Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GBdBwlllKF.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\246122658369
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\Tasks\Dctooux.job
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GBdBwlllKF.exe
|
"C:\Users\user\Desktop\GBdBwlllKF.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
"C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://91.202.233.180/g88sks2SaM/index.php?scr=1
|
91.202.233.180
|
|
|
|
http://91.202.233.180/g88sks2SaM/index.php
|
91.202.233.180
|
|
|
|
http://91.202.233.180/g88sks2SaM/index.php8369
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.phpHg
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.phpoded%g
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.php83693g
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.php5_
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.phpded
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.phpdows
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.phpyV
|
unknown
|
||
|
http://91.202.233.180/g88sks2SaM/index.php?scr=16ms
|
unknown
|
There are 1 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.202.233.180
|
unknown
|
Russian Federation
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D31000
|
unkown
|
page execute read
|
|
|
|
601000
|
unkown
|
page execute read
|
|
|
|
601000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
D31000
|
unkown
|
page execute read
|
|
|
|
407A000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
4993000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
4FA000
|
stack
|
page read and write
|
||
|
4020000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
652000
|
unkown
|
page readonly
|
||
|
66C000
|
stack
|
page read and write
|
||
|
3FDA000
|
heap
|
page read and write
|
||
|
40C0000
|
heap
|
page read and write
|
||
|
40EA000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
939000
|
heap
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
3816000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
4090000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
409A000
|
heap
|
page read and write
|
||
|
4E96000
|
heap
|
page read and write
|
||
|
B8F000
|
stack
|
page read and write
|
||
|
4995000
|
heap
|
page read and write
|
||
|
499C000
|
heap
|
page read and write
|
||
|
11BF000
|
heap
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
1BE000
|
stack
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
409A000
|
heap
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
3815000
|
heap
|
page read and write
|
||
|
957000
|
heap
|
page read and write
|
||
|
2426000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
40C0000
|
heap
|
page read and write
|
||
|
98D000
|
heap
|
page read and write
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
402A000
|
heap
|
page read and write
|
||
|
242A000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
4995000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
3E9C000
|
heap
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
96F000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
91E000
|
heap
|
page read and write
|
||
|
4CC000
|
stack
|
page read and write
|
||
|
D98000
|
unkown
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
1340000
|
heap
|
page read and write
|
||
|
499E000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
600000
|
unkown
|
page readonly
|
||
|
304A000
|
heap
|
page read and write
|
||
|
600000
|
unkown
|
page readonly
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
4994000
|
heap
|
page read and write
|
||
|
410A000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
40B0000
|
heap
|
page read and write
|
||
|
939000
|
heap
|
page read and write
|
||
|
4998000
|
heap
|
page read and write
|
||
|
4994000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4997000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
96F000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
180F000
|
stack
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
379E000
|
stack
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
11B000
|
stack
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
4100000
|
heap
|
page read and write
|
||
|
40BA000
|
heap
|
page read and write
|
||
|
3D7C000
|
stack
|
page read and write
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
40FA000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
96E000
|
heap
|
page read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
665000
|
unkown
|
page write copy
|
||
|
930000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
4100000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
916000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page write copy
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
170E000
|
stack
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
96C000
|
heap
|
page read and write
|
||
|
11F7000
|
heap
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
4090000
|
heap
|
page read and write
|
||
|
40C0000
|
heap
|
page read and write
|
||
|
737000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
66A000
|
unkown
|
page readonly
|
||
|
604C000
|
stack
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
76C000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
665000
|
unkown
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
D1F000
|
stack
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
5CC000
|
stack
|
page read and write
|
||
|
1DE000
|
stack
|
page read and write
|
||
|
3E81000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
4996000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
120B000
|
heap
|
page read and write
|
||
|
445B000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page write copy
|
||
|
170000
|
heap
|
page read and write
|
||
|
405A000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
10C000
|
stack
|
page read and write
|
||
|
967000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
402A000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
959000
|
heap
|
page read and write
|
||
|
D97000
|
unkown
|
page write copy
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
780000
|
heap
|
page read and write
|
||
|
121C000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
FCC000
|
stack
|
page read and write
|
||
|
D95000
|
unkown
|
page write copy
|
||
|
4994000
|
heap
|
page read and write
|
||
|
CBF000
|
stack
|
page read and write
|
||
|
1209000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
4994000
|
heap
|
page read and write
|
||
|
11BF000
|
heap
|
page read and write
|
||
|
5F0E000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
96F000
|
heap
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
D98000
|
unkown
|
page read and write
|
||
|
4020000
|
heap
|
page read and write
|
||
|
8F2000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
4050000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
D97000
|
unkown
|
page write copy
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
4090000
|
heap
|
page read and write
|
||
|
234F000
|
stack
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
3E80000
|
heap
|
page read and write
|
||
|
40E0000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
4B3E000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
180000
|
heap
|
page read and write
|
||
|
D98000
|
unkown
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
40A0000
|
heap
|
page read and write
|
||
|
D97000
|
unkown
|
page write copy
|
||
|
499A000
|
heap
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
41A0000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
4070000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
D98000
|
unkown
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
3E7C000
|
stack
|
page read and write
|
||
|
40CA000
|
heap
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
4992000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
614C000
|
stack
|
page read and write
|
||
|
40A0000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
11EF000
|
heap
|
page read and write
|
||
|
40AA000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
911000
|
heap
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
409A000
|
heap
|
page read and write
|
||
|
40FA000
|
heap
|
page read and write
|
||
|
667000
|
unkown
|
page write copy
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
40CA000
|
heap
|
page read and write
|
||
|
1517000
|
heap
|
page read and write
|
||
|
939000
|
heap
|
page read and write
|
||
|
3B1F000
|
stack
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page write copy
|
||
|
499D000
|
heap
|
page read and write
|
||
|
D97000
|
unkown
|
page write copy
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
375E000
|
stack
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
40AA000
|
heap
|
page read and write
|
||
|
CCF000
|
stack
|
page read and write
|
||
|
410A000
|
heap
|
page read and write
|
||
|
D97000
|
unkown
|
page write copy
|
||
|
986000
|
heap
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
121B000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
D98000
|
unkown
|
page read and write
|
||
|
6EF000
|
stack
|
page read and write
|
||
|
D95000
|
unkown
|
page write copy
|
||
|
D95000
|
unkown
|
page write copy
|
||
|
939000
|
heap
|
page read and write
|
||
|
B27000
|
heap
|
page read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page read and write
|
||
|
D9A000
|
unkown
|
page readonly
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
34CA000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
11EF000
|
heap
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
40CA000
|
heap
|
page read and write
|
||
|
499F000
|
heap
|
page read and write
|
||
|
3FDA000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
4996000
|
heap
|
page read and write
|
||
|
1209000
|
heap
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
499C000
|
heap
|
page read and write
|
||
|
4996000
|
heap
|
page read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
4995000
|
heap
|
page read and write
|
||
|
D95000
|
unkown
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
652000
|
unkown
|
page readonly
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
66A000
|
unkown
|
page readonly
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
668000
|
unkown
|
page read and write
|
There are 336 hidden memdumps, click here to show them.