ASCII text, with CRLF line terminators
#
C:\ProgramData\QQOFCC\TSH.01
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 6 hidden entries
C:\ProgramData\QQOFCC\TSH.02
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\ProgramData\QQOFCC\TSH.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\designs.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Program Files\Microsoft DN1\rdpwrap.ini
ASCII text, with CRLF line terminators
#
C:\Program Files\Microsoft DN1\sqlmap.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\ProgramData\QQOFCC\TSH.00
data
#