Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: unknown |
DNS traffic detected: query: hotnews.dftoutiao.com replaycode: Name error (3) |
Source: unknown |
DNS traffic detected: query: report.thorzip.muxin.fun replaycode: Name error (3) |
Source: unknown |
DNS traffic detected: query: files.news.baidu.com replaycode: Name error (3) |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://api.map.baidu.com/telematics/v3/weather?location=%s&output=json&ak=spmMww7Eoqcmf3FXbnLyDUwL |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://api.map.baidu.com/telematics/v3/weather?location=%s&output=json&ak=spmMww7Eoqcmf3FXbnLyDUwLU |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://bsalsa.com/ |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://files.news.baidu.com/mini_new3/jjj/MiniLogo.PNG |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000672000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://hotnews.dftoutiao.com/ |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=%s&platform=pc&newstype=%s |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.0000000002389000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=kuaiyatitle&platform=pc&newstype=now |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://iplocation.7654.com/v1 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://news.7654.com/mini_new3/jsb/ |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://news.baidu.com/mini_new3/jjj/ |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://pv.sohu.com/cityjson?ie=utf-8 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://report.thorzip.muxin.fun/ |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://report.thorzip.muxin.fun/crosoft |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.000000000065B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://report.thorzip.muxin.fun/eH |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000686000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.0000000002398000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://report.thorzip.muxin.fun/lszip/bubble_info?code=jWLGHnD6CYifDIjqc6sGs/Bbp6bCfV8bglNO |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.0000000002398000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://report.thorzip.muxin.fun/lszip/bubble_info?code=jwlghnd6cyifdijqc6sgs/bbp6bcfv8bglno |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://report.thorzip.muxin.fun/tart |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://s2.symcb.com0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://ssp.7654.com/ct/m?mixData= |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://ssp.7654.com/ct?mixData= |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.00000000023D8000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ssp.7654.com/ct?mixData=les |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://sv.symcd.com0& |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://weather.shzhanmeng.com/api/weather/%s |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://weather.shzhanmeng.com/api/weather/%sU |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: Yara match |
File source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000003.1233899209.000000007FD40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe PID: 3044, type: MEMORYSTR |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: Yara match |
File source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1201641660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1233899209.000000007FD40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.000000000236E000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: ]C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2ad8eCDPUserSvc_2ad8ec_2ad8eClipboard User Service_2ad8eService_2ad8ecbdhsvc_2ad8e_2ad8eWindows Push Notifications System Servicetions System ServiceWpnServicevicePortable Device Enumerator Serviceumerator ServiceWPDBusEnumEnumWindows Overlay File System Filter DriverSystem Filter DriverWoffWindows Management Instrumentation InstrumentationWinmgmtgmtWinHTTP Web Proxy Auto-Discovery Serviceo-Discovery ServiceWinHttpAutoProxySvcoProxySvcMicrosoft Windows Trusted Runtime Secure Service Runtime Secure ServiceWindowsTrustedRTProxytedRTProxyWindows Trusted Execution Environment Class Extensionnvironment Class ExtensionWindowsTrustedRTustedRTs serviceWdf01000000Windows Connection Managertion ManagerWcmsvcvcWindows Container Isolationner IsolationwcifsfsRemote Access IP ARP DriverIP ARP DriverwanarprpVirtual WiFi Filter Driverilter DrivervwififltfltVolume driverdrivervolumemeVolume Shadow Copy driver Copy drivervolsnapnapDynamic Volume Managerme ManagervolmgrxgrxVolume Manager Driverger DrivervolmgrgrVMware VMCI Bus DriverBus DrivervmciiViddViddMicrosoft Virtual Drive EnumeratorDrive EnumeratorvdrvrootootUser ManagernagerUserManagernagerUSB xHCI Compliant Host Controller Host ControllerUSBXHCIHCIUSB Mass Storage Driverrage DriverUSBSTORTORSuperSpeed Hubed HubUSBHUB3UB3Microsoft USB Standard Hub Driverndard Hub DriverusbhububMicrosoft USB 2.0 Enhanced Host Controller Miniport Drivert Controller Miniport DriverusbehcihciMicrosoft USB Generic Parent Driverric Parent DriverusbccgpcgpUSB Role-Switch Support LibrarySupport LibraryUrsCx010001000Chipidea USB Role-Swit3. |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Binary or memory string: vmware |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.000000000236E000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.000000000236E000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: VMware VMCI Bus Driver |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WcmsvcvcWindows Container Isolationner IsolationwcifsfsRemote Access IP ARP DriverIP ARP DriverwanarprpVirtual WiFi Filter Driverilter DrivervwififltfltVolume driverdrivervolumemeVolume Shadow Copy driver Copy drivervolsnapnapDynamic Volume Managerme ManagervolmgrxgrxVolume Manager Driverger DrivervolmgrgrVMware VMCI Bus DriverBus DrivervmciiViddViddMicrosoft Virtual Drive EnumeratorDrive EnumeratorvdrvrootootUser ManagernagerUserManagernagerUSB xHCI Compliant Host Controller Host ControllerUSBXHCIHCIUSB Mass Storage Driverrage DriverUSBSTORTORSuperSpeed Hubed HubUSBHUB3UB3Microsoft USB Standard Hub Driverndard Hub DriverusbhububMicrosoft USB 2.0 Enhanced Host Controller Miniport Drivert Controller Miniport DriverusbehcihciMicrosoft USB Generic Parent Driverric Parent DriverusbccgpcgpUSB Role-Switch Support LibrarySupport LibraryUrsCx010001000Chipidea USB Role-Switch Drivere-Switch DriverUrsChipideapideaUMBus Enumerator Driverator DriverumbususudfssudfssUSB Host Support Libraryort LibraryUcx01000000USB Attached SCSI (UAS) DriverI (UAS) DriverUASPStortorDistributed Link Tracking ClientTracking ClientTrkWksksWeb Account Managert ManagerTokenBrokerrokerTime BrokerrokerTimeBrokerSvckerSvcThemesesThemesesIntel(R) Telemetry Serviceetry ServiceTelemetryetryNetIO Legacy TDI Support Driver Support DrivertdxxTCP/IP Registry Compatibility Compatibilitytcpipregreg |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Binary or memory string: Shell_TrayWnd |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Binary or memory string: ProgMan |
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Binary or memory string: Shell_TrayWndProgManU |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |