download:

proxima-nova-regular.otf

Full analysis: https://app.any.run/tasks/e5eea992-72d7-4e63-99dd-e41ef327096f
Verdict: No threats detected
Analysis date: September 23, 2020, 02:01:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/vnd.ms-opentype
File info: OpenType font data
MD5:

410504D49238E955BA7DC23A7F963021

SHA1:

28D04EB938C05B5158A69A709682D4F0517A59AB

SHA256:

36B59421BDC34FD9869A7541C47D5F157FF19EB183032EFFF759C4D5BE5D9CAE

SSDEEP:

1536:GG8kxBbvzDT28c6N2ABxlZ4KC+F+nET1HUB9hXsx68VQx6M179F:GG8kHbr06VJdFYEZUPBsxfux979F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 1688)

    • Creates files in the Windows directory

      • DllHost.exe (PID: 1688)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.otf | OpenType - CFF compact font format (100)

EXIF

Font

Copyright: Copyright (c) Mark Simonson, 2005. All rights reserved.
FontFamily: Proxima Nova
FontSubfamily: Regular
FontSubfamilyID: MarkSimonson: Proxima Nova Extrabold: 2005
FontName: Proxima Nova Regular
NameTableVersion: Version 2.003
PostScriptFontName: ProximaNova-Regular
Trademark: Proxima Nova is a trademark of Mark Simonson.
Designer: Mark Simonson
VendorURL: http://www.marksimonson.com
DesignerURL: http://www.marksimonson.com
LicenseInfoURL: http://www.ms-studio.com/FontSales/msslicenseagreement.html
PreferredFamily: Proxima Nova
PreferredSubfamily: Regular
Copyright-en-US: Copyright (c) Mark Simonson, 2005. All rights reserved.
FontFamily-en-US: Proxima Nova Rg
FontSubfamily-en-US: Regular
FontSubfamilyID-en-US: MarkSimonson: Proxima Nova Extrabold: 2005
FontName-en-US: Proxima Nova Regular
NameTableVersion-en-US: Version 2.003
PostScriptFontName-en-US: ProximaNova-Regular
Trademark-en-US: Proxima Nova is a trademark of Mark Simonson.
Designer-en-US: Mark Simonson
VendorURL-en-US: http://www.marksimonson.com
DesignerURL-en-US: http://www.marksimonson.com
LicenseInfoURL-en-US: http://www.ms-studio.com/FontSales/msslicenseagreement.html
PreferredFamily-en-US: Proxima Nova
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs fontview.exe no specs DllHost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1688C:\Windows\system32\DllHost.exe /Processid:{642EF9D6-48A5-476B-919A-A507CFD02C0F}C:\Windows\system32\DllHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2708"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\proxima-nova-regular.otfC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
4092"C:\Windows\System32\fontview.exe" C:\Users\admin\AppData\Local\Temp\proxima-nova-regular.otfC:\Windows\System32\fontview.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Font Viewer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\fontview.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
525
Read events
452
Write events
73
Delete events
0

Modification events

(PID) Process:(2708) rundll32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
Operation:writeName:otffile
Value:
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\System32\fontview.exe
Value:
Windows Font Viewer
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Value:
Adobe Acrobat Reader DC
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\eHome\ehshell.exe
Value:
Windows Media Center
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\system32\mspaint.exe
Value:
Paint
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\system32\NOTEPAD.EXE
Value:
Notepad
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\PROGRA~1\MICROS~1\Office14\OIS.EXE
Value:
Microsoft Office 2010
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Opera\Opera.exe
Value:
Opera Internet Browser
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
Value:
Windows Photo Viewer
(PID) Process:(2708) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\VideoLAN\VLC\vlc.exe
Value:
VLC media player
Executable files
0
Suspicious files
0
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
1688DllHost.exeC:\Windows\Fonts\proxima-nova-regular.otfotf
MD5:410504D49238E955BA7DC23A7F963021
SHA256:36B59421BDC34FD9869A7541C47D5F157FF19EB183032EFFF759C4D5BE5D9CAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
proxima-nova-regular.otf