Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 75
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 84
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass
|
Name | Detection |
---|---|
http://www.rjlsoftware.com/?screenscrewopenj | |
http://www.rjlsoftware.com/?screenscrew | |
http://www.autohotkey.com | |
Click to see the 3 hidden entries | |
http://www.autohotkey.comCould | |
http://www.rjlsoftware.com | |
http://www.rjlsoftware.com( |
Name | File Type | Hashes | Detection |
---|---|---|---|
\Device\Harddisk0\DR0 |
DOS/MBR boot sector | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\PayloadMBR.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\covid21\Corona.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\AppData\Local\Temp\2526.tmp\icons.exe |
PE32 executable (console) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\inv.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\mlt.exe |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\CLWCP.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\screenscrew.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\t.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\x.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\y.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\z.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\prompt.vbs |
ASCII text, with CRLF line terminators | # | |
C:\covid21\covid.jpg |
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1080, frames 3 | # | |
C:\Windows\clwcp.bmp |
PC bitmap, Windows 3.x format, 1920 x 1080 x 24 | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\covid.jpg |
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1080, frames 3 | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\coronaloop.bat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\Covid21.bat |
DOS batch file, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\2526.tmp\Corona.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # |