Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.7582093340859695
Filename:	SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Filesize:	1885792
MD5:	8248611347661c3ea4f8e27335cd1700
SHA1:	91e8b00f747f551edc43da93586f555cb98bb28d
SHA256:	59f4ae1f38b93b1303c37894f8bce134d2f75e6404bee7509a97b951c824b5bd
SHA512:	55dff5c0d6b5c61e8a42247c73a563bd7ebfab608e3d8b0e6232e36b0c27cbc1ba967d01f5984e1c10d17c703b36b540f54b24bf0eaf693bd6c43223ffcd471e
SSDEEP:	49152:z3p2AwR6DvD5XGok+XU7jKALad+YvlYkUhLn2hz7lLq:z3MV6DvUohM2AktvlYhD2hz5Lq
Preview:	MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........p..B...B...B.....`.W.....b.......c.].....V.E....y..X....d..I....x..L....y..d....y......Ki..G...Ki..g...B........x..3....d..V..

Signature Hits	Behavior Group	Mitre Attack
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Contains functionality to read the PEB	Anti Debugging
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables security privileges	System Summary
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information Obfuscated Files or Information
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to read ini properties file for application configuration	Persistence and Installation Behavior
Contains functionality to register its own exception handler	Anti Debugging
Creates mutexes	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Public key (encryption) found	Cryptography
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads ini files	System Summary
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary	File and Directory Discovery
Sample might require command line arguments	System Summary	Security Software Discovery
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Writes ini files	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\ProgramData\AomeiMB\FTSetup.ini

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\AomeiMB\FTSetup.ini
Category:	dropped
Dump:	FTSetup.ini.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.756022958953036
Encrypted:	false
Ssdeep:	3:1ERWAXgF6A01Vxh+W5GKE2UMn:1qWx6A011pYKEVM
Size:	67
Whitelisted:	false
Reputation:	low

C:\ProgramData\AomeiMB\MBConfig.ini

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\AomeiMB\MBConfig.ini
Category:	dropped
Dump:	MBConfig.ini.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.8041484247609643
Encrypted:	false
Ssdeep:	3:YlvQ5Y2sn:CvQ62s
Size:	31
Whitelisted:	false
Reputation:	low

C:\ProgramData\AomeiMB\usercfg.ini

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\AomeiMB\usercfg.ini
Category:	dropped
Dump:	usercfg.ini.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.666127159347986
Encrypted:	false
Ssdeep:	3:urTkpB01Vxh+W5GKE2UMn:ga011pYKEVM
Size:	59
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Reads ini files	System Summary	File and Directory Discovery
Writes ini files	System Summary	File and Directory Discovery

C:\Users\user\AppData\Local\Temp\73d343e3-d818-4d96-909f-e3854b686899\43a355-daemon-20240419-0734.log

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\73d343e3-d818-4d96-909f-e3854b686899\43a355-daemon-20240419-0734.log
Category:	dropped
Dump:	43a355-daemon-20240419-0734.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.492562938676203
Encrypted:	false
Ssdeep:	6:Q+nCSuw4kV8fb3/lCu+pcValmDMxk7Oro8aplWEUwJ9Dov:Q+nCkV8Twu+pr8DQk7Sz6pRJxG
Size:	240
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\97ccea83-52aa-455f-9ae6-4693882dff99.ini

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\97ccea83-52aa-455f-9ae6-4693882dff99.ini
Category:	dropped
Dump:	97ccea83-52aa-455f-9ae6-4693882dff99.ini.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.873753772917447
Encrypted:	false
Ssdeep:	3:1EaLgFNqF6A01Vxh+W5GKE2UMn:1Bkq6A011pYKEVM
Size:	87
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe

"C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7532
Target ID:	0
Parent PID:	2580
Name:	SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe"
Size:	1885792
MD5:	8248611347661C3EA4F8E27335CD1700
Time:	06:25:56
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xa40000
Modulesize:	5201920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Public key (encryption) found	Cryptography	Archive Collected Data
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://www.jiyu-kobo.co.jp/://w

unknown

https://www.fonetool.com/campaign/download-latest-version.html

unknown

https://www.fonetool.com/campaign/download-latest-version.htmluz

unknown

https://www.fonetool.com/de/campaign/uninstall-completed.html

unknown

https://www.fonetool.com/campaign/thanks-install.html?edition=onFree

unknown

https://www.fonetool.comd

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniW

unknown

https://www.fonetool.com/it/campaign/uninstall-c

unknown

https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFree

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniUa6

unknown

https://www.fonetool.com/campaign/upgrade-now.html?sourc~z

unknown

https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFreeN

unknown

https://www.fonetool.com/es

unknown

https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeZa9

unknown

https://www.fonetool.com

unknown

https://www.fonetool.com/ded

unknown

http://www.jiyu-kobo.co.jp//ta

unknown

http://www.fontbureau.com/designers

unknown

https://www.fonetool.com/de/campaign/thanks-install.html?edition=off%s

unknown

https://www.fonetool.com/tw/

unknown

https://www.fonetool.com/es/campaign/download-latest-version.html

unknown

https://www.fonetool.com/fr/campaign/uninstall-completed.html

unknown

http://www.sajatypeworks.com

unknown

http://www.jiyu-kobo.co.jp/9

unknown

http://www.founder.com.cn/cn/cThe

unknown

https://www.fonetool.com/jp/campaign/download-latest-version.html

unknown

http://www.jiyu-kobo.co.jp/7

unknown

https://www.fonetool.com/fo

unknown

http://www.jiyu-kobo.co.jp/6

unknown

https://www.fonetool.com/tw/campaign/thanks-install.html?edition=off%s

unknown

http://www.jiyu-kobo.co.jp/4

unknown

https://www.fonetool.com/fr

unknown

http://www.jiyu-kobo.co.jp/0

unknown

https://www.fonetool.com/it/campaign/thanks-install.html?edition=onFreej

unknown

http://www2.aomeisoftware.com/download/mbackup/setups/MBackupper_setup.exehttp://www2.aomeisoftware.

unknown

https://www.fonetool.com/de/campaign/uninstall-completed.htmlO

unknown

https://www.fonetool.com/de/campaign/upgrade-now.html?source=

unknown

https://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exe

unknown

http://www.galapagosdesign.com/DPlease

unknown

http://www.jiyu-kobo.co.jp/Y0

unknown

https://www.fonetool.com/fr/

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inij

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inii

unknown

http://www.urwpp.deDPlease

unknown

http://www.zhongyicts.com.cn

unknown

https://www.fonetool.com/campaign/download-latest-version.htmlup

unknown

https://www.fonetool.com/es/campaign/uninstall-completed.html6~

unknown

https://www.fonetool.com/es/campaign/upgrade-now.html?source=

unknown

https://www.fonetool.com/fr/ux-improvement-program.html

unknown

https://b.aomeisoftware.com/api/v2/soft/collect

unknown

https://www.fonetool.com/fr/campaign/upgrade-now.html?source=

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inim

unknown

http://www.jiyu-kobo.co.jp/W

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniJx

unknown

https://www.fonetool.com/campaign/uninstall-completed.htmlR~2

unknown

https://www.aomeitech.com/mbackupper/thanks-install.html?ver=onstd

unknown

https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeq

unknown

https://mobile.ubackup.com/

unknown

https://www.fonetool.com/es/

unknown

https://www.fonetool.com/jp/d

unknown

https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exer

unknown

https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%sw

unknown

http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exes

unknown

https://www.fonetool.com/jp/campaign/thanks-install.html?edition=off%s

unknown

https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeGa

unknown

https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeo

unknown

https://www.fonetool.com/de

unknown

https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%s

unknown

http://www.carterandcone.coml

unknown

https://www.fonetool.com/campaign/uninstall-completed.htmlu

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.ini

unknown

https://www.fonetool.com/fr/campaign/thanks-install.html?edition=onFree

unknown

https://www.fonetool.com/it/campaign/thanks-install.html?edition=off%s

unknown

https://www.fonetool.com/tw

unknown

https://www.fonetool.com/tw/ux-improvement-program.html

unknown

http://www.jiyu-kobo.co.jp/x

unknown

http://www.monotype.4

unknown

http://www.fontbureau.com/designers/frere-user.html

unknown

https://www.fonetool.com/campaign/download-latest-version.html0y

unknown

https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniub

unknown

http://www.jiyu-kobo.co.jp/s

unknown

https://www.fonetool.com/es/campaign/thanks-install.html?edition=onFree

unknown

http://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exe

unknown

https://www.fonetool.com/fr/campaign/thanks-install.html?edition=off%s

unknown

https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeax/

unknown

http://www.fontbureau.com/0

unknown

https://www.fonetool.com/tw/campaign/uninstall-completed.html

unknown

http://www.jiyu-kobo.co.jp/j

unknown

https://www.fonetool.com4

unknown

https://www.fonetool.com/it/campaign/download-latest-version.htmlV

unknown

http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exea

unknown

http://www.fontbureau.com/jp/

unknown

https://www.fonetool.com/jp/E

unknown

https://www.fonetool.com/twO

unknown

https://www.aomeitech.com/101004

unknown

https://www.fonetool.com/tw/campaign/download-latest-version.html

unknown

https://a.aomeisoftware.com/api/v2/soft/collect

unknown

https://www.fonetool.com/de/campaign/thanks-install.html?edition=onFree

unknown

http://www.fontbureau.com/designersG

unknown

There are 90 hidden URLs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2EF5000

heap

page read and write

2EAB000

stack

page read and write

2EF5000

heap

page read and write

2EF6000

heap

page read and write

2ED3000

heap

page read and write

2ED5000

heap

page read and write

A40000

unkown

page readonly

2EF8000

heap

page read and write

115A000

heap

page read and write

2EF6000

heap

page read and write

1130000

heap

page read and write

4949000

heap

page read and write

2F28000

heap

page read and write

2ED1000

heap

page read and write

2F16000

heap

page read and write

2EC8000

heap

page read and write

2EF5000

heap

page read and write

494D000

heap

page read and write

2EE8000

heap

page read and write

2EC4000

heap

page read and write

2EF5000

heap

page read and write

2F2E000

heap

page read and write

2EF8000

heap

page read and write

2ECC000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EE0000

heap

page read and write

4948000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

4949000

heap

page read and write

1177000

heap

page read and write

119C000

heap

page read and write

2EF6000

heap

page read and write

4955000

heap

page read and write

2EEF000

heap

page read and write

2EF5000

heap

page read and write

2EF7000

heap

page read and write

2EC0000

heap

page read and write

2ED8000

heap

page read and write

494C000

heap

page read and write

2D65000

heap

page read and write

1138000

heap

page read and write

1147000

heap

page read and write

2EEE000

heap

page read and write

2F28000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

4959000

heap

page read and write

2EEE000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EFA000

heap

page read and write

494C000

heap

page read and write

2EF5000

heap

page read and write

495C000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

1129000

heap

page read and write

2EF8000

heap

page read and write

4950000

heap

page read and write

2EF6000

heap

page read and write

2EF5000

heap

page read and write

494C000

heap

page read and write

2EC8000

heap

page read and write

2F03000

heap

page read and write

2EFB000

heap

page read and write

494C000

heap

page read and write

2ED8000

heap

page read and write

EFB000

unkown

page read and write

2ED3000

heap

page read and write

2F2E000

heap

page read and write

2EE8000

heap

page read and write

2EF0000

heap

page read and write

2ED8000

heap

page read and write

2EF8000

heap

page read and write

2EE5000

heap

page read and write

4959000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EF8000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

1118000

heap

page read and write

2ED2000

heap

page read and write

2EDB000

heap

page read and write

2EF1000

heap

page read and write

2EF8000

heap

page read and write

2EF8000

heap

page read and write

2EDB000

heap

page read and write

1136000

heap

page read and write

4948000

heap

page read and write

2EDD000

heap

page read and write

2EF6000

heap

page read and write

495C000

heap

page read and write

1120000

heap

page read and write

2EDD000

heap

page read and write

2EFF000

heap

page read and write

4948000

heap

page read and write

9E0000

trusted library allocation

page read and write

2F2A000

heap

page read and write

2F28000

heap

page read and write

2EF8000

heap

page read and write

2EE9000

heap

page read and write

2ED8000

heap

page read and write

1133000

heap

page read and write

2EE5000

heap

page read and write

4949000

heap

page read and write

1119000

heap

page read and write

2F28000

heap

page read and write

2EF8000

heap

page read and write

2EE5000

heap

page read and write

2EE5000

heap

page read and write

2EF8000

heap

page read and write

2EFC000

heap

page read and write

2EFB000

heap

page read and write

2F2F000

heap

page read and write

2EE5000

heap

page read and write

4948000

heap

page read and write

2EF5000

heap

page read and write

1123000

heap

page read and write

141D000

stack

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

4DA0000

trusted library allocation

page read and write

2EDD000

heap

page read and write

2EEF000

heap

page read and write

110F000

heap

page read and write

2EFB000

heap

page read and write

2ED3000

heap

page read and write

494C000

heap

page read and write

2EF5000

heap

page read and write

2EC4000

heap

page read and write

2ED4000

heap

page read and write

494C000

heap

page read and write

2F2E000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EF0000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

1437000

heap

page read and write

2ED4000

heap

page read and write

2EF8000

heap

page read and write

2EEE000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2ED8000

heap

page read and write

2EE9000

heap

page read and write

10A0000

heap

page read and write

1182000

heap

page read and write

2F2A000

heap

page read and write

4959000

heap

page read and write

2EEE000

heap

page read and write

2EF8000

heap

page read and write

2EE5000

heap

page read and write

2F04000

heap

page read and write

2EF8000

heap

page read and write

2EF7000

heap

page read and write

2EE0000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2ED8000

heap

page read and write

114B000

heap

page read and write

2EF8000

heap

page read and write

9E0000

trusted library allocation

page read and write

2ED8000

heap

page read and write

9C0000

heap

page read and write

2EF5000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EF8000

heap

page read and write

2EF8000

heap

page read and write

2EF5000

heap

page read and write

114F000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EE4000

heap

page read and write

2EFD000

heap

page read and write

2ED8000

heap

page read and write

4949000

heap

page read and write

2F0B000

heap

page read and write

2EE4000

heap

page read and write

4948000

heap

page read and write

2F2E000

heap

page read and write

2EDB000

heap

page read and write

2EEE000

heap

page read and write

2EFA000

heap

page read and write

4949000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2EF8000

heap

page read and write

2F2E000

heap

page read and write

2F01000

heap

page read and write

1420000

trusted library section

page readonly

1149000

heap

page read and write

2EF8000

heap

page read and write

2EDB000

heap

page read and write

2EF0000

heap

page read and write

2EF7000

heap

page read and write

4955000

heap

page read and write

2EF0000

heap

page read and write

2EF7000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EC5000

heap

page read and write

494B000

heap

page read and write

2EF5000

heap

page read and write

4B0F000

stack

page read and write

2EF8000

heap

page read and write

2EF8000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EDC000

heap

page read and write

2F01000

heap

page read and write

2EF0000

heap

page read and write

2ED8000

heap

page read and write

2EFA000

heap

page read and write

1010000

trusted library allocation

page read and write

2EE9000

heap

page read and write

2EEE000

heap

page read and write

2EE5000

heap

page read and write

2ECD000

heap

page read and write

2F2A000

heap

page read and write

2F28000

heap

page read and write

2EDD000

heap

page read and write

2EFF000

heap

page read and write

2EF5000

heap

page read and write

2ECD000

heap

page read and write

2EE5000

heap

page read and write

1080000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EF7000

heap

page read and write

2EFD000

heap

page read and write

2EF8000

heap

page read and write

2EF5000

heap

page read and write

2EF4000

heap

page read and write

4948000

heap

page read and write

2EF8000

heap

page read and write

4949000

heap

page read and write

5770000

trusted library allocation

page read and write

58EE000

stack

page read and write

2F33000

heap

page read and write

2EDC000

heap

page read and write

2EEE000

heap

page read and write

4949000

heap

page read and write

2EF0000

heap

page read and write

10A8000

heap

page read and write

2EDB000

heap

page read and write

2EF7000

heap

page read and write

2EF8000

heap

page read and write

2EDB000

heap

page read and write

2EE3000

heap

page read and write

2EF5000

heap

page read and write

2EFB000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2ECB000

heap

page read and write

2EF5000

heap

page read and write

A40000

unkown

page readonly

EF9000

unkown

page execute and write copy

4954000

heap

page read and write

2F28000

heap

page read and write

2EF8000

heap

page read and write

2EE5000

heap

page read and write

2F03000

heap

page read and write

2EF5000

heap

page read and write

2ED4000

heap

page read and write

2EDB000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EDD000

heap

page read and write

4959000

heap

page read and write

2EDB000

heap

page read and write

2D10000

heap

page read and write

2EF8000

heap

page read and write

2F1D000

heap

page read and write

2EF5000

heap

page read and write

2EDD000

heap

page read and write

2EFC000

heap

page read and write

2EF5000

heap

page read and write

4948000

heap

page read and write

2EE5000

heap

page read and write

2EE5000

heap

page read and write

1430000

heap

page read and write

4959000

heap

page read and write

4959000

heap

page read and write

116D000

heap

page read and write

2EEE000

heap

page read and write

2EE3000

heap

page read and write

2ECC000

heap

page read and write

2EF5000

heap

page read and write

2ED8000

heap

page read and write

9B0000

heap

page read and write

2EDA000

heap

page read and write

2EF8000

heap

page read and write

4959000

heap

page read and write

2EF5000

heap

page read and write

10DA000

heap

page read and write

2F28000

heap

page read and write

495C000

heap

page read and write

E56000

unkown

page execute and read and write

2EE4000

heap

page read and write

2EFD000

heap

page read and write

2ED5000

heap

page read and write

4949000

heap

page read and write

495C000

heap

page read and write

2EDD000

heap

page read and write

4959000

heap

page read and write

1128000

heap

page read and write

2ED8000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2ED8000

heap

page read and write

2F02000

heap

page read and write

2ED5000

heap

page read and write

2EF5000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EDC000

heap

page read and write

2EEE000

heap

page read and write

2F02000

heap

page read and write

2EF8000

heap

page read and write

2EF6000

heap

page read and write

4959000

heap

page read and write

2EE8000

heap

page read and write

2EC4000

heap

page read and write

4910000

heap

page read and write

2EFB000

heap

page read and write

2DA3000

heap

page read and write

2EF5000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

4959000

heap

page read and write

2ED8000

heap

page read and write

494C000

heap

page read and write

2EDC000

heap

page read and write

4937000

heap

page read and write

2EEE000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

4948000

heap

page read and write

10E4000

heap

page read and write

494D000

heap

page read and write

2EF8000

heap

page read and write

495C000

heap

page read and write

4948000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EDF000

heap

page read and write

43F2000

trusted library allocation

page read and write

2EF8000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

4948000

heap

page read and write

2EF5000

heap

page read and write

2EF6000

heap

page read and write

2EF6000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EE6000

heap

page read and write

2ED6000

heap

page read and write

4948000

heap

page read and write

2EF5000

heap

page read and write

2EF6000

heap

page read and write

2EF8000

heap

page read and write

2EF5000

heap

page read and write

4948000

heap

page read and write

2EF5000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EF5000

heap

page read and write

2ECC000

heap

page read and write

2ED8000

heap

page read and write

2ED8000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

1010000

trusted library allocation

page read and write

855000

stack

page read and write

2EDB000

heap

page read and write

EFA000

unkown

page execute and read and write

2EF8000

heap

page read and write

4EA0000

trusted library allocation

page read and write

2EF5000

heap

page read and write

10AE000

heap

page read and write

2ED4000

heap

page read and write

49F0000

trusted library allocation

page read and write

2EDB000

heap

page read and write

2EF7000

heap

page read and write

2EEE000

heap

page read and write

2EF5000

heap

page read and write

494C000

heap

page read and write

1146000

heap

page read and write

2EF8000

heap

page read and write

2EE5000

heap

page read and write

2ED0000

heap

page read and write

A36000

heap

page read and write

2EE5000

heap

page read and write

2EF6000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EF4000

heap

page read and write

2F19000

heap

page read and write

2EF8000

heap

page read and write

495C000

heap

page read and write

2F04000

heap

page read and write

5770000

trusted library allocation

page read and write

495C000

heap

page read and write

4D90000

trusted library allocation

page read and write

1138000

heap

page read and write

2ED6000

heap

page read and write

2EDB000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EDD000

heap

page read and write

2ECC000

heap

page read and write

4959000

heap

page read and write

494C000

heap

page read and write

2EDB000

heap

page read and write

2ED1000

heap

page read and write

2F2E000

heap

page read and write

2EDB000

heap

page read and write

2EB0000

heap

page read and write

2F05000

heap

page read and write

2EE0000

heap

page read and write

2EF6000

heap

page read and write

2EF8000

heap

page read and write

2EF0000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EDC000

heap

page read and write

494C000

heap

page read and write

2EF6000

heap

page read and write

2EDB000

heap

page read and write

2EF8000

heap

page read and write

2ED4000

heap

page read and write

2EDB000

heap

page read and write

2EE0000

heap

page read and write

2F2E000

heap

page read and write

2EE5000

heap

page read and write

2EF5000

heap

page read and write

2EE8000

heap

page read and write

EE3000

unkown

page execute and read and write

2EF5000

heap

page read and write

2EFA000

heap

page read and write

2EF3000

heap

page read and write

5770000

trusted library allocation

page read and write

2ED8000

heap

page read and write

113B000

heap

page read and write

2ECC000

heap

page read and write

2EFA000

heap

page read and write

2EF8000

heap

page read and write

2EFC000

heap

page read and write

58AF000

stack

page read and write

2EEE000

heap

page read and write

494C000

heap

page read and write

2F05000

heap

page read and write

2ED8000

heap

page read and write

4948000

heap

page read and write

2EF9000

heap

page read and write

2EF8000

heap

page read and write

2F02000

heap

page read and write

2EF0000

heap

page read and write

2EDD000

heap

page read and write

2EDC000

heap

page read and write

2F2A000

heap

page read and write

2ED5000

heap

page read and write

1170000

heap

page read and write

2EF5000

heap

page read and write

4959000

heap

page read and write

495C000

heap

page read and write

D74000

unkown

page execute and write copy

2EF5000

heap

page read and write

2EDD000

heap

page read and write

2EDE000

heap

page read and write

2EE7000

heap

page read and write

4955000

heap

page read and write

5770000

trusted library allocation

page read and write

13DB000

stack

page read and write

2ED1000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EEE000

heap

page read and write

2F2E000

heap

page read and write

2D00000

heap

page read and write

2EDB000

heap

page read and write

2EDD000

heap

page read and write

2EF5000

heap

page read and write

2ED8000

heap

page read and write

2EF7000

heap

page read and write

2EF8000

heap

page read and write

495C000

heap

page read and write

2EF8000

heap

page read and write

2EF8000

heap

page read and write

2EED000

heap

page read and write

2ED8000

heap

page read and write

1109000

heap

page read and write

2ED1000

heap

page read and write

59F0000

trusted library allocation

page read and write

2EF5000

heap

page read and write

2EE4000

heap

page read and write

EFB000

unkown

page write copy

2ED4000

heap

page read and write

2EF7000

heap

page read and write

43D0000

trusted library allocation

page read and write

4950000

heap

page read and write

59F0000

trusted library allocation

page read and write

2CDD000

stack

page read and write

2F01000

heap

page read and write

2ED3000

heap

page read and write

4949000

heap

page read and write

2EDA000

heap

page read and write

2ED4000

heap

page read and write

2EF5000

heap

page read and write

2ECC000

heap

page read and write

2EC9000

heap

page read and write

2ED4000

heap

page read and write

2EE8000

heap

page read and write

2EDB000

heap

page read and write

2EF1000

heap

page read and write

2EFA000

heap

page read and write

2ED8000

heap

page read and write

4948000

heap

page read and write

4948000

heap

page read and write

4949000

heap

page read and write

4954000

heap

page read and write

2ED4000

heap

page read and write

2EF8000

heap

page read and write

57AE000

stack

page read and write

112A000

heap

page read and write

2EDC000

heap

page read and write

2EF6000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EF8000

heap

page read and write

2EFE000

heap

page read and write

2EF5000

heap

page read and write

2ED0000

heap

page read and write

2EF5000

heap

page read and write

2F26000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

2EDD000

heap

page read and write

2ECF000

heap

page read and write

2EF5000

heap

page read and write

4948000

heap

page read and write

2EF4000

heap

page read and write

2EF5000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2ED8000

heap

page read and write

E29000

unkown

page execute and read and write

2D80000

trusted library allocation

page read and write

959000

stack

page read and write

2EE2000

heap

page read and write

2EEE000

heap

page read and write

2EF4000

heap

page read and write

2ED6000

heap

page read and write

495C000

heap

page read and write

5770000

trusted library allocation

page read and write

2EF6000

heap

page read and write

2EF8000

heap

page read and write

2EF4000

heap

page read and write

2EDB000

heap

page read and write

2EF5000

heap

page read and write

4956000

heap

page read and write

2EF8000

heap

page read and write

59F0000

trusted library allocation

page read and write

2DA0000

heap

page read and write

494C000

heap

page read and write

2D5E000

stack

page read and write

2EF5000

heap

page read and write

59EF000

stack

page read and write

2EFC000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EF8000

heap

page read and write

2ECB000

heap

page read and write

59F0000

trusted library allocation

page read and write

4949000

heap

page read and write

2EC4000

heap

page read and write

4959000

heap

page read and write

2EDB000

heap

page read and write

2F02000

heap

page read and write

2EF5000

heap

page read and write

4932000

heap

page read and write

2EDB000

heap

page read and write

1010000

trusted library allocation

page read and write

2EF7000

heap

page read and write

2EF5000

heap

page read and write

2EF8000

heap

page read and write

2ED1000

heap

page read and write

1169000

heap

page read and write

2EDB000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EF5000

heap

page read and write

2EF6000

heap

page read and write

1010000

trusted library allocation

page read and write

2EEE000

heap

page read and write

2EF5000

heap

page read and write

A41000

unkown

page execute and read and write

2EFA000

heap

page read and write

2EF5000

heap

page read and write

2F2A000

heap

page read and write

4E95000

trusted library allocation

page read and write

2EF6000

heap

page read and write

2EFA000

heap

page read and write

2EE0000

heap

page read and write

2EDB000

heap

page read and write

2EFA000

heap

page read and write

2EDB000

heap

page read and write

2EE5000

heap

page read and write

2ECF000

heap

page read and write

2F01000

heap

page read and write

494C000

heap

page read and write

1139000

heap

page read and write

2ED1000

heap

page read and write

9D0000

trusted library allocation

page read and write

2EE9000

heap

page read and write

2EF5000

heap

page read and write

2F28000

heap

page read and write

4945000

heap

page read and write

A30000

heap

page read and write

2ED2000

heap

page read and write

4948000

heap

page read and write

1126000

heap

page read and write

2EF5000

heap

page read and write

2EDB000

heap

page read and write

2EF8000

heap

page read and write

2D60000

heap

page read and write

2EF5000

heap

page read and write

9E0000

trusted library allocation

page read and write

2EFD000

heap

page read and write

There are 632 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe

Files

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe