top title background image
flash

SecuriteInfo.com.Win32.BackdoorX-gen.26082.4206.exe

Status: finished
Submission Time: 2024-02-03 13:44:32 +01:00
Malicious
Evader

Comments

Tags

  • exe

Details

  • Analysis ID:
    1386024
  • API (Web) ID:
    1386024
  • Analysis Started:
    2024-02-03 13:44:34 +01:00
  • Analysis Finished:
    2024-02-03 13:52:32 +01:00
  • MD5:
    eb2dc997bdbded2d40eeffe54f841aa8
  • SHA1:
    e9ee0506933c6403bf5c16401d912db40c9d1357
  • SHA256:
    f1f23f87a7e7a5a7e5a4bfa8c6bcc1165237d6930f0ad2c9618e132939157f39
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 84
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 25/46
malicious
Score: 29/38
malicious
malicious

IPs

IP Country Detection
152.195.19.97
United States
64.233.185.102
United States
142.251.15.132
United States
Click to see the 5 hidden entries
162.159.61.3
United States
239.255.255.250
Reserved
122.224.35.110
China
204.79.197.239
United States
172.64.41.3
United States

Domains

Name IP Detection
chrome.cloudflare-dns.com
172.64.41.3
www.xz59.com
122.224.35.110
clients.l.google.com
64.233.185.102
Click to see the 5 hidden entries
googlehosted.l.googleusercontent.com
142.251.15.132
sni1gl.wpc.nucdn.net
152.195.19.97
clients2.googleusercontent.com
0.0.0.0
clients2.google.com
0.0.0.0
www.cfxingmao.com
0.0.0.0

URLs

Name Detection
https://transfer.xe.com/signup/track/redirect?
http://secure.hostgator.com/~affiliat/
https://www.pcbway.com/
Click to see the 97 hidden entries
http://www.tkqlhce.com/
https://qwa.qwant.com/ck.php
http://www.twitter.com/
http://www.friendlyquacks.com/
http://ad-emea.doubleclick.net/
https://gadlt.nl/
https://www.sugarinstant.com/?partner_id=
https://land.rk.com/landing/
https://www.saltycams.com
http://ffxitrack.com/
https://www.vultr.com/
http://vinfdv6b4j.com/
http://findersocket.com/
http://www.tirerack.com/affiliates/
https://ptapjmp.com/
https://offer.alibaba.com/
https://recall-email.onelink.me/
http://www.xzom/x.txt
https://americafirstpolls.com/
https://dianches-inchor.com/
https://albionsoftwares.com/
https://secure.bstlnk.com/
https://fast-redirecting.com/
https://www.eneba.com/
https://adsrv4k.com/
http://serve.williamhill.com/promoRedirect?
http://macpaw.7eer.net/
https://a-ads.com/?partner=
https://secure.starsaffiliateclub.com/C.ashx?
https://meet-to-fuck.com/tds
http://www.TwinPlan.com/AF_
http://www.mrskin.com/tour
https://www.camsoda.com/enter.php?id=
http://www.mysuperpharm.com/
http://ads.depositfiles.com/
https://wantopticalfreelance.com/
http://zevera.com/afi.html
https://rajabets.com/
https://www.elitepvpers.com/123/
http://marketgid.com
http://refer.ccbill.com/cgi-bin/clicks.cgi?
http://enter.anabolic.com/track/
https://www.mrporngeek.com/
https://adswick.com/
https://s.zlink2.com/
http://www.onwebcam.com/random?t_link=
http://www.xz59.com/.../tm
https://t.adating.link/
http://www.sexgangsters.com/?pid=
http://go.ad2up.com/
https://tinyurl.com/
https://myusenet.xyz/
https://www.appliedenergysystems.com/stakes/
https://www.amazon.
http://www.dhgate.com/
http://www.rpg.net/ads/
https://beap.gemini.yahoo.com/mbclk?
http://homemoviestube.com/
http://www.linkbucks.com/referral/
https://www.mrskin.com/account/
http://bcp.crwdcntrl.net/
https://www.reimageplus.com/
http://papi.mynativeplatform.com:80/pub2/
http://www.freefilesdownloader.com/
http://www.onclickmega.com/jump/next.php?
http://join.rodneymoore.com/
https://mypatriotsupply.com/
https://t.hrtyj.com/
https://go.strpjmp.com/
https://www.g4mz.com/
http://see-work.info/
https://iactrivago.ampxdirect.com/
http://ad.yieldmanager.com/
http://www.downloadweb.org/
http://greensmoke.com/
http://www.reimageplus.com/
https://ads.betfair.com/redirect.aspx?
http://bc.vc/?r=
https://tour.mrskin.com/
https://drive-daily-5.corp.google.com/
http://adprovider.adlure.net/
http://affiliates.thrixxx.com/
https://gohere.pl/
https://geniusdexchange.com/
https://ads.planetwin365affiliate.com/redirect.aspx?
https://clicks.pipaffiliates.com/
http://www.super-ec.cn
http://www.flashx.tv/downloadthis
http://totsantcugat.info/wp-content/video.php
https://trf.bannerator.com/
https://drive-daily-2.corp.google.com/
http://www.affiliates1128.com/processing/
https://as.sexad.net/
http://reallygoodlink.freehookupaffair.com/
https://www.roaradventures.com/
http://adserver.adtechus.com/
https://m.do.co/c/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\scoped_dir1860_1907149710\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3422)
#
C:\Users\user\AppData\Local\Temp\scoped_dir1860_1907149710\CRX_INSTALL\page_embed_script.js
ASCII text
#
C:\Users\user\AppData\Local\Temp\scoped_dir1860_1907149710\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3422)
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\scoped_dir1860_586272696\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
#
C:\Users\user\AppData\Local\Temp\scoped_dir1860_586272696\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
#