Spyware Contains ability to open the clipboard This report has 38 indicators that were mapped to 22 attack techniques and 9 tactics.
View all details Not all malicious and suspicious indicators are displayed. Get your own
cloud service or the full version to view all details. details 33/70 Antivirus vendors marked sample as malicious (47% detection rate) sourceExternal System
relevance10/10 details 33/70 Antivirus vendors marked sample as malicious (47% detection
rate) sourceExternal Systemrelevance8/10 details
27/65 Antivirus vendors marked dropped file "Your Package Tracked Now.exe" as malicious (classified as "Gen:Variant.Razy" with 41% detection rate) details 27/65 Antivirus vendors marked spawned process "Your Package Tracked Now.exe" (PID: 2568) as malicious
(classified as "Gen:Variant.Razy" with 41% detection rate) sourceMonitored Targetrelevance10/10 details "YourPackageTrackedNow_5cadf9e53f83d.exe" allocated memory in "%LOCALAPPDATA%\Your Package Tracked Now\Uninstall.exe" details "YourPackageTrackedNow_5cadf9e53f83d.exe" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Your Package Tracked Now\Your Package Tracked
Now.exe" (Handle: 1444) details
Found malicious artifacts related to "3.18.236.124": ... URL: http://sbdistro.com/closed.html?p=http://results.hdownloadmyinboxhelper.com/s?uid=1d8767cc-de64-4340-93d4-f613be84451e&uc=20190131&source=d-ccc3-lp0-r1-bb9-sbe-ab&i_id=email_&ap=appfocus1 (AV positives: 2/66 scanned on 04/14/2019 05:54:59) URL:
http://touch.believeeducation.host/6d019c5303b95c7a9f9f1a463bdd75d137eaa122/ (AV positives: 3/69 scanned on 04/05/2019 13:57:26) URL:
http://heat.kettlestep.info/?affId=1006&appTitle=Installation&s1=3183&s2=18354543&setupName=cpSetup&appVersion=2.92&instId=11&exe=1 (AV positives: 5/69 scanned on 04/06/2019 12:45:12) URL: http://cobweb.handboundary.xyz/79f44fec46631ba37f8dca09630a234471dd330b47da09502c63/ (AV positives: 1/69 scanned on 04/03/2019 13:56:47) URL: http://grade.noiseteeth.host/8965b5a2bf0f0024ba675c2ce0381444a87db9020f5028d472343a5b783b/ (AV positives: 1/69
scanned on 04/06/2019 13:44:11) URL: http://sbdistro.com/cgi/adk/chrdl.cgi?source=d-ccc1-lp0-bb9&brw=3&adprovider=appfocus1&implementation_id=weather_&sln=1&dfn=Local%20Weather%20Radar&appname=Local%20Weather%20Radar&domain=hlocalweatherradar.co&appdesc=Get%20local%20weather%20forecasts%20in%20an%20instant%20from%20your%20home%20and%20new%20tab%20page%21&user_id=a7c2a3a2-6501-47cb-be00-2337b24f4dbc&edge=1
(AV positives: 3/69 scanned on 04/14/2019 13:39:00) URL: http://imp.searchlen.com/impression.do?implementation_id=email__1.30&source=bing-bb8&sub_id=20180507&traffic_source=appfocus29&user_id=dc02de29-f55e-4415-983b-6f89e3d52000&useragent=mozilla%2f4.0+(compatible%3b+msie+6.0%3b+windows+nt+5.1%3b+sv1%3b+.net+clr+2.0.50727)&subid2=6.0.2900.get
(AV positives: 1/69 scanned on 04/08/2019 06:57:57) details Found malicious artifacts related to "3.18.236.124": ... URL:
http://sbdistro.com/closed.html?p=http://results.hdownloadmyinboxhelper.com/s?uid=1d8767cc-de64-4340-93d4-f613be84451e&uc=20190131&source=d-ccc3-lp0-r1-bb9-sbe-ab&i_id=email_&ap=appfocus1 (AV positives: 2/66 scanned on 04/14/2019 05:54:59) URL:
http://touch.believeeducation.host/6d019c5303b95c7a9f9f1a463bdd75d137eaa122/ (AV positives: 3/69 scanned on 04/05/2019 13:57:26) URL:
http://heat.kettlestep.info/?affId=1006&appTitle=Installation&s1=3183&s2=18354543&setupName=cpSetup&appVersion=2.92&instId=11&exe=1 (AV positives: 5/69 scanned on 04/06/2019 12:45:12) URL: http://cobweb.handboundary.xyz/79f44fec46631ba37f8dca09630a234471dd330b47da09502c63/ (AV positives: 1/69 scanned on 04/03/2019 13:56:47) URL: http://grade.noiseteeth.host/8965b5a2bf0f0024ba675c2ce0381444a87db9020f5028d472343a5b783b/ (AV positives: 1/69
scanned on 04/06/2019 13:44:11) URL: http://sbdistro.com/cgi/adk/chrdl.cgi?source=d-ccc1-lp0-bb9&brw=3&adprovider=appfocus1&implementation_id=weather_&sln=1&dfn=Local%20Weather%20Radar&appname=Local%20Weather%20Radar&domain=hlocalweatherradar.co&appdesc=Get%20local%20weather%20forecasts%20in%20an%20instant%20from%20your%20home%20and%20new%20tab%20page%21&user_id=a7c2a3a2-6501-47cb-be00-2337b24f4dbc&edge=1
(AV positives: 3/69 scanned on 04/14/2019 13:39:00) URL: http://imp.searchlen.com/impression.do?implementation_id=email__1.30&source=bing-bb8&sub_id=20180507&traffic_source=appfocus29&user_id=dc02de29-f55e-4415-983b-6f89e3d52000&useragent=mozilla%2f4.0+(compatible%3b+msie+6.0%3b+windows+nt+5.1%3b+sv1%3b+.net+clr+2.0.50727)&subid2=6.0.2900.get
(AV positives: 1/69 scanned on 04/08/2019 06:57:57)
File DetailsAll Details: Your Package Tracked Now_5cadf9e53f83d.exeFilenameYour Package Tracked Now_5cadf9e53f83d.exeSize720KiB (736808 bytes)Typepeexe executableDescriptionPE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archiveArchitecture WINDOWSSHA256bd85622762bf36b5e2416519702b4c1b2346c204aa615aea7ff67b034fec43e7 ResourcesLanguageENGLISHIconVisualizationInput File (PortEx)Version InfoLegalCopyright (c) 2018 Springtech Ltd FileVersion 3.1.0.5 CompanyName Springtech Ltd ProductName Desktop Search Bar ProductVersion 3.1.0.5 FileDescription Desktop web search OriginalFilename SBInstaller Translation 0x0409 0x0000Classification (TrID)
File Sections
File ResourcesScreenshotsLoading content, please wait... Hybrid AnalysisTip: Click an analysed process below to view more details. Analysed 4 processes in total (System Resource Monitor). Network AnalysisDNS RequestsHTTP TrafficMemory ForensicsExtracted FilesDisplaying 25 extracted file(s). The remaining 40 file(s) are available in the full version and XML/JSON reports.
Notifications
|