IOC Report
Wave-Executor.exe

loading gif

Files

File Path
Type
Category
Malicious
Wave-Executor.exe
PE32 executable (console) Intel 80386, for MS Windows
initial sample
malicious
\Device\ConDrv
very short file (no magic)
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Wave-Executor.exe
"C:\Users\user\Desktop\Wave-Executor.exe"
malicious
C:\Users\user\Desktop\Wave-Executor.exe
"C:\Users\user\Desktop\Wave-Executor.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
sendypaster.xyz
malicious
steppriflej.xyz
malicious
smash-boiling.cyou
malicious
supporse-comment.cyou
malicious
hosue-billowy.cyou
malicious
cuddlyready.xyz
malicious
ripe-blade.cyou
malicious
greywe-snotty.cyou
malicious
pollution-raker.cyou
malicious
https://steamcommunity.com/my/wishlist/
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
unknown
https://player.vimeo.com
unknown
https://pollution-raker.cyou:443/api
unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
unknown
https://steamcommunity.com/?subsection=broadcasts
unknown
https://help.steampowered.com/en/
unknown
https://steamcommunity.com/market/
unknown
https://store.steampowered.com/news/
unknown
https://store.steampowered.com/subscriber_agreement/
unknown
https://www.gstatic.cn/recaptcha/
unknown
http://store.steampowered.com/subscriber_agreement/
unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
unknown
https://recaptcha.net/recaptcha/;
unknown
http://www.valvesoftware.com/legal.htm
unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
unknown
https://steamcommunity.com/discussions/
unknown
https://www.youtube.com
unknown
https://www.google.com
unknown
https://store.steampowered.com/stats/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
unknown
https://medal.tv
unknown
https://broadcast.st.dl.eccdnx.com
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
unknown
https://store.steampowered.com/steam_refunds/
unknown
https://store.steampowered.com/points/shopT
unknown
https://smash-boiling.cyou:443/apipi
unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
unknown
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
unknown
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
unknown
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
unknown
https://greywe-snotty.cyou/api
unknown
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
unknown
https://s.ytimg.com;
unknown
https://steamcommunity.com/workshop/
unknown
https://login.steampowered.com/
unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
unknown
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
unknown
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
unknown
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
unknown
https://store.steampowered.com/legal/
unknown
https://community.fastly.steamstatic.com/
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
unknown
https://steam.tv/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
unknown
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
unknown
https://hosue-billowy.cyou:443/api
unknown
https://steamcommunity.com/profiles/76561199724331900
23.55.153.106
https://steamcommunity.com:443/profiles/76561199724331900d
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://store.steampowered.com/points/shop/
unknown
https://recaptcha.net
unknown
https://store.steampowered.com/
unknown
https://steamcommunity.com
unknown
https://sketchfab.com
unknown
https://lv.queniujq.cn
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
unknown
https://www.youtube.com/
unknown
http://127.0.0.1:27060
unknown
https://store.steampowered.com/privacy_agreement/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
unknown
https://steppriflej.xyz:443/api3
unknown
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
unknown
https://www.google.com/recaptcha/
unknown
https://checkout.steampowered.com/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
unknown
https://help.steampowered.com/
unknown
https://api.steampowered.com/
unknown
http://store.steampowered.com/account/cookiepreferences/
unknown
https://store.steampowered.com/mobile
unknown
https://steamcommunity.com/
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
unknown
https://store.steampowered.com/;
unknown
https://store.steampowered.com/about/
unknown
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
unknown
There are 79 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sendypaster.xyz
193.143.1.9
malicious
cuddlyready.xyz
193.143.1.9
malicious
steppriflej.xyz
193.143.1.9
malicious
supporse-comment.cyou
unknown
malicious
ripe-blade.cyou
unknown
malicious
greywe-snotty.cyou
unknown
malicious
hosue-billowy.cyou
unknown
malicious
smash-boiling.cyou
unknown
malicious
pollution-raker.cyou
unknown
malicious
steamcommunity.com
23.55.153.106

IPs

IP
Domain
Country
Malicious
193.143.1.9
sendypaster.xyz
unknown
malicious
23.55.153.106
steamcommunity.com
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
malicious
A9C000
heap
page read and write
144E000
heap
page read and write
AE8000
heap
page read and write
3111000
heap
page read and write
452000
remote allocation
page execute and read and write
1442000
heap
page read and write
2730000
heap
page read and write
2A4000
unkown
page readonly
AF0000
heap
page read and write
AE7000
heap
page read and write
2B7D000
stack
page read and write
270000
unkown
page readonly
2EFF000
stack
page read and write
AEA000
heap
page read and write
16CF000
stack
page read and write
6EC000
stack
page read and write
306D000
stack
page read and write
A80000
heap
page read and write
2B7000
unkown
page write copy
140E000
heap
page read and write
2A4000
unkown
page readonly
257E000
stack
page read and write
3077000
heap
page read and write
1400000
heap
page read and write
2B4000
unkown
page readonly
7ED000
stack
page read and write
270000
unkown
page readonly
2FF000
unkown
page readonly
AEA000
heap
page read and write
2C7F000
stack
page read and write
2AF000
unkown
page execute and read and write
2F10000
remote allocation
page read and write
B41000
heap
page read and write
AE9000
heap
page read and write
2A4000
unkown
page readonly
1442000
heap
page read and write
13BE000
stack
page read and write
FF0000
heap
page read and write
F9C000
stack
page read and write
ACA000
heap
page read and write
ACC000
heap
page read and write
1441000
heap
page read and write
AF8000
heap
page read and write
AB0000
heap
page read and write
26DE000
stack
page read and write
2FF000
unkown
page readonly
3219000
heap
page read and write
30BE000
stack
page read and write
2680000
heap
page read and write
268E000
trusted library allocation
page read and write
B80000
heap
page read and write
338D000
heap
page read and write
2B0000
unkown
page read and write
B00000
heap
page read and write
B00000
heap
page read and write
AD7000
heap
page read and write
ACD000
heap
page read and write
B03000
heap
page read and write
ACC000
heap
page read and write
AF0000
heap
page read and write
2F10000
remote allocation
page read and write
12FC000
stack
page read and write
2F10000
remote allocation
page read and write
32B3000
heap
page read and write
2AF000
unkown
page write copy
146C000
heap
page read and write
B47000
heap
page read and write
2F6D000
stack
page read and write
145A000
heap
page read and write
2A4000
unkown
page readonly
270000
unkown
page readonly
AD7000
heap
page read and write
AF8000
heap
page read and write
A50000
heap
page read and write
B03000
heap
page read and write
2B7000
unkown
page write copy
2B4000
unkown
page readonly
AD7000
heap
page read and write
2DFE000
stack
page read and write
C9E000
stack
page read and write
271000
unkown
page execute read
271E000
stack
page read and write
B00000
heap
page read and write
134E000
stack
page read and write
270000
unkown
page readonly
B03000
heap
page read and write
D9D000
stack
page read and write
271000
unkown
page execute read
2FF000
unkown
page readonly
267F000
stack
page read and write
306E000
stack
page read and write
B09000
heap
page read and write
A40000
heap
page read and write
19CE000
stack
page read and write
2B4000
unkown
page readonly
1300000
heap
page read and write
AF0000
heap
page read and write
2AF000
unkown
page write copy
271000
unkown
page execute read
31BF000
stack
page read and write
2CBD000
stack
page read and write
2FF000
unkown
page readonly
1441000
heap
page read and write
3110000
heap
page read and write
1370000
heap
page read and write
2B4000
unkown
page readonly
2AF000
unkown
page write copy
141F000
heap
page read and write
330F000
stack
page read and write
3330000
heap
page read and write
AEA000
heap
page read and write
1469000
heap
page read and write
320E000
stack
page read and write
2B7000
unkown
page write copy
B09000
heap
page read and write
2DBD000
stack
page read and write
13FD000
stack
page read and write
B85000
heap
page read and write
271000
unkown
page execute read
AF8000
heap
page read and write
140A000
heap
page read and write
2B7000
unkown
page write copy
There are 113 hidden memdumps, click here to show them.