IOC Report
aMail_Ver1.exe

loading gif

Files

File Path
Type
Category
Malicious
aMail_Ver1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\vstor_redist[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\VSD1758.tmp\VSTOR40\vstor_redist.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
C:\Users\user\AppData\Local\Temp\VSD1758.tmp\aMail_Ver1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\VSD1758.tmp\aMail_Ver1.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\VSD1758.tmp\install.log
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\aMail_Ver1.exe
"C:\Users\user\Desktop\aMail_Ver1.exe"
 malicious

URLs

Name
IP
Malicious
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net0D
unknown
http://ocsp.entrust.net03
unknown
https://secure.comodo.com/CPS0
unknown
https://system.asite.com/aMail_Installer/aMail.vstoullX64Bootstrapper
unknown
http://crl.entrust.net/2048ca.crl0
unknown
https://system.asite.com/aMail_Installer/TruePABegin
unknown
http://crl.comod
unknown
There are 1 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
windowsupdatebg.s.llnwi.net
68.142.107.4

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings

Memdumps

Base Address
Regiontype
Protect
Malicious
210000
unkown
page read and write
82C000
heap
page read and write
2FDC000
stack
page read and write
82E000
heap
page read and write
7DD000
heap
page read and write
2D43000
heap
page read and write
3A5C000
stack
page read and write
2350000
heap
page read and write
368000
unkown
page readonly
1DC000
stack
page read and write
36A0000
heap
page read and write
354F000
stack
page read and write
39CE000
stack
page read and write
331D000
stack
page read and write
335E000
stack
page read and write
300000
unkown
page readonly
3A9E000
stack
page read and write
4F6000
heap
page read and write
3CF0000
heap
page read and write
3911000
heap
page read and write
4200000
heap
page read and write
70A000
heap
page read and write
754000
heap
page read and write
2ED0000
remote allocation
page read and write
3430000
heap
page read and write
38EF000
stack
page read and write
4F0000
heap
page read and write
227A000
heap
page read and write
2D00000
heap
page read and write
2220000
heap
page read and write
2275000
heap
page read and write
3900000
heap
page read and write
82C000
heap
page read and write
82C000
heap
page read and write
6EB000
heap
page read and write
550000
heap
page read and write
2D3E000
heap
page read and write
7EA000
heap
page read and write
2221000
heap
page read and write
3CF0000
heap
page read and write
41FF000
stack
page read and write
362000
unkown
page write copy
70F000
heap
page read and write
2354000
heap
page read and write
2D2E000
heap
page read and write
6E0000
heap
page read and write
368000
unkown
page readonly
3C9F000
stack
page read and write
406F000
stack
page read and write
2372000
heap
page read and write
43F0000
heap
page read and write
6E8000
heap
page read and write
3F4D000
stack
page read and write
3CEE000
stack
page read and write
362000
unkown
page read and write
37DB000
stack
page read and write
2EBC000
stack
page read and write
365000
unkown
page readonly
5790000
heap
page read and write
730000
heap
page read and write
2E5E000
stack
page read and write
301000
unkown
page execute read
1DA000
stack
page read and write
365000
unkown
page readonly
7DD000
heap
page read and write
310D000
stack
page read and write
301000
unkown
page execute read
321D000
stack
page read and write
6E4000
heap
page read and write
300000
unkown
page readonly
33BC000
stack
page read and write
367000
unkown
page read and write
70D000
heap
page read and write
259000
stack
page read and write
3B9F000
stack
page read and write
7EA000
heap
page read and write
7F3000
heap
page read and write
2220000
trusted library allocation
page read and write
10000
heap
page read and write
309C000
stack
page read and write
2ED0000
remote allocation
page read and write
7E1000
heap
page read and write
366F000
stack
page read and write
301E000
stack
page read and write
77E000
heap
page read and write
2D1D000
heap
page read and write
3A0D000
stack
page read and write
737000
heap
page read and write
3950000
heap
page read and write
There are 79 hidden memdumps, click here to show them.