MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1119 Automated Collection
The archive exceeded its entry limit, indicating a potentially large or nested structure. A critical heuristic identified a malicious member within the archive, suggesting it's a container for further malicious content. The presence of numerous unknown URLs points towards a payload delivery mechanism.
Heuristics 3
-
Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUSAt least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
-
Archive entry limit reached (50) info ARCHIVE_LIMITOnly the first 50 files were scanned.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://google.com.analytics.ajbnmtoacun.com/nte/trest11.exe/eH6a9df013V0100f070006Rf129df8a102Tae7b6c6f201l0409K3c22241f
- http://jlixup.info/cgi-bin/plt/eH23fb8b0aV0100f060006Reba51138102Tdbe67134201l0019
- http://ghjihkvuno.com/nte/indep4/eH1e662482V0100f060006R00000000102T552d10a3201l0409K87713331
- http://xbl.kz/1/load.php?e=3
- http://webgetwise.com/cgi-bin/176/n002106201r0019Ra001e36bX956a27cdY2e0a4283Z0100f060
- http://street-info.com/unique/loads.php?id=91
- http://1186827139.kokos.in/cgi-bin/static.aspx/n00a10620145fr0409Xc608f59bY0436d951
- http://ajxpeehuvpcv.com/nte/trest1.py/eH24e30ba2V0100f060006R34bd692e102T5ddd2b2f201l0019Kb0937b5d
- http://www.zeustech.net/
- http://]hostname[:port]/path
- http://searchfunes.org/cgi-bin/153/n002106204r0409Xda1bb178Y33d72f3d
- http://ajnuocfdrukv.com/nte/TREST1.exe/eH0a8321e0V0100f060006R507fe6fa102T300a0c16201l0019K03030316
- http://ajnuocfdrukv.com/nte/trest1.exe/eH0864c810V0100f060006Rc6cb175e102Tdb0d9129201l0019Kd2e79b9b
- http://click-clicke.com/cgi-bin/plt/n002106201r0019Mcf9888a1Rddb4cd9eX943aec33Y5d5cab07Z0100f060
- http://beancountercity.in/cgi-bin/uiq/eH26bf1d50V0100f060006R97f3b4e5102T3251b010203l0019
- http://searchfunes.org/cgi-bin/153/n002106203r000cR7b289707X94786341Y170413d7Z0100f060
- http://palosantomare.com/cgi-bin/kln/z002106203r000cR080330c5Xc177830fY0e861ecdZ0100f060
- http://searchfunes.org/cgi-bin/159/n002106203r000cR70f08865Xbc1c931aY0af12acfZ0100f060
- http://ajiiuuhafir.com/nte/trest9.php/eH0cbf2f40V0100f060006R00000000102Td39c4454203l0007
- http://googleinru.in/cgi-bin/etn/z002106201r0019R53ee2ccaXd2102084Y4a631815Z0100f060
- http://190.123.200.110/r.php?f=4&e=3
- http://rock.qc.to/info/us1.html/n002106201r0809R29a17ab6X821ab909Y771cb2e6Z0100f080
- http://111.gosdfsdjas.com/l.php?i=4
- http://statisticpossibly.com/cgi-bin/009/z002106203r000cR3ae62427Xc0658f06Y019dd544Z0100f060
- http://user1.adultxxxblog14.in//load445.php?spl=pdf_exp
- http://geonetsa.com/cgi-bin/ca7/z006106201r0019Rd96af79dXda7a9dcaY21dd4ab0Z01001f50
- http://networkget.com/cgi-bin/176/n002106201r0019Ra001e36bX4bb11ed1Y21f08706Z0100f060
- http://ee.adultxxxblog2.in//load.php?spl=pdf_exp
- http://wedsaz.info/cgi-bin/6554.html/n002106201r0007Xc0501a33Y4da7acc5
- http://beancountercity.in/cgi-bin/uiq/eH67776997V0100f060006Rb2b3c811102Tbc8e521d201l0019
- http://googleinru.in/cgi-bin/etn/z002106201r0019R90417e64X1eb36560Y34ab9ddbZ0100f060
- http://click-reklama.com/cgi-bin/plt/z002106201r0019R0ac6a94aXcd8a55d9Y73469c9bZ0100f060
- http://rock.qc.to/info/us1.html/n0021062014b4r910aX6dcc9a4aY16a203c1
- http://beancountercity.in/cgi-bin/uiq/eH15f16986V0100f060006R97f3b4e5102T9752117d203l0019
- http://www.xfa.org/schema/xfa-template/2.5/
- http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xci/1.0/
- http://ns.adobe.com/xtd/
- http://www.xfa.org/schema/xfa-data/1.0/
- http://ns.adobe.com/xfdf/
- http://www.xfa.org/schema/xfa-form/2.8/
- http://www.apache.org/
- http://www.iec.ch
- http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xfa-locale-set/2.1/
Open this report in the interactive analyzer, or submit your own file for analysis.