IOC Report
208.exe

loading gif

Files

File Path
Type
Category
Malicious
208.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\Desktop\QQWER.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\4c51f6.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\4c5264.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\4c9652.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\4c96fe.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
modified
C:\Users\user\Desktop\ 1.bmp
PC bitmap, Windows 3.x format, 43 x 25 x 24, image size 3300, cbSize 3354, bits offset 54
dropped
C:\Users\user\Desktop\ 2.bmp
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 124 x 21 x 24, image size 7812, cbSize 7866, bits offset 54
dropped
C:\Users\user\Desktop\ 4.bmp
PC bitmap, Windows 3.x format, 132 x 32 x 24, image size 12672, cbSize 12726, bits offset 54
dropped
C:\Users\user\Desktop\ 404.bmp
PC bitmap, Windows 3.x format, 312 x 196 x 24, image size 183456, cbSize 183510, bits offset 54
modified

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\208.exe
"C:\Users\user\Desktop\208.exe"
malicious
C:\Users\user\Desktop\208.exe
"C:\Users\user\Desktop\208.exe"
malicious

URLs

Name
IP
Malicious
http://www.eyuyan.com)DVarFileInfo$
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtI
unknown
http://ocsp.t
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtK
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txteM
unknown
http://.httpsset-cookie:;;
unknown
http://ts-ocsp.ws.s
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt/
unknown
https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtQ
unknown
http://ts-ocsp.ws.symantec.
unknown
http://sf.symc
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
42.193.100.57
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtC:
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt&
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtY
unknown
https://ww(w.v
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtQL
unknown
https://User-Agent:Mozilla/4.0
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtD
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
42.193.100.57
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
unknown
There are 12 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
42.193.100.57
unknown
China

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

Memdumps

Base Address
Regiontype
Protect
Malicious
36FF000
stack
page read and write
C2E000
heap
page read and write
7D9000
unkown
page write copy
30AB000
heap
page read and write
2984000
heap
page read and write
7E8000
unkown
page read and write
82E000
unkown
page readonly
B4F000
heap
page read and write
7D5000
unkown
page write copy
2BB5000
heap
page read and write
3ED1000
heap
page read and write
2DE3000
heap
page execute and read and write
2EFF000
heap
page execute and read and write
2D57000
heap
page execute and read and write
551000
unkown
page readonly
2F45000
heap
page execute and read and write
307C000
heap
page read and write
7D5000
unkown
page write copy
D00000
heap
page read and write
7F8000
unkown
page read and write
950000
heap
page read and write
3C0B000
stack
page read and write
401000
unkown
page execute read
551000
unkown
page readonly
2974000
heap
page read and write
3C3E000
stack
page read and write
39BE000
stack
page read and write
38FF000
stack
page read and write
7E3000
unkown
page write copy
D45000
heap
page read and write
10000000
direct allocation
page execute and read and write
B6C000
heap
page read and write
AC5000
heap
page read and write
1003A000
direct allocation
page execute and read and write
2BBD000
heap
page read and write
A8E000
heap
page read and write
2BD6000
heap
page read and write
31C3000
heap
page read and write
3AFE000
stack
page read and write
553C000
stack
page read and write
D6D000
heap
page read and write
A30000
heap
page read and write
A56000
heap
page read and write
AA0000
heap
page read and write
2E7A000
heap
page execute and read and write
B4E000
heap
page read and write
19C000
stack
page read and write
BF0000
heap
page read and write
2A74000
heap
page read and write
ACF000
heap
page read and write
97000
stack
page read and write
CC7000
heap
page read and write
9F0000
heap
page read and write
551000
unkown
page readonly
C40000
heap
page execute and read and write
2F24000
heap
page execute and read and write
D16000
heap
page read and write
D2D000
heap
page read and write
7E8000
unkown
page read and write
2670000
heap
page read and write
82E000
unkown
page readonly
401000
unkown
page execute read
2F02000
heap
page execute and read and write
7E2000
unkown
page read and write
AF2000
heap
page read and write
2B74000
heap
page read and write
2F7C000
heap
page read and write
A50000
heap
page read and write
826000
unkown
page read and write
400000
unkown
page readonly
CEA000
heap
page read and write
2700000
heap
page read and write
BD0000
heap
page read and write
7EC000
unkown
page read and write
2F49000
heap
page execute and read and write
2D72000
heap
page execute and read and write
2704000
heap
page read and write
290A000
heap
page read and write
3D4D000
stack
page read and write
D3A000
heap
page read and write
7B5000
unkown
page readonly
2B99000
heap
page read and write
2F24000
heap
page execute and read and write
940000
heap
page read and write
7D7000
unkown
page read and write
400000
unkown
page readonly
82B000
unkown
page read and write
B64000
heap
page read and write
A0E000
heap
page read and write
31C3000
heap
page read and write
C20000
heap
page read and write
C60000
heap
page read and write
826000
unkown
page read and write
FD6000
heap
page read and write
7EB000
unkown
page write copy
2D53000
heap
page execute and read and write
7EC000
unkown
page read and write
2DF7000
heap
page execute and read and write
2F20000
heap
page execute and read and write
401000
unkown
page execute read
2BE6000
heap
page read and write
CC0000
heap
page read and write
2A9B000
heap
page read and write
A04000
heap
page read and write
3B0E000
stack
page read and write
2F17000
heap
page execute and read and write
2BEE000
stack
page read and write
30C3000
heap
page read and write
3E8E000
stack
page read and write
35EE000
stack
page read and write
2A70000
heap
page read and write
806000
unkown
page read and write
3B3E000
stack
page read and write
940000
heap
page read and write
2B95000
heap
page read and write
26D0000
heap
page read and write
10000000
direct allocation
page execute and read and write
D35000
heap
page read and write
28EE000
stack
page read and write
3D8C000
stack
page read and write
B53000
heap
page read and write
B62000
heap
page read and write
C9E000
heap
page read and write
2A71000
heap
page read and write
2A93000
heap
page read and write
2970000
heap
page read and write
9F5000
heap
page read and write
2B8C000
heap
page read and write
97000
stack
page read and write
7EB000
unkown
page write copy
2BBA000
heap
page read and write
2950000
heap
page read and write
3C7E000
stack
page read and write
C24000
heap
page read and write
CC7000
heap
page read and write
372E000
stack
page read and write
3ED0000
heap
page read and write
82B000
unkown
page read and write
7D5000
unkown
page write copy
2F75000
heap
page read and write
36EF000
stack
page read and write
2C2A000
heap
page execute and read and write
397F000
stack
page read and write
2B9C000
heap
page read and write
C88000
heap
page read and write
307E000
heap
page read and write
D44000
heap
page read and write
D3E000
heap
page read and write
2F27000
heap
page execute and read and write
A20000
heap
page read and write
AF9000
heap
page read and write
7E3000
unkown
page write copy
7D7000
unkown
page read and write
B32000
heap
page read and write
2EF2000
heap
page execute and read and write
19C000
stack
page read and write
2A60000
heap
page execute and read and write
39FF000
stack
page read and write
2B9B000
heap
page read and write
2BBE000
heap
page read and write
C80000
heap
page read and write
D1B000
heap
page read and write
AC0000
heap
page read and write
382F000
stack
page read and write
7EB000
unkown
page write copy
551000
unkown
page readonly
5810000
heap
page read and write
A8A000
heap
page read and write
806000
unkown
page read and write
A00000
heap
page read and write
2926000
heap
page read and write
387E000
stack
page read and write
30C3000
heap
page read and write
2A84000
heap
page read and write
2BB6000
heap
page read and write
563E000
stack
page read and write
3C4E000
stack
page read and write
A80000
heap
page read and write
3D7B000
stack
page read and write
2E9F000
heap
page execute and read and write
ACC000
heap
page read and write
2C2E000
stack
page read and write
400000
unkown
page readonly
7B5000
unkown
page readonly
2A26000
heap
page read and write
2A9A000
heap
page read and write
7F8000
unkown
page read and write
400000
unkown
page readonly
5800000
heap
page read and write
2D6E000
heap
page execute and read and write
2BE3000
heap
page read and write
7EB000
unkown
page write copy
B14000
heap
page read and write
2FAB000
heap
page read and write
1003A000
direct allocation
page execute and read and write
30CE000
heap
page read and write
32B0000
heap
page read and write
2DD2000
heap
page execute and read and write
7B5000
unkown
page readonly
FD0000
heap
page read and write
2B93000
heap
page read and write
D35000
heap
page read and write
401000
unkown
page execute read
280A000
heap
page read and write
2F7E000
heap
page read and write
82E000
unkown
page readonly
82E000
unkown
page readonly
B62000
heap
page read and write
FCE000
stack
page read and write
2BC2000
heap
page read and write
7B5000
unkown
page readonly
CC3000
heap
page read and write
B66000
heap
page read and write
2BC5000
heap
page read and write
D3C000
heap
page read and write
2BAD000
heap
page read and write
3ABE000
stack
page read and write
2DC8000
heap
page execute and read and write
7E2000
unkown
page read and write
D24000
heap
page read and write
2C45000
heap
page execute and read and write
7D5000
unkown
page write copy
7D9000
unkown
page write copy
3400000
heap
page read and write
There are 214 hidden memdumps, click here to show them.