36.0.0 Rainbow Opal
IR
756189
CloudBasic
19:34:38
29/11/2022
SecuriteInfo.com.Win32.PWSX-gen.3512.499.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f976242274e3a8b6859f43212321e5cd
4de5d552dd1a3a7e2eb57a831d1819ada42b53ae
49aa45b9a4eb9642dc458e079196600823bc99b49c9003b4327261ba47b3ae7d
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.3512.499.exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
http://127.0.0.1:HTTP/1.1
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://DynDns.comDynDNS
false
unknown
http://www.jiyu-kobo.co.jp/aCo
false
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
false
unknown
http://www.fontbureau.com/designers?
false
unknown
http://www.tiro.com
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://www.goodfont.co.kr
false
unknown
http://www.carterandcone.coml
false
unknown
http://www.fontbureau.com_
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://www.fontbureau.comrsiva
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.fontbureau.com/designers8
false
unknown
https://api.ipify.org%GETMozilla/5.0
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://PcwsIt.com
false
unknown
http://www.sakkal.com
false
unknown
https://api.ipify.org%
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
false
unknown
http://www.fontbureau.comue9
false
unknown
Tries to steal Mail credentials (via file / registry access)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Antivirus / Scanner detection for submitted sample
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)