home

storage-eu-3.sharefile.com

ShareFile

Domain Information

The domain storage-eu-3.sharefile.com registered by ShareFile was initially registered in June of 2001 through REGISTER.COM, INC.. Currently this domain has been known to host various forms of malware. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
REGISTER.COM, INC.

Create date:
Sunday, June 24, 2001

Expires date:
Monday, June 24, 2019

Updated date:
Friday, March 13, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
sharefile.com

Whois:
1 sharefile.com record

Scanner detections:
Malware distribution  (59% detected)

Scan engine
Details
Detections

Avira AntiVirus
TR/Crypt.ZPACK.219144, TR/Dldr.Delf.780800, TR/Dldr.Agent.38400.44, TR/Spy.Agent.190976.13, TR/Dldr.Agent.27136.135, TR/Dropper.MSIL.241763
54.55%

ESET NOD32
Win32/TrojanDownloader.Banload.WQR, Win32/TrojanDownloader.Delf.BNZ (variant), MSIL/TrojanDownloader.Banload.FO (variant)
45.45%

ESET NOD32
Win32/TrojanDownloader.Delf.BNZ trojan, Detection.Undefined, MSIL/TrojanDownloader.Banload.GC trojan
45.45%

avast!
Win32:Malware-gen, MSIL:Banker-FL [Trj], Win32:Evo-gen [Susp]
45.45%

Fortinet FortiGate
W32/Delf.BNZ!tr.dldr, MSIL/Banload.FP!tr.dldr, MSIL/Banload.FX!tr.dldr, MSIL/Injector.NLD!tr
45.45%

Kaspersky
UDS:DangerousObject.Multi.Generic, HEUR:Trojan-Downloader.Win32.Generic, Trojan.MSIL.Agent, Trojan-Dropper.Win32.Dapato
36.36%

MicroWorld eScan
Trojan.Generic.15515859, Trojan.GenericKD.2902373, Gen:Trojan.Heur.KT.2.lm0@aqKjdTg, Trojan.Generic.15567525
36.36%

McAfee
Artemis!DFBB495694A5, RDN/Generic Downloader.x, Artemis!298E9A834883, RDN/Generic PWS.y
36.36%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
36.36%

Bitdefender
Trojan.Generic.15515859, Trojan.GenericKD.2902373, Gen:Trojan.Heur.KT.2.lm0@aqKjdTg, Trojan.Generic.15567525
36.36%

G Data
Trojan.Generic.15515859, Trojan.GenericKD.2902373, Gen:Trojan.Heur.KT.2.lm0@aqKjdTg, Trojan.Generic.15567525
36.36%

F-Secure
Trojan.Generic.15515859, Trojan.GenericKD.2902373, Gen:Trojan.Heur.KT.2.lm0@aqKjdTg, Trojan.Generic.15567525
36.36%

Arcabit
Trojan.Generic.DECC0D3, Trojan.Generic.D2C4965, Trojan.Heur.KT.2.E9299C, Trojan.Generic.DED8AA5
36.36%

IKARUS anti.virus
Trojan-Downloader.Win32.Delf, Trojan-Downloader.MSIL.Banload, Trojan.MSIL.Crypt, Trojan.MSIL.Injector
36.36%

AVG
Downloader.Generic14, Downloader.MSIL, Luhe.Fiha.A
36.36%

The domain storage-eu-3.sharefile.com has been seen to resolve to the following IP address.

54.76.17.9
ec2-54-76-17-9.eu-west-1.compute.amazonaws.com
December 5, 2015

File downloads found at URLs served by storage-eu-3.sharefile.com.

0 / 68
https://storage-eu-3.sharefile.com/.../xUBU3EibUzEgRUMF39NEEL ie8ZKNV0=  (flashplayer_24.0.0.exe)

0 / 68
https://storage-eu-3.sharefile.com/download.ashx?dt=dt0a21c579436041919518824f0eac0a16  (hfadb1.exe)

0 / 68
https://storage-eu-3.sharefile.com/download.ashx?dt=dt92ee1ea9427249c68df7199caeb2ae8d  (hfadb2.exe)

0 / 68
https://storage-eu-3.sharefile.com/download.ashx?dt=dt4fbae6aa059a4b868b1e2d7b805e4723&h=F18XmXDkMWPU4Z7LfzRlX86O9ysxA h9LYld1Ue9df0=  (june.zip)

0 / 68
https://storage-eu-3.sharefile.com/download.ashx?dt=dt867a36a2d52d408cb1ad2f0c7844fe84&h=6wk7nf3RvkBrSWWcNsOeQ2VI8Wve8UOno5dQoNuNjho=  (filmi_full_izle.setup.exe)

18 / 68    (Malware)
https://storage-eu-3.sharefile.com/.../M54lQzbnlVGrGU4=  (flashplayer26.exe)

27 / 68    (Malware)
https://storage-eu-3.sharefile.com/.../dBKte8rVC0iKVjVTcwyms=  (flashupdate_20.3.3.exe)

8 / 68      (Malware)
https://storage-eu-3.sharefile.com/download.ashx?dt=dtcbb4edb56ec2413994390e8bbd6bc60e&h=PAeDGTNMuqdV725hnp2tkhrPtt2mW0YTf15WyNIeWaQ=  (flashplayer26.exe)

1 / 68      (PUP)
https://storage-eu-3.sharefile.com/download.ashx?dt=dt9099fab9f8134a738b140468e597dfe7&h=2EA7YQ zU/.../zLpdqqFeDr8s5ksD6QPBALc=  (flashplayer25.exe)

3 / 68      (Malware)
https://storage-eu-3.sharefile.com/.../xUBU3EibUzEgRUMF39NEEL ie8ZKNV0=  (flashplayer_24.0.0.exe)

1 / 68      (inconclusive)
https://storage-eu-3.sharefile.com/.../Wc=  (flashplayer23.exe)

21 / 68    (Malware)
https://storage-eu-3.sharefile.com/download.ashx?dt=dt61bb692c3e6347ccbfbcf62f937eade2&h=ufaUl3zYyAOIjnNMWFbbdOP57D9oWmxQAVxgY15Eetc=  (anexo - documentos visualizar.exe)

3 / 68      (Malware)
https://storage-eu-3.sharefile.com/.../xUBU3EibUzEgRUMF39NEEL ie8ZKNV0=  (flashplayer_24.0.0.exe)

3 / 68      (Malware)
https://storage-eu-3.sharefile.com/.../xUBU3EibUzEgRUMF39NEEL ie8ZKNV0=  (flashplayer_24.0.0.exe)

23 / 68    (Malware)
https://storage-eu-3.sharefile.com/download.ashx?dt=dt721d8d0d82e047e4a96cd9abb58c0c66&h=1CCqH9DhjqkhwhSdUX7cWlN5DYYshMcWbrY7L1WSRxU=  (flashplayer21.exe)

0 / 68
https://storage-eu-3.sharefile.com/download.ashx?dt=dt721d8d0d82e047e4a96cd9abb58c0c66&h=1CCqH9DhjqkhwhSdUX7cWlN5DYYshMcWbrY7L1WSRxU=  (flashplayer21.exe)

5 / 68      (Malware)
https://storage-eu-3.sharefile.com/download.ashx?dt=dtdd061eba2f5f40a7acd69604787fc894&h=oNejDVYiYoCUf3fRYI6sTF85VgEMn33BQmxbkaJi9AU=  (flashplayer_21.0.9.exe)

URL:
http://storage-eu-3.sharefile.com/

Title:
“ShareFile Storage Server”

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=*.sharefile.com, OU=ShareFile, O="ShareFile, LLC", L=Raleigh, S=NC, C=US

SSL certificate issuer:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

Web server:
Microsoft-IIS/7.5

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.