Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.19987.15855.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.19987.15855.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wco4vy5.omd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rtvw3g1f.4rr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ryfqyz2j.vz3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxmv10ti.b1j.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.19987.15855.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.19987.15855.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.19987.15855.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name8
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 16 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1840000
|
direct allocation
|
page read and write
|
|
|
|
1470000
|
heap
|
page read and write
|
||
|
17DE000
|
stack
|
page read and write
|
||
|
5F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
43A9000
|
trusted library allocation
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1588000
|
heap
|
page read and write
|
||
|
5EEC000
|
trusted library allocation
|
page read and write
|
||
|
15A6000
|
heap
|
page read and write
|
||
|
15A4000
|
heap
|
page read and write
|
||
|
15F1000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
7532000
|
trusted library allocation
|
page read and write
|
||
|
7CD1000
|
heap
|
page read and write
|
||
|
7D50000
|
trusted library section
|
page read and write
|
||
|
5CF0000
|
heap
|
page read and write
|
||
|
ADDD000
|
stack
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
1987000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A37000
|
heap
|
page read and write
|
||
|
1976000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9DF000
|
stack
|
page read and write
|
||
|
179E000
|
stack
|
page read and write
|
||
|
7FD0000
|
trusted library section
|
page read and write
|
||
|
1ADE000
|
direct allocation
|
page execute and read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
195D000
|
trusted library allocation
|
page execute and read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
43C9000
|
trusted library allocation
|
page read and write
|
||
|
FEC000
|
stack
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
7ECE000
|
stack
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
B15C000
|
stack
|
page read and write
|
||
|
14E7000
|
heap
|
page read and write
|
||
|
5824000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
1972000
|
trusted library allocation
|
page read and write
|
||
|
AC5F000
|
stack
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
16DF000
|
stack
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
196D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DE0000
|
heap
|
page read and write
|
||
|
197A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA1D000
|
stack
|
page read and write
|
||
|
192E000
|
stack
|
page read and write
|
||
|
7E00000
|
trusted library section
|
page read and write
|
||
|
1A69000
|
direct allocation
|
page execute and read and write
|
||
|
AC9E000
|
stack
|
page read and write
|
||
|
43A1000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
heap
|
page read and write
|
||
|
1953000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
1BF1000
|
direct allocation
|
page execute and read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
7CBC000
|
heap
|
page read and write
|
||
|
5BD0000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
19F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A4B000
|
stack
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
33FC000
|
trusted library allocation
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
5F10000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
54DC000
|
stack
|
page read and write
|
||
|
1980000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
trusted library section
|
page readonly
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
1940000
|
trusted library allocation
|
page read and write
|
||
|
7C50000
|
heap
|
page read and write
|
||
|
5846000
|
trusted library allocation
|
page read and write
|
||
|
7C97000
|
heap
|
page read and write
|
||
|
584D000
|
trusted library allocation
|
page read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
A89E000
|
stack
|
page read and write
|
||
|
1595000
|
heap
|
page read and write
|
||
|
19EE000
|
stack
|
page read and write
|
||
|
5CFC000
|
heap
|
page read and write
|
||
|
5EE0000
|
trusted library allocation
|
page read and write
|
||
|
1960000
|
trusted library allocation
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
930E000
|
stack
|
page read and write
|
||
|
5841000
|
trusted library allocation
|
page read and write
|
||
|
A75E000
|
stack
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
198B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
19A0000
|
trusted library allocation
|
page read and write
|
||
|
B29E000
|
stack
|
page read and write
|
||
|
1645000
|
heap
|
page read and write
|
||
|
7FCE000
|
stack
|
page read and write
|
||
|
5BB0000
|
heap
|
page read and write
|
||
|
1C0D000
|
direct allocation
|
page execute and read and write
|
||
|
7CA5000
|
heap
|
page read and write
|
||
|
AB1D000
|
stack
|
page read and write
|
||
|
7AA1000
|
trusted library allocation
|
page read and write
|
||
|
1A20000
|
trusted library allocation
|
page read and write
|
||
|
457E000
|
trusted library allocation
|
page read and write
|
||
|
5D2D000
|
heap
|
page read and write
|
||
|
106A000
|
unkown
|
page readonly
|
||
|
1940000
|
direct allocation
|
page execute and read and write
|
||
|
11F6000
|
stack
|
page read and write
|
||
|
1A6D000
|
direct allocation
|
page execute and read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
1A00000
|
heap
|
page execute and read and write
|
||
|
1C06000
|
direct allocation
|
page execute and read and write
|
||
|
A8DE000
|
stack
|
page read and write
|
||
|
AEDE000
|
stack
|
page read and write
|
||
|
3326000
|
trusted library allocation
|
page read and write
|
||
|
A79E000
|
stack
|
page read and write
|
||
|
9077000
|
trusted library allocation
|
page read and write
|
||
|
1954000
|
trusted library allocation
|
page read and write
|
||
|
1A10000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
5BD5000
|
heap
|
page read and write
|
||
|
53DB000
|
stack
|
page read and write
|
||
|
171E000
|
stack
|
page read and write
|
||
|
B19D000
|
stack
|
page read and write
|
||
|
7CB1000
|
heap
|
page read and write
|
||
|
1486000
|
heap
|
page read and write
|
||
|
AB5D000
|
stack
|
page read and write
|
||
|
1982000
|
trusted library allocation
|
page read and write
|
||
|
7F4A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1970000
|
trusted library allocation
|
page read and write
|
||
|
AD9E000
|
stack
|
page read and write
|
||
|
183F000
|
stack
|
page read and write
|
||
|
58A3000
|
heap
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
1C88000
|
direct allocation
|
page execute and read and write
|
||
|
B2B0000
|
trusted library allocation
|
page read and write
|
||
|
440D000
|
trusted library allocation
|
page read and write
|
||
|
B05B000
|
stack
|
page read and write
|
||
|
1A30000
|
heap
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
3320000
|
trusted library allocation
|
page read and write
|
||
|
10FA000
|
stack
|
page read and write
|
||
|
33A1000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
heap
|
page execute and read and write
|
||
|
169D000
|
stack
|
page read and write
|
||
|
5852000
|
trusted library allocation
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
34A1000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
trusted library allocation
|
page read and write
|
||
|
EED000
|
stack
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
582B000
|
trusted library allocation
|
page read and write
|
||
|
7A10000
|
trusted library section
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
5EE8000
|
trusted library allocation
|
page read and write
|
||
|
FB2000
|
unkown
|
page readonly
|
There are 156 hidden memdumps, click here to show them.