Malicious Archive / .ZIP — malware analysis report

Static analysis result for SHA-256 0e912c6679870788…

MALICIOUS

Archive / .ZIP

51.08 MB
MD5: ce9e92581c01f98d7ce81c85cd758e4a SHA-1: d3ef91258f528c55a7aaf74eea10c4722740be58 SHA-256: 0e912c6679870788d15affeeada8e925d9d62eadf2a25379e31f2ed06a276c9f
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The archive exceeded its entry limit, indicating a large number of contained files. One of these members was identified as malicious, suggesting it is the primary payload or a component thereof. The presence of numerous unknown URLs points towards a distribution or command-and-control infrastructure, likely used to download and execute further malicious content.

Heuristics 3

  • Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUS
    At least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
  • Archive entry limit reached (50) info ARCHIVE_LIMIT
    Only the first 50 files were scanned.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://infoshokx.com/v55/l.php?i=6
    • http://hdewptwhdve.com/nte/AVORP1AABBCC.php/eU230d9c2eH6e2cf3b7V0100f060006Rc3ad3266102Tb4875ed6201l0019K30ed0c14
    • http://counterweb.cn/fr/load.php?e=2
    • http://beancountercity.in/cgi-bin/uiq/eH31eeef87V0100f060006R606bae74105T94f41793201l0019
    • http://highslide.eu/cgi-bin/bd/eH1e260c9cV0100f060006R00000000102Tfb6eea70203l000c
    • http://universa.io
    • http://access.universa.io
    • http://ajxpeehuvpcv.com/nte/TREST1.exe/eH44fa534aV0100f060006R64213bad105T7365aedd201l0019K9b7a5f2a
    • http://www.radpdf.com
    • http://geonetsa.com/cgi-bin/ca7/z002106201r0019R28254ac5Xd21e63d3Y51cfabfeZ0100f060
    • http://geonetsa.com/cgi-bin/ca7/z002106201r0019Rc1f40919Xc6e49dabY6d978885Z0100f060
    • http://www.bitstream.com
    • http://beancountercity.in/cgi-bin/uiq/eH4f7dd5b5V0100f060006Rf70962a8102T6975692f201l0019
    • http://ocsp.verisign.com0
    • http://searchglobalsite.com/in.cgi?11
    • http://exlula.com/info/sun.html/n002106204r0409Rd0f272e3X293bfa07Y15a32b26Z0100f060
    • http://zsupportx.info/var/l.php?i=5
    • http://googleinru.in/cgi-bin/etn/z002106201r0019Rb275c1abXc764e2feY02367074Z0100f060
    • http://hdewptwhdve.com/nte/avorp1aabbcc.php/eU230d9c2eH1418c4eeV0100f060006R1cac620f102T80731a47201l0019K8fc67452
    • http://estguard.com/cgi-bin/ca7/z002106201r0019R4fb6ba13Xd417e750Y406481f7Z0100f060
    • http://googleinru.in/cgi-bin/etn/z002106201r0019R1bfed49eXd17ed138Y1e37b80fZ0100f060
    • http://patricknetgo.com/cgi-bin/159/n002106203r000cR70f08865X3319b68cY4c32d901Z0100f060
    • http://lenetun.com/info/sun.html/n002106201Xbbbdd9b4Y1a0a5661
    • http://www.financialdoc.net/finance/fonts
    • http://eadj.ru/exp/load.php?stat=Windows/load.php&s=1
    • http://eadj.ru/exp/load.php?stat=Windows/load.php&s=2
    • http://eadj.ru/exp/load.php?stat=Windows/load.php&s=3
    • http://173.212.218.124/w.php?f=70&e=3
    • http://beancountercity.in/cgi-bin/uiq/eH0dc38191V0100f060006R6ad0dec0102Tfde9d8cd203l0019
    • http://beancountercity.in/cgi-bin/uiq/eH2e421663V0100f060006Rbb6d7714102Tcc8408a3201l0019
    • http://stepanola.in/irk2/l.php?i=6
    • http://freepornsuck.com/cgi-bin/creator.aspx/n002103801r0409R83a99fdaX3ed78a1cY4b81421fZ14271253
    • http://defase.info/page/hotweb.php/n00a106201r0409R7f82d56dX0d3f3d8bY24aad290Z0100f080
    • http://searchfunes.org/cgi-bin/153/n002106203r000cR13a11ff9Xbc179352Y16ce4b83Z0100f060
    • http://ehmqgcbvjqta.com/nte/trest3.exe/eH0349c658V0100f060006Rb95f0d64102Tafbd14d9201l0019Kc0dacdb8
    • http://th1.butillok.net//getexe.php?spl=pdf
    • http://beancountercity.in/cgi-bin/uiq/eH7477f3f2V0100f060006Rc8f574ff102T3ac264f0203l0019
    • http://jgtdirect.com/cgi-bin/click3/n002106201r0409X94125c4bY2ba4e68eZ0100f070
    • http://bit.ly/2fkELHm
    • http://en.wikipedia.org/wiki/MIT_License
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
    • http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
    • http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
    • http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
    • http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��
    • http://www.microsoft.com/pkiops/docs/primarycps.htm0@
    • http://www.microsoft.com/Typography/0
    +25 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.