Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TSD_ESign_Window_7_V2.5.8.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\is-536DE.tmp\TSD_ESign_Window_7_V2.5.8.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-VQOJS.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\TSD_ESign_Window_7_V2.5.8.exe
|
"C:\Users\user\Desktop\TSD_ESign_Window_7_V2.5.8.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-536DE.tmp\TSD_ESign_Window_7_V2.5.8.tmp
|
"C:\Users\user\AppData\Local\Temp\is-536DE.tmp\TSD_ESign_Window_7_V2.5.8.tmp" /SL5="$203EE,7563488,777728,C:\Users\user\Desktop\TSD_ESign_Window_7_V2.5.8.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://einvoice.com.vn/Ah1
|
unknown
|
||
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
https://einvoice.com.vn/0https://einvoice.com.vn/0https://einvoice.com.vn/
|
unknown
|
||
|
https://einvoice.com.vn/9jO
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
||
|
https://einvoice.com.vn/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
15.164.165.52.in-addr.arpa
|
unknown
|
||
|
50.23.12.20.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5EE000
|
stack
|
page read and write
|
||
|
2421000
|
direct allocation
|
page read and write
|
||
|
3921000
|
heap
|
page read and write
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
241A000
|
direct allocation
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
24FD000
|
direct allocation
|
page read and write
|
||
|
2445000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page write copy
|
||
|
6C6000
|
unkown
|
page write copy
|
||
|
6DD000
|
unkown
|
page readonly
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
243E000
|
direct allocation
|
page read and write
|
||
|
22D9000
|
direct allocation
|
page read and write
|
||
|
6C6000
|
unkown
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
24A4000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
3960000
|
heap
|
page read and write
|
||
|
6F3000
|
unkown
|
page readonly
|
||
|
3480000
|
direct allocation
|
page read and write
|
||
|
38E1000
|
heap
|
page read and write
|
||
|
2257000
|
direct allocation
|
page read and write
|
||
|
2333000
|
direct allocation
|
page read and write
|
||
|
22A6000
|
direct allocation
|
page read and write
|
||
|
27F3000
|
heap
|
page read and write
|
||
|
24B4000
|
direct allocation
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
7FB50000
|
direct allocation
|
page read and write
|
||
|
6DF000
|
unkown
|
page readonly
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
23FB000
|
direct allocation
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
2341000
|
direct allocation
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
233A000
|
direct allocation
|
page read and write
|
||
|
22BD000
|
direct allocation
|
page read and write
|
||
|
2316000
|
direct allocation
|
page read and write
|
||
|
225E000
|
direct allocation
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
2521000
|
direct allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
226D000
|
direct allocation
|
page read and write
|
||
|
2528000
|
direct allocation
|
page read and write
|
||
|
2249000
|
direct allocation
|
page read and write
|
||
|
3494000
|
direct allocation
|
page read and write
|
||
|
BF0000
|
direct allocation
|
page execute and read and write
|
||
|
2230000
|
direct allocation
|
page read and write
|
||
|
22E1000
|
direct allocation
|
page read and write
|
||
|
1E7000
|
heap
|
page read and write
|
||
|
229F000
|
direct allocation
|
page read and write
|
||
|
6D0000
|
unkown
|
page read and write
|
||
|
8D2000
|
heap
|
page read and write
|
||
|
2590000
|
direct allocation
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
2308000
|
direct allocation
|
page read and write
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
248C000
|
direct allocation
|
page read and write
|
||
|
50BF000
|
stack
|
page read and write
|
||
|
2513000
|
direct allocation
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
2462000
|
direct allocation
|
page read and write
|
||
|
249D000
|
direct allocation
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
8C1000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
2496000
|
direct allocation
|
page read and write
|
||
|
22F1000
|
direct allocation
|
page read and write
|
||
|
2324000
|
direct allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2348000
|
direct allocation
|
page read and write
|
||
|
3480000
|
direct allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
245B000
|
direct allocation
|
page read and write
|
||
|
8E1000
|
heap
|
page read and write
|
||
|
2291000
|
direct allocation
|
page read and write
|
||
|
2282000
|
direct allocation
|
page read and write
|
||
|
227B000
|
direct allocation
|
page read and write
|
||
|
2265000
|
direct allocation
|
page read and write
|
||
|
24D8000
|
direct allocation
|
page read and write
|
||
|
6D5000
|
unkown
|
page read and write
|
||
|
22B6000
|
direct allocation
|
page read and write
|
||
|
6CD000
|
unkown
|
page read and write
|
||
|
349E000
|
direct allocation
|
page read and write
|
||
|
2479000
|
direct allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
37AD000
|
direct allocation
|
page read and write
|
||
|
8F2000
|
heap
|
page read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
8D2000
|
heap
|
page read and write
|
||
|
24EF000
|
direct allocation
|
page read and write
|
||
|
250C000
|
direct allocation
|
page read and write
|
||
|
2429000
|
direct allocation
|
page read and write
|
||
|
2679000
|
direct allocation
|
page read and write
|
||
|
22EA000
|
direct allocation
|
page read and write
|
||
|
22C4000
|
direct allocation
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
4B7000
|
unkown
|
page read and write
|
||
|
6C8000
|
unkown
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
230F000
|
direct allocation
|
page read and write
|
||
|
24F6000
|
direct allocation
|
page read and write
|
||
|
27E0000
|
direct allocation
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
220F000
|
stack
|
page read and write
|
||
|
27E0000
|
direct allocation
|
page read and write
|
||
|
23F8000
|
direct allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
7FE35000
|
direct allocation
|
page read and write
|
||
|
22F8000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1E6000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
24D1000
|
direct allocation
|
page read and write
|
||
|
348B000
|
direct allocation
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
2413000
|
direct allocation
|
page read and write
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
244D000
|
direct allocation
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
232C000
|
direct allocation
|
page read and write
|
||
|
37B7000
|
direct allocation
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
24CA000
|
direct allocation
|
page read and write
|
||
|
24E8000
|
direct allocation
|
page read and write
|
||
|
2504000
|
direct allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
251A000
|
direct allocation
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
2437000
|
direct allocation
|
page read and write
|
||
|
248F000
|
direct allocation
|
page read and write
|
||
|
22AF000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
231D000
|
direct allocation
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
2454000
|
direct allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
2401000
|
direct allocation
|
page read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
2289000
|
direct allocation
|
page read and write
|
||
|
2590000
|
direct allocation
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
37A6000
|
direct allocation
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
2274000
|
direct allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
34B0000
|
direct allocation
|
page read and write
|
||
|
91B000
|
heap
|
page read and write
|
||
|
6D8000
|
unkown
|
page write copy
|
||
|
37C7000
|
direct allocation
|
page read and write
|
||
|
24C2000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
2250000
|
direct allocation
|
page read and write
|
||
|
3860000
|
heap
|
page read and write
|
||
|
24BB000
|
direct allocation
|
page read and write
|
||
|
22CB000
|
direct allocation
|
page read and write
|
There are 184 hidden memdumps, click here to show them.