Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
r4xiHKy8aM.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\DivXConverter\DivXConverter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\DivXConverter\sqlite3.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-BMNQE.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-VAN72.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\megasoftdivxconverter.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\megasoftdivxconverter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\sqlite3.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\uninstall\is-NES4A.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-3I6GN.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-7L21N.tmp\r4xiHKy8aM.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\et1222it56.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et1222rc56.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et1222resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\gdiplus.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-39UBV.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-8LOQG.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-AMIHI.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-GBC9B.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\is-OD00T.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\megasoftdivxconverter.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\msvcp71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\msvcr71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\uninstall\unins000.dat
|
InnoSetup Log DivX Converter, version 0x30, 4859 bytes, 642294\user, "C:\Users\user\AppData\Local\Megasoft DivX Converter
7.1.11"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-3I6GN.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-3I6GN.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\r4xiHKy8aM.exe
|
"C:\Users\user\Desktop\r4xiHKy8aM.exe"
|
|
|
|
C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\megasoftdivxconverter.exe
|
"C:\Users\user\AppData\Local\Megasoft DivX Converter 7.1.11\megasoftdivxconverter.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-7L21N.tmp\r4xiHKy8aM.tmp
|
"C:\Users\user\AppData\Local\Temp\is-7L21N.tmp\r4xiHKy8aM.tmp" /SL5="$10404,3284048,56832,C:\Users\user\Desktop\r4xiHKy8aM.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa15dd05633775b0e650f2ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda3a2710db378b
|
188.119.66.185
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e3008888325
|
unknown
|
||
|
https://188.119.66.185/.
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946d47b842819e7c4
|
unknown
|
||
|
https://188.119.66.185/rosoft
|
unknown
|
||
|
https://188.119.66.185/
|
unknown
|
||
|
https://188.119.66.185/w
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
|
unknown
|
||
|
https://188.119.66.185/C
|
unknown
|
||
|
https://188.119.66.185/A
|
unknown
|
||
|
https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946d47b842819e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7398fddda935a
|
188.119.66.185
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
https://www.easycutstudio.com/support.html
|
unknown
|
||
|
https://188.119.66.185/mCerti
|
unknown
|
||
|
https://188.119.66.185/allowedCert_OS_1
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.steampowered.com
|
104.102.49.254
|
||
|
ax-0001.ax-msedge.net
|
150.171.28.10
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.8.225.74
|
unknown
|
Russian Federation
|
||
|
104.102.49.254
|
api.steampowered.com
|
United States
|
||
|
188.119.66.185
|
unknown
|
Russian Federation
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Converter_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\divXConv56
|
divx_converter_i56
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BA8000
|
heap
|
page read and write
|
|
|
|
2C51000
|
direct allocation
|
page execute and read and write
|
|
|
|
50E000
|
heap
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
6C9000
|
unkown
|
page execute and write copy
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
33C4000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
22E0000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
59CB000
|
direct allocation
|
page read and write
|
||
|
6C7000
|
unkown
|
page execute and write copy
|
||
|
411000
|
unkown
|
page readonly
|
||
|
566000
|
heap
|
page read and write
|
||
|
6CF000
|
unkown
|
page execute and write copy
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
AEE000
|
heap
|
page read and write
|
||
|
900000
|
direct allocation
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
6097B000
|
unkown
|
page readonly
|
||
|
33D2000
|
heap
|
page read and write
|
||
|
AAD000
|
heap
|
page read and write
|
||
|
4EA000
|
unkown
|
page readonly
|
||
|
3490000
|
remote allocation
|
page read and write
|
||
|
33C1000
|
heap
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
547000
|
heap
|
page read and write
|
||
|
2ADC000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
51C000
|
unkown
|
page execute and write copy
|
||
|
6C5000
|
unkown
|
page execute and write copy
|
||
|
96000
|
stack
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
261D000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
2C88000
|
direct allocation
|
page execute and read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4D1000
|
unkown
|
page write copy
|
||
|
3340000
|
heap
|
page read and write
|
||
|
8E0000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
4D6000
|
unkown
|
page readonly
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
2ADE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22E0000
|
direct allocation
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
1FD7000
|
direct allocation
|
page read and write
|
||
|
551000
|
heap
|
page read and write
|
||
|
40F000
|
unkown
|
page execute and read and write
|
||
|
6096E000
|
unkown
|
page write copy
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
5996000
|
direct allocation
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
2003000
|
direct allocation
|
page read and write
|
||
|
5994000
|
direct allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
3490000
|
remote allocation
|
page read and write
|
||
|
1FF4000
|
direct allocation
|
page read and write
|
||
|
2654000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
334D000
|
heap
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
375E000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2125000
|
heap
|
page read and write
|
||
|
33AF000
|
stack
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
499000
|
unkown
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
60901000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2129000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
6CD000
|
unkown
|
page execute and write copy
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
3490000
|
remote allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
22F4000
|
heap
|
page read and write
|
||
|
2E2B000
|
stack
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
740000
|
heap
|
page read and write
|
||
|
6096F000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
992000
|
direct allocation
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2038000
|
direct allocation
|
page read and write
|
||
|
4CF000
|
unkown
|
page write copy
|
||
|
60980000
|
unkown
|
page readonly
|
||
|
1FD0000
|
direct allocation
|
page read and write
|
||
|
60900000
|
unkown
|
page readonly
|
||
|
AD1000
|
heap
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
2001000
|
direct allocation
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
521000
|
heap
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
371F000
|
stack
|
page read and write
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
2024000
|
direct allocation
|
page read and write
|
||
|
CED000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4CB000
|
unkown
|
page readonly
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
58D0000
|
direct allocation
|
page read and write
|
||
|
5998000
|
direct allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
4E6000
|
unkown
|
page readonly
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
1FE8000
|
direct allocation
|
page read and write
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
398F000
|
stack
|
page read and write
|
||
|
2B0F000
|
heap
|
page read and write
|
||
|
55E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
399F000
|
stack
|
page read and write
|
||
|
599A000
|
direct allocation
|
page read and write
|
||
|
570B000
|
heap
|
page read and write
|
||
|
6097D000
|
unkown
|
page read and write
|
||
|
2230000
|
direct allocation
|
page execute and read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
5992000
|
direct allocation
|
page read and write
|
||
|
566000
|
heap
|
page read and write
|
||
|
57D1000
|
heap
|
page read and write
|
||
|
990000
|
direct allocation
|
page read and write
|
||
|
6CB000
|
unkown
|
page execute and write copy
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1FE8000
|
direct allocation
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
58E0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
201E000
|
direct allocation
|
page read and write
|
||
|
CDF000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
3357000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
2671000
|
heap
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
There are 190 hidden memdumps, click here to show them.