Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.TScope.Trojan.Delf.21240.32647.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\Config\coldef.ini
|
ISO-8859 text, with very long lines (578), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Config\coldef2.ini
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Config\coldef3.ini
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\DelZip190.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\ServerVersionInfo.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Update\ErrorLog.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Update\coldef.ini
|
ISO-8859 text, with very long lines (578), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Update\coldef.ini.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\Update\coldef2.ini
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Update\coldef2.ini.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\Update\coldef3.ini
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Update\coldef3.ini.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\Update\krenmain.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
||
|
C:\Users\user\Desktop\Update\krenmain.exe.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\Update\openfaxCLIB.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\Update\openfaxCLIB.dll.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\Version.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\krenmain.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
||
|
C:\Users\user\Desktop\openfaxCLIB.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.TScope.Trojan.Delf.21240.32647.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.TScope.Trojan.Delf.21240.32647.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://file.kren.co.kr/NewDown/Ziped/Config/coldef.ini.zip
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/Ziped/Config/coldef3.ini.zip
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/Ziped/KTPSock.dll.zip
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/Config/coldef.ini
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/Ziped/openfaxCLIB.dll.zip
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/Config/coldef3.ini
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/krenmain.exe
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/Config/coldef2.ini
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/KTPSock.dll
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/Ziped/krenmain.exe.zip
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/Ziped/Config/coldef2.ini.zip
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/DelZip190.dll
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/VersionInfo.Ini
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/openfaxCLIB.dll
|
210.181.31.83
|
|
|
|
http://file.kren.co.kr/NewDown/UnZiped/
|
unknown
|
||
|
http://dev.fone.olleh.com
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/DelZip190.dllU
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/Ziped/Config/
|
unknown
|
||
|
http://www.indyproject.org/
|
unknown
|
||
|
http://crl.thawte.com/ThawteCodeSigningCA.crl0
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/UnZiped/openfaxCLIB.dllni_?_???_???_????.
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/UnZiped/Config/coldef3.ini)
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/UnZiped/Config/
|
unknown
|
||
|
http://crl.thawte.com/ThawtePremiumServerCA.crl0
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/Ziped/
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/Ziped/KTPSock.dll.zipl
|
unknown
|
||
|
http://file.kren.co.kr/NewDown/Ziped/openfaxCLIB.dll.zipp
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
file.kren.co.kr
|
210.181.31.83
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
210.181.31.83
|
file.kren.co.kr
|
Korea Republic of
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
28B1000
|
heap
|
page read and write
|
||
|
5EB000
|
unkown
|
page write copy
|
||
|
620000
|
heap
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
22A3000
|
direct allocation
|
page read and write
|
||
|
5C5000
|
unkown
|
page execute and read and write
|
||
|
474A000
|
direct allocation
|
page read and write
|
||
|
236D000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
66B000
|
heap
|
page read and write
|
||
|
46E0000
|
direct allocation
|
page read and write
|
||
|
232C000
|
direct allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
28B1000
|
heap
|
page read and write
|
||
|
960000
|
direct allocation
|
page read and write
|
||
|
46F0000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
474A000
|
direct allocation
|
page read and write
|
||
|
2398000
|
direct allocation
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
2316000
|
direct allocation
|
page read and write
|
||
|
7FDE0000
|
direct allocation
|
page read and write
|
||
|
53F000
|
unkown
|
page execute and write copy
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
994000
|
direct allocation
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
98D000
|
direct allocation
|
page read and write
|
||
|
7E5E0000
|
direct allocation
|
page read and write
|
||
|
4751000
|
direct allocation
|
page read and write
|
||
|
2334000
|
direct allocation
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
473A000
|
direct allocation
|
page read and write
|
||
|
237C000
|
direct allocation
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
2301000
|
direct allocation
|
page read and write
|
||
|
2291000
|
direct allocation
|
page read and write
|
||
|
9B1000
|
direct allocation
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
2308000
|
direct allocation
|
page read and write
|
||
|
940000
|
direct allocation
|
page read and write
|
||
|
47C1000
|
direct allocation
|
page read and write
|
||
|
231D000
|
direct allocation
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
2520000
|
trusted library section
|
page read and write
|
||
|
9AA000
|
direct allocation
|
page read and write
|
||
|
68F000
|
heap
|
page read and write
|
||
|
4733000
|
direct allocation
|
page read and write
|
||
|
4751000
|
direct allocation
|
page read and write
|
||
|
938000
|
direct allocation
|
page read and write
|
||
|
5D4000
|
unkown
|
page execute and read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
47A4000
|
direct allocation
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
472D000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
479D000
|
direct allocation
|
page read and write
|
||
|
2342000
|
direct allocation
|
page read and write
|
||
|
46F0000
|
direct allocation
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
2B11000
|
heap
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
2260000
|
direct allocation
|
page read and write
|
||
|
5EE000
|
unkown
|
page read and write
|
||
|
2366000
|
direct allocation
|
page read and write
|
||
|
47D0000
|
direct allocation
|
page read and write
|
||
|
2358000
|
direct allocation
|
page read and write
|
||
|
9C8000
|
direct allocation
|
page read and write
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
22E8000
|
direct allocation
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
2374000
|
direct allocation
|
page read and write
|
||
|
4770000
|
direct allocation
|
page read and write
|
||
|
230F000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
46CC000
|
direct allocation
|
page read and write
|
||
|
46D1000
|
direct allocation
|
page read and write
|
||
|
2553000
|
heap
|
page read and write
|
||
|
24B0000
|
direct allocation
|
page execute and read and write
|
||
|
472D000
|
direct allocation
|
page read and write
|
||
|
2349000
|
direct allocation
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
46D3000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
28B3000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
46D1000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
931000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4758000
|
direct allocation
|
page read and write
|
||
|
22F4000
|
direct allocation
|
page read and write
|
||
|
472D000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
46D8000
|
direct allocation
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
2501000
|
trusted library allocation
|
page read and write
|
||
|
4751000
|
direct allocation
|
page read and write
|
||
|
235F000
|
direct allocation
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
47C8000
|
direct allocation
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
9B8000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4734000
|
direct allocation
|
page read and write
|
||
|
46C4000
|
direct allocation
|
page read and write
|
||
|
22C9000
|
direct allocation
|
page read and write
|
||
|
22EC000
|
direct allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
2391000
|
direct allocation
|
page read and write
|
||
|
64B000
|
heap
|
page read and write
|
||
|
46E0000
|
direct allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
233B000
|
direct allocation
|
page read and write
|
||
|
46D8000
|
direct allocation
|
page read and write
|
||
|
950000
|
direct allocation
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
5A1000
|
unkown
|
page execute and read and write
|
||
|
474A000
|
direct allocation
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
direct allocation
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4734000
|
direct allocation
|
page read and write
|
||
|
4748000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
22BB000
|
direct allocation
|
page read and write
|
||
|
672000
|
heap
|
page read and write
|
||
|
7F070000
|
direct allocation
|
page read and write
|
||
|
4743000
|
direct allocation
|
page read and write
|
||
|
5C8000
|
unkown
|
page execute and read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
422F000
|
stack
|
page read and write
|
||
|
46F0000
|
direct allocation
|
page read and write
|
||
|
47BA000
|
direct allocation
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
2383000
|
direct allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
2325000
|
direct allocation
|
page read and write
|
||
|
7E670000
|
direct allocation
|
page read and write
|
||
|
238A000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
653000
|
heap
|
page read and write
|
||
|
28B5000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4741000
|
direct allocation
|
page read and write
|
||
|
657000
|
heap
|
page read and write
|
||
|
4750000
|
direct allocation
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
59B000
|
unkown
|
page execute and read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
46E0000
|
direct allocation
|
page read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
There are 199 hidden memdumps, click here to show them.