Malicious Archive / .ZIP — malware analysis report

Static analysis result for SHA-256 603850df8e265404…

MALICIOUS

Archive / .ZIP

10.41 MB
MD5: 36199082b08fe52db5006251a29bf80e SHA-1: c1a2e228fcd6e9e172df4a8f633ded6c8425eb3d SHA-256: 603850df8e2654040dff56c290947fc1e59c059b26c5f5a4a53346fff90ad177
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The archive exceeded its entry limit, indicating a potentially large number of nested files. One of the archive members was identified as malicious, and multiple unknown reputation URLs were extracted. These findings suggest the archive is a container for delivering further malicious content, likely an executable or another stage of a malware infection.

Heuristics 3

  • Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUS
    At least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
  • Archive entry limit reached (50) info ARCHIVE_LIMIT
    Only the first 50 files were scanned.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://googleinru.in/cgi-bin/etn/z002106201r0019Rc8212b77Xb4a983dbY1ea5b9e1Z0100f060
    • http://acdaovvaoxk.com/nte/PROX.php/yH0fa0a1adV0100f060006R1c281a2e102Tbbf1bfb6203l000c
    • http://suqiwyk.cn/a12/mosu2.exe
    • http://suqiwyk.cn/a12/click.php?r=
    • http://suqiwyk.cn/a12/gkzwe2.exe
    • http://suqiwyk.cn/a12/fiqsv2.exe
    • http://click-reklama.com/cgi-bin/plt/z006106201r0019R775e4a7bXd8557f4eY513d6984Z0100f060
    • http://kolpredv.com/.ph/5/l.php?i=16
    • http://click-reklama.com/cgi-bin/plt/z002106201r0019Ra0d32c7dX9a743b80Y7970fd2dZ0100f060
    • http://beancountercity.in/cgi-bin/uiq/eH1d9a908dV01001f50006Rd77de0ae106T75bde498201l0019
    • http://geonetsa.com/cgi-bin/ca7/z002106201r0019R45fce818X81fea68cY17226937Z0100f060
    • http://mysterio.info/cgi-bin/worker/z002106201r0019R4d8081e8X9a465d5eY0d46da38Z0100f060
    • http://beancountercity.in/cgi-bin/uiq/eH6a989aa1V0100f060006R0894cdda102T969ffc88201l0019
    • http://liaynoxlthr.com/nte/gnh4.py/eU230d9c2eH1be34116V0100f060006R6014cf8b102Td254f74f203l000c
    • http://hdewptwhdve.com/nte/AVORP1AABBCC.php/eU230d9c2eH7f4a50b0V0100f060006R1cac620f102Tb4e865d1201l0019Kcaddc597
    • http://ajnuocfdrukv.com/nte/TREST1.exe/eH269a60d2V0100f060006Rbed31eb4105T6d0ee4b8201l0019K6d61670b
    • http://pocka.ru/1yes/load.phpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    • http://beancountercity.in/cgi-bin/uiq/eH119abe5cV0100f060006Rfccf8fa7102Td517be28203l0019
    • http://experimentaltraffic.com/cgi-bin/009/z002106203r000cRfbe94a87X1fbeae13Y65d983ccZ0100f060
    • http://vvas.in/x/exe.php?src=333&id=333&x=pdf4
    • http://googleinru.in/cgi-bin/etn/z005106201r0019R84aff6eaXd89f4463Y698970d2Z01001f50
    • http://about-bear.com/info/sun.html/n002106201r0409R85a64061X2bc8ae96Y26f072a6Z0100f070
    • http://fhae-imex.info/cgi-bin/login.aspx/z006106202r0409R4e7f321bX4c23065bY5fb42452Z0100f060
    • http://googleinru.in/cgi-bin/etn/z002106201r0019R4276fc6eXd07c4a92Y46ad79a4Z0100f060
    • http://networkget.com/cgi-bin/176/n002106201r0019Ra001e36bX4026d26fY4be8fcd6Z0100f060
    • http://ads.qc.to/info/us1.html/n00a102801r0409J12000601R637975bdX5ccf95caY1b9ff4acZ03003f36
    • http://click-clicke.com/cgi-bin/plt/n002106201r0019Mb287ac98Rc0af8139X653add9dY3867ac66Z0100f060
    • http://koevoru.info/cgi-bin/aer/eH0fef7049V0100f060006R62790077102Tb80dcf7a201l0019
    • http://ofcisawq.com/cgi-bin/click3/n002106201r0409X940c47e6Y4598caa0Z0100f070
    • http://beancountercity.in/cgi-bin/uiq/eH78928659V0100f060006Rd77de0ae102T1b802830203l0019
    • http://searchturne.org/cgi-bin/153/n002106203r000cR7b289707X4abfdba8Y69435ec5Z0100f060
    • http://megafreehosting.com/mandms/load.php?spl=pdf_exp
    • http://estguard.com/cgi-bin/ca7/z002106201r0019R814a08dcXde8a493bY24bfb0e9Z0100f060
    • http://beancountercity.in/cgi-bin/uiq/eH0b11db89V0100f060006Rd77de0ae102T64e3678e203l0019
    • http://ajnuocfdrukv.com/nte/trest1.php/eH47e53c3bV0100f060006Reda8d224102Tf9172b66201l0019K02b3be99
    • http://beancountercity.in/cgi-bin/uiq/eH6c1fba51V0100f060006R97f3b4e5102T1c1db4f5203l0019
    • http://ueoovslfd.in/cgi-bin/gjj/z002106203r0809Ra7784a16Xbc596ff9Y4654775dZ0100f060
    • http://hl.ftp.sh/info/us1.html/n002102801r041dJ07000601X05e38652Y7d51a5feZ03009f35
    • http://www.xfa.org/schema/xfa-template/2.5/
    • http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xci/1.0/
    • http://ns.adobe.com/xtd/
    • http://www.xfa.org/schema/xfa-data/1.0/
    • http://ns.adobe.com/xfdf/
    • http://www.xfa.org/schema/xfa-form/2.8/
    • http://www.xfa.org/schema/xfa-template/2.4/

Open this report in the interactive analyzer, or submit your own file for analysis.