Malicious Archive / .ZIP — malware analysis report

Static analysis result for SHA-256 5c360145f97edea3…

MALICIOUS

Archive / .ZIP

12.86 MB
MD5: 371335e948ea268cb68570c6fb6eca82 SHA-1: cc7bcc07b5bc42b7252ee2d2abb8c58a7a213f3e SHA-256: 5c360145f97edea3703194dff9e55761f0a22fe28a6b43add0a8a7dc72cc2aac
64 Risk Score

Malware Insights

The archive was found to contain a malicious member, which is a strong indicator of malicious intent. Numerous URLs were extracted, many of which point to executable files or scripts, suggesting a download and execution chain. The archive also exceeded its entry limit, indicating a potentially large or complex malicious structure.

Heuristics 3

  • Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUS
    At least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
  • Archive entry limit reached (50) info ARCHIVE_LIMIT
    Only the first 50 files were scanned.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://wertionase.com/cache/load.php
    • http://adultxxxblog8.in//load746.php?spl=pdf_exp
    • http://statisticpossibly.com/cgi-bin/009/z002106203r000cR3ae62427Xc065874fY450d50b9Z0100f060
    • http://style-boards.com/forum/dnsx2.exe
    • http://style-boards.com/forum/click.php?r=
    • http://style-boards.com/forum/gijrvx2.exe
    • http://style-boards.com/forum/aelm2.exe
    • http://google.analytics.com.hzlyaejcvmat.info/kav/KAV2.py/eHcb7cfae3V0100f070006R1f73eccc102T80f0c7cf201l0409Kc0d2a4a1
    • http://beancountercity.in/cgi-bin/uiq/eH5f7e16bbV0100f060006R97f3b4e5102T69e2a20d201l0019
    • http://googleinru.in/cgi-bin/etn/z002106201r0019R3fcd0992X95cdae92Y08018528Z0100f060
    • http://beancountercity.in/cgi-bin/uiq/eH010f5339V0100f060006R97f3b4e5102T9aebd85d201l0019
    • http://ajnuocfdrukv.com/nte/TREST1.html/eH6b33aa47V0100f060006Rca476eb0102Tf917a8ff201l0019K3d132ee9
    • http://qbzrfzyudfeo.com/lee/TATRA9.py/eH56df6a02V0100f070006Rd08354e5102Tf8299764201l0409K63516520
    • http://grinchalina4.com/pek/l.php?i=16
    • http://www.hoploawq.com/exe.php?spl=PDF%20(printd
    • http://www.hoploawq.com/exe.php?spl=PDF%20(EmailInfo
    • http://www.hoploawq.com/exe.php?spl=PDF%20(util_printf
    • http://www.hoploawq.com/exe.php?spl=PDF%20(GetIcon
    • http://flshgamer.info/cgi-bin/kln/n002106204r0409Xd1a5b21dY0291c32b
    • http://geonetsa.com/cgi-bin/ca7/z002106201r0019R8fea1881X9404bb6dY52e4d589Z0100f060
    • http://teamnunda.com/info/getexe.php?spl=pdf
    • http://xgazz.biz/var/l.php?i=5
    • http://ghjihkvuno.com/nte/trest6/eH1e662482V0100f060006R00000000102T552d13d6201l0409K4b31f9fe
    • http://www.ylwgheakrozn.com/nte/avorp1nov1.py/eU230d9c2eH58d6713cV0100f070006R00000000102T9443b919201l0409K2950521e
    • http://kjvs.info/ug7/l.php?i=16
    • http://mhjvjcdmtwe.com/nte/TREST2.exe/eH2f818960V0100f060006Reb09ea6f102Te86bfe0a201l0019K4246fff3
    • http://ns2.ratare.com/info/sun.html/n00a106201459r66b3X8fa04d1aY004675bd
    • http://estguard.com/cgi-bin/ca7/z002106201r0019R3fc02bb2Xb4725043Y578d7681Z0100f060
    • http://adminregion.info/born/egmntvwz3.exe
    • http://adminregion.info/born/bij3.exe
    • http://adminregion.info/born/cikox3.exe
    • http://beancountercity.in/cgi-bin/uiq/eH1753f9aaV0100f060006R1f671b4e102T1aca20ec201l0019
    • http://substance-news.info/style/bijs2.exe
    • http://substance-news.info/style/click.php?r=
    • http://substance-news.info/style/afhjmx2.exe
    • http://substance-news.info/style/aimy2.exe
    • http://lometr.pl/hlp/getexe.php?spl=pdf
    • http://ajnuocfdrukv.com/nte/TREST1.html/eH7090ce11V0100f060006R87d80615102Tda291710201l0019Kd699c28c
    • http://xxxsssxxx.biz/ecto/l.php?i=16
    • http://rebulkinc.com/cgi-bin/ca7/n002106201r0019R33a39b67Xd05f15cfY1422320cZ0100f060
    • http://enginesoons.cn//load.php?spl=pdf_exp
    • http://ajnuocfdrukv.com/nte/trest1.exe/eH2cca850bV0100f060006R7185358d102T300a67cc201l0019Ka4a64667
    • http://experimentaltraffic.com/cgi-bin/009/z002106203r000cR466edc59Xb435a88eY425d040eZ0100f060
    • http://gccmimxtuf.com/nte/nov1.py/eH435cbacbV0100f060006Rf82fea65102T0ec5b74f203l000c
    • http://beancountercity.in/cgi-bin/uiq/eH6797f00bV0100f060006R97f3b4e5106Tbc1528bc201l0019
    • http://erbition.com/info/dat.html/n003106201r0409Xda9e58e9Y5371af49Z0100f080
    • http://nethealthcarego.com/cgi-bin/153/n002106201856r0012Xa09b57b8Y361cc94b
    • http://www.xfa.org/schema/xfa-template/2.5/
    • http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xci/1.0/
    +4 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.