ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:
Size: px
Start display at page:

Download "ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:"

Transcription

1 ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:

2 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Cryptography: Key, Mouse, Clipboard, Microphone and Screen Capturing: Bitcoin Miner: Networking: Boot Survival: Stealing of Sensitive Information: Persistence and Installation Behavior: Data Obfuscation: Spreading: System Summary: HIPS / PFW / Operating System Protection Evasion: Anti Debugging: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Lowering of HIPS / PFW / Operating System Security Settings: Language, Device and Operating System Detection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Port Distribution Table of Contents Copyright Joe Security LLC 2018 Page 2 of

3 TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Statistics Behavior System Behavior Analysis Process: wget.exe PID: 3348 Parent PID: 756 General File Activities File Created File Written Analysis Process: pupdate.exe PID: 3496 Parent PID: 3036 General File Activities File Created File Deleted File Written Registry Activities Key Value Created Analysis Process: AppSync.exe PID: 3508 Parent PID: 3496 General File Activities Registry Activities Analysis Process: explorer.exe PID: 3556 Parent PID: 2972 General File Activities File Created Analysis Process: explorer.exe PID: 3584 Parent PID: 548 General File Activities Registry Activities Disassembly Code Analysis Copyright Joe Security LLC 2018 Page 3 of 72

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 11:39:45 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 6m 49s light urldownload.jbs getapp.paradiskus.com/up/dl/ /pupdate.exe Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 7 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: HCA enabled EGA enabled HDC enabled Timeout MAL mal48.mine.win@6/26@1/2 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: Successful, ratio: 100% HDC Information: Successful, ratio: 100% (good quality ratio 96.8%) Quality average: 85% Quality standard deviation: 22.2% Cookbook Comments: Warnings: Adjust boot time Correcting counters for adjusted boot time Show All Exclude process from analysis (whitelisted): conhost.exe, dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Skipping Hybrid Code Analysis (implementation is based on Java,.Net, VB or Delphi, or parses a document) for: AppSync.exe Detection Strategy Score Range Reporting Detection Copyright Joe Security LLC 2018 Page 4 of 72

5 Strategy Score Range Reporting Detection Threshold Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold Classification Copyright Joe Security LLC 2018 Page 5 of 72

6 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--" Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook Signature Overview Cryptography Mouse, Clipboard, Microphone and Screen Capturing Key, Miner Bitcoin Networking Survival Boot of Sensitive Information Stealing and Installation Behavior Persistence Data Obfuscation Copyright Joe Security LLC 2018 Page 6 of 72

7 Spreading System Summary HIPS / PFW / Operating System Protection Evasion Anti Debugging Malware Analysis System Evasion Hooking and other Techniques for Hiding and Protection Lowering of HIPS / PFW / Operating System Security Settings Language, Device and Operating System Detection Click to jump to signature section Cryptography: Uses Microsoft's Enhanced Cryptographic Provider Key, Mouse, Clipboard, Microphone and Screen Capturing: Creates a window with clipboard capturing capabilities Bitcoin Miner: Configures the Internet Explorer emulation mode (likely to run Javascript) Networking: Downloads executable code via HTTP Downloads files from webservers via HTTP Performs DNS lookups Urls found in memory or binary data Boot Survival: Creates an autostart registry key Stealing of Sensitive Information: Searches for user specific document files Persistence and Installation Behavior: Drops PE files Contains functionality to read ini properties file for application configuration Data Obfuscation: Binary contains a suspicious time stamp Contains functionality to dynamically determine API calls Uses code obfuscation techniques (call, push, ret) Spreading: Contains functionality to enumerate / list files inside a directory Copyright Joe Security LLC 2018 Page 7 of 72

8 System Summary: Contains functionality to shutdown / reboot the system Detected potential crypto function PE file contains executable resources (Code or Archives) PE file contains strange resources Searches for the Microsoft Outlook file path Classification label Contains functionality for error logging Contains functionality to adjust token privileges (e.g. debug / backup) Contains functionality to check free disk space Contains functionality to load and extract PE file embedded resources Creates files inside the user directory Creates temporary files Launches a second explorer.exe instance Might use command line arguments Parts of this applications are using the.net runtime (Probably coded in C#) Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Uses Rich Edit Controls Found graphical window changes (likely an installer) Binary contains paths to debug symbols HIPS / PFW / Operating System Protection Evasion: Contains functionality to create a new security descriptor May try to detect the Windows Explorer process (often used for injection) Anti Debugging: Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) Contains functionality to dynamically determine API calls Enables debug privileges Contains functionality to register its own exception handler Creates guard pages, often used to prevent reverse engineering and debugging Malware Analysis System Evasion: Found a high number of Window / User specific system calls (may be a loop to detect user behavior) Found evasive API chain checking for process token information May sleep (evasive loops) to hinder dynamic analysis Contains functionality to enumerate / list files inside a directory Contains functionality to query system information May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) Queries a list of all running processes Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Lowering of HIPS / PFW / Operating System Security Settings: Copyright Joe Security LLC 2018 Page 8 of 72

9 Modifies the internet feature controls of the internet explorer Language, Device and Operating System Detection: Queries the volume information (name, serial number etc) of a device Contains functionality to query local / system time Contains functionality to query windows version Queries the cryptographic machine GUID Behavior Graph Behavior Graph ID: URL: getapp.paradiskus.com/up/dl/ /pupdate.exe Startdate: 07/04/2018 Architecture: WINDOWS Score: 48 Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend Binary contains a suspicious time stamp started started started Number of created Registry Values started Number of created Files Visual Basic pupdate.exe wget.exe explorer.exe Delphi explorer.exe Java 4 4.Net C# or VB.NET C, C++ or other language dropped getapp.paradiskus.com , 49164, 80 LINODE-APLinodeLLCUS United States , 53, GOOGLE-GoogleIncUS United States dropped Is malicious started C:\Users\HERBBL~1\AppData\...\AppSync.exe, PE32 C:\Users\user\Desktop\download\pupdate.exe, PE32 AppSync.exe 7 5 Configures the Internet Explorer emulation mode (likely to run Javascript) Simulations Behavior and APIs Time Type Description 11:40:46 API Interceptor 7081x Sleep call for process: wget.exe modified 11:40:56 API Interceptor 3x Sleep call for process: AppSync.exe modified 11:40:59 API Interceptor 1217x Sleep call for process: explorer.exe modified Antivirus Detection Initial Sample Copyright Joe Security LLC 2018 Page 9 of 72

10 Source Detection Scanner Label Link getapp.paradiskus.com/up/dl/ /pupdate.exe 1% virustotal Browse Dropped Files Source Detection Scanner Label Link C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\AppSync.exe 3% virustotal Browse C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\AppSync.exe 0% metadefender Browse C:\Users\user\Desktop\download\pupdate.exe 0% virustotal Browse Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link getapp.paradiskus.com 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Copyright Joe Security LLC 2018 Page 10 of 72

11 Screenshots Startup System is w7 wget.exe (PID: 3348 cmdline: wget -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'getapp.paradiskus.com/up/dl/ /pupdate.exe' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60) pupdate.exe (PID: 3496 cmdline: 'C:\Users\user\Desktop\download\pupdate.exe' MD5: 02E4F76756B5F8678E3F19A9DB2DDFC6) AppSync.exe (PID: 3508 cmdline: C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\AppSync.exe MD5: 029FB53DB73BDFB5182BA875A540B507) explorer.exe (PID: 3556 cmdline: explorer.exe rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\' MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 3584 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) cleanup Created / dropped Files C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\ _490x60.png Process: C:\Users\user\Desktop\download\pupdate.exe File Type: PNG image data, 490 x 60, 8-bit/color RGB, non-interlaced Size (bytes): 8674 Entropy (8bit): Encrypted: Copyright Joe Security LLC 2018 Page 11 of 72

12 C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\ _490x60.png MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C B1C8E5E374E D9B BD6F6D08919C801CA943E1DC27BCB99C54DA53F4 64E1417B6762EC16151AD20E629C5A F3470CF5AE1FEA FA D8C63AB2A87E7A449536EF0C BD9EAC4A5AA76605CF8ABAC99C CE9A63EFB097446F8EF F80C78D20438EA2F8D489B6ED3CF687A3 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\ _ _logo.png Process: File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe PNG image data, 260 x 174, 8-bit/color RGBA, non-interlaced 1B3B1B185013A718549AD7ECEF41AA46 91AF479A1CA2888B1F63E8D FCD89FDE FDA69691D16FF902C54DB60CAB6B765B DCB5BE38C918D79E BA459609AC3029DF56EB7B2A630EBBB9E7DDA1DF9A4277F D5BAFB530F3D28B612D94EF37ED89D2A907 0E4928EB498D B93FEDCAC53A224D4E0F low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\AppSync.exe Process: File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Antivirus: Reputation: C:\Users\user\Desktop\download\pupdate.exe PE32 executable (GUI) Intel Mono/.Net assembly, for MS Windows 029FB53DB73BDFB5182BA875A540B507 BA0CBBE E8E3FBB4F2747AABCEEA6FF F0194F4E53A39A13BC3943C4B9CC131ED383ED161D5CAEBC0ECD B2F0453C542C4548BDFF95F477183EEAB5F1B9D7D71EA719823C491D9264BE6B806DD558B19FE6E6BE649E 1BD3961FBC096FF6B1C7EE41849CCF24B32C74 true low Antivirus: virustotal, Detection: 3%, Browse Antivirus: metadefender, Detection: 0%, Browse C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\AppSync.exe.config Process: File Type: Size (bytes): 239 C:\Users\user\Desktop\download\pupdate.exe XML document text Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 2D3D9EDF445C408DD56576D039630FBF 1E003E627B9D8B0033F2B A795C3660D D6CA195E9E1531AE1C E2803BDE68F8CE19B88506E1BDA9F4A272B8 7A3F81C8E5DF56C29F D70BBB FF23CCC0CC85BA653F0E B02AFDA7360ABBACED20D E E A4937DA5E8ED6CB low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\PdfPro100.ico Process: File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe MS Windows icon resource - 6 icons, 256-colors DDFAD33D3B32F121BBD D 93AAF6C4F65EA9D27B8C0D F2E16F596D 2FA4044BC6EA21C14B87D7E35B865A60046D329F9881BAF13DDD435AC DBDA40F5E343ECCD0ED8CF24ABEA1633BAE5D06E052B BCE4F07AEAECBC557F5D0BB94C815 DB94AE C3918A E269B3C8 low Copyright Joe Security LLC 2018 Page 12 of 72

13 C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\alert-icon.png Process: File Type: Size (bytes): 2892 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced 205DF663A373FEAC8BBD39C72FADED95 849B BAF855F51F7F57B1286D621A37 A6B4B5E7745FDF240EDBAD76E248CA52F21539B678971ADEDCEF3CD9BCFD29F7 2FC26858CAA16C9FC17288D4F C62A3F158CA6CA2B17660C43B3686F1E64061C4C161FC3A E A664C939969D75744CC881C10E671EE1019FC low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\bg.jpg Process: File Type: Size (bytes): C:\Users\user\Desktop\download\pupdate.exe JPEG image data, EXIF standard Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 410E67276B4C3A0AD73BC3EECDCD0D6D 305EE32875BBCCEED33B60A77EA509ED22F C0C7CC191A2CBF3DDF033CA7BA97ADB46A04284F014C667574C1BF1FB0F1F3 4D0A4AB B431534A9AD8991E139C09C9F501FE EA07EF63E8719E4105B9D154FAE467A3B65BE0 7CEDD1CE869A00B7FDD815059FF0044B2E0DE low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\brand.js Process: File Type: Size (bytes): 2165 C:\Users\user\Desktop\download\pupdate.exe ASCII text Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 420C83217CADF93D566F46C0E85C22A0 6F93267F1EC87B812F A86B7B885FE7AE 87908DC75D88431ABEABE25CB26E98DB2C5D84DB22346AAA03FB85D434045F9E 9EED2018B3BC095A4CB3371A0B017C64390E19A4CB1F7D140818D0BAA4EAE AB3EBE518BC07D79A40 628E5FCBBF22C F7CFF34779FA330E low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\config.txt Process: File Type: Size (bytes): 3383 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with very long lines Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: B7E6B7E B1B333AEDBD0C96 0ABCB19C5C8F883558BDCD7A9C1CA6BBB8CB5906 D20028C39F619E186B3643AFC27A87640C9B439EFF28DB7B942C7FDDED1A9AA1 805CE948FBDB41B065EA3C2B4D154DDA4039B9BA11B88A9B C8EDF16F E69F2B257F59D4D89 2F49D16D2A576A9883B10F97AB34597B62656 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\install.css Process: File Type: Size (bytes): 9154 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: DAEA3046F00E025CE60B6C311B 02B2D1365AFA504C C F49278B54 9B59C4BE219676B6AC3D478D3044C98D46D1EA131C5792ADA18B0D7B586FBA5E CEC0B5ED4B1CB393F5FA114FFE4A34D20EDE8694CCA285BC8292F9DE2C80F4144BE14E2EF35D04B22C 29328E C5D34D6D47C445F9DF8CF453 Copyright Joe Security LLC 2018 Page 13 of 72

14 C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\install.css Malicious: Reputation: low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\install.html Process: File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators 5DF42D9DD9FE8B3C98FE3FEABAD67CF7 9614E4C1CFA4D67187FC7DE313F63100C9428C02 741AAB644ED C9B87C3A2E25283E CB6D0DCD39D623 6FF7114AE0522CD843CD3BF8D0BBFDC8CE19F0CE8A339B B5A0F0DED97863F7E005DF DF4806E 125D671D1D0AD2ED235485C9BA4D6CB2DA9189 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\install.js Process: File Type: Size (bytes): 5146 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: BDCF87E9314D51510EACCBA2BE09E727 B6C A43F0294E8FCA008ACDDD22A C7F6D5516F4D81E53542C0EA635FA636F5E267EA12CD62574CB44A2D0EE54CF7 B5D367B6F9254EE1B0ED82D06E1212B7BD698E0DC8A0D006BCBBC9CAD37BE2E6E7EF25CD579CAB0B692A977D 43AA81B42DA484B50247A8DFC0A45E00D940C4D4 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\jquery slim.min.js Process: File Type: Size (bytes): C:\Users\user\Desktop\download\pupdate.exe ASCII text, with very long lines Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 5F48FC77CAC90C4778FA24EC9C57F37D 9E89D1515BC4C371B86F4CB1002FD8E377C1829F B11B33A3DC4BA28A0F93951F E3B9CEFD384798E4BE398 CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21 EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\loader.gif Process: C:\Users\user\Desktop\download\pupdate.exe File Type: GIF image data, version 89a, 90 x 90 Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 72E5F3E5E94851D1091E6703D9A BFF0B9678CF53D4F19BC4F00E1A736F97F6A2A3 1BE86474E1B66764F38A8362DCB98CA55237D EE6CDFDB6F0903F148 4C49C DE638FFCFE29A658D37CD0E422774F94C90E54E1C5A1B70BF2F5C24262E5212AD3A9060F9CD2BA 0D84C008B5BEEB867D07CA E00249F34 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\logo.png Process: C:\Users\user\Desktop\download\pupdate.exe File Type: PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced Size (bytes): 9002 Entropy (8bit): Encrypted: MD5: EB4C64430E6D9D564CB61BBFC97F26F5 Copyright Joe Security LLC 2018 Page 14 of 72

15 C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\logo.png SHA1: SHA-256: SHA-512: Malicious: Reputation: C244180EBD616ECDD726FBDCC48AD2079F 4037A85BF6224A74A837A2E7ECCED0C71816F3EA49D116476A1F0EDE963DB40D A6160A5E53D395A843262B3C05CFCCB1FC9D6BD BB92466F073F322BFE040FBB4D4947EBC5D14D DF60EB C DDA9E2F2B56C low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\pref.txt Process: File Type: Size (bytes): 569 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe ASCII text, with very long lines, with no line terminators 5D7024F2DD6A4FA47FE5B DB 7AD32A4F96DB9ABF08F97E1082E31E036C5014E4 A A8E705E7CECF9503DDBC4934EF6813BC0E035671CECBB348C762126C 8D4C12C097EC925A6D037F6355E8DEA940B1B79F05FD43E788ABFF5275DA0EF1290BD09269D0F90284B42A5679 E09B3B47F456450E9F3225EC0F44F01B3993E1 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\retake.css Process: File Type: Size (bytes): 1864 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 74D8EAA A1BBDE553229EFFDA 0CB8DC25A5AFDB0E650531A6080A583F3DF7AF9A 36B2C9F71E816A4B575234E74F4C5863CE5F49119A37FBFEC67080FA643457D1 75D7F465DDFA7948D3E25A5372E98C23DFF949D9E505A FF24443B4DFE11FD364FEEF48A62E4942D1F FB95DDD2475FFC0D8BF16F1416A1AF342 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\retake.html Process: File Type: Size (bytes): 1279 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe HTML document, UTF-8 Unicode text, with CRLF line terminators B047EAD13010E8A43002DACC88F7F639 57E7D2E40EC017108F9F505E8BE B404 6B1F4E76DDD9FFADCDDFE2827CD7A02BD44FB5B01BEEDD56B4B2CB83BAE C899791E068CB012AAED9DFB3DEE620A28009BAA C DF6C5EF79E D1A854B112A 2F8505A4AF79D95F20957F8819E4D611CE479 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\retake.js Process: File Type: Size (bytes): 1264 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 974B01FC1A8A9B340C9E2DCC C2AF19001E843BB0308F827F9879C472C85A90F0 D33297D0E5E4F346F008E70DBE6DFA A5BC543C02EB85CB129F2B96C 58BC36B170D637E4EBC FD40E690089AAB643A72C3F36980FB498D98EEBD529D7F3D944173F CD E294444F2AEE1DE47DF506C543B9219DFE2E0 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\spinner.gif Process: C:\Users\user\Desktop\download\pupdate.exe File Type: GIF image data, version 89a, 38 x 40 Copyright Joe Security LLC 2018 Page 15 of 72

16 C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\spinner.gif Size (bytes): 4640 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 6F346E7F A2E3A286AD D8F17CE94FCFFBB9601E18410E80463D072B BEEFC C720E15736A3B62D8F66A1DD955ADB43A5653E94D9BB3BFE5AA3 6E3FD3F4F8682A48602DD4D5C4BD3A F1AAD1F626C77BA696E57D5BE72A679DC20F6C57F66C48D8A DE4589E80D052339FED149F1C6FE6132B low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\uninstall.css Process: File Type: Size (bytes): 4820 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 8C6D0E BAF37AF B9BED84309A9DBD E747B2E77D60 C301108BE5B244539C3AE5F14FC2018D2C6853F3C5FC6441B4E0AEB0EE4E0E6D AE4C27081DD7825DA74B13B49031D24DCECA6E25D E7A E50FF3C9BAD0285C7658A99 A7ACDC7B10C99B107489BD7CBB1F8471C9EE2 low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\uninstall.html Process: File Type: Size (bytes): 2945 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Users\user\Desktop\download\pupdate.exe HTML document, ASCII text, with CRLF line terminators 5EB598F047CCC62F524B868FB3C426F2 03EFB305FF9E2A85D9C32ED C2BE32368D BFC5A1D9F174D E0A1099D97A A78EFA2B67D1A3970CB0B626D5 EDD30B9867D988E6BE9DE942C18F789CE831F F8B1EFE8D2DB84239A3C3F339C1D150045DBA677B5AF3B 8D3E1E1D7F331D3DC2CC98CBFD8897EDC0663D low C:\Users\HERBBL~1\AppData\Local\Temp\IXP000.TMP\uninstall.js Process: File Type: Size (bytes): 3679 C:\Users\user\Desktop\download\pupdate.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 0C0802D1433E6CB60AFE42D1AED93EC2 311E198C98BEE3F AA A40C B7C328DCEDF119E59D A5042B3B2A5DEBC3FB29EC4637D4A4A22B4B3F3 CD78DCF08AB1A84CF84E7E52878C695A6C9EC6CB04402A7E7FD36740B71E4AA99BA574CD951EA473F4BFD396C 48C0886A955284CAA96461D17A23BBB1C3D80A2 low C:\Users\user\Desktop\download\pupdate.exe Process: File Type: Size (bytes): C:\Windows\System32\wget.exe Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Antivirus: PE32 executable (GUI) Intel 80386, for MS Windows 02E4F76756B5F8678E3F19A9DB2DDFC6 891A0E5DB9CFDA2E56EEBCA1B3F46AA053AD D9DB5DD491A75CE8A1165E44875BF90CEE2C2A3E7E25E71C593060F0258C CCE900D1AC7B29318E352C0B134023CB6E7E00277CAA246EB25C5F72B277A2C F374E2D D126AE 2FE A8B667B4BD6BE7C15058B023 true Antivirus: virustotal, Detection: 0%, Browse Copyright Joe Security LLC 2018 Page 16 of 72

17 C:\Users\user\Desktop\download\pupdate.exe Reputation: low \Endpoint Process: File Type: Size (bytes): 231 C:\Windows\System32\wget.exe ASCII text, with CRLF line terminators Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C96F88C3DC51096D812958AAF A8FC87DD364C2A7BCB6F85F3527A2A8C4874B91 642E8770FD62A5D7A72A4FF550E1222CDD6CB1AFFA6EE8367EC6491F90F F684C0060AE67F261FF823B95C451724D3276D52B3650A51795EDE226A0511B30C95AC054542FEF429EC1BFD7C F769B58A54EF0DE6236AD38C18EA2C5C9F043 low \samr Process: File Type: Size (bytes): 116 C:\Windows\explorer.exe Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: Hitachi SH big-endian COFF object, not stripped 080E701E8B8E2E9C68203C150AC7C6B7 4EF B805758AE1D3B122F9D FE129AE2A7C F6F51091E6E512C9FEACA1042A1E9DB914C651FEB344D C11D88B8E355B7B922B B693F75BA4C2A62F9137A15842CA82F9B6B3ED13059EDC0DF1C04E7DE43719 D892B4C0D22BB67BE0D57EAB368BA1BC057E79 low Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation getapp.paradiskus.com true 0%, virustotal, Browse high Contacted IPs Copyright Joe Security LLC 2018 Page 17 of 72

18 No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious United States GOOGLE-GoogleIncUS United States LINODE-APLinodeLLCUS Static File Info No static file info Network Behavior Network Port Distribution Total Packets: (HTTP) 53 (DNS) TCP Packets Timestamp Source Port Dest Port Source IP Dest IP Apr 7, :40: CEST Copyright Joe Security LLC 2018 Page 18 of 72

19 Timestamp Source Port Dest Port Source IP Dest IP Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Copyright Joe Security LLC 2018 Page 19 of 72

20 Timestamp Source Port Dest Port Source IP Dest IP Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Copyright Joe Security LLC 2018 Page 20 of 72

21 Timestamp Source Port Dest Port Source IP Dest IP Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Copyright Joe Security LLC 2018 Page 21 of 72

22 Timestamp Source Port Dest Port Source IP Dest IP Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Copyright Joe Security LLC 2018 Page 22 of 72

23 Timestamp Source Port Dest Port Source IP Dest IP Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Apr 7, :40: CEST Copyright Joe Security LLC 2018 Page 23 of 72

Similar documents

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version: ID: 1259 Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 1:29:43 Date: 25/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version: ID: 49 Cookbook: urldownload.jbs Time: 19:: Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice

More information

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version: ID: 4706 Cookbook: urldownload.jbs Time: 22:46:20 Date: 1/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version: ID: 52 Cookbook: urldownload.jbs Time: 1:41:45 Date: 23/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: ID: 42670 Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version: ID: 3923 Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/0/201 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version: ID: 57706 Cookbook: urldownload.jbs Time: 19:5:34 Date: 02/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version: ID: 153 Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/0/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version:

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version: ID: 0309 Sample Name: image002 Cookbook: default.jbs Time: 1:19:2 Date: 1/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version: ID: 5253 Cookbook: browseurl.jbs Time: 12:5:02 Date: 02/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: ID: 80115 Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report js.jar Overview General Information

More information

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: ID: 41304 Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview

More information

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal ID: Cookbook: urldownload.jbs Time: 0:25:02 Date: 29//201 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://15.1..14/neko.sh Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version: ID: 5945 Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version: ID: 371 Sample Name: fly.jse Cookbook: default.jbs Time: 1:17:2 Date: 11/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version: ID: 4441 Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version: ID: 52775 Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: ID: 62529 Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: ID: 46296 Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version: ID: 64646 Cookbook: urldownload.jbs Time: 1:4:3 Date: 19/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version: ID: 50646 Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: ID: 37366 Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version: ID: 51900 Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:

More information

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version: ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version: ID: 52374 Cookbook: browseurl.jbs Time: 15:46:3 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version: ID: 5139 Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: ID: 66665 Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version: ID: 48 Sample Name: maintools.js Cookbook: default.jbs Time: 1:43:3 Date: 1/02/2018 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version: ID: 74919 Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report http://tiny.cc/34aqxy Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version: ID: 5702 Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0.

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0. ID: 25 Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:4 Date: 20/09/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Payment_Remittance#.xps

More information

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version:

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version: ID: 5250 Sample Name: test.txt Cookbook: default.jbs Time: 13:18:3 Date: 31/03/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version: ID: 52376 Cookbook: browseurl.jbs Time: 15:4:15 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version: ID: 0 Cookbook: urldownload.jbs Time: 20:4:24 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version: ID: 64085 Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version: ID: 67658 Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification Analysis Advice Signature Overview

More information

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version: ID: 58133 Sample Name: Serial.txt Cookbook: default.jbs Time: 02:5:20 Date: 0/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version:

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version: ID: 6467 Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version:

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version: ID: 38812 Sample Name: paint.net.4.0.19.install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version:

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version: ID: 6045 Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/0/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version: ID: 94 Cookbook: urldownload.jbs Time: 1:10:9 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version: ID: 47020 Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: :19:47 Date: 19/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version: ID: 50648 Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31: Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version: ID: 3393 Sample Name: quzpecasrh Cookbook: default.jbs Time: 1:55:54 Date: 0//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version:

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version: ID: 4253 Sample Name: text_0.txt Cookbook: default.jbs Time: 1:20:15 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal ID: 82913 Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://www.learningtoolkit.club Overview General Information

More information

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version: ID: 6600 Cookbook: urldownload.jbs Time: 21:2:55 Date: 2/06/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:

More information

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version:

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: ID: 55401 Sample Name: E203182DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: ID: 51630 Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date: ID: 33355 Sample Name: ff2c8cadaa0fd8da138ccefce3e001f53a5dceccd45b15ae23f4d51.evaljs.js Cookbook: default.jbs Time: 1:44:00 Date: 04//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report

More information

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0. ID: 54478 Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 10:02:12 Date: 14/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 10:02:12 Date: 14/06/2018 Version: ID: 63987 Cookbook: urldownload.jbs Time: 10:02:12 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version: ID: 66523 Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version: ID: 80599 Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report http://www.qbproadvisorshelp.com Overview General Information Detection

More information

ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.

ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0. ID: 56519 Sample Name: 20180542 INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information

More information

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version:

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version: ID: 41000 Cookbook: browseurl.jbs Time: 1:05:31 Date: 26/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version:

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version: ID: 22 Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:0:2 Date: 02/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version: ID: 42417 Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version:

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version: ID: 90 Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:4 Date: 2/0/201 Version: 2.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version: ID: 001 Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:4 Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0.

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0. ID: 4457 Sample Name: #Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General

More information

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version:

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version: ID: 042 Sample Name: test Cookbook: default.jbs Time: 09:4:1 Date: 21/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version:

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version: ID: 54427 Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version: ID: 34788 Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 0:43:5 Date: 21/10/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version: ID: 70096 Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0.

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0. ID: 5762 Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: :36:2 Date: 04/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version:

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version: ID: 40269 Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: ID: 54075 Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0. ID: 64635 Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 1/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook. ID: 63341 Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 08:43:14 Date: 10/06/2018 Version: 22.0.0 Table of Contents

More information

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version: ID: 82 Sample Name: GeZNwROcB.bin Cookbook: default.jbs Time: 1:22:4 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: ID: 42035 Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: ID: 41280 Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information

More information

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version: ID: 59136 Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version:

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version: ID: Sample Name: gpgwin-.0..exe.sig Cookbook: default.jbs Time: 21::1 Date: 02/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version: ID: 4019 Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24: Date: 1/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version:

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: ID: 34266 Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version:

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version: ID: 44024 Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:4:49 Date: 2/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0. ID: 61258 Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version:

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version: ID: 09 Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version:

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: ID: 45263 Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0.

ID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0. ID: 64992 Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 21/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version: ID: 75522 Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report http://www.springdwnld2.com/download/? d=0&h=1&pnid=4&domain=hmapsanddrivingdirection.com&implementation_id=maps_spt_&source=g-ccc7-lp0-

More information

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version:

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version: ID: 80 Sample Name: Unconfirmed.crdownload Cookbook: default.jbs Time: 22:8:0 Date: 08/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version:

ID: Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version: ID: 61383 Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents

More information

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version:

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version: ID: 388 Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:4 Date: 22/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version: ID: 60306 Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 20:31:48 Date: 13/04/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:48 Date: 13/04/2018 Version: ID: 54693 Cookbook: urldownload.jbs Time: 20:31:48 Date: 13/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version:

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version: ID: 41861 Sample Name: PO65445465.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03::36 Date: 08/01/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version: ID: 2 Sample Name:._k.php Cookbook: default.jbs Time: 0:41:1 Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version:

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version: ID: 6036 Sample Name: wtf.bat Cookbook: default.jbs Time: 1:32:35 Date: 19/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:46:31 Date: 01/02/2018 Version:

ID: Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:46:31 Date: 01/02/2018 Version: ID: 44491 Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:4:31 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents

More information

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date:

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date: ID: 41310 Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date: 31/12/2017 Version: 20.0.0 Table of Contents Analysis Report

More information

ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version: ID: 46703 Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version: 21.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: binarydata Cookbook: default.jbs Time: 22:09:57 Date: 22/11/2017 Version:

ID: Sample Name: binarydata Cookbook: default.jbs Time: 22:09:57 Date: 22/11/2017 Version: ID: 88 Sample Name: binarydata Cookbook: default.jbs Time: 22:09: Date: 22/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version: ID: 50608 Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: promo_50_ iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version:

ID: Sample Name: promo_50_ iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version: ID: 63041 Sample Name: promo_50_57443456.iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback