ihg_logo_folio2479413.pdf
This report is generated from a file or URL submitted to this webservice on May 7th 2018 17:33:37 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 1 host. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 1
-
Network Related
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "93.184.221.240": ...File SHA256: b58ba82b8b2a2c1a80837006b995138ae6f22b76de3565c8a66f86103ea38cef (AV positives: 59/67 scanned on 05/07/2018 16:41:36)
File SHA256: 06b454e7ca8d0809f41058a7777ea5adce7398014b0065089e1c67fa3cd782a3 (AV positives: 59/67 scanned on 05/07/2018 16:41:11)
File SHA256: 195c13914746b58c3cf597c13547ae2e09b2055d81c61ddc959a12479814a313 (AV positives: 60/67 scanned on 05/07/2018 16:40:32)
File SHA256: 0fbeca1b6aab95832fe250072701ba767ba60c4562baefee943c53f7db3a0b35 (AV positives: 58/67 scanned on 05/07/2018 16:40:28)
File SHA256: e501050df0e3c00fffbfa1957bcaba98f902d0494e980e39263680a7e33cd617 (AV positives: 61/67 scanned on 05/07/2018 16:40:18)
File SHA256: 239e8d5aa322cdb4add67e174ef9449cd70cb54dd0091ee37efd8e44553a5638 (Date: 05/07/2018 16:28:47)
File SHA256: 42a8cc03aa2229400a0b912b84321a75bbb18e2a538c81fcc9625528f66b059a (Date: 05/07/2018 16:21:32)
File SHA256: 9be415e22fe130ea3e8d442bf9ac9e1cccf48595be145e19fc4d06240fd60ffd (Date: 05/07/2018 16:20:13)
File SHA256: b366da6ebc3613614ce5c46901378380f3da79179faefc4d69e045d86870aaa5 (Date: 05/07/2018 16:07:07)
File SHA256: 9de885699750d6f5e9c0316c15948286c7f4b1915f47d7ed5fe686b931091d2e (Date: 05/07/2018 15:48:40) - source
- Network Traffic
- relevance
- 10/10
-
Malicious artifacts seen in the context of a contacted host
-
Informative 7
-
General
-
Contacts server
- details
- "93.184.221.240:80"
- source
- Network Traffic
- relevance
- 1/10
-
Contains object with compressed stream data
- details
- Object ID 5 contains compressed stream data: No filters
- source
- Static Parser
- relevance
- 10/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"Local\WininetStartupMutex"
"Local\_!MSFTHISTORY!_"
"DBWinMutex"
"Local\c:!users!qdx9ish!appdata!local!microsoft!windows!history!history.ie5!"
"Local\c:!users!qdx9ish!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"RasPbFile"
"Local\Acrobat Instance Mutex"
"Local\c:!users!qdx9ish!appdata!roaming!microsoft!windows!cookies!"
"IESQMMUTEX_0_208"
"{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCLGHGIHKAAAAA"
"Local\WininetConnectionMutex"
"Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCLGHGIHKAAAAA"
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!qdx9ish!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!qdx9ish!appdata!roaming!microsoft!windows!cookies!" - source
- Created Mutant
- relevance
- 3/10
-
PDF contains only a single page
- details
- Tag "pages" has a value of "1"
- source
- Static Parser
- relevance
- 5/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R11"
"AcroRd32.exe" searching for class "JFWUI2" - source
- API Call
- relevance
- 10/10
-
Contacts server
-
Installation/Persistance
-
Dropped files
- details
-
"A9R6088.tmp" has type "data"
"A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" has type "data"
"A9R6089.tmp" has type "data"
"A9R6091.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9R608B.tmp" has type "data"
"A9R608A.tmp" has type "data"
"A9R608F.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9R6090.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9R608E.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" has type "data"
"A9R608D.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)" - source
- Binary File
- relevance
- 3/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "www.ihg.com/reviews"
Heuristic match: "y^(7kmHs;.za" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
ihg_logo_folio2479413.pdf
- Filename
- ihg_logo_folio2479413.pdf
- Size
- 178KiB (181893 bytes)
- Type
- Description
- PDF document, version 1.4
- Document pages
- 1
- Architecture
- WINDOWS
- SHA256
- 1b8dcc3cc1bb09a81bc8b2cce82437fcba250ff78a81a12132fa92ea27d8b78e
- MD5
- fc3e7c896e3188a3d4761250e5aa59b1
- SHA1
- 166fa62b314e995bb0822b5754f119ed120e39ba
Classification (TrID)
- 100.0% (.PDF) Adobe Portable Document Format
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- AcroRd32.exe "C:\ihg_logo_folio2479413.pdf" (PID: 2680)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
93.184.221.240 |
80
TCP |
- | European Union |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 11
-
-
48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
- Size
- 1KiB (1073 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- 79fbef0890804ff08ba94288b725b3d7
- SHA1
- adb11af859c87cb7d9e80fa8a6689151f4b5bc2a
- SHA256
- ce091c4f44a76f9d943fb55d71ca8fb7de9e7149609a3d8552f0e7094acd8197
-
A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
- Size
- 37KiB (37738 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- d318b36a715a8f45604431f3095f0b41
- SHA1
- 3da984ce99106ff26d53438e21d49c273fb9e88d
- SHA256
- e4b6aaa2312f828f82889184cf66a8ff977a23f1e3b5e9c4a1cf184a77f8a175
-
A9R6088.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R6089.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R608A.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R608B.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9R608D.tmp
- Size
- 45KiB (46135 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- Runtime Process
- AcroRd32.exe (PID: 2680)
- MD5
- 7de4a2e866ed8aefb829cf5e04db261a
- SHA1
- 38a68fded15d2c8950a6b0d855492e5b4ce7ed95
- SHA256
- 70bdea097b02d2cba9f5363f9e986cc5ba57267999374c303a248d01000d713b
-
A9R6091.tmp
- Size
- 35KiB (35731 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 60fb8491aa4b141264152614c765d450
- SHA1
- c33105a5d6bda4f09bfcd774ade9a62e77e131ee
- SHA256
- 3184ca2a7ef723d242309f3770e6f60ac57e436ee3eb2b434112d0df848e5c60
-
A9R608F.tmp
- Size
- 38KiB (38445 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- c2be4c74c4d98eac6140acb383f77d0b
- SHA1
- a54e90b58dd2463d913142d4d7ec1d038f249c55
- SHA256
- d1e10ebe9f745f12c7b29f0a7ca27c576c0ba1e37fdcc19563e822c6692a1d68
-
A9R6090.tmp
- Size
- 80KiB (81944 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 39c9b484f43d03a05d306bc7bcc16654
- SHA1
- 1cb992eaff6228116e55b858f2ed825b09f2f50b
- SHA256
- fa5fdebe80ec0ce7dc40738b4fd46a9e9b36eca6a810c523ee6ef3fd40b4179e
-
A9R608E.tmp
- Size
- 41KiB (41629 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 2270aa3192da68562fdb1e4c468b13df
- SHA1
- 0efdaae1163af1ac0c61c6e5f92714cdbb03e41a
- SHA256
- 5c74fec27dec1d0fe65987b22d85ba7953e118b34ed48ad59a8000e4d3d4f975
-