Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Siggen29.2530.21543.30910.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\duba_u13712989_sv1_211_4.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
|
modified
|
 |
|
|
C:\Users\user\AppData\Local\Temp\install_res\100.png
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\110.png
|
PNG image data, 602 x 402, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\6000.xml
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\6001.xml
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\6002.xml
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0307\6000.xml
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0307\6001.xml
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0307\6002.xml
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\100.png
|
PNG image data, 458 x 224, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\110.png
|
PNG image data, 602 x 402, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\6000.xml
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\6001.xml
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\6002.xml
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\installconfig.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\soft.ico
|
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\soft.ico_
|
MS Windows icon resource - 2 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48
with PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\installconfig.ini
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\soft.ico
|
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\install_res\soft.ico_
|
MS Windows icon resource - 2 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48
with PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jcqgx.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\kinst.log
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.2530.21543.30910.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.2530.21543.30910.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://cd001.www.duba.net/duba/install/packages/ever/duba_u25547643_sv1_83_32.dat
|
218.12.76.155
|
|
|
|
http://softmgr.duba.net/softmgr_v2/softdetail/%s.json?ver=1
|
unknown
|
||
|
http://config.i.duba.net/aldconfig/area.datpopstylearea_sh_smedrivergeniushttp://dubacdn.cmcmcdn.com
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html
|
unknown
|
||
|
http://infoc0.duba.net/c/jl
|
unknown
|
||
|
http://cd001.www.duba.net/duba/install/packages/ever/duba_u25547643_sv1_83_32.datsE
|
unknown
|
||
|
http://config.i.duba.net/aldconfig/resource.png%s
|
unknown
|
||
|
https://wpa1.qq.com/5ciKQjBf?_type=wpa&qidian=trueVipMarketQQLinkhttps://wpa1.qq.com/FDdK6y0s?_type=
|
unknown
|
||
|
http://2398.35go.net/defend/o1/jcqgx.ini
|
218.12.76.157
|
||
|
http://infoc0.duba.net/c/jlgl
|
unknown
|
||
|
http://infoc0.duba.net/c/a
|
unknown
|
||
|
http://2398.35go.net/defend/o1/jcqgx.inijcqgx.iniurlmd5dirprobability.baklogosoftnamedownurlfilemd5p
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html
|
unknown
|
||
|
https://softmgr-softsem-srv.jinshanapi.com/sem/lenovomm/get_software_mappingget
|
unknown
|
||
|
http://cd001.www.duba.net/duba/install/packages/ever/duba_u2554
|
unknown
|
||
|
http://cd001.www.duba.net/duba/install/packages/ever/duba_u25547643_sv1_83_32.date-Control
|
unknown
|
||
|
http://dubacdn.cmcmcdn.com/sem/installer/716.pngQ
|
unknown
|
||
|
http://dubacdn.cmcmcdn.com/sem/installer/716.png
|
36.42.77.166
|
||
|
http://infoc0.duba.net/c/up
|
unknown
|
||
|
http://dubacdn.cmcmcdn.com/sem/installer/ald_%d.pnghttp://dubacdn.cmcmcdn.com/sem/installer/ald2_%d.
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html#
|
unknown
|
||
|
https://softmgr-softsem-srv.jinshanapi.com/sem/lenovomm/get_software_mapping
|
114.132.191.224
|
||
|
http://infoc0.duba.net/c/K
|
unknown
|
||
|
https://softmgr-softsem-srv.jinshanapi.com/sem/lenovomm/get_software_sem_info
|
unknown
|
||
|
https://www.ijinshan.com/privacy/dubaPrivacy.html
|
unknown
|
||
|
https://newvip.duba.net/api/v2/ocpc/report_install_successhttps://newvip.duba.net/api/v2/ocpc/un_ins
|
unknown
|
||
|
https://pc-store.lenovomm.cn/advertappservice/api/adAppCheck
|
unknown
|
||
|
http://config.i.duba.net/seminstall/%d/%s.xml?time=%dvariableinstallCheckInstallCondition:%sand&or%d
|
unknown
|
||
|
http://www.ijinshan.com//help/2/2/20200311.shtmlhttps://www.ijinshan.com/privacy/duba-enduserlicense
|
unknown
|
||
|
http://infoc0.duba.net/c/
|
139.9.43.12
|
||
|
https://curl.se/docs/http-cookies.html#
|
unknown
|
||
|
http://config.i.duba.net/seminstall/%d/%s.xml?time=%d
|
unknown
|
||
|
http://weather2db.cmcm.com/ip/cityiduniqid:
|
unknown
|
||
|
http://config.i.duba.net/seminstall/109/716.xml?time=1724843657
|
218.12.76.154
|
||
|
https://www.ijinshan.com/privacy/dubaPrivacy.htmlsoguo_mainbg_newsofttemprory.png
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
hcdnd101.vip.cdnhwczxh101.com
|
218.12.76.155
|
|
|
|
softmgr-softsem-srv.jinshanapi.com
|
114.132.191.224
|
||
|
hcdnw101.vip.cdnhwcbzj102.com
|
36.42.77.166
|
||
|
hcdnd101.gslb.c.cdnhwc2.com
|
218.12.76.157
|
||
|
infoc2.ksmobile.com
|
139.9.43.12
|
||
|
dubacdn.cmcmcdn.com
|
unknown
|
||
|
config.i.duba.net
|
unknown
|
||
|
2398.35go.net
|
unknown
|
||
|
infoc0.duba.net
|
unknown
|
||
|
cd001.www.duba.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
218.12.76.155
|
hcdnd101.vip.cdnhwczxh101.com
|
China
|
|
|
|
218.12.76.157
|
hcdnd101.gslb.c.cdnhwc2.com
|
China
|
||
|
114.132.191.224
|
softmgr-softsem-srv.jinshanapi.com
|
China
|
||
|
36.42.77.166
|
hcdnw101.vip.cdnhwcbzj102.com
|
China
|
||
|
218.12.76.154
|
unknown
|
China
|
||
|
139.9.43.12
|
infoc2.ksmobile.com
|
China
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
|
idex
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
|
idno
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}
|
did
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F30000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
2F17000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
FB7000
|
heap
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
C1E000
|
unkown
|
page readonly
|
||
|
3470000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
951000
|
unkown
|
page execute read
|
||
|
D0B000
|
unkown
|
page readonly
|
||
|
37CB000
|
heap
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
35DB000
|
heap
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
2EF1000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2F13000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
3797000
|
heap
|
page read and write
|
||
|
FB5000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
F94000
|
heap
|
page read and write
|
||
|
FBF000
|
heap
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
F94000
|
heap
|
page read and write
|
||
|
F67000
|
heap
|
page read and write
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
2F38000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
2F3B000
|
heap
|
page read and write
|
||
|
F6A000
|
heap
|
page read and write
|
||
|
5DA000
|
stack
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
4FCF000
|
stack
|
page read and write
|
||
|
3790000
|
heap
|
page read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
33CC000
|
stack
|
page read and write
|
||
|
FC9000
|
heap
|
page read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
FF6000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
C0A000
|
unkown
|
page write copy
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
8FA000
|
stack
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
2F36000
|
heap
|
page read and write
|
||
|
C1C000
|
unkown
|
page readonly
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
3701000
|
heap
|
page read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
2F37000
|
heap
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
F86000
|
heap
|
page read and write
|
||
|
FF6000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
FD8000
|
heap
|
page read and write
|
||
|
11FF000
|
stack
|
page read and write
|
||
|
FBD000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
2F31000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
36B4000
|
heap
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
950000
|
unkown
|
page readonly
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
F67000
|
heap
|
page read and write
|
||
|
35D9000
|
heap
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
3084000
|
heap
|
page read and write
|
||
|
F8D000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
F5A000
|
heap
|
page read and write
|
||
|
CCE000
|
unkown
|
page readonly
|
||
|
2F37000
|
heap
|
page read and write
|
||
|
2F33000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
C13000
|
unkown
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
FBB000
|
heap
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
FEB000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
4DCB000
|
stack
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
950000
|
unkown
|
page readonly
|
||
|
C17000
|
unkown
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
373D000
|
heap
|
page read and write
|
||
|
375B000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
3591000
|
heap
|
page read and write
|
||
|
B64000
|
unkown
|
page readonly
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
F6D000
|
heap
|
page read and write
|
||
|
36BE000
|
heap
|
page read and write
|
||
|
F5A000
|
heap
|
page read and write
|
||
|
FA3000
|
heap
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
2F36000
|
heap
|
page read and write
|
||
|
DC6000
|
heap
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
FEC000
|
heap
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
F98000
|
heap
|
page read and write
|
||
|
FF2000
|
heap
|
page read and write
|
||
|
FC6000
|
heap
|
page read and write
|
||
|
F0E000
|
heap
|
page read and write
|
||
|
F0A000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
F98000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
FB7000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
F69000
|
heap
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
CCE000
|
unkown
|
page readonly
|
||
|
C0A000
|
unkown
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
F5A000
|
heap
|
page read and write
|
||
|
F8E000
|
heap
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
F64000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
2F36000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
B64000
|
unkown
|
page readonly
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
FEC000
|
heap
|
page read and write
|
||
|
2EF1000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
FC9000
|
heap
|
page read and write
|
||
|
FC4000
|
heap
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
F8E000
|
heap
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
FC4000
|
heap
|
page read and write
|
||
|
FA3000
|
heap
|
page read and write
|
||
|
951000
|
unkown
|
page execute read
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
F98000
|
heap
|
page read and write
|
||
|
D0B000
|
unkown
|
page readonly
|
||
|
35D1000
|
heap
|
page read and write
|
||
|
2F3B000
|
heap
|
page read and write
|
||
|
F81000
|
heap
|
page read and write
|
||
|
C1C000
|
unkown
|
page readonly
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
F6A000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
F84000
|
heap
|
page read and write
|
||
|
FBD000
|
heap
|
page read and write
|
||
|
F6A000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
29D6000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
F93000
|
heap
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
302C000
|
stack
|
page read and write
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
C1E000
|
unkown
|
page readonly
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
2F31000
|
heap
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
C0F000
|
unkown
|
page write copy
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
FBF000
|
heap
|
page read and write
|
There are 223 hidden memdumps, click here to show them.