Windows Analysis Report dhl-2020.pdf.shtm

Overview

General Information

Sample Name: dhl-2020.pdf.shtm
Analysis ID: 553054
MD5: 7291ee45c17c3c3a982afe4adb84d383
SHA1: 10bdc7316476d8fcfe8950ed667030196fbaa0c2
SHA256: 320d192a03a6eb25ef124898c31f35753679e38b2b51c7443406d262ae63b6b5
Infos:
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: 80040153

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected obfuscated html page
Multi AV Scanner detection for submitted file
Yara detected HtmlPhish44

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: dhl-2020.pdf.shtm Virustotal: Detection: 24% Perma Link

Phishing:

barindex
Yara detected obfuscated html page
Source: Yara match File source: dhl-2020.pdf.shtm, type: SAMPLE
Yara detected HtmlPhish44
Source: Yara match File source: dhl-2020.pdf.shtm, type: SAMPLE
Source: dhl-2020.pdf.shtm String found in binary or memory: https://snapbuilder.com
Source: dhl-2020.pdf.shtm Virustotal: Detection: 24%
Source: classification engine Classification label: mal64.phis.winSHTM@0/0@0/0

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 553054 Sample: dhl-2020.pdf.shtm Startdate: 14/01/2022 Architecture: WINDOWS Score: 64 5 Multi AV Scanner detection for submitted file 2->5 7 Yara detected HtmlPhish44 2->7 9 Yara detected obfuscated html page 2->9
No contacted IP infos