flash

Arbeitsschutzregel-Corona-September.pdf.js

Status: finished
Submission Time: 11.09.2020 12:09:06
Malicious
Evader
Spreader
Trojan
Spyware

Comments

Tags

Details

  • Analysis ID:
    284440
  • API (Web) ID:
    464071
  • Analysis Started:
    11.09.2020 12:09:38
  • Analysis Finished:
    11.09.2020 12:27:52
  • MD5:
    cbb53b682fbddca875973ea4f826a1df
  • SHA1:
    56eb48fdb6084855df9e111f481b88f1ccffbd1e
  • SHA256:
    8e9a1693a52155ce2aa8758413e594128e3b5f3b9fb18ef2a1e4084156817443
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
64/100

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Without Instrumentation

malicious
100/100

malicious
24/59

malicious
7/29

malicious

IPs

IP Country Detection
80.249.148.205
Russian Federation
216.239.34.21
United States
151.101.0.133
United States
Click to see the 3 hidden entries
216.239.38.21
United States
216.239.32.21
United States
216.239.36.21
United States

Domains

Name IP Detection
github.map.fastly.net
151.101.0.133
doamvola.top
80.249.148.205
raw.githubusercontent.com
0.0.0.0
Click to see the 1 hidden entries
ipinfo.io
216.239.36.21

URLs

Name Detection
http://doamvola.top/gate.php1est.5)2
http://doamvola.top/r
http://doamvola.top/-8E
Click to see the 97 hidden entries
http://doamvola.top/gate.phpt.5)3
https://settings-win.doamvola.top/
http://doamvola.top/gate.php%
http://doamvola.top/gate.phpRequest.5)
http://doamvola.top/gate.php
http://doamvola.top/-8n
http://doamvola.top/-8
http://doamvola.top:80/gate.php0
http://doamvola.top/gate.php5)3
http://doamvola.top/J_r
http://doamvola.top/ver5
http://doamvola.top/verA
http://doamvola.top/verb
http://doamvola.top/verm
http://doamvola.top/-80
http://doamvola.top/gate.phpt.5)
http://doamvola.top/gate.phplll
http://doamvola.top/Bi
http://doamvola.top/gate.phptive
http://doamvola.top/gate.phpsvc
http://doamvola.top/gate.phpu
http://doamvola.top/gate.phpr
http://doamvola.top/gate.phpq
http://doamvola.top/gate.phpp
http://doamvola.top/gate.phpn
http://doamvola.top/gate.phpm
https://raw.githubusercontent.com/douglascrockford/JSON-js/master/jso
http://doamvola.top/gate.phpl
http://doamvola.top/gate.phpk
http://doamvola.top/gate.phpi
http://doamvola.top/gate.phpg
http://doamvola.top/gate.phpem32
http://doamvola.top/ndex
http://doamvola.top/son
http://doamvola.top/gate.php5)J
http://doamvola.top/ver-
http://doamvola.top/
http://doamvola.top/-
http://doamvola.top/ver
http://doamvola.top/)
http://doamvola.top/verxe
http://doamvola.top/7
http://doamvola.top/8
http://doamvola.top/gate.phpD
http://doamvola.top/gate.phpC
http://doamvola.top/3
http://doamvola.top/gate.phpA
http://doamvola.top/gate.phpxe887
http://doamvola.top/1
http://doamvola.top/gate.php;
http://doamvola.top/gate.php8
http://doamvola.top/gate.php7
http://doamvola.top/:
http://doamvola.top:80/gate.phppE(
http://doamvola.top/gate.php1
http://doamvola.top/B
http://doamvola.top/gate.phpRequest.5)S
http://doamvola.top/md.exeu
http://doamvola.top/gate.phpm32
http://doamvola.top/W
http://doamvola.top/gate.phpe
http://doamvola.top/U
http://doamvola.top/gate.phpa
http://doamvola.top/T
http://doamvola.top/gate.php2p
http://doamvola.top/Q
http://doamvola.top/gate.php_
http://doamvola.top/R
http://doamvola.top/gate.phpZ
http://doamvola.top/gate.phpY
http://doamvola.top/Y
http://doamvola.top/gate.phpT
http://doamvola.top/e
https://displaycatalogoamvola.top/
http://crl.pki.goog/GTS1D2.crl0
http://ipinfo.io/
https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js
https://ipinfo.io/V
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
http://ocsp.pki.goog/gts1d20
https://ipinfo.io/
http://ctldl.windowsupoamvola.top/
http://crl.pki.goog/gsr2/gsr2.crl0?
http://ipinfo.io/T
http://ipinfo.io/country
https://ipinfo.io/country6
https://ipinfo.io/t
http://pki.goog/gsr2/GTS1D2.crt0
https://raw.githubusercontent.com/(
https://ipinfo.io/countryF6E6963
https://ipinfo.io/country
https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js0
http://ipinfo.io/ip
https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js&
https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js)
https://raw.githubusercontent.com/R

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\json2.js
ASCII text
#
C:\Users\user\AppData\Local\Temp\rad17A1B.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\radDC873.tmp
ASCII text, with CRLF line terminators
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arbeitsschutzregel-Corona-September.pdf.js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arbeitsschutzregel-Corona-September.pdf.js:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\json2[1].js
ASCII text
#