Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
S4.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\Desktop\QQWER.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\511543.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\5115d0.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\519c65.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\519cc2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 88 x 30 x 24, image size 7920, cbSize 7974, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 113 x 35 x 24, image size 11900, cbSize 11954, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 30 x 30 x 24, image size 2760, cbSize 2814, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\Desktop\ .ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\CF1.bmp
|
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\dt3.bmp
|
PC bitmap, Windows 3.x format, 35 x 20 x 24, image size 2160, cbSize 2214, bits offset 54
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\S4.exe
|
"C:\Users\user\Desktop\S4.exe"
|
||
C:\Users\user\Desktop\S4.exe
|
"C:\Users\user\Desktop\S4.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
http://42.193.100.57/123.txthqos.dll.mui
|
unknown
|
||
http://42.193.100.57/123.txtHv
|
unknown
|
||
http://ts-ocsp.ws.s
|
unknown
|
||
http://ts-ocsp.ws.symantec.
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt22658-3693405117-2476756634-1003
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtY
|
unknown
|
||
https://ww(w.v
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtX
|
unknown
|
||
http://42.193.100.57/123.txt&?P
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtshqos.dll.mui
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt_
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtx$
|
unknown
|
||
http://42.193.100.57/123.txt00.57/
|
unknown
|
||
http://42.193.100.57/%E7%89%88%E6%9C%AC%E6%9B%B4%E6%96%B0.txt
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txta
|
unknown
|
||
http://42.193.100.57/123.txtH?B
|
unknown
|
||
http://42.193.100.57/123.txtp
|
unknown
|
||
http://ocsp.t
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtJ
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtM
|
unknown
|
||
http://42.193.100.57/123.txtl
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtL
|
unknown
|
||
http://42.193.100.57/123.txttxt
|
unknown
|
||
http://sf.symc
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txts)
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt;AE
|
unknown
|
||
http://42.193.100.57/123.txtPlatform.exe
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txts.
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
|
42.193.100.57
|
||
http://42.193.100.57/123.txt
|
42.193.100.57
|
There are 22 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
42.193.100.57
|
unknown
|
China
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
3
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2BAC000
|
heap
|
page read and write
|
||
A59000
|
heap
|
page read and write
|
||
7AB000
|
unkown
|
page write copy
|
||
9D0000
|
heap
|
page read and write
|
||
528E000
|
stack
|
page read and write
|
||
379F000
|
stack
|
page read and write
|
||
26A0000
|
heap
|
page read and write
|
||
8F0000
|
unkown
|
page readonly
|
||
A70000
|
heap
|
page read and write
|
||
794000
|
unkown
|
page write copy
|
||
2D21000
|
heap
|
page execute and read and write
|
||
28EF000
|
heap
|
page read and write
|
||
A8F000
|
heap
|
page read and write
|
||
A58000
|
heap
|
page read and write
|
||
30CC000
|
heap
|
page read and write
|
||
2B41000
|
heap
|
page read and write
|
||
2C3E000
|
stack
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
2BFE000
|
stack
|
page read and write
|
||
2FC7000
|
heap
|
page read and write
|
||
7AB000
|
unkown
|
page read and write
|
||
A95000
|
heap
|
page read and write
|
||
3056000
|
heap
|
page read and write
|
||
A11000
|
heap
|
page read and write
|
||
2B90000
|
heap
|
page read and write
|
||
AAC000
|
heap
|
page read and write
|
||
A5C000
|
heap
|
page read and write
|
||
679000
|
unkown
|
page readonly
|
||
2D97000
|
heap
|
page execute and read and write
|
||
591B000
|
stack
|
page read and write
|
||
A36000
|
heap
|
page read and write
|
||
975000
|
heap
|
page read and write
|
||
2F69000
|
heap
|
page execute and read and write
|
||
2ABD000
|
heap
|
page read and write
|
||
2F5B000
|
heap
|
page read and write
|
||
A80000
|
heap
|
page read and write
|
||
A7E000
|
heap
|
page read and write
|
||
A38000
|
heap
|
page read and write
|
||
2F65000
|
heap
|
page execute and read and write
|
||
2BE3000
|
heap
|
page read and write
|
||
5AEC000
|
stack
|
page read and write
|
||
2A44000
|
heap
|
page read and write
|
||
A56000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
27CD000
|
heap
|
page read and write
|
||
774000
|
unkown
|
page readonly
|
||
2965000
|
heap
|
page read and write
|
||
7ED000
|
unkown
|
page readonly
|
||
400000
|
unkown
|
page readonly
|
||
9D5000
|
heap
|
page read and write
|
||
3F6E000
|
stack
|
page read and write
|
||
774000
|
unkown
|
page readonly
|
||
2B6B000
|
heap
|
page read and write
|
||
41AF000
|
stack
|
page read and write
|
||
28B1000
|
heap
|
page read and write
|
||
2BDA000
|
heap
|
page read and write
|
||
9D0000
|
heap
|
page read and write
|
||
3A1E000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
900000
|
heap
|
page read and write
|
||
9FB000
|
heap
|
page read and write
|
||
A92000
|
heap
|
page read and write
|
||
4FFB000
|
stack
|
page read and write
|
||
ABD000
|
heap
|
page read and write
|
||
7F5000
|
unkown
|
page readonly
|
||
7EB000
|
unkown
|
page read and write
|
||
7AB000
|
unkown
|
page read and write
|
||
2F5C000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2B83000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
7F5000
|
unkown
|
page readonly
|
||
30C3000
|
heap
|
page read and write
|
||
9D8000
|
heap
|
page read and write
|
||
2B62000
|
heap
|
page read and write
|
||
2FD1000
|
heap
|
page read and write
|
||
970000
|
heap
|
page read and write
|
||
A14000
|
heap
|
page read and write
|
||
27B1000
|
heap
|
page read and write
|
||
2680000
|
heap
|
page read and write
|
||
2A57000
|
heap
|
page read and write
|
||
35A0000
|
heap
|
page read and write
|
||
2BB5000
|
heap
|
page read and write
|
||
A89000
|
heap
|
page read and write
|
||
A59000
|
heap
|
page read and write
|
||
3053000
|
heap
|
page read and write
|
||
7A7000
|
unkown
|
page read and write
|
||
796000
|
unkown
|
page read and write
|
||
7A1000
|
unkown
|
page read and write
|
||
774000
|
unkown
|
page readonly
|
||
28BF000
|
heap
|
page read and write
|
||
A59000
|
heap
|
page read and write
|
||
2BFB000
|
heap
|
page read and write
|
||
A44000
|
heap
|
page read and write
|
||
2A47000
|
heap
|
page read and write
|
||
25F0000
|
heap
|
page read and write
|
||
AC5000
|
heap
|
page read and write
|
||
2A4F000
|
heap
|
page read and write
|
||
29E1000
|
heap
|
page read and write
|
||
A4F000
|
heap
|
page read and write
|
||
2F61000
|
heap
|
page read and write
|
||
3A5E000
|
stack
|
page read and write
|
||
970000
|
heap
|
page read and write
|
||
76B000
|
unkown
|
page readonly
|
||
2BE7000
|
heap
|
page read and write
|
||
2B67000
|
heap
|
page read and write
|
||
40AE000
|
stack
|
page read and write
|
||
26C0000
|
heap
|
page read and write
|
||
39DF000
|
stack
|
page read and write
|
||
2A60000
|
heap
|
page read and write
|
||
8E7000
|
unkown
|
page readonly
|
||
3E38000
|
heap
|
page read and write
|
||
910000
|
heap
|
page read and write
|
||
8E7000
|
unkown
|
page readonly
|
||
2E08000
|
heap
|
page execute and read and write
|
||
7E5000
|
unkown
|
page read and write
|
||
26C5000
|
heap
|
page read and write
|
||
A55000
|
heap
|
page read and write
|
||
56DE000
|
stack
|
page read and write
|
||
4EFE000
|
stack
|
page read and write
|
||
57DE000
|
stack
|
page read and write
|
||
76B000
|
unkown
|
page readonly
|
||
28EA000
|
heap
|
page read and write
|
||
38DE000
|
stack
|
page read and write
|
||
7AB000
|
unkown
|
page write copy
|
||
ACA000
|
heap
|
page read and write
|
||
8F0000
|
unkown
|
page readonly
|
||
2AA0000
|
heap
|
page execute and read and write
|
||
7ED000
|
unkown
|
page readonly
|
||
2680000
|
heap
|
page read and write
|
||
985000
|
heap
|
page read and write
|
||
92000
|
stack
|
page read and write
|
||
2960000
|
heap
|
page read and write
|
||
A59000
|
heap
|
page read and write
|
||
A4E000
|
heap
|
page read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
2C6A000
|
heap
|
page execute and read and write
|
||
774000
|
unkown
|
page readonly
|
||
A52000
|
heap
|
page read and write
|
||
9F0000
|
heap
|
page read and write
|
||
798000
|
unkown
|
page write copy
|
||
A55000
|
heap
|
page read and write
|
||
9C4000
|
heap
|
page read and write
|
||
92000
|
stack
|
page read and write
|
||
53D000
|
unkown
|
page readonly
|
||
AB4000
|
heap
|
page read and write
|
||
26B0000
|
heap
|
page read and write
|
||
513F000
|
stack
|
page read and write
|
||
53D000
|
unkown
|
page readonly
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
9C0000
|
heap
|
page read and write
|
||
41EE000
|
stack
|
page read and write
|
||
2EC9000
|
heap
|
page execute and read and write
|
||
53D000
|
unkown
|
page readonly
|
||
A60000
|
heap
|
page read and write
|
||
7E5000
|
unkown
|
page read and write
|
||
A55000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
7B7000
|
unkown
|
page read and write
|
||
2EBF000
|
heap
|
page execute and read and write
|
||
76B000
|
unkown
|
page readonly
|
||
8F0000
|
unkown
|
page readonly
|
||
A93000
|
heap
|
page read and write
|
||
980000
|
heap
|
page read and write
|
||
7A7000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
29EA000
|
heap
|
page read and write
|
||
796000
|
unkown
|
page read and write
|
||
26B0000
|
heap
|
page read and write
|
||
7A1000
|
unkown
|
page read and write
|
||
990000
|
heap
|
page read and write
|
||
28C8000
|
heap
|
page read and write
|
||
FD9000
|
heap
|
page read and write
|
||
2FD2000
|
heap
|
page read and write
|
||
3A9E000
|
stack
|
page read and write
|
||
8E7000
|
unkown
|
page readonly
|
||
A0A000
|
heap
|
page read and write
|
||
794000
|
unkown
|
page write copy
|
||
2ABA000
|
heap
|
page read and write
|
||
A4F000
|
heap
|
page read and write
|
||
794000
|
unkown
|
page write copy
|
||
30CD000
|
heap
|
page read and write
|
||
9A0000
|
heap
|
page read and write
|
||
2A30000
|
heap
|
page execute and read and write
|
||
568F000
|
stack
|
page read and write
|
||
2C0B000
|
heap
|
page read and write
|
||
2F47000
|
heap
|
page execute and read and write
|
||
3057000
|
heap
|
page read and write
|
||
7A2000
|
unkown
|
page write copy
|
||
2E17000
|
heap
|
page execute and read and write
|
||
28A8000
|
heap
|
page read and write
|
||
5A6F000
|
stack
|
page read and write
|
||
A8B000
|
heap
|
page read and write
|
||
2B93000
|
heap
|
page read and write
|
||
AAF000
|
heap
|
page read and write
|
||
2F44000
|
heap
|
page execute and read and write
|
||
7EB000
|
unkown
|
page read and write
|
||
7ED000
|
unkown
|
page readonly
|
||
A52000
|
heap
|
page read and write
|
||
7ED000
|
unkown
|
page readonly
|
||
8E7000
|
unkown
|
page readonly
|
||
2BE0000
|
heap
|
page read and write
|
||
A18000
|
heap
|
page read and write
|
||
2B4A000
|
heap
|
page read and write
|
||
2B6F000
|
heap
|
page read and write
|
||
596E000
|
stack
|
page read and write
|
||
432E000
|
stack
|
page read and write
|
||
53D000
|
unkown
|
page readonly
|
||
42EF000
|
stack
|
page read and write
|
||
581E000
|
stack
|
page read and write
|
||
304D000
|
heap
|
page read and write
|
||
503E000
|
stack
|
page read and write
|
||
2D92000
|
heap
|
page execute and read and write
|
||
2BEA000
|
heap
|
page read and write
|
||
A72000
|
heap
|
page read and write
|
||
794000
|
unkown
|
page write copy
|
||
2E51000
|
heap
|
page execute and read and write
|
||
2BF4000
|
heap
|
page execute and read and write
|
||
FD0000
|
heap
|
page read and write
|
||
A0E000
|
heap
|
page read and write
|
||
3E30000
|
heap
|
page read and write
|
||
2900000
|
unkown
|
page read and write
|
||
35A8000
|
heap
|
page read and write
|
||
A9D000
|
heap
|
page read and write
|
||
2950000
|
heap
|
page read and write
|
||
7A9000
|
unkown
|
page write copy
|
||
7F5000
|
unkown
|
page readonly
|
||
2D93000
|
heap
|
page execute and read and write
|
||
2F37000
|
heap
|
page execute and read and write
|
||
A00000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
26A0000
|
heap
|
page read and write
|
||
2B72000
|
heap
|
page read and write
|
||
7F5000
|
unkown
|
page readonly
|
||
A6B000
|
heap
|
page read and write
|
||
30B9000
|
heap
|
page read and write
|
||
27B6000
|
heap
|
page read and write
|
||
900000
|
heap
|
page read and write
|
||
97E000
|
heap
|
page read and write
|
||
389F000
|
stack
|
page read and write
|
||
798000
|
unkown
|
page write copy
|
||
679000
|
unkown
|
page readonly
|
||
A18000
|
heap
|
page read and write
|
||
FD5000
|
heap
|
page read and write
|
||
A4C000
|
heap
|
page read and write
|
||
2ED6000
|
heap
|
page execute and read and write
|
||
950000
|
heap
|
page read and write
|
||
2D1D000
|
heap
|
page execute and read and write
|
||
A8B000
|
heap
|
page read and write
|
||
2EF7000
|
heap
|
page execute and read and write
|
||
304E000
|
heap
|
page read and write
|
||
2ED9000
|
heap
|
page execute and read and write
|
||
679000
|
unkown
|
page readonly
|
||
406F000
|
stack
|
page read and write
|
||
7B8000
|
unkown
|
page read and write
|
||
30C4000
|
heap
|
page read and write
|
||
7C5000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2C08000
|
heap
|
page read and write
|
||
7A2000
|
unkown
|
page write copy
|
||
995000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
7C5000
|
unkown
|
page read and write
|
||
2ABF000
|
heap
|
page read and write
|
||
4DFF000
|
stack
|
page read and write
|
||
26B4000
|
heap
|
page read and write
|
||
27C8000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
3630000
|
trusted library allocation
|
page read and write
|
||
7A9000
|
unkown
|
page write copy
|
||
2EFB000
|
heap
|
page execute and read and write
|
||
5BEE000
|
stack
|
page read and write
|
||
26CE000
|
heap
|
page read and write
|
||
518C000
|
stack
|
page read and write
|
||
679000
|
unkown
|
page readonly
|
||
8F0000
|
unkown
|
page readonly
|
||
76B000
|
unkown
|
page readonly
|
||
2DA9000
|
heap
|
page execute and read and write
|
||
A7A000
|
heap
|
page read and write
|
||
A52000
|
heap
|
page read and write
|
There are 270 hidden memdumps, click here to show them.