IOC Report
SecuriteInfo.com.Adware.Downware.20477.12113.8703.exe

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Adware.Downware.20477.12113.8703.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Users\user\AppData\Local\Temp\RarSFX0\start.hta
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
data
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\7z.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\7z.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\Xr5XVue.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\anim.gif
GIF image data, version 89a, 500 x 27
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\gam-page.html
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\gtea.vbs
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\gteb.vbs
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\gtec.vbs
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\icon.ico
MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\icon.png
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\icons.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\img\log-game.png
PNG image data, 171 x 33, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\img\logo-offer.png
PNG image data, 171 x 211, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\img\master-logo.png
PNG image data, 191 x 422, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\img\screen-002-min.png
PNG image data, 1125 x 586, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\last-page.html
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\o9iQbd0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\setup.exe
PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\vid-31.txt
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\RarSFX0\ya-page.html
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 14 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20477.12113.8703.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20477.12113.8703.exe"
 malicious
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\AppData\Local\Temp\RarSFX0\start.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
malicious
C:\Users\user\AppData\Local\Temp\RarSFX0\Xr5XVue.exe
"C:\Users\user\AppData\Local\Temp\RarSFX0\Xr5XVue.exe" -O o9iQbd0.exe https://download.yandex.ru/yandex-pack/downloader/downloader.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://download.yF
unknown
https://dr.yandex.net/strm
unknown
https://openbox.su/app1/K
unknown
https://www.openssl.org/docs/faq.html
unknown
https://dr2.yandex.net/strm
unknown
https://yandex.com0
unknown
https://cachev2-fra-02.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/downloader.exe?lid=299
5.45.200.105
http://www.gnu.org/licenses/gpl.html
unknown
http://netpreserve.org/warc/1.0/revisit/identical-payload-digest
unknown
http://www.metalinker.org/typedynamicoriginurn:ietf:params:xml:ns:metalinktagsidentityfilesfilenames
unknown
http://www.metalinker.org/
unknown
https://download.yandex.ru/yandex-pack/downloader/downloader.exe
5.45.205.243
http://netpreserve.org/warc/1.0/revisit/identical-payload-digestWARC-ProfilelengthWARC-Truncatedappl
unknown
http://bibnum.bnf.fr/WARC/WARC_ISO_28500_version1_latestdraft.pdf
unknown
https://openbox.su/app1/
unknown
There are 5 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn.yandex.net
5.45.205.243
cachev2-fra-02.cdn.yandex.net
5.45.200.105
download.yandex.ru
unknown

IPs

IP
Domain
Country
Malicious
5.45.200.105
cachev2-fra-02.cdn.yandex.net
Russian Federation
5.45.205.243
cdn.yandex.net
Russian Federation

Registry

Path
Value
Malicious
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\SysWOW64\mshta.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\SysWOW64\mshta.exe.ApplicationCompany

Memdumps

Base Address
Regiontype
Protect
Malicious
6904000
trusted library allocation
page read and write
6B5000
heap
page read and write
5420000
trusted library allocation
page read and write
6A0000
heap
page read and write
F5B000
heap
page read and write
67CE000
heap
page read and write
6A9E000
stack
page read and write
53A8000
trusted library allocation
page read and write
687000
unkown
page write copy
67E000
unkown
page write copy
A584000
heap
page read and write
51E0000
heap
page read and write
B212000
trusted library allocation
page read and write
53D8000
trusted library allocation
page read and write
6BD0000
trusted library allocation
page execute
323B000
heap
page read and write
67F1000
heap
page read and write
F60000
heap
page read and write
6D1000
heap
page read and write
5BCE000
stack
page read and write
A5BA000
heap
page read and write
F61000
heap
page read and write
53B2000
trusted library allocation
page read and write
675B000
heap
page read and write
F0000
heap
page read and write
2144000
heap
page read and write
52E0000
heap
page read and write
6A5F000
stack
page read and write
5CCE000
stack
page read and write
6914000
trusted library allocation
page read and write
6851000
trusted library allocation
page read and write
F6000
heap
page read and write
53B0000
trusted library allocation
page read and write
53FE000
trusted library allocation
page read and write
A54C000
trusted library allocation
page read and write
3318000
heap
page read and write
53F8000
trusted library allocation
page read and write
890000
heap
page read and write
67F8000
heap
page read and write
3328000
heap
page read and write
401000
unkown
page execute read
3230000
heap
page read and write
6E2000
unkown
page readonly
759000
unkown
page write copy
6750000
heap
page read and write
F57000
heap
page read and write
3340000
heap
page read and write
3FD0000
trusted library allocation
page read and write
9B000
stack
page read and write
2240000
trusted library section
page read and write
68AE000
stack
page read and write
F60000
heap
page read and write
659E000
stack
page read and write
A555000
trusted library allocation
page read and write
6BC000
heap
page read and write
F20000
heap
page read and write
F2B000
heap
page read and write
2260000
trusted library section
page read and write
695E000
stack
page read and write
4C0000
heap
page read and write
57EB000
stack
page read and write
67E000
unkown
page read and write
3376000
heap
page read and write
F61000
heap
page read and write
6BB000
heap
page read and write
A599000
heap
page read and write
53F0000
trusted library allocation
page read and write
400000
unkown
page readonly
BCD0000
trusted library allocation
page read and write
5300000
trusted library allocation
page read and write
67F1000
heap
page read and write
42A000
unkown
page readonly
67F1000
heap
page read and write
68B000
unkown
page readonly
2250000
trusted library section
page read and write
A5B1000
heap
page read and write
F2D000
heap
page read and write
BB12000
heap
page read and write
450000
heap
page read and write
A589000
heap
page read and write
5397000
heap
page read and write
3311000
heap
page read and write
40F000
unkown
page write copy
67BC000
heap
page read and write
3274000
heap
page read and write
A5A1000
heap
page read and write
40F000
unkown
page read and write
9E0000
heap
page read and write
A659000
heap
page read and write
70F0000
trusted library section
page read and write
7FE00000
trusted library allocation
page execute read
67E7000
heap
page read and write
A2E000
heap
page read and write
67E4000
heap
page read and write
67E5000
heap
page read and write
22D4000
heap
page read and write
36F6000
heap
page read and write
40D000
unkown
page readonly
56AB000
stack
page read and write
32AF000
heap
page read and write
F5F000
heap
page read and write
A2B000
heap
page read and write
2D7F000
stack
page read and write
593B000
stack
page read and write
100000
heap
page read and write
A57B000
heap
page read and write
400000
unkown
page readonly
5A7B000
stack
page read and write
6BF000
heap
page read and write
6755000
heap
page read and write
4B0000
heap
page read and write
53D0000
trusted library allocation
page read and write
99E000
stack
page read and write
67EB000
heap
page read and write
2ECA000
stack
page read and write
5404000
trusted library allocation
page read and write
A5F5000
heap
page read and write
68B000
unkown
page readonly
A65B000
heap
page read and write
A670000
trusted library allocation
page read and write
2C7E000
stack
page read and write
6D4F000
stack
page read and write
5CD0000
heap
page read and write
A7C0000
heap
page read and write
BCC0000
trusted library allocation
page read and write
67DD000
heap
page read and write
A548000
trusted library allocation
page read and write
6855000
trusted library allocation
page read and write
1096000
heap
page read and write
53BC000
trusted library allocation
page read and write
5A3E000
stack
page read and write
440000
heap
page read and write
51EF000
heap
page read and write
67D0000
heap
page read and write
A60D000
heap
page read and write
105E000
stack
page read and write
3245000
heap
page read and write
6FDE000
stack
page read and write
6906000
trusted library allocation
page read and write
330C000
heap
page read and write
53AC000
trusted library allocation
page read and write
BAB0000
trusted library allocation
page read and write
4C6000
heap
page read and write
5390000
heap
page read and write
32C6000
heap
page read and write
2FC7000
stack
page read and write
67FF000
heap
page read and write
5406000
trusted library allocation
page read and write
6E2000
unkown
page readonly
6867000
trusted library allocation
page read and write
2AFE000
stack
page read and write
F57000
heap
page read and write
67D8000
heap
page read and write
53E0000
trusted library allocation
page read and write
53CA000
trusted library allocation
page read and write
49DF000
stack
page read and write
6C4E000
stack
page read and write
A66B000
heap
page read and write
5D60000
trusted library allocation
page read and write
6B9F000
stack
page read and write
5604000
heap
page read and write
3330000
heap
page read and write
57AC000
stack
page read and write
3304000
heap
page read and write
67A7000
heap
page read and write
681000
unkown
page read and write
53B8000
trusted library allocation
page read and write
400000
unkown
page readonly
2D20000
heap
page read and write
109C000
heap
page read and write
A5E3000
heap
page read and write
A5D9000
heap
page read and write
9DE000
stack
page read and write
A660000
heap
page read and write
A7D0000
trusted library allocation
page read and write
565F000
stack
page read and write
A7BF000
stack
page read and write
F5B000
heap
page read and write
1090000
heap
page read and write
53FC000
trusted library allocation
page read and write
683000
heap
page read and write
53DA000
trusted library allocation
page read and write
A6BE000
stack
page read and write
BAE0000
heap
page read and write
330A000
heap
page read and write
2820000
trusted library allocation
page read and write
75A000
unkown
page write copy
68FF000
stack
page read and write
539E000
heap
page read and write
67CB000
heap
page read and write
53AA000
trusted library allocation
page read and write
690B000
trusted library allocation
page read and write
669E000
stack
page read and write
2BFF000
stack
page read and write
A7C0000
trusted library allocation
page read and write
A00000
heap
page read and write
A656000
heap
page read and write
A580000
heap
page read and write
A570000
heap
page read and write
5B7D000
stack
page read and write
401000
unkown
page execute read
680000
unkown
page write copy
32B2000
heap
page read and write
751000
unkown
page read and write
5418000
trusted library allocation
page read and write
42A000
unkown
page readonly
68A000
unkown
page read and write
5410000
trusted library allocation
page read and write
22D0000
heap
page read and write
3370000
heap
page read and write
427000
unkown
page read and write
6804000
heap
page read and write
3315000
heap
page read and write
18F000
stack
page read and write
3251000
heap
page read and write
7FDF1000
trusted library allocation
page execute read
6FA000
heap
page read and write
401000
unkown
page execute read
328F000
heap
page read and write
96000
stack
page read and write
6EDB000
stack
page read and write
94B0000
trusted library section
page readonly
3283000
heap
page read and write
189000
stack
page read and write
6EA000
heap
page read and write
7100000
trusted library section
page read and write
67D5000
heap
page read and write
670000
heap
page read and write
BAC0000
heap
page read and write
2C3E000
stack
page read and write
2810000
heap
page read and write
6857000
trusted library allocation
page read and write
53C8000
trusted library allocation
page read and write
F6C000
heap
page read and write
6860000
trusted library allocation
page read and write
898000
heap
page read and write
5310000
trusted library allocation
page read and write
67C7000
heap
page read and write
6B5000
heap
page read and write
D1F000
stack
page read and write
5600000
heap
page read and write
BB27000
heap
page read and write
6D9000
heap
page read and write
94AC000
stack
page read and write
6787000
heap
page read and write
67B000
heap
page read and write
48DF000
stack
page read and write
F5B000
heap
page read and write
93AE000
stack
page read and write
691D000
trusted library allocation
page read and write
540C000
trusted library allocation
page read and write
32F9000
heap
page read and write
539A000
heap
page read and write
67E3000
heap
page read and write
109E000
heap
page read and write
F1F000
stack
page read and write
7110000
trusted library section
page read and write
1E0000
heap
page read and write
6804000
heap
page read and write
36F0000
heap
page read and write
2F70000
heap
page read and write
51E6000
heap
page read and write
A20000
heap
page read and write
BAB0000
trusted library allocation
page read and write
53BA000
trusted library allocation
page read and write
A57C000
heap
page read and write
51E4000
heap
page read and write
400000
unkown
page readonly
A541000
trusted library allocation
page read and write
6B1000
heap
page read and write
5340000
heap
page read and write
6918000
trusted library allocation
page read and write
5393000
heap
page read and write
6901000
trusted library allocation
page read and write
55FE000
stack
page read and write
70DD000
trusted library allocation
page read and write
7FDE1000
trusted library allocation
page execute read
54B0000
heap
page read and write
58EF000
stack
page read and write
F6B000
heap
page read and write
540A000
trusted library allocation
page read and write
6D9000
heap
page read and write
32FE000
heap
page read and write
36FA000
heap
page read and write
95C000
stack
page read and write
53AE000
trusted library allocation
page read and write
40D000
unkown
page readonly
2140000
heap
page read and write
401000
unkown
page execute read
There are 279 hidden memdumps, click here to show them.