beginning-c-5th-edition-ivor-horton.pdf
This report is generated from a file or URL submitted to this webservice on December 6th 2018 22:38:15 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.20 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 1
-
Unusual Characteristics
-
PDF file has an embedded URL referencing an executable file
- details
-
"http://orders-ny@springer-sbm.com" (Indicator: ".com", Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.nuonsoft.com" (Indicator: ".com", Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://rights@apress.com" (Indicator: ".com", Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.springeronline.com" (Indicator: ".com", Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.apress.com" (Indicator: ".com", Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin") - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1192 (Show technique in the MITRE ATT&CK™ matrix)
-
PDF file has an embedded URL referencing an executable file
-
Suspicious Indicators 3
-
Exploit/Shellcode
-
Possible heap spraying attempt detected
- details
- "RdrCEF.exe" issued more than 3000 memory allocations
- source
- API Call
- relevance
- 10/10
-
Possible heap spraying attempt detected
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "orders-ny@springer-sbm.com"
Pattern match: "rights@apress.com"
Pattern match: "marc.gregoire@nuonsoft.com" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Installation/Persistance
-
PDF file has an embedded URL to file
- details
- "http://notepad-plus-plus.org/" references a file
- source
- File/Memory
- relevance
- 10/10
-
PDF file has an embedded URL to file
-
Informative 13
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/60 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"\Sessions\1\BaseNamedObjects\com.adobe.acrobat.rna.RdrCefBrowserLock.DC" - source
- Created Mutant
- relevance
- 3/10
-
PDF file has an embedded URL
- details
-
"http://notepad-plus-plus.org/" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.smorgasbordet.com/pellesc/" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.gnu.org" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.nuonsoft.com/blog/" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://orders-ny@springer-sbm.com" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.becpp.org" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.nuonsoft.com" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.apress.com/source-code/" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://rights@apress.com" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.it-ebooks.info/" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.apress.com/" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.springeronline.com" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.apress.com/bulk-sales" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin")
"http://www.apress.com" (Based on: "7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc.bin") - source
- File/Memory
- relevance
- 3/10
-
Process launched with changed environment
- details
-
Process "RdrCEF.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\test_tools""
Process "RdrCEF.exe" (Show Process) was launched with missing environment variables: "MEOW" - source
- Monitored Target
- relevance
- 10/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "Shell_TrayWnd"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R18"
"AcroRd32.exe" searching for class "JFWUI2" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=FC85F4209457EAF41C188B98 ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=11F5E29E1E2C2D00C98A8EDB ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
-
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=FC85F4209457EAF41C188B98 ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=11F5E29E1E2C2D00C98A8EDB ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Creates mutants
-
Installation/Persistance
-
Creates new processes
- details
-
"AcroRd32.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1432), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1344), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
Handle: 1444) - source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"A9Ryat5wz_r494ec_1vo.tmp" has type "data"
"A9Rgrz09e_r494ea_1vo.tmp" has type "data"
"A9Rt4p2ze_r494eb_1vo.tmp" has type "data"
"data_1" has type "data"
"Visited Links" has type "data"
"urlref_httpwww.smorgasbordet.compellesc" has type "HTML document ASCII text"
"urlref_httpwww.nuonsoft.comblog" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Touches files in the Windows directory
- details
-
"RdrCEF.exe" touched file "%WINDIR%\SysWOW64\oleaccrc.dll"
"RdrCEF.exe" touched file "%WINDIR%\System32\spool\drivers\color\sRGB Color Space Profile.icm"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbd.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNB.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"RdrCEF.exe" touched file "%WINDIR%\SysWOW64\KBDUS.DLL"
"RdrCEF.exe" touched file "%WINDIR%\System32\drivers\etc\hosts"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\timesbd.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\timesi.ttf"
"RdrCEF.exe" touched file "%WINDIR%\SysWOW64\tzres.dll"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALN.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ariali.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNI.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbi.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNBI.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ariblk.ttf" - source
- API Call
- relevance
- 7/10
-
Creates new processes
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://notepad-plus-plus.org/"
Pattern match: "http://www.smorgasbordet.com/pellesc/"
Pattern match: "http://www.gnu.org"
Pattern match: "http://www.nuonsoft.com/blog/"
Pattern match: "http://orders-ny@springer-sbm.com"
Pattern match: "http://www.becpp.org"
Pattern match: "http://www.nuonsoft.com"
Pattern match: "http://www.apress.com/source-code/"
Pattern match: "http://rights@apress.com"
Pattern match: "http://www.it-ebooks.info/"
Pattern match: "http://www.apress.com/"
Pattern match: "http://www.springeronline.com"
Pattern match: "http://www.apress.com/bulk-sales"
Pattern match: "http://www.apress.com"
Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
Pattern match: "http://ns.adobe.com/xap/1.0/t/pg/"
Pattern match: "http://purl.org/dc/elements/1.1/"
Pattern match: "http://ns.adobe.com/xap/1.0/mm/"
Pattern match: "http://ns.adobe.com/xap/1.0/g/"
Pattern match: "http://ns.adobe.com/xap/1.0/sType/ResourceEvent#"
Pattern match: "http://ns.adobe.com/xap/1.0/sType/Font#"
Pattern match: "adobe.com/xap/1.0/sType/ResourceRef#"
Pattern match: "http://purl.org"
Pattern match: "http://ns.adobe.com/illustrator/1.0/"
Pattern match: "http://ns.adobe.com/pdf/1.3/"
Pattern match: "http://ns.adobe.co"
Pattern match: "http://ns.adobe.com/xap/1.0/sType/Dimensions#"
Pattern match: "http://ns.adobe.com/xap/1.0/sType/ResourceRef#"
Pattern match: "adobe.com/pdf/1.3/"
Pattern match: "www.apress.com/"
Heuristic match: "\(\) Function)
/Parent 7446 0 R
/Next 7451 0 R
>>
endobj
7455 0 obj
<<
/Count -2
/Last 7457 0 R
/Parent 7179 0 R
/Title (Functions with a Variable Number of Arguments)
/Dest (9781430248811_Ch09.indd:Sec10)
/Next 7450 0 R
/Prev 7456 0 R
/First 7458 0 R
>>
e"
Heuristic match: "8082 0 R (9781430248811_Ch13.indd:Sec1) 8083 0 R (9781430248811_Ch13.indd:Sec10)
8084 0 R (9781430248811_Ch13.indd:Sec11) 8085 0 R (9781430248811_Ch13.indd:Sec12)
8086 0 R (9781430248811_Ch13.indd:Sec13) 8087 0 R (9781430248811_Ch13.indd:Sec14)
8088 0 R"
Heuristic match: "0248811_Ch14.indd:Sec23) 8132 0 R (9781430248811_Ch14.indd:Sec24) 8133 0 R
(9781430248811_Ch14.indd:Sec25) 8134 0 R (9781430248811_Ch14.indd:Sec26) 8135 0 R
(9781430248811_Ch14.indd:Sec27) 8136 0 R (9781430248811_Ch14.indd:Sec3) 8137 0 R
(9781430248811_"
Pattern match: "http://ns.adobe.com/xmp/InDesign/private"
Pattern match: "http://www.npes.org/pdfx/ns/id/"
Pattern match: "http://ns.adobe.com/exif/1.0/"
Pattern match: "www.it-ebooks.info"
Pattern match: "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
Pattern match: "http://www.w3.org/1999/xhtml"
Pattern match: "http://gmpg.org/xfn/11"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/themes/fresh/style.css"
Pattern match: "http://www.nuonsoft.com/blog/feed/"
Pattern match: "http://www.nuonsoft.com/blog/feed/atom/"
Pattern match: "http://www.nuonsoft.com/blog/xmlrpc.php"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/themes/fresh/images/favicon.ico"
Pattern match: "www.nuonsoft.com\/blog\/wp-includes\/js\/wp-emoji-release.min.js?ver=123ee46a176cba43f519b169c8415574"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/captcha/css/front_end_style.css?ver=4.4.5"
Pattern match: "http://www.nuonsoft.com/blog/wp-includes/css/dashicons.min.css?ver=123ee46a176cba43f519b169c8415574"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/captcha/css/desktop_style.css?ver=4.4.5"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15"
Pattern match: "http://www.nuonsoft.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4"
Pattern match: "http://www.nuonsoft.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1"
Pattern match: "https://api.w.org/"
Pattern match: "http://www.nuonsoft.com/blog/xmlrpc.php?rsd"
Pattern match: "http://www.nuonsoft.com/blog/wp-includes/wlwmanifest.xml"
Pattern match: "https://static.addtoany.com/menu/page.js;b.parentNode.insertBefore(a,b)"
Pattern match: "www.nuonsoft.com/blog/?wordfence_lh=1&hid=5057AEB7B399810DB26570D662B24CB6"
Pattern match: "http://www.nuonsoft.com/blog"
Pattern match: "http://www.nuonsoft.com/blog/about/"
Pattern match: "http://www.nuonsoft.com/blog/books-i-worked-on/"
Pattern match: "http://www.nuonsoft.com/blog/wp-login.php?action=register"
Pattern match: "http://www.nuonsoft.com/blog/2018/12/02/visual-studio-2017-version-15-9-released/"
Pattern match: "http://www.nuonsoft.com/blog/2018/12/02/visual-studio-2017-version-15-9-released/#respond"
Pattern match: "http://www.nuonsoft.com/blog/tag/visual-c-2017/"
Pattern match: "http://www.nuonsoft.com/images/blog/vs_logo4.png"
Pattern match: "https://blogs.msdn.microsoft.com/vcblog/2018/09/26/step-back-going-back-in-c-time/"
Pattern match: "https://github.com/ericniebler/range-v3/"
Pattern match: "https://docs.microsoft.com/en-us/cpp/cpp-conformance-improvements-2017?view=vs-2017#update_159"
Pattern match: "https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes"
Pattern match: "http://madskills.com/public/xml/rss/module/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/12/02/visual-studio-2017-version-15-9-released/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/11/11/video-of-my-cppcon-2018-presentation-writing-standard-library-compliant-data-structures-and-algorithms/"
Pattern match: "http://www.nuonsoft.com/blog/2018/11/11/video-of-my-cppcon-2018-presentation-writing-standard-library-compliant-data-structures-and-algorithms/#respond"
Pattern match: "http://www.nuonsoft.com/blog/tag/cppcon/"
Pattern match: "http://cppcon.org/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/09/slides-of-my-cppcon-2018-presentation-writing-standard-library-compliant-data-structures-and-algorithms/"
Pattern match: "https://www.youtube.com/embed/fChDijocVec?feature=oembed"
Pattern match: "http://www.nuonsoft.com/blog/2018/11/11/video-of-my-cppcon-2018-presentation-writing-standard-library-compliant-data-structures-and-algorithms/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/18/c17-standard-library-algorithms-changes-and-additions/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/18/c17-standard-library-algorithms-changes-and-additions/#respond"
Pattern match: "http://www.nuonsoft.com/blog/tag/c17/"
Pattern match: "https://blogs.msdn.microsoft.com/vcblog/2018/10/16/standard-library-algorithms-changes-and-additions-in-c17/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/18/c17-standard-library-algorithms-changes-and-additions/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/09/slides-of-my-cppcon-2018-presentation-writing-standard-library-compliant-data-structures-and-algorithms/#respond"
Pattern match: "http://www.nuonsoft.com/downlds/CppCon"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/09/slides-of-my-cppcon-2018-presentation-writing-standard-library-compliant-data-structures-and-algorithms/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/06/c-c-challenge-by-dekimo/"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/06/c-c-challenge-by-dekimo/#respond"
Pattern match: "http://www.nuonsoft.com/blog/tag/challenge/"
Pattern match: "http://www.nuonsoft.com/images/Dekimo%20Challenge%202018.jpg"
Pattern match: "https://editx.eu/it-challenge/cc-challenge-dekimo"
Pattern match: "http://www.nuonsoft.com/blog/2018/10/06/c-c-challenge-by-dekimo/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/09/16/next-becpp-ug-meeting-planned-for-october-25th-2018/"
Pattern match: "http://www.nuonsoft.com/blog/2018/09/16/next-becpp-ug-meeting-planned-for-october-25th-2018/#respond"
Pattern match: "https://goo.gl/maps/mNVzBLxCVtn"
Pattern match: "http://www.altran.com/"
Pattern match: "https://amzn.to/2JjvkWe"
Pattern match: "https://becpp-October-2018.eventbrite.com/"
Pattern match: "http://www.nuonsoft.com/blog/2018/09/16/next-becpp-ug-meeting-planned-for-october-25th-2018/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/08/23/c17-in-detail-by-bartlomiej-filipek/"
Pattern match: "http://www.nuonsoft.com/blog/2018/08/23/c17-in-detail-by-bartlomiej-filipek/#respond"
Pattern match: "http://www.nuonsoft.com/blog/tag/book/"
Pattern match: "http://nuonsoft.com/images/blog/Cpp17InDetail.png"
Pattern match: "https://leanpub.com/cpp17indetail"
Pattern match: "http://www.nuonsoft.com/blog/2018/08/23/c17-in-detail-by-bartlomiej-filipek/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/23/c17-removed-and-deprecated-features/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/23/c17-removed-and-deprecated-features/#respond"
Pattern match: "https://mariusbancila.ro/blog/2018/07/05/c17-removed-and-deprecated-features/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/23/c17-removed-and-deprecated-features/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/21/my-cppcon-2018-session/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/21/my-cppcon-2018-session/#respond"
Pattern match: "https://twitter.com/hashtag/cppcon"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/21/my-cppcon-2018-session/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/06/const-auto-versus-const-auto-for-pointer-types/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/06/const-auto-versus-const-auto-for-pointer-types/#comments"
Pattern match: "http://www.nuonsoft.com/blog/tag/auto/"
Pattern match: "http://www.nuonsoft.com/blog/2018/07/06/const-auto-versus-const-auto-for-pointer-types/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/28/visual-studio-2017-version-15-8-preview-3-released/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/28/visual-studio-2017-version-15-8-preview-3-released/#respond"
Pattern match: "https://blogs.msdn.microsoft.com/visualstudio/2018/06/26/visual-studio-2017-version-15-8-preview-3/"
Pattern match: "https://blogs.msdn.microsoft.com/vcblog/2018/05/07/announcing-msvc-conforms-to-the-c-standard/"
Pattern match: "http://www.nuonsoft.com/images/blog/MSVC-Conformance-2018.png"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/28/visual-studio-2017-version-15-8-preview-3-released/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/19/c17-attributes/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/19/c17-attributes/#comments"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/04/c17-fallthrough-in-switch-statements/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/19/c17-attributes/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/10/fixing-unreadable-window-titles-in-maximized-mfc-ribbon-bar-applications/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/10/fixing-unreadable-window-titles-in-maximized-mfc-ribbon-bar-applications/#respond"
Pattern match: "http://www.nuonsoft.com/blog/tag/ribbon/"
Pattern match: "http://nuonsoft.com/images/blog/MFC_Ribbon_Non_Maximized.png"
Pattern match: "http://nuonsoft.com/images/blog/MFC_Ribbon_Maximized.png"
Pattern match: "http://nuonsoft.com/images/blog/MFC_Ribbon_Maximized_Fixed.png"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/10/fixing-unreadable-window-titles-in-maximized-mfc-ribbon-bar-applications/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/06/c17-stdstring_view/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/06/c17-stdstring_view/#comments"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/06/c17-stdstring_view/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/04/c17-fallthrough-in-switch-statements/#respond"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/04/c17-fallthrough-in-switch-statements/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/03/c17-stdbyte/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/03/c17-stdbyte/#comments"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/03/c17-stdbyte/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/02/next-becpp-ug-meeting-planned-for-june-28th-2018/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/02/next-becpp-ug-meeting-planned-for-june-28th-2018/#respond"
Pattern match: "https://goo.gl/maps/eYqrNufEvEF2"
Pattern match: "http://amplidata.com/"
Pattern match: "https://jetbrains.com/"
Pattern match: "https://becpp-June-2018.eventbrite.com/"
Pattern match: "http://www.nuonsoft.com/blog/2018/06/02/next-becpp-ug-meeting-planned-for-june-28th-2018/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/04/05/professional-c-4th-edition-released/"
Pattern match: "http://www.nuonsoft.com/blog/2018/04/05/professional-c-4th-edition-released/#respond"
Pattern match: "http://www.nuonsoft.com/images/blog/pro_cpp_4th.jpg"
Pattern match: "https://www.wiley.com/en-us/Professional+C%2B%2B%2C+4th+Edition-p-9781119421306"
Pattern match: "http://www.nuonsoft.com/blog/2018/04/05/professional-c-4th-edition-released/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/01/27/next-becpp-ug-meeting-planned-for-february-28th-2018/"
Pattern match: "http://www.nuonsoft.com/blog/2018/01/27/next-becpp-ug-meeting-planned-for-february-28th-2018/#respond"
Pattern match: "http://becpp.org/blog/2018/01/27/next-becpp-ug-meeting-planned-for-february-28th-2018/"
Pattern match: "http://nokia.be/"
Pattern match: "https://www.amazon.com/gp/product/1484218752/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1484218752&linkCode=as2&tag=nuonsoft-standard-lib-quick-reference-20&linkId=0e63a899d83502776c2b2e1a2f1d64de"
Pattern match: "https://becpp-February-2018.eventbrite.com/"
Pattern match: "http://www.nuonsoft.com/blog/2018/01/27/next-becpp-ug-meeting-planned-for-february-28th-2018/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/2018/01/24/c17-initializers-for-if-switch-statements/"
Pattern match: "http://www.nuonsoft.com/blog/2018/01/24/c17-initializers-for-if-switch-statements/#respond"
Pattern match: "http://www.nuonsoft.com/blog/2018/01/24/c17-initializers-for-if-switch-statements/trackback/"
Pattern match: "http://www.nuonsoft.com/blog/page/2/"
Pattern match: "http://www.nuonsoft.com/blog/comments/feed/"
Pattern match: "http://mvp.microsoft.com/en-us/mvp/Marc%20Gregoire-38280"
Pattern match: "http://www.microsoft.com/belux/meet/#Marc+Gregoire"
Pattern match: "http://www.apress.com/9781484218754"
Pattern match: "http://cppcoders.com/quickref"
Pattern match: "https://www.amazon.com/gp/product/1484218752/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1484218752&linkCode=as2&tag=nuonsoft-standard-lib-quick-reference-20&linkId=40d266895676d9dc5d303fe1c4871234"
Pattern match: "http://www.nuonsoft.com/images/blog/C++%20Standard"
Pattern match: "http://becpp.org/"
Pattern match: "https://wordpress.org/"
Pattern match: "https://akismet.com"
Pattern match: "http://www.codeguru.com/"
Pattern match: "http://codexpert.ro/blog/"
Pattern match: "http://www.snowball.be/"
Pattern match: "http://isocpp.org"
Pattern match: "http://blog.krisvandermast.com/"
Pattern match: "http://geekswithblogs.net/claeyskurt/Default.aspx"
Pattern match: "http://www.jmedved.com/"
Pattern match: "http://www.nuonsoft.com/"
Pattern match: "http://wordpress.org"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/themes/fresh/images/wordpress.gif"
Pattern match: "http://www.bartelme.at/"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/themes/fresh/images/bartelme.gif"
Pattern match: "http://www.nuonsoft.com/blog#top"
Pattern match: "http://www.ilemoned.com/wordpress/wptheme-fresh/"
Pattern match: "http://validator.w3.org/check/referer"
Pattern match: "http://jigsaw.w3.org/css-validator/validator?uri=http://www.nuonsoft.com/blog/wp-content/themes/fresh/style.css"
Pattern match: "http://www.contentquality.com/fulloptions.asp?Url1=http://www.nuonsoft.com/blog"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shCore.js?ver=3.0.9b"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCpp.js?ver=3.0.9b"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b"
Pattern match: "http://www.nuonsoft.com/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?ver=3.0.9b"
Pattern match: "http://www.nuonsoft.com/blog/wp-includes/js/wp-embed.min.js?ver=123ee46a176cba43f519b169c8415574"
Pattern match: "http://www.google-analytics.com/urchin.js"
Pattern match: "http://www.smorgasbordet.com/img/favicon.ico"
Pattern match: "http://www.smorgasbordet.com/forum/index.php?type=rss;action=.xml" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"<p>The official video is now also available on YouTube. Enjoy </p>" (Indicator: "youtube")
"<p><iframe width="500" height="281" src="https://www.youtube.com/embed/fChDijocVec?feature=oembed" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></p>" (Indicator: "youtube")
"<p>More information about CppCon (<a href="https://twitter.com/hashtag/cppcon" target="_blank" rel="noopener">#CppCon</a>) can be found here: <a href="https://cppcon.org/" target="_blank" rel="noopener">https://cppcon.org/</a>.</p>" (Indicator: "twitter") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
File Details
beginning-c-5th-edition-ivor-horton.pdf
- Filename
- beginning-c-5th-edition-ivor-horton.pdf
- Size
- 5.6MiB (5893533 bytes)
- Type
- Description
- PDF document, version 1.6
- Architecture
- WINDOWS
- SHA256
- 7ed94e1e2e86885f291ecc4e8edf9cb058b678ee52318cc2ba650c90124819bc
- MD5
- 39fb6ab286042e2d99177526df59e8c4
- SHA1
- 08636ad3b30d60c43dba0351ff23a935c260e0f4
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 4 processes in total.
-
AcroRd32.exe
"C:\beginning-c-5th-edition-ivor-horton.pdf"
(PID: 2436)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 3976)
- RdrCEF.exe --type=renderer --primordial-pipe-token=FC85F4209457EAF41C188B9872CBD89E --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=FC85F4209457EAF41C188B9872CBD89E --renderer-client-id=2 --mojo-platform-channel-handle=1288 --allow-no-sandbox-job /prefetch:1 (PID: 3352)
- RdrCEF.exe --type=renderer --primordial-pipe-token=11F5E29E1E2C2D00C98A8EDB3AC85769 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=11F5E29E1E2C2D00C98A8EDB3AC85769 --renderer-client-id=3 --mojo-platform-channel-handle=1364 --allow-no-sandbox-job /prefetch:1 (PID: 3716)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 3976)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 7
-
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 3976)
- MD5
- 7c263884082c143e48f13663e8cb4467
- SHA1
- e26816c6778183824874a025956faa52e504060e
- SHA256
- 085dd146e1f4e8e0b9bb8d85b91961890ec351dbe7139fe30afad47b0a65d16a
-
Visited Links
- Size
- 128KiB (131072 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 3976)
- MD5
- 81a284a2b84dde3230ff339415b0112f
- SHA1
- f61be0648fe365bc7d398aa4907c097a06739384
- SHA256
- cdb94563c99017ea9eb34642740794033fb48257f3f06df0ab5af0da5f7cbf6c
-
A9Rgrz09e_r494ea_1vo.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2436)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9Rt4p2ze_r494eb_1vo.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 2436)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9Ryat5wz_r494ec_1vo.tmp
- Size
- 2B (2 bytes)
- Type
- data
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
urlref_httpwww.smorgasbordet.compellesc
- Size
- 1.3KiB (1284 bytes)
- Type
- html
- Description
- HTML document, ASCII text
- Context
- http://www.smorgasbordet.com/pellesc/
- MD5
- cba942eeabe243b47300c9486c07dae6
- SHA1
- cb8a971b2fd1381e90c9d3934312803dbeba0a3a
- SHA256
- 2fc09b2e34e7808eebfea552e2e17407ba88c8953820eb439e8be3620938794d
-
urlref_httpwww.nuonsoft.comblog
- Size
- 109KiB (112069 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
- Context
- http://www.nuonsoft.com/blog/
- MD5
- 2a36a15eab33d816eb5170489f34969f
- SHA1
- 40e713058a9bf2a57b5e4f902941df707ca44ad5
- SHA256
- aaa6f5d1162c37ffb4a9f13ffc9651fefe302f7818236bbc4478143938af582e
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Network whitenoise filtering was applied
- No static analysis parsing on sample was performed
- Not all IP/URL string resources were checked online
- Not all referenced URLs were checked, as a threshold was met
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "api-88" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)