Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
S12.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\QQWER.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\602d46.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\602da4.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\60bae0.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\60bb2f.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 88 x 30 x 24, image size 7920, cbSize 7974, bits offset 54
|
dropped
|
||
|
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 113 x 35 x 24, image size 11900, cbSize 11954, bits offset 54
|
dropped
|
||
|
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 30 x 30 x 24, image size 2760, cbSize 2814, bits offset 54
|
dropped
|
||
|
C:\Users\user\Desktop\ .bmp
|
PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\Desktop\ .ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\CF1.bmp
|
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
|
dropped
|
||
|
C:\Users\user\Desktop\dt3.bmp
|
PC bitmap, Windows 3.x format, 35 x 20 x 24, image size 2160, cbSize 2214, bits offset 54
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\S12.exe
|
"C:\Users\user\Desktop\S12.exe"
|
|
|
|
C:\Users\user\Desktop\S12.exe
|
"C:\Users\user\Desktop\S12.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://82.156.239.188/123.txtxt1P
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
|
82.156.239.188
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt=
|
unknown
|
||
|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txty
|
unknown
|
||
|
http://ts-ocsp.ws.s
|
unknown
|
||
|
http://ts-ocsp.ws.symantec.
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt8E
|
unknown
|
||
|
https://ww(w.v
|
unknown
|
||
|
http://82.156.239.188/123.txt-2476756634-1003N
|
unknown
|
||
|
http://82.156.239.188/%E5%AD%98%E6%A1%A3/
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt:&B
|
unknown
|
||
|
http://82.156.239.188/%E7%89%88%E6%9C%AC%E6%9B%B4%E6%96%B0.txt
|
unknown
|
||
|
http://82.156.239.188/123.txtpP
|
unknown
|
||
|
http://ocsp.t
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txthttp://82.156.239.188/123.txt
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt2658-3693405117-2476756634-1003
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtmP
|
unknown
|
||
|
http://sf.symc
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt.
|
unknown
|
||
|
http://82.156.239.188/
|
unknown
|
||
|
http://82.156.239.188/-E
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtbP
|
unknown
|
||
|
http://82.156.239.188/123.txtz
|
unknown
|
||
|
http://82.156.239.188/123.txt
|
82.156.239.188
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txth
|
unknown
|
||
|
http://82.156.239.188/123.txtxt
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt0
|
unknown
|
||
|
http://82.156.239.188/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtwsock.dll.mui1
|
unknown
|
||
|
http://82.156.239.188/123.txtu
|
unknown
|
There are 20 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
82.156.239.188
|
unknown
|
China
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BCE000
|
stack
|
page read and write
|
||
|
3059000
|
heap
|
page read and write
|
||
|
2F0D000
|
heap
|
page execute and read and write
|
||
|
2FA2000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page execute and read and write
|
||
|
ACF000
|
heap
|
page read and write
|
||
|
30A9000
|
heap
|
page read and write
|
||
|
8E5000
|
unkown
|
page readonly
|
||
|
53C000
|
unkown
|
page readonly
|
||
|
519C000
|
stack
|
page read and write
|
||
|
AEB000
|
heap
|
page read and write
|
||
|
2B71000
|
heap
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
53C000
|
unkown
|
page readonly
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
30AE000
|
heap
|
page read and write
|
||
|
7EB000
|
unkown
|
page readonly
|
||
|
A76000
|
heap
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
AC6000
|
heap
|
page read and write
|
||
|
7EB000
|
unkown
|
page readonly
|
||
|
2C74000
|
heap
|
page execute and read and write
|
||
|
92000
|
stack
|
page read and write
|
||
|
2A13000
|
heap
|
page read and write
|
||
|
2A96000
|
heap
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
794000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
2EA4000
|
heap
|
page read and write
|
||
|
7C3000
|
unkown
|
page read and write
|
||
|
8ED000
|
unkown
|
page readonly
|
||
|
2904000
|
heap
|
page read and write
|
||
|
796000
|
unkown
|
page write copy
|
||
|
2E95000
|
heap
|
page execute and read and write
|
||
|
28B0000
|
heap
|
page execute and read and write
|
||
|
CDA000
|
heap
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
2E67000
|
heap
|
page execute and read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
92000
|
stack
|
page read and write
|
||
|
7A9000
|
unkown
|
page read and write
|
||
|
2B3C000
|
heap
|
page read and write
|
||
|
2839000
|
heap
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
297B000
|
heap
|
page read and write
|
||
|
2994000
|
heap
|
page read and write
|
||
|
2AAF000
|
heap
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
79F000
|
unkown
|
page read and write
|
||
|
2C92000
|
heap
|
page execute and read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7E3000
|
unkown
|
page read and write
|
||
|
7A0000
|
unkown
|
page write copy
|
||
|
29A1000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
CC4000
|
heap
|
page read and write
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
796000
|
unkown
|
page write copy
|
||
|
2730000
|
heap
|
page read and write
|
||
|
2ABC000
|
heap
|
page read and write
|
||
|
30AF000
|
heap
|
page read and write
|
||
|
7A9000
|
unkown
|
page write copy
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
2B48000
|
heap
|
page read and write
|
||
|
ACF000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
945000
|
heap
|
page read and write
|
||
|
792000
|
unkown
|
page write copy
|
||
|
674000
|
unkown
|
page readonly
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
2ADD000
|
heap
|
page read and write
|
||
|
2B6D000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
76A000
|
unkown
|
page readonly
|
||
|
7E9000
|
unkown
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
8ED000
|
unkown
|
page readonly
|
||
|
674000
|
unkown
|
page readonly
|
||
|
C68000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
76A000
|
unkown
|
page readonly
|
||
|
D0D000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
51AC000
|
stack
|
page read and write
|
||
|
2B85000
|
heap
|
page read and write
|
||
|
2C96000
|
heap
|
page execute and read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
792000
|
unkown
|
page write copy
|
||
|
7B5000
|
unkown
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
2BEC000
|
heap
|
page execute and read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
773000
|
unkown
|
page readonly
|
||
|
1003A000
|
direct allocation
|
page execute and read and write
|
||
|
773000
|
unkown
|
page readonly
|
||
|
4FEB000
|
stack
|
page read and write
|
||
|
2C71000
|
heap
|
page execute and read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
2744000
|
heap
|
page read and write
|
||
|
792000
|
unkown
|
page write copy
|
||
|
2B92000
|
heap
|
page read and write
|
||
|
3548000
|
heap
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
291C000
|
heap
|
page read and write
|
||
|
792000
|
unkown
|
page write copy
|
||
|
373F000
|
stack
|
page read and write
|
||
|
2AB8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
ACF000
|
heap
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
291E000
|
heap
|
page read and write
|
||
|
2BFD000
|
heap
|
page execute and read and write
|
||
|
C94000
|
heap
|
page read and write
|
||
|
7EB000
|
unkown
|
page readonly
|
||
|
3A8E000
|
stack
|
page read and write
|
||
|
CCC000
|
heap
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
299F000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A47000
|
heap
|
page read and write
|
||
|
7E9000
|
unkown
|
page read and write
|
||
|
2774000
|
heap
|
page read and write
|
||
|
76A000
|
unkown
|
page readonly
|
||
|
4D9F000
|
stack
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
7B6000
|
unkown
|
page read and write
|
||
|
7A9000
|
unkown
|
page read and write
|
||
|
CE9000
|
heap
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
511F000
|
stack
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
76A000
|
unkown
|
page readonly
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
53C000
|
unkown
|
page readonly
|
||
|
1003A000
|
direct allocation
|
page execute and read and write
|
||
|
2D2A000
|
heap
|
page execute and read and write
|
||
|
2E24000
|
heap
|
page execute and read and write
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2F6F000
|
heap
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
7EB000
|
unkown
|
page readonly
|
||
|
AA2000
|
heap
|
page read and write
|
||
|
2DBF000
|
heap
|
page execute and read and write
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
8ED000
|
unkown
|
page readonly
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
A97000
|
heap
|
page read and write
|
||
|
3598000
|
heap
|
page read and write
|
||
|
383F000
|
stack
|
page read and write
|
||
|
2EDF000
|
heap
|
page execute and read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
512F000
|
stack
|
page read and write
|
||
|
C8D000
|
heap
|
page read and write
|
||
|
C4E000
|
heap
|
page read and write
|
||
|
773000
|
unkown
|
page readonly
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
2A9F000
|
heap
|
page read and write
|
||
|
7A5000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
388F000
|
stack
|
page read and write
|
||
|
306D000
|
heap
|
page read and write
|
||
|
2742000
|
heap
|
page read and write
|
||
|
2C6B000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
2B74000
|
heap
|
page read and write
|
||
|
674000
|
unkown
|
page readonly
|
||
|
287D000
|
heap
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
2CF7000
|
heap
|
page execute and read and write
|
||
|
273E000
|
heap
|
page read and write
|
||
|
8E5000
|
unkown
|
page readonly
|
||
|
7A9000
|
unkown
|
page write copy
|
||
|
CC5000
|
heap
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
306B000
|
heap
|
page read and write
|
||
|
2ABF000
|
heap
|
page read and write
|
||
|
8E5000
|
unkown
|
page readonly
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
8E5000
|
unkown
|
page readonly
|
||
|
C3E000
|
heap
|
page read and write
|
||
|
2D9B000
|
heap
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
930000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
CC8000
|
heap
|
page read and write
|
||
|
53C000
|
unkown
|
page readonly
|
||
|
2B44000
|
heap
|
page execute and read and write
|
||
|
2F64000
|
heap
|
page read and write
|
||
|
2735000
|
heap
|
page read and write
|
||
|
4FDB000
|
stack
|
page read and write
|
||
|
674000
|
unkown
|
page readonly
|
||
|
CC5000
|
heap
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
2D26000
|
heap
|
page execute and read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
7A0000
|
unkown
|
page write copy
|
||
|
52AE000
|
stack
|
page read and write
|
||
|
2C64000
|
heap
|
page execute and read and write
|
||
|
378F000
|
stack
|
page read and write
|
||
|
CC1000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
30B2000
|
heap
|
page read and write
|
||
|
D1C000
|
heap
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
2FB9000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7A7000
|
unkown
|
page write copy
|
||
|
8ED000
|
unkown
|
page readonly
|
||
|
A80000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
2842000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
2A49000
|
heap
|
page read and write
|
||
|
7A7000
|
unkown
|
page write copy
|
||
|
7E3000
|
unkown
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
79F000
|
unkown
|
page read and write
|
||
|
C00000
|
heap
|
page execute and read and write
|
||
|
2E20000
|
heap
|
page execute and read and write
|
||
|
2F99000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
773000
|
unkown
|
page readonly
|
||
|
2F11000
|
heap
|
page execute and read and write
|
||
|
7A5000
|
unkown
|
page read and write
|
||
|
2B95000
|
heap
|
page read and write
|
||
|
2A4D000
|
heap
|
page read and write
|
||
|
2B45000
|
heap
|
page read and write
|
||
|
794000
|
unkown
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
502E000
|
stack
|
page read and write
|
||
|
A9C000
|
heap
|
page read and write
|
||
|
CFD000
|
heap
|
page read and write
|
||
|
398F000
|
stack
|
page read and write
|
||
|
287B000
|
heap
|
page read and write
|
||
|
2972000
|
heap
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
D03000
|
heap
|
page read and write
|
||
|
7C3000
|
unkown
|
page read and write
|
||
|
10000000
|
direct allocation
|
page execute and read and write
|
||
|
3064000
|
heap
|
page read and write
|
||
|
2EEC000
|
heap
|
page execute and read and write
|
||
|
2F6D000
|
heap
|
page read and write
|
||
|
30B8000
|
heap
|
page read and write
|
||
|
CC4000
|
heap
|
page read and write
|
||
|
2EEF000
|
heap
|
page execute and read and write
|
There are 264 hidden memdumps, click here to show them.