IOC Report
99.exe

loading gif

Files

File Path
Type
Category
Malicious
99.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\709f3c.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\709faa.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Desktop\ 3.bmp
PNG image data, 26 x 27, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\Desktop\ .ini
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\99.exe
"C:\Users\user\Desktop\99.exe"
malicious

URLs

Name
IP
Malicious
http://www.eyuyan.com)DVarFileInfo$
unknown
https://ww(w.v
unknown
http://ocsp.t
unknown
http://.httpsset-cookie:;;
unknown
http://ts-ocsp.ws.s
unknown
http://ts-ocsp.ws.symantec.
unknown
https://note.youdao.com/yws/public/note/fee7522094b30863456a85ffb799784a?sev=j1
unknown
http://sf.symc
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
A57000
heap
page read and write
5F5000
unkown
page write copy
A6E000
heap
page read and write
2760000
trusted library allocation
page read and write
2661000
heap
page read and write
29CA000
heap
page execute and read and write
970000
heap
page read and write
9BE000
heap
page read and write
97000
stack
page read and write
603000
unkown
page write copy
2A72000
heap
page execute and read and write
1003A000
direct allocation
page execute and read and write
7D5000
heap
page read and write
2788000
heap
page read and write
750000
heap
page read and write
2B18000
heap
page execute and read and write
7D0000
heap
page read and write
2550000
heap
page read and write
8DF000
stack
page read and write
60C000
unkown
page write copy
2551000
heap
page read and write
2668000
heap
page read and write
5F5000
unkown
page write copy
950000
heap
page read and write
A81000
heap
page read and write
990000
heap
page read and write
9FB000
heap
page read and write
293B000
heap
page execute and read and write
29B0000
heap
page execute and read and write
2AF7000
heap
page execute and read and write
60C000
unkown
page read and write
2650000
heap
page execute and read and write
9B0000
heap
page read and write
2540000
heap
page read and write
2795000
heap
page read and write
279E000
stack
page read and write
A69000
heap
page read and write
400000
unkown
page readonly
2544000
heap
page read and write
54C000
unkown
page readonly
A5B000
heap
page read and write
A35000
heap
page read and write
401000
unkown
page execute read
79E000
stack
page read and write
5F9000
unkown
page write copy
2791000
heap
page read and write
27B9000
heap
page read and write
10000000
direct allocation
page execute and read and write
608000
unkown
page read and write
2B1C000
heap
page execute and read and write
400000
unkown
page readonly
A3C000
heap
page read and write
2510000
heap
page read and write
A6C000
heap
page read and write
9BA000
heap
page read and write
7B0000
heap
page read and write
60A000
unkown
page write copy
2558000
heap
page read and write
2AEA000
heap
page execute and read and write
A4B000
heap
page read and write
64E000
unkown
page readonly
266D000
heap
page read and write
7D7000
heap
page read and write
2760000
trusted library allocation
page read and write
27B6000
heap
page read and write
278B000
heap
page read and write
319F000
stack
page read and write
2812000
heap
page execute and read and write
401000
unkown
page execute read
670000
heap
page read and write
54C000
unkown
page readonly
646000
unkown
page read and write
A66000
heap
page read and write
64B000
unkown
page read and write
64E000
unkown
page readonly
2798000
heap
page read and write
9A0000
heap
page read and write
2660000
heap
page read and write
19C000
stack
page read and write
2AFA000
heap
page execute and read and write
9FC000
heap
page read and write
27DE000
stack
page read and write
A38000
heap
page read and write
995000
heap
page read and write
954000
heap
page read and write
309F000
stack
page read and write
5F7000
unkown
page read and write
618000
unkown
page read and write
27A9000
heap
page read and write
293F000
heap
page execute and read and write
920000
heap
page read and write
602000
unkown
page read and write
There are 82 hidden memdumps, click here to show them.