flash

Po-covid19 2372#w2..exe

Status: finished
Submission Time: 13.01.2021 08:39:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • COVID19
  • exe
  • Formbook

Details

  • Analysis ID:
    338985
  • API (Web) ID:
    579880
  • Analysis Started:
    13.01.2021 08:49:19
  • Analysis Finished:
    13.01.2021 09:02:16
  • MD5:
    bf53c9dc0d0f032033c318aceef906c6
  • SHA1:
    eeba1ef352c09979dfdfb4afdcdc5f41fe2a0119
  • SHA256:
    a1558391914f4235dfdcdddcdf0de915a800541a4271feb4aff34af82b83a935
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
12/44

malicious

IPs

IP Country Detection
154.92.73.140
Seychelles
34.102.136.180
United States
104.24.109.70
United States
Click to see the 1 hidden entries
165.160.13.20
United States

Domains

Name IP Detection
www.scientificimaginetics.com
154.92.73.140
thesaltlifestyle.com
34.102.136.180
www.johnemotions.com
104.24.109.70
Click to see the 3 hidden entries
www.steelyourselfshop.net
0.0.0.0
www.thesaltlifestyle.com
0.0.0.0
www.aduhelmfinancialsupport.com
165.160.13.20

URLs

Name Detection
http://www.thesaltlifestyle.com/p95n/?u6ihA=cjlpdRL8ZtfDvB1&oH5h=BBaWJPlPEO+nvtMqhmqrcRgDtKq1LKrnuc6I0tDI+4mn5icveD46W7DXUUudv5GhOCct
http://www.johnemotions.com/p95n/?oH5h=OkCbzDuuF1pG8/+FjCqUEbhCI/Ef9I/I5jzkOiKX/zkELnGsjuBbK/8sh3SawKW3Kze/&u6ihA=cjlpdRL8ZtfDvB1
http://www.scientificimaginetics.com/p95n/?u6ihA=cjlpdRL8ZtfDvB1&oH5h=gRhj5HMuZvR/Ec7o8oi+HxLziNFcY38IPUSKESyExHr5bx7zEB/jrV73UqEK091YdqI8
Click to see the 78 hidden entries
http://www.jiyu-kobo.co.jp/jp/?
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.jiyu-kobo.co.jp/jp/H
http://www.galapagosdesign.com/staff/dennis.htmpu
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.fontbureau.comessed
http://www.founder.com.cn/cn=
http://www.aduhelmfinancialsupport.com/p95n/?oH5h=yIt3vHGcFY19i9LszRbGqv8br4EBNSz7kQseU3pL44UQdgKo/VZu2mbLhFyK51ONzUns&u6ihA=cjlpdRL8ZtfDvB1
http://www.goodfont.co.kr
http://www.fontbureau.comnc./S
http://www.fontbureau.comalsF
http://www.jiyu-kobo.co.jp/-cz
http://www.jiyu-kobo.co.jp/ghtsl
https://www.johnemotions.com/p95n/?oH5h=OkCbzDuuF1pG8/
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.jiyu-kobo.co.jp/Y0e
http://www.urwpp.de.
http://www.fontbureau.com-
http://www.jiyu-kobo.co.jp/.
http://www.fontbureau.com0
http://www.fontbureau.comdic
http://www.fontbureau.com/
http://www.galapagosdesign.com/DPlease
http://crl.;
http://www.fontbureau.comessedZ
http://www.fontbureau.comF&
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.urwpp.de
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.fontbureau.com.TTF
http://www.jiyu-kobo.co.jp/jp/Z
http://www.fontbureau.com=
http://www.jiyu-kobo.co.jp/jp/~
http://www.jiyu-kobo.co.jp/Z
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.galapagosdesign.com/
http://www.jiyu-kobo.co.jp/S
http://www.fontbureau.comgritoe
http://www.fontbureau.comaA
http://www.jiyu-kobo.co.jp/H
http://www.fontbureau.comzana
http://www.jiyu-kobo.co.jp/A
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.comd
http://www.jiyu-kobo.co.jp/?
http://www.urwpp.de3z
http://www.fontbureau.comdl
http://www.carterandcone.coml
http://www.fontbureau.comeH
http://www.urwpp.deXz
http://www.monotype.7
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.jiyu-kobo.co.jp/w
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.fontbureau.comoitu
http://www.fontbureau.com/designers/cabarga.html
http://www.fontbureau.comlic0
http://www.urwpp.deo
http://www.fontbureau.comdZ
http://www.jiyu-kobo.co.jp/
http://www.jiyu-kobo.co.jp/jp/-
http://www.fontbureau.com/designers8
http://www.fontbureau.com/designers/
http://www.fontbureau.comow
http://www.founder.com.cn/cn$

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Po-covid19 2372#w2..exe.log
ASCII text, with CRLF line terminators
#