home

storage-eu-9.sharefile.com

ShareFile

Domain Information

The domain storage-eu-9.sharefile.com registered by ShareFile was initially registered in June of 2001 through REGISTER.COM, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
REGISTER.COM, INC.

Server location:
Dublin City, Ireland (IE)

Create date:
Sunday, June 24, 2001

Expires date:
Monday, June 24, 2019

Updated date:
Friday, March 13, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
sharefile.com

Whois:
1 sharefile.com record

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Gen:Variant.Strictor.96804, Trojan.Generic.15468885, Gen:Variant.Strictor.99288
60.00%

MicroWorld eScan
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Gen:Variant.Symmi.58852, Trojan.Generic.15309386, Trojan.GenericKD.2905876
33.33%

Arcabit
Trojan.Generic.DE99CB6, Trojan.Generic.D2CB198, Trojan.Symmi.DE5E4, Trojan.Generic.DE99A4A, Trojan.Generic.D2C5714
33.33%

ESET NOD32
Win32/TrojanDownloader.Banload.WQF, Win32/TrojanDownloader.Autoit.OAU (variant), Win32/TrojanDownloader.Delf.BNZ (variant)
33.33%

Bitdefender
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Gen:Variant.Symmi.58852, Trojan.Generic.15309386, Trojan.GenericKD.2905876
33.33%

Lavasoft Ad-Aware
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Gen:Variant.Symmi.58852, Trojan.Generic.15309386, Trojan.GenericKD.2905876
33.33%

F-Secure
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Gen:Variant.Symmi.58852, Trojan.Generic.15309386, Trojan.GenericKD.2905876
33.33%

G Data
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Gen:Variant.Symmi.58852, Trojan.Generic.15309386, Trojan.GenericKD.2905876
33.33%

Qihoo 360 Security
HEUR/QVM17.0.Malware.Gen, HEUR/QVM11.1.Malware.Gen, HEUR/QVM03.0.Malware.Gen, HEUR/QVM18.1.Malware.Gen
33.33%

ESET NOD32
Win32/TrojanDownloader.Delf.BNZ trojan, MSIL/TrojanDownloader.Banload.FV trojan, MSIL/TrojanDownloader.Agent.BJL trojan, Detection.Undefined
33.33%

nProtect
Trojan.Generic.15310006, Trojan.GenericKD.2929048, Trojan.Generic.15309386, Trojan.GenericKD.2905876
26.67%

McAfee
Artemis!3615A0FB2EA4, Artemis!3F67CFF91FDB, Artemis!35D414164DEE, Artemis!F0190F01D06A
26.67%

NANO AntiVirus
Trojan.Win32.Xpack.dyzlug, Trojan.Win32.Urelas.bdmnfz, Trojan.Win32.Agent.dyygmx, Trojan.Win32.Banload.dzcwfn
26.67%

avast!
Win32:Malware-gen, Win32:Dropper-gen [Drp], MSIL:Banker-FL [Trj]
26.67%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
26.67%

The domain storage-eu-9.sharefile.com has been seen to resolve to the following IP address.

54.77.76.231
ec2-54-77-76-231.eu-west-1.compute.amazonaws.com
January 28, 2016

File downloads found at URLs served by storage-eu-9.sharefile.com.

24 / 68    (Malware)
https://storage-eu-9.sharefile.com/download.ashx?dt=dtf56343312e55498b91a67da4b0641676&h=nkBWM 52rtJJm5qLSjYopIlopLwxZnQR2QoOWAqkP0c=  (flashplayer_21.2.1.exe)

1 / 68      (PUP)
https://storage-eu-9.sharefile.com/.../xxA8PWy3sqvPqDw8HyfU psNqqotwnhPCvFB5c=  (não confirmado 567371.crdownload)

19 / 68    (Malware)
https://storage-eu-9.sharefile.com/.../gZPpalFdy 7KMjAs5 rz1KRD0vmwnhrpkr9xs=  (flashplayer_23.0.0.exe)

3 / 68      (inconclusive)
https://storage-eu-9.sharefile.com/.../TiRmYP4=  (flashplayer22.exe)

2 / 68      (inconclusive)
https://storage-eu-9.sharefile.com/.../TiRmYP4=  (flashplayer22.exe)

4 / 68      (Malware)
https://storage-eu-9.sharefile.com/.../dkw=  (flashplayer23.exe)

9 / 68      (Malware)
https://storage-eu-9.sharefile.com/download.ashx?dt=dtdc63675c83ea401aab74cf18177188a1&h=08 PoFgUKcBEWCcrH1WdnnwR5fhzYQnwtunF6duuAFA=  (flashplayer_23.0.0.exe)

1 / 68      (inconclusive)
https://storage-eu-9.sharefile.com/download.ashx?dt=dtdc63675c83ea401aab74cf18177188a1&h=08 PoFgUKcBEWCcrH1WdnnwR5fhzYQnwtunF6duuAFA=  (flashplayer_23.0.0.exe)

21 / 68    (Malware)
https://storage-eu-9.sharefile.com/.../4AN5hwiwM=  (flashplayer_21.0.9.exe)

1 / 68      (inconclusive)
https://storage-eu-9.sharefile.com/.../49haTez2CDnpwLVUHbSgul1bFG3g=  (flashplayer24.exe)

2 / 68      (inconclusive)
https://storage-eu-9.sharefile.com/.../dkw=  (flashplayer23.exe)

9 / 68      (Malware)
https://storage-eu-9.sharefile.com/download.ashx?dt=dt846811d6834641e0b772c189e072c021&h=nlXIDDc20a5AzF/.../hNztI48vDaYNlZ7D8Y=  (flashplayer_23.0.0.exe)

14 / 68    (Malware)
https://storage-eu-9.sharefile.com/.../TiRmYP4=  (flashplayer22.exe)

4 / 68      (Malware)
https://storage-eu-9.sharefile.com/.../TiRmYP4=  (flashplayer22.exe)

4 / 68      (Malware)
https://storage-eu-9.sharefile.com/.../dkw=  (flashplayer23.exe)

23 / 68    (Malware)
https://storage-eu-9.sharefile.com/download.ashx?dt=dt106804fbbfef4a93b7981ac9b49b693b&h=n8T61oapNEEKyw1rsyy1Lxask9l1C075ENPsvbHqnXk=  (flashplayer_21.0.9.exe)

URL:
http://storage-eu-9.sharefile.com/

Title:
“ShareFile Storage Server”

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=*.sharefile.com, OU=ShareFile, O="ShareFile, LLC", L=Raleigh, S=NC, C=US

SSL certificate issuer:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

Web server:
Microsoft-IIS/7.5

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.