Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.MulDrop7.25259.29933.1105.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Mongoose\HTML\clientaccesspolicy.xml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Mongoose\mongoose-2.11.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Mongoose\mongoose.conf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Mongoose_log.txt
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Stand Alone CNP\Mongoose\Mongoose.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Stand Alone CNP\Mongoose\mongoose-2.11.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Stand Alone CNP\Mongoose\mongoose.conf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Stand Alone CNP\Mongoose\readme.txt.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Stand Alone CNP\Mongoose\mongoose.bat" "
|
|
|
|
C:\Windows\SysWOW64\PING.EXE
|
ping -n 5 127.0.0.1
|
|
|
|
C:\Windows\SysWOW64\PING.EXE
|
ping -n 5 127.0.0.1
|
|
|
|
C:\Windows\SysWOW64\PING.EXE
|
ping -n 5 127.0.0.1
|
|
|
|
C:\Windows\SysWOW64\PING.EXE
|
ping -n 5 127.0.0.1
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop7.25259.29933.1105.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop7.25259.29933.1105.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc stop mongoose
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc stop mongoose
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc delete mongoose echo 3:27:02.65
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc create Mongoose binPath= "c:\Mongoose\mongoose-2.11.exe --" start= auto
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc start mongoose
|
||
|
C:\Mongoose\mongoose-2.11.exe
|
c:\Mongoose\mongoose-2.11.exe --
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://localhost/clientaccesspolicy.xml
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://code.google.com/p/mongoose/wiki/MongooseManual
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A8F000
|
stack
|
page read and write
|
||
|
284E000
|
stack
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
437000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page read and write
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
EAF000
|
stack
|
page read and write
|
||
|
301C000
|
stack
|
page read and write
|
||
|
4BD000
|
heap
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4CC000
|
heap
|
page read and write
|
||
|
20CF000
|
stack
|
page read and write
|
||
|
19EE000
|
stack
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
28AE000
|
stack
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
1C6E000
|
stack
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
4B2000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
186F000
|
stack
|
page read and write
|
||
|
29FA000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
4A7000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
289D000
|
stack
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
263E000
|
stack
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
238E000
|
stack
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
1FC0000
|
heap
|
page read and write
|
||
|
25FF000
|
stack
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
26FF000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
437000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
24CD000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
2B2F000
|
stack
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
176E000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page readonly
|
||
|
13AF000
|
stack
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
19AF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1C2F000
|
stack
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
73E000
|
stack
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
311B000
|
stack
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
2A9B000
|
heap
|
page read and write
|
||
|
74A000
|
heap
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
48D000
|
heap
|
page read and write
|
||
|
1B2E000
|
stack
|
page read and write
|
||
|
4CC000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
4B2000
|
heap
|
page read and write
|
||
|
273E000
|
stack
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
1D6F000
|
stack
|
page read and write
|
||
|
1AEF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
126F000
|
stack
|
page read and write
|
||
|
6DF000
|
stack
|
page read and write
|
||
|
285D000
|
stack
|
page read and write
|
||
|
18AE000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
47BF000
|
stack
|
page read and write
|
||
|
2C5B000
|
heap
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1FC4000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
210E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
1F7F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
26AB000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
234D000
|
stack
|
page read and write
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
98000
|
stack
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
55E000
|
unkown
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
112F000
|
stack
|
page read and write
|
||
|
23FD000
|
stack
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
250E000
|
stack
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
1F80000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
4BD000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
288B000
|
heap
|
page read and write
|
||
|
172F000
|
stack
|
page read and write
|
||
|
4D2000
|
heap
|
page read and write
|
||
|
493C000
|
stack
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
268F000
|
stack
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
29BF000
|
stack
|
page read and write
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
AD3000
|
heap
|
page read and write
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
There are 163 hidden memdumps, click here to show them.