flash

eN4poRmfGg.exe

Status: finished
Submission Time: 19.09.2020 12:06:50
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    287698
  • API (Web) ID:
    470530
  • Analysis Started:
    19.09.2020 12:06:50
  • Analysis Finished:
    19.09.2020 12:20:43
  • MD5:
    1d9d946599bbe47314f6dfa89f1c6e77
  • SHA1:
    7bbdeb9670c8dc3a4f529b41b88cdd0900acad00
  • SHA256:
    15af9bb36b7a51efea7ab70d98a29ef7059f4f5b7178fef0aaff0671bf6c9386
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
29/68

malicious
22/48

IPs

IP Country Detection
199.192.26.105
United States
34.102.136.180
United States
154.221.162.182
Seychelles

Domains

Name IP Detection
www.turismoplayas.com
154.221.162.182
reignsponsibly.com
34.102.136.180
www.trulex.xyz
199.192.26.105
Click to see the 2 hidden entries
www.fainlywatchdog.com
0.0.0.0
www.reignsponsibly.com
0.0.0.0

URLs

Name Detection
http://www.trulex.xyz/3nk4/?RZBd8HzP=bIh+1viU3kJZwlU1+bF7NiTuEsJvwz9W2axQZvl/sJKd/5qF7f1dSILuagTiNZjEdxJz&2dqLWV=hpyPnldh-tYHIZfP
http://www.turismoplayas.com/3nk4/
http://www.reignsponsibly.com/3nk4/?RZBd8HzP=w0UEi+V/ezucUh8SDyYF/+zgRqcIqbOC7nP1ZKE/fBP38eRJlYPULz8xC7zNwysHBq0j&2dqLWV=hpyPnldh-tYHIZfP
Click to see the 29 hidden entries
http://www.turismoplayas.com/3nk4/?RZBd8HzP=bnGlARlxAxXJaK863FaqbUduOQZZdXfDbBghBWs+/ncmCRg0ePvqNMTvjJHXk6PE1an+&2dqLWV=hpyPnldh-tYHIZfP
http://www.reignsponsibly.com/3nk4/
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-user.html
http://www.jiyu-kobo.co.jp/
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designers8
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.turismoplayas.com

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Dbnudz\nb4dzn5jg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Dbnudz\nb4dzn5jg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\K4A5-D33\K4Alogri.ini
data
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\K4A5-D33\K4Alogrv.ini
data
#
C:\Users\user\AppData\Roaming\K4A5-D33\K4Alogim.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
MS Windows shortcut, Item id list present, Points to a file or directory, Read-Only, Directory, ctime=Wed Apr 11 22:38:20 2018, mtime=Sat Sep 19 18:09:23 2020, atime=Sat Sep 19 18:09:23 2020, length=8192, window=hide
#