FJHd.dll

Status: finished

Submission Time: 2022-04-22 15:34:21 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
613875
API (Web) ID:
981390
Analysis Started:

2022-04-22 15:41:26 +02:00
Analysis Finished:

2022-04-22 15:56:50 +02:00
MD5:
99ff80925202286d75030a1cae587249
SHA1:
eb5611f49fbf6fcc73dbdb23b27b1237cb6df5ef
SHA256:
e100b492468b71cd42e556b9c5c59e3cf5d7b2f1426e2388102c71f8ba997012
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 13/42

IPs

IP	Country	Detection
146.70.35.138	United Kingdom

URLs

Name	Detection
http://146.70.35.138/phpadmin/O1eI0eqZEIto/XchIaknqoAJ/kMEv4t5J581tfW/u865j5Xeasjgc_2B5CTan/rI1fN2b5ZLhIfUx_/2FZTga80fF0srge/FwfVN0qpYMrE8zzMzM/6huJYaWbc/tc0bcpdDUNB80z9_2BDY/UHVjI8ARNN28DSerYnY/7GArxZ9MTv2QUbSbHwyuZ_/2BBJRXiru38II/V07sa_2F/0AVDKTLcNY27_2BfwcBbs4Y/Pd3H6RqM4P/LHuGv4MKCOJ/M_2FvjQ.src
http://146.70.35.138/phpadmin/blDW3CAuqlIu/_2FXOc_2FsX/J_2BL04QxlUkrx/aGHA_2Bk_2BVxx_2BoRVk/XTgW5fkqRjGarOUi/lVIrNxqHDRMdhpG/1JctFQCMLptSkBa07P/q8nvXCNL_/2BVJnf2ZRfkLS_2FpEpQ/4VZG78TbTVpPmmbGZFu/6680oa3W_2F4QkWQGxBtUJ/_2BY0V0xxeolI/vsBno2LD/rKCAaJaGh3gHb5MXFjk7eqq/yVEk5DK_2F/2CXel0sUW8WYDyvpq/O_2FuV71X2/L.src
http://https://file://USER.ID%lu.exe/upd
Click to see the 6 hidden entries
http://constitution.org/usdeclar.txt
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/Pester/Pester
http://constitution.org/usdeclar.txtC:

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\RES7801.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols	#
C:\Users\user\Documents\20220422\PowerShell_transcript.494126.soVDmKXl.20220422154342.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\rhslligv\rhslligv.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
Click to see the 26 hidden entries
C:\Users\user\AppData\Local\Temp\rhslligv\rhslligv.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\rhslligv\rhslligv.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\rhslligv\rhslligv.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\rhslligv\CSCABF9A05FBB0E449F8B3B2656C9A8A1FD.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\orc3dje1\orc3dje1.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\orc3dje1\orc3dje1.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\orc3dje1\orc3dje1.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\orc3dje1\orc3dje1.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\orc3dje1\CSC484D58AD96A04716AF76ED185C4114F3.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wptqwobr.eg0.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rg2d3et4.50c.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RESA3C4.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_1388a62844b93ea4f95c2472e8188891af451ff8_7cac0383_0d00435e\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF8F.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFCA0.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Apr 22 13:42:41 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB08.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Apr 22 13:42:45 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BBF.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A66.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BBF.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Apr 22 13:42:56 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER155B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER120E.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_e16f2b5b51a96c57264e6e7da39c96be2b94546_7cac0383_01280182\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_5a7bdef4ffd6df7a7664cf7158b49db77a1e6c9_7cac0383_009c1ccb\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#

FJHd.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

FJHd.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

FJHd.dll