IOC Report
SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
C:\Users\user\AppData\Local\Temp\nsf620C.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe"

URLs

Name
IP
Malicious
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
unknown
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
unknown
http://nsis.sf.net/NSIS_Error
unknown
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
unknown
https://www.ssl.com/repository0
unknown
http://ocsps.ssl.com0?
unknown
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
unknown
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
unknown
http://ocsps.ssl.com0
unknown
http://sslcom.ocsp-certum.com08
unknown
http://sslcom.crl.certum.pl/ctnca.crl0s
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://www.certum.pl/CPS0
unknown
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
unknown
http://sslcom.repository.certum.pl/ctnca.cer0:
unknown
There are 5 hidden URLs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7E1000
heap
page read and write
75A000
heap
page read and write
75E000
heap
page read and write
7D8000
heap
page read and write
7E1000
heap
page read and write
233E000
stack
page read and write
401000
unkown
page execute read
2235000
heap
page read and write
7E1000
heap
page read and write
19A000
stack
page read and write
400000
unkown
page readonly
79F000
heap
page read and write
10005000
unkown
page readonly
7D6000
heap
page read and write
7E1000
heap
page read and write
10003000
unkown
page readonly
7E1000
heap
page read and write
7E1000
heap
page read and write
23A0000
heap
page read and write
7E1000
heap
page read and write
7DC000
heap
page read and write
750000
heap
page read and write
7E1000
heap
page read and write
23A4000
heap
page read and write
434000
unkown
page read and write
2960000
trusted library allocation
page read and write
409000
unkown
page read and write
7E1000
heap
page read and write
7E1000
heap
page read and write
21E0000
heap
page read and write
21D0000
heap
page read and write
401000
unkown
page execute read
7E1000
heap
page read and write
7E1000
heap
page read and write
7E1000
heap
page read and write
7D3000
heap
page read and write
7E1000
heap
page read and write
21B0000
heap
page read and write
6F0000
heap
page read and write
10000000
unkown
page readonly
409000
unkown
page write copy
7E1000
heap
page read and write
2E60000
trusted library allocation
page read and write
27EF000
stack
page read and write
439000
unkown
page readonly
2230000
heap
page read and write
797000
heap
page read and write
10001000
unkown
page execute read
400000
unkown
page readonly
5A0000
heap
page read and write
7E1000
heap
page read and write
7E1000
heap
page read and write
42C000
unkown
page read and write
5A6000
heap
page read and write
7E1000
heap
page read and write
407000
unkown
page readonly
407000
unkown
page readonly
7D4000
heap
page read and write
439000
unkown
page readonly
7E1000
heap
page read and write
7E1000
heap
page read and write
74E000
stack
page read and write
7E1000
heap
page read and write
7E1000
heap
page read and write
7E1000
heap
page read and write
450000
heap
page read and write
98000
stack
page read and write
212E000
stack
page read and write
2239000
heap
page read and write
420000
unkown
page read and write
79B000
heap
page read and write
530000
heap
page read and write
7E1000
heap
page read and write
There are 63 hidden memdumps, click here to show them.