IOC Report
S4.exe

loading gif

Files

File Path
Type
Category
Malicious
S4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\Desktop\QQWER.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\511543.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\5115d0.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\519c65.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\519cc2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 88 x 30 x 24, image size 7920, cbSize 7974, bits offset 54
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 113 x 35 x 24, image size 11900, cbSize 11954, bits offset 54
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 30 x 30 x 24, image size 2760, cbSize 2814, bits offset 54
dropped
C:\Users\user\Desktop\ .bmp
PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\Desktop\ .ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\Desktop\CF1.bmp
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
dropped
C:\Users\user\Desktop\dt3.bmp
PC bitmap, Windows 3.x format, 35 x 20 x 24, image size 2160, cbSize 2214, bits offset 54
dropped
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\S4.exe
"C:\Users\user\Desktop\S4.exe"
malicious
C:\Users\user\Desktop\S4.exe
"C:\Users\user\Desktop\S4.exe"
malicious

URLs

Name
IP
Malicious
http://www.eyuyan.com)DVarFileInfo$
unknown
http://42.193.100.57/123.txthqos.dll.mui
unknown
http://42.193.100.57/123.txtHv
unknown
http://ts-ocsp.ws.s
unknown
http://ts-ocsp.ws.symantec.
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt22658-3693405117-2476756634-1003
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtY
unknown
https://ww(w.v
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtX
unknown
http://42.193.100.57/123.txt&?P
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtshqos.dll.mui
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt_
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtx$
unknown
http://42.193.100.57/123.txt00.57/
unknown
http://42.193.100.57/%E7%89%88%E6%9C%AC%E6%9B%B4%E6%96%B0.txt
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txta
unknown
http://42.193.100.57/123.txtH?B
unknown
http://42.193.100.57/123.txtp
unknown
http://ocsp.t
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtJ
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtM
unknown
http://42.193.100.57/123.txtl
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtL
unknown
http://42.193.100.57/123.txttxt
unknown
http://sf.symc
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txts)
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt;AE
unknown
http://42.193.100.57/123.txtPlatform.exe
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txts.
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
42.193.100.57
http://42.193.100.57/123.txt
42.193.100.57
There are 22 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
42.193.100.57
unknown
China

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
3

Memdumps

Base Address
Regiontype
Protect
Malicious
2BAC000
heap
page read and write
A59000
heap
page read and write
7AB000
unkown
page write copy
9D0000
heap
page read and write
528E000
stack
page read and write
379F000
stack
page read and write
26A0000
heap
page read and write
8F0000
unkown
page readonly
A70000
heap
page read and write
794000
unkown
page write copy
2D21000
heap
page execute and read and write
28EF000
heap
page read and write
A8F000
heap
page read and write
A58000
heap
page read and write
30CC000
heap
page read and write
2B41000
heap
page read and write
2C3E000
stack
page read and write
19C000
stack
page read and write
2BFE000
stack
page read and write
2FC7000
heap
page read and write
7AB000
unkown
page read and write
A95000
heap
page read and write
3056000
heap
page read and write
A11000
heap
page read and write
2B90000
heap
page read and write
AAC000
heap
page read and write
A5C000
heap
page read and write
679000
unkown
page readonly
2D97000
heap
page execute and read and write
591B000
stack
page read and write
A36000
heap
page read and write
975000
heap
page read and write
2F69000
heap
page execute and read and write
2ABD000
heap
page read and write
2F5B000
heap
page read and write
A80000
heap
page read and write
A7E000
heap
page read and write
A38000
heap
page read and write
2F65000
heap
page execute and read and write
2BE3000
heap
page read and write
5AEC000
stack
page read and write
2A44000
heap
page read and write
A56000
heap
page read and write
401000
unkown
page execute read
27CD000
heap
page read and write
774000
unkown
page readonly
2965000
heap
page read and write
7ED000
unkown
page readonly
400000
unkown
page readonly
9D5000
heap
page read and write
3F6E000
stack
page read and write
774000
unkown
page readonly
2B6B000
heap
page read and write
41AF000
stack
page read and write
28B1000
heap
page read and write
2BDA000
heap
page read and write
9D0000
heap
page read and write
3A1E000
stack
page read and write
401000
unkown
page execute read
900000
heap
page read and write
9FB000
heap
page read and write
A92000
heap
page read and write
4FFB000
stack
page read and write
ABD000
heap
page read and write
7F5000
unkown
page readonly
7EB000
unkown
page read and write
7AB000
unkown
page read and write
2F5C000
heap
page read and write
400000
unkown
page readonly
2B83000
heap
page read and write
401000
unkown
page execute read
7F5000
unkown
page readonly
30C3000
heap
page read and write
9D8000
heap
page read and write
2B62000
heap
page read and write
2FD1000
heap
page read and write
970000
heap
page read and write
A14000
heap
page read and write
27B1000
heap
page read and write
2680000
heap
page read and write
2A57000
heap
page read and write
35A0000
heap
page read and write
2BB5000
heap
page read and write
A89000
heap
page read and write
A59000
heap
page read and write
3053000
heap
page read and write
7A7000
unkown
page read and write
796000
unkown
page read and write
7A1000
unkown
page read and write
774000
unkown
page readonly
28BF000
heap
page read and write
A59000
heap
page read and write
2BFB000
heap
page read and write
A44000
heap
page read and write
2A47000
heap
page read and write
25F0000
heap
page read and write
AC5000
heap
page read and write
2A4F000
heap
page read and write
29E1000
heap
page read and write
A4F000
heap
page read and write
2F61000
heap
page read and write
3A5E000
stack
page read and write
970000
heap
page read and write
76B000
unkown
page readonly
2BE7000
heap
page read and write
2B67000
heap
page read and write
40AE000
stack
page read and write
26C0000
heap
page read and write
39DF000
stack
page read and write
2A60000
heap
page read and write
8E7000
unkown
page readonly
3E38000
heap
page read and write
910000
heap
page read and write
8E7000
unkown
page readonly
2E08000
heap
page execute and read and write
7E5000
unkown
page read and write
26C5000
heap
page read and write
A55000
heap
page read and write
56DE000
stack
page read and write
4EFE000
stack
page read and write
57DE000
stack
page read and write
76B000
unkown
page readonly
28EA000
heap
page read and write
38DE000
stack
page read and write
7AB000
unkown
page write copy
ACA000
heap
page read and write
8F0000
unkown
page readonly
2AA0000
heap
page execute and read and write
7ED000
unkown
page readonly
2680000
heap
page read and write
985000
heap
page read and write
92000
stack
page read and write
2960000
heap
page read and write
A59000
heap
page read and write
A4E000
heap
page read and write
1003A000
direct allocation
page execute and read and write
2C6A000
heap
page execute and read and write
774000
unkown
page readonly
A52000
heap
page read and write
9F0000
heap
page read and write
798000
unkown
page write copy
A55000
heap
page read and write
9C4000
heap
page read and write
92000
stack
page read and write
53D000
unkown
page readonly
AB4000
heap
page read and write
26B0000
heap
page read and write
513F000
stack
page read and write
53D000
unkown
page readonly
1003A000
direct allocation
page execute and read and write
9C0000
heap
page read and write
41EE000
stack
page read and write
2EC9000
heap
page execute and read and write
53D000
unkown
page readonly
A60000
heap
page read and write
7E5000
unkown
page read and write
A55000
heap
page read and write
10000000
direct allocation
page execute and read and write
7B7000
unkown
page read and write
2EBF000
heap
page execute and read and write
76B000
unkown
page readonly
8F0000
unkown
page readonly
A93000
heap
page read and write
980000
heap
page read and write
7A7000
unkown
page read and write
400000
unkown
page readonly
29EA000
heap
page read and write
796000
unkown
page read and write
26B0000
heap
page read and write
7A1000
unkown
page read and write
990000
heap
page read and write
28C8000
heap
page read and write
FD9000
heap
page read and write
2FD2000
heap
page read and write
3A9E000
stack
page read and write
8E7000
unkown
page readonly
A0A000
heap
page read and write
794000
unkown
page write copy
2ABA000
heap
page read and write
A4F000
heap
page read and write
794000
unkown
page write copy
30CD000
heap
page read and write
9A0000
heap
page read and write
2A30000
heap
page execute and read and write
568F000
stack
page read and write
2C0B000
heap
page read and write
2F47000
heap
page execute and read and write
3057000
heap
page read and write
7A2000
unkown
page write copy
2E17000
heap
page execute and read and write
28A8000
heap
page read and write
5A6F000
stack
page read and write
A8B000
heap
page read and write
2B93000
heap
page read and write
AAF000
heap
page read and write
2F44000
heap
page execute and read and write
7EB000
unkown
page read and write
7ED000
unkown
page readonly
A52000
heap
page read and write
7ED000
unkown
page readonly
8E7000
unkown
page readonly
2BE0000
heap
page read and write
A18000
heap
page read and write
2B4A000
heap
page read and write
2B6F000
heap
page read and write
596E000
stack
page read and write
432E000
stack
page read and write
53D000
unkown
page readonly
42EF000
stack
page read and write
581E000
stack
page read and write
304D000
heap
page read and write
503E000
stack
page read and write
2D92000
heap
page execute and read and write
2BEA000
heap
page read and write
A72000
heap
page read and write
794000
unkown
page write copy
2E51000
heap
page execute and read and write
2BF4000
heap
page execute and read and write
FD0000
heap
page read and write
A0E000
heap
page read and write
3E30000
heap
page read and write
2900000
unkown
page read and write
35A8000
heap
page read and write
A9D000
heap
page read and write
2950000
heap
page read and write
7A9000
unkown
page write copy
7F5000
unkown
page readonly
2D93000
heap
page execute and read and write
2F37000
heap
page execute and read and write
A00000
heap
page read and write
401000
unkown
page execute read
26A0000
heap
page read and write
2B72000
heap
page read and write
7F5000
unkown
page readonly
A6B000
heap
page read and write
30B9000
heap
page read and write
27B6000
heap
page read and write
900000
heap
page read and write
97E000
heap
page read and write
389F000
stack
page read and write
798000
unkown
page write copy
679000
unkown
page readonly
A18000
heap
page read and write
FD5000
heap
page read and write
A4C000
heap
page read and write
2ED6000
heap
page execute and read and write
950000
heap
page read and write
2D1D000
heap
page execute and read and write
A8B000
heap
page read and write
2EF7000
heap
page execute and read and write
304E000
heap
page read and write
2ED9000
heap
page execute and read and write
679000
unkown
page readonly
406F000
stack
page read and write
7B8000
unkown
page read and write
30C4000
heap
page read and write
7C5000
unkown
page read and write
400000
unkown
page readonly
2C08000
heap
page read and write
7A2000
unkown
page write copy
995000
heap
page read and write
19C000
stack
page read and write
7C5000
unkown
page read and write
2ABF000
heap
page read and write
4DFF000
stack
page read and write
26B4000
heap
page read and write
27C8000
heap
page read and write
10000000
direct allocation
page execute and read and write
3630000
trusted library allocation
page read and write
7A9000
unkown
page write copy
2EFB000
heap
page execute and read and write
5BEE000
stack
page read and write
26CE000
heap
page read and write
518C000
stack
page read and write
679000
unkown
page readonly
8F0000
unkown
page readonly
76B000
unkown
page readonly
2DA9000
heap
page execute and read and write
A7A000
heap
page read and write
A52000
heap
page read and write
There are 270 hidden memdumps, click here to show them.