Source: topgamecheats.dev |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/vidar.exe |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/build.dll# |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/index.php?scr=1 |
Virustotal: Detection: 21% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/index.php |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/build.dll |
Virustotal: Detection: 22% |
Perma Link |
Source: topgamecheats.dev/j4Fvskd3/index.php |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dll |
Virustotal: Detection: 11% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dlly |
Virustotal: Detection: 20% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/index.php: |
Virustotal: Detection: 20% |
Perma Link |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: topgamecheats.dev |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: /j4Fvskd3/index.php |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: S-%lu- |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: 154561dcbf |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Dctooux.exe |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Startup |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: rundll32 |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Programs |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: %USERPROFILE% |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: http:// |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: https:// |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: /Plugins/ |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: &unit= |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: shell32.dll |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: kernel32.dll |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: GetNativeSystemInfo |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ProgramData\ |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: AVAST Software |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Kaspersky Lab |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Panda Security |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Doctor Web |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: 360TotalSecurity |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Bitdefender |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Norton |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Sophos |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Comodo |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: WinDefender |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: 0123456789 |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ------ |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ?scr=1 |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ComputerName |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: -unicode- |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: VideoID |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ProductName |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: CurrentBuild |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: rundll32.exe |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: "taskkill /f /im " |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: " && timeout 1 && del |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: && Exit" |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: " && ren |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: Powershell.exe |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: shutdown -s -t 0 |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: random |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ~L$v(g |
Source: 20.2.Dctooux.exe.4930e67.1.raw.unpack |
String decryptor: ~L$v(g |
Source: C:\Users\user\Desktop\C4v61Eu50U.exe |
Unpacked PE file: 0.2.C4v61Eu50U.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe |
Unpacked PE file: 20.2.Dctooux.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe |
Unpacked PE file: 28.2.Dctooux.exe.400000.0.unpack |
Source: Traffic |
Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49745 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 93.123.39.96:80 -> 192.168.2.4:49745 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49745 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49752 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49753 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.4:49757 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49758 -> 93.123.39.96:80 |