IOC Report
yDoZVwXSMG.exe

loading gif

Files

File Path
Type
Category
Malicious
yDoZVwXSMG.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
C:\Users\user\AppData\Local\Temp\nslC943.tmp\BrandingURL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nslC943.tmp\FindProcDLL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nslC943.tmp\InstallOptions.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nslC943.tmp\LangDLL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nslC943.tmp\LogEx.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nslC943.tmp\ioSpecial.ini
Generic INItialization configuration [Field 1]
dropped
C:\Users\user\AppData\Local\Temp\nslC943.tmp\modern-wizard.bmp
PC bitmap, Windows 3.x format, 245 x 468 x 24, image size 344448, resolution 3779 x 3779 px/m, cbSize 344502, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\nsqC8C5.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\nsvC710.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\yDoZVwXSMG.exe
"C:\Users\user\Desktop\yDoZVwXSMG.exe"
C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe
"C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe" _?=C:\Users\user\Desktop\

URLs

Name
IP
Malicious
https://www.gegridsolutions.com/multilin/200Set
unknown
http://nsis.sf.net/NSIS_Error
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://www.gegridsolutions.com/multilin/
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations

Memdumps

Base Address
Regiontype
Protect
Malicious
3A18000
unkown
page readonly
3A20000
trusted library allocation
page read and write
3A10000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3A10000
unkown
page readonly
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3A10000
trusted library allocation
page read and write
19A000
stack
page read and write
436000
unkown
page readonly
545000
heap
page read and write
3A20000
trusted library allocation
page read and write
604000
heap
page read and write
3A20000
trusted library allocation
page read and write
25EE000
stack
page read and write
3A20000
trusted library allocation
page read and write
26EF000
stack
page read and write
5D0000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
4BE000
stack
page read and write
3A20000
trusted library allocation
page read and write
606000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
2828000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
27C0000
heap
page read and write
408000
unkown
page readonly
3A20000
trusted library allocation
page read and write
3A81000
heap
page read and write
3A20000
trusted library allocation
page read and write
20FE000
stack
page read and write
57E000
heap
page read and write
2120000
heap
page read and write
57A000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A80000
heap
page read and write
20E0000
heap
page read and write
3A20000
trusted library allocation
page read and write
39F1000
unkown
page execute read
436000
unkown
page readonly
401000
unkown
page execute read
436000
unkown
page readonly
408000
unkown
page readonly
3A20000
trusted library allocation
page read and write
3BB4000
heap
page read and write
39FB000
unkown
page readonly
3A10000
trusted library allocation
page read and write
3A00000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A10000
trusted library allocation
page read and write
3A10000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
400000
unkown
page readonly
3A20000
trusted library allocation
page read and write
3BB0000
heap
page read and write
4E5000
heap
page read and write
4C5000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A11000
unkown
page execute read
4E7000
heap
page read and write
2100000
heap
page read and write
460000
heap
page read and write
3A20000
trusted library allocation
page read and write
3150000
heap
page read and write
3A20000
trusted library allocation
page read and write
401000
unkown
page execute read
212A000
heap
page read and write
24AE000
stack
page read and write
3A10000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
39F7000
unkown
page read and write
3A20000
trusted library allocation
page read and write
408000
unkown
page readonly
400000
unkown
page readonly
424000
unkown
page read and write
470000
heap
page read and write
3A10000
trusted library allocation
page read and write
4E9000
heap
page read and write
28C3000
heap
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3A13000
unkown
page readonly
5DA000
heap
page read and write
3BC0000
trusted library allocation
page read and write
10001000
unkown
page execute read
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
2897000
heap
page read and write
2124000
heap
page read and write
3BC0000
trusted library allocation
page read and write
470000
heap
page read and write
549000
heap
page read and write
603000
heap
page read and write
27BF000
stack
page read and write
3A20000
trusted library allocation
page read and write
26BF000
stack
page read and write
400000
unkown
page readonly
410000
unkown
page read and write
423000
unkown
page read and write
90F000
stack
page read and write
3A20000
trusted library allocation
page read and write
31F0000
trusted library allocation
page read and write
39F6000
unkown
page readonly
10002000
unkown
page readonly
4E0000
heap
page read and write
3A20000
trusted library allocation
page read and write
3160000
heap
page read and write
3A20000
trusted library allocation
page read and write
401000
unkown
page execute read
3A20000
trusted library allocation
page read and write
436000
unkown
page readonly
3A10000
trusted library allocation
page read and write
2720000
heap
page read and write
427000
unkown
page read and write
3A20000
trusted library allocation
page read and write
40A000
unkown
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3C80000
trusted library allocation
page read and write
400000
unkown
page readonly
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
4C0000
heap
page read and write
540000
heap
page read and write
3A20000
trusted library allocation
page read and write
9B000
stack
page read and write
5DE000
heap
page read and write
3A10000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
431000
unkown
page read and write
28A0000
heap
page read and write
5DE000
heap
page read and write
3A20000
trusted library allocation
page read and write
3C80000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
40C000
unkown
page read and write
2729000
heap
page read and write
21E4000
heap
page read and write
40A000
unkown
page read and write
460000
heap
page read and write
408000
unkown
page readonly
3A81000
heap
page read and write
40A000
unkown
page write copy
3A20000
trusted library allocation
page read and write
3A14000
unkown
page read and write
21D0000
heap
page read and write
25AF000
stack
page read and write
5E2000
heap
page read and write
80E000
stack
page read and write
42C000
unkown
page read and write
5FB000
heap
page read and write
3A10000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
570000
heap
page read and write
401000
unkown
page execute read
10004000
unkown
page readonly
5E5000
heap
page read and write
3A20000
trusted library allocation
page read and write
3AB0000
heap
page read and write
10000000
unkown
page readonly
19A000
stack
page read and write
3A20000
trusted library allocation
page read and write
96000
stack
page read and write
7CF000
stack
page read and write
39F0000
unkown
page readonly
61D000
heap
page read and write
3A20000
trusted library allocation
page read and write
2270000
heap
page read and write
215E000
stack
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
3A20000
trusted library allocation
page read and write
601000
heap
page read and write
39F9000
unkown
page read and write
3A20000
trusted library allocation
page read and write
40A000
unkown
page write copy
42C000
unkown
page read and write
10003000
unkown
page read and write
There are 173 hidden memdumps, click here to show them.