T0pdaslk-guangwang-winelkxcac-64.msi

Status: finished

Submission Time: 2025-02-21 21:12:15 +01:00

Malicious

Trojan

Evader

GhostRat

Comments

Details

Analysis ID:
1621377
API (Web) ID:
1621377
Analysis Started:

2025-02-21 21:12:19 +01:00
Analysis Finished:

2025-02-21 21:21:40 +01:00
MD5:
09fc3a5af26388a6909a2b0643ad644e
SHA1:
83423788bb21f3a47e02f89d3e604bf135f42080
SHA256:
0c8017e92fd56f96da5b8f01c219d4a90f80da94b360c59ce81618c9df55c88b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
47.238.100.22	United States
43.135.63.118	Japan
101.42.127.254	China
Click to see the 1 hidden entries
119.45.2.35	China

Domains

Name	IP	Detection
authds.kylinlot.com	0.0.0.0
authds.todesk.com	43.135.63.118
g8e1l8qd.ovslegodl.sched.ovscdns.com	43.175.152.66
Click to see the 1 hidden entries
todeskcdnspeed.todesk.com	0.0.0.0

URLs

Name	Detection
http://todeskcdnspeed.todesk.com/AT;.CMD;.VBS;.VBE;.JS;7
https://uc.todesk.com/f
https://dev.ditu.live.com/REST/v1/Transit/Stops/
Click to see the 97 hidden entries
http://todeskcdnspeed.todesk.com/SCPROCESSO
http://dumpserver.todesk.com/dump.phpSymInitialize
https://daas-personal.todesk.com/downloadwsTEMP
https://crbug.com/1053756ICE
http://.jpg
https://user.todesk.com/upload.php?token=lesCOMPUTERNAW
http://subca.ocsp-certum.com01
http://todeskcdnspeed.todesk.com/ineIntelPR
http://crl.entrust.net/g2ca.crl0;
https://user.todesk.com/upload.php?token=USERNAs
https://uc.todesk.com/1y
https://uc.todesk.com/y
http://subca.ocsp-certum.com0.
http://todeskcdnspeed.todesk.com/ily
https://www.todesk.com/download.htmlopen
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
http://schemas.micro
https://wechat.todesk.comaxQ
https://uc.todesk.com/esponseo
http://aia1.wosign.com/ca1-class3-server.cer0
https://crbug.com/1053756
http://todeskcdnspeed.todesk.com/les;C:
https://uc.todesk.com/t
https://uc.todesk.com/H
https://user.todesk.com/upload.php?token=fh
https://uc.todesk.com/Qy
https://android.notify.windows.com/iOS0
https://uc.todesk.com/E
http://aia.startssl.com/certs/ca.crt0
https://www.thawte.com/cps0)
https://uc.todesk.com/A
https://wechat.todesk.comnseLI-P
https://user.todesk.com/upload.php?token=FILE=user-PCUWv
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
https://www.thawte.com/cps02
http://todeskcdnspeed.todesk.com/https://uc.todesk.com/https://user.todesk.com/upload.php?token=tode
https://uc.todesk.com/u
https://uc.todesk.com/p
https://uc.todesk.com/o
http://crls1.wosign.com/ca1.crl0m
https://uc.todesk.com/l
https://outlook.comsoft.A
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
http://todeskcdnspeed.todesk.com/~h
https://uc.todesk.com/j
https://wechat.todesk.comMy
https://uc.todesk.com/d
https://daas-personal.todesk.com/downloadROCESSOR_IDENT3
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/there-are-8-types-of-intelligence-which-one-is-yo
https://uc.todesk.com/on
https://uc.todesk.com/ol
https://www.todesk.com/licence.htmlopen
https://user.todesk.com/upload.php?token=ePath=C:
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
https://www.msn.com/en-us/news/politics/george-santos-former-campaign-treasurer-pleads-guilty-to-fed
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppche_16.dbK
https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/
https://daas-personal.todesk.com/download~
https://daas.todesk.com/console
https://daas.todesk.com/consoleali
http://crl.ver)
https://streams.videolan.org/upload/
https://www.todesk.com/download.htmlToDesk
https://daas-personal.todesk.com/downloadV
https://deff.nelreports.net/api/report?cat=msn
https://daas-personal.todesk.com/downloadPATHEX
https://api.msn.com:443/v1/news/Feed/Windows?
http://todeskcdnspeed.todesk.com/Windows
https://user.todesk.com/upload.php?token=Jh
https://daas-personal.todesk.com/downloadf
https://daas-personal.todesk.com/downloadj
http://faac.sourceforge.net/)
https://api.msn.com/v1/news/Feed/Windows?activityId=BD3E37D8C4964A928E655AAA177D65C1&timeOut=5000&oc
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://daas-personal.todesk.com/downloadngComm
https://certs.starfieldtech.com/repository/0
http://html4/loose.dtd
https://wechat.todesk.comtionny
https://daas.todesk.com/console;C:
https://user.todesk.com/upload.php?token=ESSOR_I
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark
https://daas-personal.todesk.com/downloadProgramA
http:///dump.php?dumpserver.compresstypelognamedatetimedate
http://aia.startssl.com/certs/ca.crt02
https://dl.todesk.com/windowsDownloadAppFilekernel32::IsWow64Process2(ps
https://daas-personal.todesk.com/downloadm
https://dev.virtualearth.net/REST/v1/Routes/Transit
http://todeskcdnspeed.todesk.com/&oq
http://www.symauth.com/rpa00
https://uc.todesk.com/orderManage/buyOrder?spuId=2&orderType=0
https://g.live.com/odclientsettings/Prod-C:
https://dynamic.t
http://www.symauth.com/rpa0)
http://crl.godaddy.com/gdroot-g2.crl0F
https://daas-personal.todesk.com/download
https://dev.virtualearth.net/REST/v1/Locations
http://www.symauth.com/cps0(

Dropped files

Name	File Type	Hashes
C:\Program Files (x86)\ToDesk_Setup\ToDesk_Setup\ToDesk_Setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
C:\Program Files\ToDesk\drivers\cameramic\ToDeskAudio.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Program Files\ToDesk\drivers\tdgamepad\TdGamepad.sys	PE32+ executable (native) x86-64, for MS Windows	#
Click to see the 2 hidden entries
C:\ProgramData\kernelquick.sys	data	#
C:\Users\user\E18E9999-38FB-4B56-A9DC-92053E34C6FB\Microsoft_Xtools.exe	PE32+ executable (GUI) x86-64, for MS Windows	#

T0pdaslk-guangwang-winelkxcac-64.msi

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

T0pdaslk-guangwang-winelkxcac-64.msi Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

T0pdaslk-guangwang-winelkxcac-64.msi