IOC Report
msimg32.dll

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\msimg32.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1

URLs

Name
IP
Malicious
http://www.openssl.org/support/faq.html....................
unknown
http://www.openssl.org/support/faq.html
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
1240000
heap
page read and write
10149000
unkown
page write copy
1013D000
unkown
page readonly
10154000
unkown
page write copy
10226000
unkown
page readonly
1230000
heap
page read and write
2B4E000
stack
page read and write
10110000
unkown
page execute read
2C3A000
heap
page read and write
34AF000
stack
page read and write
10162000
unkown
page readonly
333A000
heap
page read and write
10162000
unkown
page readonly
10001000
unkown
page execute read
4CAE000
stack
page read and write
10FB000
stack
page read and write
1330000
heap
page read and write
10226000
unkown
page readonly
1015F000
unkown
page write copy
10153000
unkown
page read and write
12CE000
stack
page read and write
7FC000
stack
page read and write
1015D000
unkown
page read and write
10149000
unkown
page write copy
1013D000
unkown
page readonly
10162000
unkown
page readonly
4E90000
heap
page read and write
2DCE000
stack
page read and write
10000000
unkown
page readonly
2E0F000
stack
page read and write
1013D000
unkown
page readonly
133F000
heap
page read and write
1015D000
unkown
page read and write
2D6F000
stack
page read and write
2AD0000
heap
page read and write
128E000
stack
page read and write
DEC000
stack
page read and write
4800000
heap
page read and write
10110000
unkown
page execute read
2B50000
heap
page read and write
2EB0000
heap
page read and write
1015D000
unkown
page read and write
2FF0000
heap
page read and write
10000000
unkown
page readonly
133B000
heap
page read and write
10149000
unkown
page write copy
1015F000
unkown
page write copy
2F7B000
stack
page read and write
152F000
stack
page read and write
101F2000
unkown
page readonly
10119000
unkown
page readonly
2AC0000
heap
page read and write
2E70000
heap
page read and write
101DE000
unkown
page readonly
10226000
unkown
page readonly
10154000
unkown
page write copy
101F2000
unkown
page readonly
10154000
unkown
page write copy
2F3C000
stack
page read and write
1015F000
unkown
page write copy
101DE000
unkown
page readonly
10119000
unkown
page readonly
10000000
unkown
page readonly
10001000
unkown
page execute read
2C30000
heap
page read and write
2FE0000
heap
page read and write
3330000
heap
page read and write
1150000
heap
page read and write
34C0000
heap
page read and write
32D0000
heap
page read and write
4CEF000
stack
page read and write
346E000
stack
page read and write
134D000
heap
page read and write
10153000
unkown
page read and write
2A5B000
stack
page read and write
10110000
unkown
page execute read
10148000
unkown
page readonly
1310000
heap
page read and write
10148000
unkown
page readonly
101F2000
unkown
page readonly
10001000
unkown
page execute read
10148000
unkown
page readonly
101DE000
unkown
page readonly
10119000
unkown
page readonly
10153000
unkown
page read and write
162F000
stack
page read and write
There are 76 hidden memdumps, click here to show them.