URL: | http://www.mediafire.com/file/4zx7qsvp9c87xkx/MEE6_Controller.rar/file |
Full analysis: | https://app.any.run/tasks/a3879491-717c-4284-bef2-15a487646974 |
Verdict: | Malicious activity |
Threats: | Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. |
Analysis date: | May 10, 2020 at 06:41:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | E056E0D6BEFFBF4DB18A03E9449FD3AB |
SHA1: | 1E98833158F96BB0DC36DF0C6DE6DA10F5566584 |
SHA256: | 02D44F6A26236B7461430DB99CCFCFFCA6EA9B473955BD656522FC86BF698A92 |
SSDEEP: | 3:N1KJS4w3eGUoR5U2CX69lagzKA:Cc4w3eG15dZ9lXKA |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2296 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.mediafire.com/file/4zx7qsvp9c87xkx/MEE6_Controller.rar/file" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2360 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1028 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:3937553 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1948 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Exit code: 0 Version: 26,0,0,131 Modules
| |||||||||||||||
2896 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\MEE6 Controller.rar" | C:\Program Files\WinRAR\WinRAR.exe | iexplore.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
2956 | "C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" | C:\Users\admin\Desktop\MEE6 Controller - Setup.exe | explorer.exe | ||||||||||||
User: admin Company: Anonyme Integrity Level: MEDIUM Description: MEE6 Controller Setup Exit code: 0 Version: Modules
| |||||||||||||||
2308 | "C:\Users\admin\AppData\Local\Temp\is-F3P37.tmp\MEE6 Controller - Setup.tmp" /SL5="$8029C,10886353,724992,C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" | C:\Users\admin\AppData\Local\Temp\is-F3P37.tmp\MEE6 Controller - Setup.tmp | — | MEE6 Controller - Setup.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
3948 | "C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" /SPAWNWND=$801F4 /NOTIFYWND=$8029C | C:\Users\admin\Desktop\MEE6 Controller - Setup.exe | MEE6 Controller - Setup.tmp | ||||||||||||
User: admin Company: Anonyme Integrity Level: HIGH Description: MEE6 Controller Setup Exit code: 0 Version: Modules
| |||||||||||||||
3212 | "C:\Users\admin\AppData\Local\Temp\is-GSKKA.tmp\MEE6 Controller - Setup.tmp" /SL5="$E0266,10886353,724992,C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" /SPAWNWND=$801F4 /NOTIFYWND=$8029C | C:\Users\admin\AppData\Local\Temp\is-GSKKA.tmp\MEE6 Controller - Setup.tmp | MEE6 Controller - Setup.exe | ||||||||||||
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
2128 | "C:\Program Files\MEE6 Controller\MEE6 Controller.exe" | C:\Program Files\MEE6 Controller\MEE6 Controller.exe | MEE6 Controller - Setup.tmp | ||||||||||||
User: admin Integrity Level: MEDIUM Description: MEE6 Controller Exit code: 3762504530 Version: 1.5 Modules
|
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 369840542 | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30811798 | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2360 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9MWBJ1S.txt | — | |
MD5:— | SHA256:— | |||
2360 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\T11KJZXP.txt | text | |
MD5:EDC599324875182EF48C8E2CA795F240 | SHA256:FA9D04B69EA1D96FDADEC980F4B6264ABD5D67C0772215BCCEAE9CEA334018FE | |||
2360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:1C400D233070530C717A810D7F9BC99E | SHA256:58B407B0DDF17FBF78FCB2E2DAD4FABAADA9BD88641F19941480951A200AE4E0 | |||
2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\prebid2.44.1[1].js | text | |
MD5:AAAA66B0743FF66798FDEE9E0610E180 | SHA256:0A7E39087BED30F124A891216762B67ADDF2644E1C730BC5E94FA9D0AD733266 | |||
2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\f[1].txt | text | |
MD5:08E49092F42B1D8C59097BBD9FCCD5A0 | SHA256:598939256E7846E259B0F052351E90BC583D137C4669E9C863283D076FD09BD3 | |||
2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\icons_sprite[1].svg | image | |
MD5:51F76E839A217E338342852ED63D27C9 | SHA256:315F5F67F80B413592A970D2D7A3875294BE6039956C2EDFA0AA9D3095FA6F2D | |||
2360 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab9161.tmp | — | |
MD5:— | SHA256:— | |||
2360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | der | |
MD5:55BDB2070E8CD74DCE5DA3F5EC769DF5 | SHA256:230EF30A087ECDD39557AD2CCD4A4D4B60F2252E099A8FD8CEDA2F831226112C | |||
2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\apps_list_sprite-v4[1].png | image | |
MD5:E9CD3384FEB28199FE2BB7F9E95D4DCD | SHA256:AC9442C5EA66C76ECF230E9BD349D1F98354319765E366B4EC3150E76BEA828C | |||
2360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:C1CB702AB3672036EF772C247DC16876 | SHA256:CAFE5C8FBAEC0D297FD171CFFD38B33AD4EC7C59DC31549CA7F425269A37C632 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 172.217.16.174:80 | http://translate.google.com/translate_a/element.js?cb=googFooterTranslate | US | text | 796 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAqGuQR2WDHiQMxiERAfVzY%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAqGuQR2WDHiQMxiERAfVzY%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v4.png | US | image | 6.78 Kb | shared |
2360 | iexplore.exe | GET | 200 | 104.16.203.237:80 | http://www.mediafire.com/images/icons/svg_light/icons_sprite.svg | US | image | 8.51 Kb | shared |
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/download/dl_promo_logo.png | US | image | 2.19 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2360 | iexplore.exe | 216.58.206.10:443 | translate.googleapis.com | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 172.217.16.174:80 | translate.google.com | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 23.45.111.242:443 | c.aaxads.com | Akamai International B.V. | NL | unknown |
2360 | iexplore.exe | 216.58.210.2:443 | securepubads.g.doubleclick.net | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 216.58.210.8:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2296 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2360 | iexplore.exe | 104.16.190.66:443 | dmx.districtm.io | Cloudflare Inc | US | shared |
2360 | iexplore.exe | 34.95.120.147:443 | mediafire-d.openx.net | — | US | unknown |
2360 | iexplore.exe | 172.217.18.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 37.252.173.22:80 | ib.adnxs.com | AppNexus, Inc | — | unknown |
Domain | IP | Reputation |
---|---|---|
www.mediafire.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
translate.google.com |
| whitelisted |
securepubads.g.doubleclick.net |
| whitelisted |
c.aaxads.com |
| whitelisted |
cdn.otnolatrnup.com |
| whitelisted |
translate.googleapis.com |
| whitelisted |
static.mediafire.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Misc activity | ADWARE [PTsecurity] Redirecting.Zemot (RBN ZeroPark 0-Click) |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
— | — | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
— | — | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |