Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.MSIL.Rozena.9214.20581.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Rozena.9214.20581.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Rozena.9214.20581.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://html4/loose.dtd
|
unknown
|
||
|
https://github.com/love2d/love-android/releases/download/11.5a/love-11.5-android-embed.apk7love-11.5
|
unknown
|
||
|
https://github.com/blake502/balatro-apk-maker/releases/download/Additional-Tools-1.0/Balatro-APK-Pat
|
unknown
|
||
|
https://aka.ms/dotnet/info
|
unknown
|
||
|
https://aka.ms/dotnet/download%s%sInstall
|
unknown
|
||
|
https://dl.google.com/android/repository/platform-tools-latest-windows.zip
|
unknown
|
||
|
https://aka.ms/dotnet-illink/com
|
unknown
|
||
|
https://javadl.oracle.com/webapps/download/AutoDL?BundleId=249553_4d245f941845490c91360409ecffb3b4%j
|
unknown
|
||
|
https://aka.ms/dotnet/app-launch-failed
|
unknown
|
||
|
https://javadl.oracle.com/webapps/download/AutoDL?BundleId=249553_4d245f941845490c91360409ecffb3b4
|
unknown
|
||
|
https://github.com/patrickfav/uber-apk-signer/releases/download/v1.3.0/uber-apk-signer-1.3.0.jar
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
https://aka.ms/dotnet/app-launch-failedRequired:
|
unknown
|
||
|
https://aka.ms/dotnet-core-applaunch?
|
unknown
|
||
|
https://aka.ms/dotnet-illink/com)
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
||
|
https://github.com/blake502/balatro-apk-maker/releases/download/Additional-Tools-1.0/7za.exe9Extract
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
|
unknown
|
||
|
https://aka.ms/dotnet-warnings/
|
unknown
|
||
|
https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe)python-installer.exe)Installing
|
unknown
|
||
|
https://github.com/blake502/balatro-apk-maker/releases/download/Additional-Tools-1.0/balatro-base.ip
|
unknown
|
||
|
https://aka.ms/nativeaot-compatibility
|
unknown
|
||
|
https://aka.ms/dotnet/sdk-not-found
|
unknown
|
||
|
https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe
|
unknown
|
||
|
https://aka.ms/binaryformatter
|
unknown
|
||
|
https://aka.ms/GlobalizationInvariantMode
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.9.3.jar
|
unknown
|
||
|
https://aka.ms/dotnet-illink/nativehost
|
unknown
|
||
|
https://aka.ms/dotnet/download
|
unknown
|
There are 21 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A72B480000
|
heap
|
page read and write
|
||
|
7FF6D5490000
|
direct allocation
|
page execute read
|
||
|
2A72B5CA000
|
heap
|
page read and write
|
||
|
7FF7353E0000
|
unkown
|
page read and write
|
||
|
7FF6D5564000
|
direct allocation
|
page read and write
|
||
|
7FF6D5620000
|
direct allocation
|
page read and write
|
||
|
7FF6D561C000
|
direct allocation
|
page read and write
|
||
|
2A72B568000
|
heap
|
page read and write
|
||
|
7FF6D5550000
|
direct allocation
|
page read and write
|
||
|
7FF6D56AC000
|
direct allocation
|
page read and write
|
||
|
2E7C2110000
|
heap
|
page read and write
|
||
|
7FF6D5518000
|
direct allocation
|
page execute read
|
||
|
7FF6D554C000
|
direct allocation
|
page read and write
|
||
|
7FF6D5510000
|
direct allocation
|
page execute read
|
||
|
7FF6D5530000
|
direct allocation
|
page read and write
|
||
|
7FF7353CE000
|
unkown
|
page read and write
|
||
|
7FF735425000
|
unkown
|
page readonly
|
||
|
2A72B53C000
|
heap
|
page read and write
|
||
|
7FF7353E5000
|
unkown
|
page read and write
|
||
|
7FF6D5610000
|
direct allocation
|
page execute read
|
||
|
7FF7353D8000
|
unkown
|
page read and write
|
||
|
7FF6D5674000
|
direct allocation
|
page read and write
|
||
|
2A72CE40000
|
heap
|
page read and write
|
||
|
7FF6D55F4000
|
direct allocation
|
page read and write
|
||
|
7FF6D563C000
|
direct allocation
|
page read and write
|
||
|
7FF6D5678000
|
direct allocation
|
page execute read
|
||
|
7FF6D5680000
|
direct allocation
|
page read and write
|
||
|
2A72B55A000
|
heap
|
page read and write
|
||
|
7FF735420000
|
unkown
|
page readonly
|
||
|
2A72B581000
|
heap
|
page read and write
|
||
|
7FF6D5650000
|
direct allocation
|
page read and write
|
||
|
2A72B588000
|
heap
|
page read and write
|
||
|
7FF6D55F0000
|
direct allocation
|
page execute read
|
||
|
2A72B4F0000
|
heap
|
page readonly
|
||
|
2E740FBF000
|
direct allocation
|
page read and write
|
||
|
7FF7353E7000
|
unkown
|
page readonly
|
||
|
2E7C1D10000
|
direct allocation
|
page read and write
|
||
|
7FF7353CC000
|
unkown
|
page write copy
|
||
|
7FF6D5630000
|
direct allocation
|
page read and write
|
||
|
7FF6D5548000
|
direct allocation
|
page execute read
|
||
|
2A72B56C000
|
heap
|
page read and write
|
||
|
2A72CF60000
|
unclassified section
|
page read and write
|
||
|
CA13574000
|
stack
|
page read and write
|
||
|
7FF6D54E3000
|
direct allocation
|
page read and write
|
||
|
2A72B515000
|
heap
|
page read and write
|
||
|
7FF6D5690000
|
direct allocation
|
page read and write
|
||
|
7FF6D54A4000
|
direct allocation
|
page read and write
|
||
|
7FF6D5500000
|
direct allocation
|
page read and write
|
||
|
7FF6D5544000
|
direct allocation
|
page read and write
|
||
|
7FF7353C7000
|
unkown
|
page read and write
|
||
|
7FF6D5570000
|
direct allocation
|
page execute read
|
||
|
7FF6D5600000
|
direct allocation
|
page read and write
|
||
|
CA13CFE000
|
stack
|
page read and write
|
||
|
2A72B500000
|
unclassified section
|
page read and write
|
||
|
CA139FE000
|
stack
|
page read and write
|
||
|
7FF6D551C000
|
direct allocation
|
page read and write
|
||
|
2A72B569000
|
heap
|
page read and write
|
||
|
2A72B577000
|
heap
|
page read and write
|
||
|
2A72B4C0000
|
direct allocation
|
page read and write
|
||
|
2A72B4B0000
|
unclassified section
|
page read and write
|
||
|
2A72B5F2000
|
heap
|
page read and write
|
||
|
7FF6D5524000
|
direct allocation
|
page read and write
|
||
|
7FF7353E7000
|
unkown
|
page readonly
|
||
|
2A72B607000
|
heap
|
page read and write
|
||
|
2A72B530000
|
heap
|
page read and write
|
||
|
7FF7353DB000
|
unkown
|
page read and write
|
||
|
7FF6D5640000
|
direct allocation
|
page execute read
|
||
|
7FF6D55FC000
|
direct allocation
|
page read and write
|
||
|
CA13B7E000
|
stack
|
page read and write
|
||
|
2A72CF80000
|
heap
|
page execute and read and write
|
||
|
2A72CE20000
|
unkown
|
page readonly
|
||
|
2A72CF40000
|
unkown
|
page readonly
|
||
|
7FF735249000
|
unkown
|
page readonly
|
||
|
7FF735420000
|
unkown
|
page readonly
|
||
|
2A72B569000
|
heap
|
page read and write
|
||
|
7FF6D56A8000
|
direct allocation
|
page execute read
|
||
|
7FF734C30000
|
unkown
|
page readonly
|
||
|
7FF734C31000
|
unkown
|
page execute read
|
||
|
7FF6D56A4000
|
direct allocation
|
page read and write
|
||
|
7FF6D56B0000
|
direct allocation
|
page read and write
|
||
|
7FF6D54C0000
|
direct allocation
|
page read and write
|
||
|
7FF6D56C4000
|
direct allocation
|
page read and write
|
||
|
2A72CE30000
|
heap
|
page read and write
|
||
|
7FF6D5648000
|
direct allocation
|
page execute read
|
||
|
2A72D000000
|
direct allocation
|
page read and write
|
||
|
7FF734C31000
|
unkown
|
page execute read
|
||
|
7FF6D5520000
|
direct allocation
|
page execute read
|
||
|
2A72B460000
|
heap
|
page read and write
|
||
|
7FF6D56C0000
|
direct allocation
|
page execute read
|
||
|
7FF734C30000
|
unkown
|
page readonly
|
||
|
7FF6D5540000
|
direct allocation
|
page execute read
|
||
|
7FF6D55F8000
|
direct allocation
|
page execute read
|
||
|
2A72B380000
|
heap
|
page read and write
|
||
|
7FF6D5560000
|
direct allocation
|
page read and write
|
||
|
7FF6D5670000
|
direct allocation
|
page execute read
|
||
|
2A72CF38000
|
heap
|
page read and write
|
||
|
7FF6D5514000
|
direct allocation
|
page read and write
|
||
|
2A72CDF0000
|
unkown
|
page readonly
|
||
|
2A72CF2F000
|
heap
|
page read and write
|
||
|
2A72B536000
|
heap
|
page read and write
|
||
|
2A72B510000
|
heap
|
page read and write
|
||
|
2A72F800000
|
direct allocation
|
page read and write
|
||
|
7FF7353C7000
|
unkown
|
page write copy
|
||
|
2E7C1AC0000
|
unkown
|
page readonly
|
||
|
7FF6D552C000
|
direct allocation
|
page read and write
|
||
|
2A72B573000
|
heap
|
page read and write
|
||
|
7FF6D567C000
|
direct allocation
|
page read and write
|
||
|
7FF6D5660000
|
direct allocation
|
page read and write
|
||
|
7FF6D54D8000
|
direct allocation
|
page read and write
|
||
|
7FF6D5618000
|
direct allocation
|
page execute read
|
||
|
7FF6D5528000
|
direct allocation
|
page execute read
|
||
|
7FF735425000
|
unkown
|
page readonly
|
||
|
7FF735249000
|
unkown
|
page readonly
|
||
|
7FF6D56A0000
|
direct allocation
|
page execute read
|
||
|
7FF6D5644000
|
direct allocation
|
page read and write
|
||
|
7FF6D54C9000
|
direct allocation
|
page read and write
|
||
|
7FF6D54B0000
|
direct allocation
|
page read and write
|
||
|
2A72CF35000
|
heap
|
page read and write
|
||
|
7FF6D564C000
|
direct allocation
|
page read and write
|
||
|
7FF6D54F1000
|
direct allocation
|
page read and write
|
||
|
7FF6D5614000
|
direct allocation
|
page read and write
|
||
|
2A72CDD0000
|
unkown
|
page readonly
|
There are 112 hidden memdumps, click here to show them.