The package downloads and executes a hidden executable from a suspicious URL, indicating malicious behavior. High entropy images add to suspicion.
No verification record available.
The package contains a batch script (extension/scripts/run.bat) that downloads an executable and a DLL from a suspicious URL (http://syn1112223334445556667778889990.org/Lightshot.exe and http://syn1112223334445556667778889990.org/Lightshot.dll). The script then executes the downloaded executable silently in the background and uses a '.done' file to ensure the actions are only performed once. The images icon.png and f.png have very high entropy. These factors combined strongly suggest malicious intent.
