sogoubmbd.e| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | April 7, 2021, 2:49 p.m. | April 7, 2021, 2:51 p.m. |
-
-
minidownload.exe "C:\Users\test22\AppData\Local\Temp\minidownload.exe"
3872 -
SogouSoftware.exe "C:\Program Files (x86)\SogouSoftware\SogouSoftware.exe" /Loader /DownLoad?status=true&softurl=https%3A%2F%2Fxiazai.sogou.com%2Fcomm%2Fredir%3Fsoftdown%3D1%26u%3DYRyEVuHeM45mBjjEUSPVUEJm8GF_McJfVdEjKPrgnocp6RPTnPFSKls2-N19zn1Va8Lmqk8PKrETmEeYSY7hdVgXJ8-dW6ZyJd2HMCZpOTvLIGNafI07QZpggfaFdLzRilLVZzhV53fF-ago-P3fECJIPRI-Fuc_2_7UQsFpAMdOhnN4tSRzjZXjxkRUWaVh%26pcid%3D-9210862937994770673%26w%3D1950%26filename%3Dholdfast2.1.zip%26extra%3D5_tencent%26source%3Dtencent%26downloadtype%3Dsoftware%26stamp%3D20210407&iconurl=https%3A%2F%2Fimg02.sogoucdn.com%2Fv2%2Fthumb%2Fretype%2Fext%2Fjpg%2Fcls%2Fimagick%3Fappid%3D200504%26url%3Dhttp%3A%2F%2Fdl.app.sogou.com%2Fpc_logo%2F-9210862937994770673.png&softname=%E6%B5%A9%E6%96%B9%E6%96%B0%E5%B9%B3%E5%8F%B0&softsize=18.3+MB
4016
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| yze.t.sogou.com | 119.206.200.180 | |
| ping.t.sogou.com | 211.159.235.216 | |
| yz.app.sogou.com | 119.28.109.132 | |
| img02.sogoucdn.com | 211.152.132.122 | |
| xz.sogou.com | 118.191.216.57 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| pdb_path | F:\SogouSoftwareWorkDir\SogouSoftware\Src\MiniDownLoad\Release\MiniDownLoad.pdb |
| resource name | EXE |
| request | GET http://yz.app.sogou.com/appinfo?num=7187 |
| request | GET http://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=ajPvVhluZC6COd4TfDjHgh0000o60f--&unc=sogousoftware_normal&t=10&rand=1617785359 |
| request | GET http://xz.sogou.com/handleUserIdDb256?userid=293cdfe5155ef661a6c8d1373e74eb41&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend |
| request | GET http://yze.t.sogou.com/externalapp/3.2.2.58/SogouSoftwareExternalApp.exe |
| request | HEAD https://img02.sogoucdn.com/v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://dl.app.sogou.com/pc_logo/-9210862937994770673.png |
| request | GET https://img02.sogoucdn.com/v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://dl.app.sogou.com/pc_logo/-9210862937994770673.png |
| name | EXE | language | LANG_CHINESE | filetype | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0003a310 | size | 0x001ef578 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00243ce8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00244150 | size | 0x00000068 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x002441b8 | size | 0x000002f4 | ||||||||||||||||||
| file | C:\Program Files (x86)\SogouSoftware\download\download\MiniThunderPlatform.exe |
| file | C:\Program Files (x86)\SogouSoftware\download\download\MiniTPFw.exe |
| file | C:\Program Files (x86)\SogouSoftware\download\download\msvcr71.dll |
| file | C:\Program Files (x86)\SogouSoftware\crash\ExceptionReport.exe |
| file | C:\Users\test22\AppData\Local\Temp\minidownload.exe |
| file | C:\Program Files (x86)\SogouSoftware\download\download\msvcp71.dll |
| file | C:\Program Files (x86)\SogouSoftware\download\download\ThunderFW.exe |
| file | C:\Program Files (x86)\SogouSoftware\SogouSoftware.exe |
| file | C:\Program Files (x86)\SogouSoftware\download\download\download_engine.dll |
| file | C:\Program Files (x86)\SogouSoftware\download\download\atl71.dll |
| file | C:\Program Files (x86)\SogouSoftware\tmp\ExternalApp.exe |
| file | C:\Program Files (x86)\SogouSoftware\download\xldl.dll |
| file | C:\Program Files (x86)\SogouSoftware\download\download\zlib1.dll |
| file | C:\Program Files (x86)\SogouSoftware\SogouSoftwareLoader.dll |
| file | C:\Program Files (x86)\SogouSoftware\download\download\dl_peer_id.dll |
| file | C:\Users\test22\AppData\Local\Temp\minidownload.exe |
| file | C:\Program Files (x86)\SogouSoftware\SogouSoftware.exe |
| file | C:\Users\test22\AppData\Local\Temp\minidownload.exe |
| section | {u'size_of_data': u'0x0020a800', u'virtual_address': u'0x0003a000', u'entropy': 7.935676122614296, u'name': u'.rsrc', u'virtual_size': u'0x0020a638'} | entropy | 7.93567612261 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.900279991385 | description | Overall entropy of this PE file is high | |||||||||||
| url | http://nsis.sf.net/NSIS_Error |
| description | Escalade priviledges | rule | escalate_priv | ||||||
| description | Take screenshot | rule | screenshot | ||||||
| description | Affect system registries | rule | win_registry | ||||||
| description | Affect system token | rule | win_token | ||||||
| description | Affect private profile | rule | win_private_profile | ||||||
| description | Affect private profile | rule | win_files_operation | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| host | 172.217.25.14 | |||
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob |
| process | sogoubmbd.e | useragent | HttpDownload | ||||||
| process | sogoubmbd.e | useragent | HttpRequest | ||||||
| process | SogouSoftware.exe | useragent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240}) | ||||||
| Bkav | W32.HfsAdware.170E |
| CAT-QuickHeal | Trojan.MauvaiseRI.S5244821 |
| McAfee | PUP-FTL |
| Cylance | Unsafe |
| Zillya | Downloader.SogouCRTD.Win32.237 |
| K7AntiVirus | Unwanted-Program ( 004cca081 ) |
| Alibaba | Downloader:Win32/Sogou.e55d24e6 |
| K7GW | Unwanted-Program ( 004cca081 ) |
| Invincea | heuristic |
| F-Prot | W32/Sogou.H.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| APEX | Malicious |
| ClamAV | Win.Worm.Chir-2282 |
| Kaspersky | not-a-virus:Downloader.Win32.Sogou.g |
| NANO-Antivirus | Trojan.Win32.Gbot.fgypno |
| Avast | Win32:Malware-gen |
| Emsisoft | Application.Chindo (A) |
| Comodo | Application.Win32.Sogou.C@6e9656 |
| F-Secure | Adware.ADWARE/Sogou.wqqyp |
| DrWeb | BackDoor.Gbot.2850 |
| VIPRE | Trojan.Win32.Generic!BT |
| TrendMicro | TROJ_GEN.R002C0PJJ19 |
| McAfee-GW-Edition | BehavesLike.Win32.PWSZbot.vc |
| FireEye | Generic.mg.a57644fd92464f84 |
| SentinelOne | DFI - Malicious PE |
| Cyren | W32/Sogou.H.gen!Eldorado |
| eGambit | Unsafe.AI_Score_90% |
| Avira | ADWARE/Sogou.wqqyp |
| Antiy-AVL | RiskWare[Downloader]/Win32.Sogou |
| Microsoft | PUA:Win32/Sogou |
| Endgame | malicious (high confidence) |
| ZoneAlarm | not-a-virus:Downloader.Win32.Sogou.g |
| AhnLab-V3 | PUP/Win32.Downloader.R180775 |
| VBA32 | Downloader.Sogou |
| Malwarebytes | Adware.Sogou |
| ESET-NOD32 | a variant of Win32/Sogou.H potentially unwanted |
| TrendMicro-HouseCall | TROJ_GEN.R002C0PJJ19 |
| Yandex | PUA.Downloader! |
| Ikarus | not-a-virus:Downloader.Sogou |
| MaxSecure | Trojan.Malware.8608356.susgen |
| AVG | Win32:Malware-gen |
| Panda | PUP/Sogou |
| CrowdStrike | win/malicious_confidence_80% (D) |