Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: z: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: x: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: v: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: t: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: r: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: p: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: n: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: l: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: j: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: h: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: f: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: b: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: y: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: w: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: u: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: s: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: q: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: o: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: m: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: k: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: i: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: g: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: e: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: c: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
File opened: [: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10001ED0 _memset,SHGetSpecialFolderPathA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,_memmove,FindNextFileA,FindNextFileA, |
0_2_10001ED0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 114.132.64.209 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 114.132.64.209 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 114.132.64.209 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 114.132.64.209 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 114.132.64.209 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 119.91.152.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 119.91.152.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 119.91.152.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 119.91.152.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 119.91.152.151 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004470 fuckyou,URLDownloadToFileA,Sleep,ShellExecuteA,ShellExecuteA,GetInputState,GetCurrentThreadId,PostThreadMessageA,GetMessageA,GetVersionExA,GetVersionExA,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,WaitForSingleObject,CloseHandle,Sleep,Sleep,StartServiceCtrlDispatcherA,StartServiceCtrlDispatcherA,Sleep,StartServiceCtrlDispatcherA,ExpandEnvironmentStringsA,wsprintfA,GetModuleFileNameA,CopyFileA,Sleep,WaitForSingleObject,CloseHandle,ExitProcess,_memset,SHGetSpecialFolderPathA,_memset,_sprintf,GetFileAttributesA,GetModuleFileNameA,_sprintf,DefineDosDeviceA,Sleep,CopyFileA,SetFileAttributesA,_sprintf,ShellExecuteA,ExitProcess,WaitForSingleObject,Sleep,WaitForSingleObject,CloseHandle,_memset,_sprintf,lstrlenA,WaitForSingleObject,CloseHandle,Sleep, |
0_2_10004470 |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.00000000011F5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://114.132.64.209/ |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.0000000001208000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.000000000117E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://114.132.64.209:9652/mstsc.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://114.132.64.209:9652/mstsc.exeC: |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.000000000117E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://114.132.64.209:9652/mstsc.exeTx |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.0000000001208000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.comX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002320 Sleep,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_10002320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002320 Sleep,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_10002320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10001E10 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard, |
0_2_10001E10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004C50 _memset,_memset,Sleep,lstrlenA,_memset,_memset,GetKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,lstrcatA,_memset,lstrlenA,_memset,lstrcatA, |
0_2_10004C50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002050: _memset,CreateFileA,DeviceIoControl,DeviceIoControl,WriteFile,DeviceIoControl,CloseHandle,Sleep,GetVersion,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx, |
0_2_10002050 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_100062B0 OpenSCManagerA,OpenServiceA,DeleteService,GetSystemDirectoryA,lstrcatA,DeleteFileA, |
0_2_100062B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004090 LoadLibraryA,LoadLibraryA,GetProcAddress,_memset,GetCurrentProcess,OpenProcessToken,DuplicateTokenEx,LoadLibraryA,GetProcAddress,SetTokenInformation,CreateProcessAsUserA,CloseHandle,CloseHandle,FreeLibrary, |
0_2_10004090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002050 _memset,CreateFileA,DeviceIoControl,DeviceIoControl,WriteFile,DeviceIoControl,CloseHandle,Sleep,GetVersion,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx, |
0_2_10002050 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_100054F0 ExitWindowsEx, |
0_2_100054F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_007F0280 |
0_2_007F0280 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_00704580 |
0_2_00704580 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_007EF6D0 |
0_2_007EF6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_006D8800 |
0_2_006D8800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_0090BBF0 |
0_2_0090BBF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_008F5B40 |
0_2_008F5B40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_100090A0 |
0_2_100090A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_1001227F |
0_2_1001227F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_100127D0 |
0_2_100127D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10011D2E |
0_2_10011D2E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10013DA2 |
0_2_10013DA2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10012EAC |
0_2_10012EAC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 0071F2E0 appears 587 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 006D3200 appears 37 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 006D2990 appears 58 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 008ECE70 appears 95 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 006D17E0 appears 60 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 008DE3A0 appears 794 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: String function: 0071E820 appears 38 times |
|
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459417926.00000000009E7000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameHosptialMan.EXEB vs SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Binary or memory string: OriginalFilenameHosptialMan.EXEB vs SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002050 _memset,CreateFileA,DeviceIoControl,DeviceIoControl,WriteFile,DeviceIoControl,CloseHandle,Sleep,GetVersion,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx, |
0_2_10002050 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10003160 _memset,lstrcpyA,lstrcpyA,lstrlenA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA,lstrlenA,gethostname,lstrlenA,getsockname,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,wsprintfA,wsprintfA,GlobalMemoryStatusEx,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,_memset,GetLastInputInfo,GetTickCount,lstrlenA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA, |
0_2_10003160 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: GetModuleFileNameA,ExpandEnvironmentStringsA,_strncmp,wsprintfA,CopyFileA,_memset,SetFileAttributesA,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,ChangeServiceConfig2A,UnlockServiceDatabase,GetLastError,OpenServiceA,StartServiceA,StartServiceA,RegOpenKeyA,lstrlenA,RegSetValueExA, |
0_2_10003B50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: SetFileAttributesA,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,ChangeServiceConfig2A,UnlockServiceDatabase,GetLastError,OpenServiceA,StartServiceA,StartServiceA,RegOpenKeyA,lstrlenA,RegSetValueExA, |
0_2_10003CA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002930 _memset,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,Process32First,lstrcmpiA,Process32Next,lstrcatA,lstrcatA,lstrcatA,CloseHandle,lstrlenA,lstrcpyA,FreeLibrary, |
0_2_10002930 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_006D24A0 CoCreateInstance,OleRun,_com_issue_error,SysStringByteLen,SysAllocStringByteLen,_com_issue_error,VariantClear,VariantClear,VariantClear,InterlockedDecrement,SysFreeString, |
0_2_006D24A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_0070E580 FindResourceA,LoadResource,LockResource,GetDesktopWindow,IsWindowEnabled,EnableWindow,EnableWindow,GetActiveWindow,SetActiveWindow,FreeResource, |
0_2_0070E580 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004470 fuckyou,URLDownloadToFileA,Sleep,ShellExecuteA,ShellExecuteA,GetInputState,GetCurrentThreadId,PostThreadMessageA,GetMessageA,GetVersionExA,GetVersionExA,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,WaitForSingleObject,CloseHandle,Sleep,Sleep,StartServiceCtrlDispatcherA,StartServiceCtrlDispatcherA,Sleep,StartServiceCtrlDispatcherA,ExpandEnvironmentStringsA,wsprintfA,GetModuleFileNameA,CopyFileA,Sleep,WaitForSingleObject,CloseHandle,ExitProcess,_memset,SHGetSpecialFolderPathA,_memset,_sprintf,GetFileAttributesA,GetModuleFileNameA,_sprintf,DefineDosDeviceA,Sleep,CopyFileA,SetFileAttributesA,_sprintf,ShellExecuteA,ExitProcess,WaitForSingleObject,Sleep,WaitForSingleObject,CloseHandle,_memset,_sprintf,lstrlenA,WaitForSingleObject,CloseHandle,Sleep, |
0_2_10004470 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004470 fuckyou,URLDownloadToFileA,Sleep,ShellExecuteA,ShellExecuteA,GetInputState,GetCurrentThreadId,PostThreadMessageA,GetMessageA,GetVersionExA,GetVersionExA,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,WaitForSingleObject,CloseHandle,Sleep,Sleep,StartServiceCtrlDispatcherA,StartServiceCtrlDispatcherA,Sleep,StartServiceCtrlDispatcherA,ExpandEnvironmentStringsA,wsprintfA,GetModuleFileNameA,CopyFileA,Sleep,WaitForSingleObject,CloseHandle,ExitProcess,_memset,SHGetSpecialFolderPathA,_memset,_sprintf,GetFileAttributesA,GetModuleFileNameA,_sprintf,DefineDosDeviceA,Sleep,CopyFileA,SetFileAttributesA,_sprintf,ShellExecuteA,ExitProcess,WaitForSingleObject,Sleep,WaitForSingleObject,CloseHandle,_memset,_sprintf,lstrlenA,WaitForSingleObject,CloseHandle,Sleep, |
0_2_10004470 |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
String found in binary or memory: If you use save/load state for MDI tabs, you must override this method in a derived class! |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
String found in binary or memory: If you use save/load state for MDI tabs, you should override this method in a derived class! |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
String found in binary or memory: OIf you use save/load state for MDI tabs, you must override this method in a derived class! |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: oledlg.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: devenum.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: msdmo.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x258200 |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x163c00 |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_0090F320 LoadLibraryW,GetProcAddress,_getMemBlockDataString,lstrlenA,failwithmessage,failwithmessage, |
0_2_0090F320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004470 fuckyou,URLDownloadToFileA,Sleep,ShellExecuteA,ShellExecuteA,GetInputState,GetCurrentThreadId,PostThreadMessageA,GetMessageA,GetVersionExA,GetVersionExA,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,WaitForSingleObject,CloseHandle,Sleep,Sleep,StartServiceCtrlDispatcherA,StartServiceCtrlDispatcherA,Sleep,StartServiceCtrlDispatcherA,ExpandEnvironmentStringsA,wsprintfA,GetModuleFileNameA,CopyFileA,Sleep,WaitForSingleObject,CloseHandle,ExitProcess,_memset,SHGetSpecialFolderPathA,_memset,_sprintf,GetFileAttributesA,GetModuleFileNameA,_sprintf,DefineDosDeviceA,Sleep,CopyFileA,SetFileAttributesA,_sprintf,ShellExecuteA,ExitProcess,WaitForSingleObject,Sleep,WaitForSingleObject,CloseHandle,_memset,_sprintf,lstrlenA,WaitForSingleObject,CloseHandle,Sleep, |
0_2_10004470 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10004470 fuckyou,URLDownloadToFileA,Sleep,ShellExecuteA,ShellExecuteA,GetInputState,GetCurrentThreadId,PostThreadMessageA,GetMessageA,GetVersionExA,GetVersionExA,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,WaitForSingleObject,CloseHandle,Sleep,Sleep,StartServiceCtrlDispatcherA,StartServiceCtrlDispatcherA,Sleep,StartServiceCtrlDispatcherA,ExpandEnvironmentStringsA,wsprintfA,GetModuleFileNameA,CopyFileA,Sleep,WaitForSingleObject,CloseHandle,ExitProcess,_memset,SHGetSpecialFolderPathA,_memset,_sprintf,GetFileAttributesA,GetModuleFileNameA,_sprintf,DefineDosDeviceA,Sleep,CopyFileA,SetFileAttributesA,_sprintf,ShellExecuteA,ExitProcess,WaitForSingleObject,Sleep,WaitForSingleObject,CloseHandle,_memset,_sprintf,lstrlenA,WaitForSingleObject,CloseHandle,Sleep, |
0_2_10004470 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002190 SetupDiGetClassDevsA,SetupDiEnumDeviceInfo,GetLastError,SetupDiGetDeviceRegistryPropertyA,_memset,SetupDiGetDeviceRegistryPropertyA,GetLastError,GetLastError,GetLastError,LocalFree,SetupDiGetDeviceRegistryPropertyA,GetLastError,SetupDiSetClassInstallParamsA,GetLastError,SetupDiCallClassInstaller,GetLastError,SetupDiEnumDeviceInfo,GetLastError,SetupDiDestroyDeviceInfoList,SetLastError, |
0_2_10002190 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10001ED0 _memset,SHGetSpecialFolderPathA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,_memmove,FindNextFileA,FindNextFileA, |
0_2_10001ED0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10003160 _memset,lstrcpyA,lstrcpyA,lstrlenA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA,lstrlenA,gethostname,lstrlenA,getsockname,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,wsprintfA,wsprintfA,GlobalMemoryStatusEx,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,_memset,GetLastInputInfo,GetTickCount,lstrlenA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA, |
0_2_10003160 |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.00000000011E1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.00000000011E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.0000000001214000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459663986.00000000011B1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWdWndClassY |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_008DEEA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_008DEEA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_0090F320 LoadLibraryW,GetProcAddress,_getMemBlockDataString,lstrlenA,failwithmessage,failwithmessage, |
0_2_0090F320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_006D15D0 SetLastError,SetLastError,VirtualAlloc,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,SetLastError,VirtualFree,VirtualAlloc,_memmove,SetLastError, |
0_2_006D15D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_008DEEA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_008DEEA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_008ECF00 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_008ECF00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_1000B110 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_1000B110 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_1000BD36 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_1000BD36 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10002190 SetupDiGetClassDevsA,SetupDiEnumDeviceInfo,GetLastError,SetupDiGetDeviceRegistryPropertyA,_memset,SetupDiGetDeviceRegistryPropertyA,GetLastError,GetLastError,GetLastError,LocalFree,SetupDiGetDeviceRegistryPropertyA,GetLastError,SetupDiSetClassInstallParamsA,GetLastError,SetupDiCallClassInstaller,GetLastError,SetupDiEnumDeviceInfo,GetLastError,SetupDiDestroyDeviceInfoList,SetLastError, |
0_2_10002190 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_00908100 __get_timezone,__invoke_watson_if_error,__get_daylight,__invoke_watson_if_error,__get_dstbias,__invoke_watson_if_error,____lc_codepage_func,__getenv_helper_nolock,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_strlen,_strlen,_wcscpy_s,__invoke_watson_if_error,_strncpy_s,__invoke_watson_if_error,_strncpy_s,__invoke_watson_if_error, |
0_2_00908100 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe |
Code function: 0_2_10003160 _memset,lstrcpyA,lstrcpyA,lstrlenA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA,lstrlenA,gethostname,lstrlenA,getsockname,GetVersionExA,LoadLibraryW,GetProcAddress,FreeLibrary,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,wsprintfA,wsprintfA,GlobalMemoryStatusEx,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,_memset,GetLastInputInfo,GetTickCount,lstrlenA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA, |
0_2_10003160 |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: vsserv.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: avcenter.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: kxetray.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: cpf.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: avp.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: F-PROT.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: spidernt.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: F-PROT.EXE |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: rtvscan.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: nspupsvc.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: 360tray.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: ashDisp.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: TMBMSRV.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: SBAMSvc.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: a2guard.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: avgwdsvc.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: AYAgent.aye |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: vsmon.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: QUHLPSVC.EXE |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: RavMonD.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: MsMpEng.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: Mcshield.exe |
Source: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe, 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: K7TSecurity.exe |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.99228c.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.10000000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.6d0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe PID: 5680, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.99228c.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.10000000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.6d0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe PID: 5680, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.99228c.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.10000000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.6d0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe PID: 5680, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.99228c.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.10000000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe.6d0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3460334627.0000000010015000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3459358578.0000000000992000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exe PID: 5680, type: MEMORYSTR |