Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan-Dropper.17837.23667.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\~DFF081A0D5B7062551.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.lightkid.de/updater/Index.mht
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/LIBRARY/FUNCTION.TXT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/INPUT.DATTitlebody
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/BEAM.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/config.ini
|
unknown
|
||
|
http://dhld.dyndns.org/libgen/forum
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/EFFECTS.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/LIBRARY/oldFunc.res
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/DESKTOP.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/REPORTS.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/Function.dat
|
unknown
|
||
|
http://www.lightkid.de/updater/LibGen.exe
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/LIBRARY/_lib.lib
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/GROUP.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/OPTIONS.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/INPUT.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/LIBRARY/tokens.res
|
unknown
|
||
|
http://www.lightkid.de/updater/vbzip11.dll
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/LIBRARY/tokens.res$TemplateShow
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/RTTABLE.DAT(TemplateShow
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/COLOUR.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/PAGE.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/FIXTURE.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/LIBRARY/_userlib.dat
|
unknown
|
||
|
http://www.lightkid.de/updater/Readme.txt
|
unknown
|
||
|
http://www.lightkid.de/updater/Converter.exe
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/_ZCAT.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/POSITION.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/PATCH.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/fixtures.dat
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/RTTABLE.DAT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/MIDIMAP.TXT
|
unknown
|
||
|
http://www.lightkid.de/updater/TemplateShow/SETUP/MOREOPTS.TXT
|
unknown
|
There are 24 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
412000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
378E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
634000
|
heap
|
page read and write
|
||
|
388F000
|
stack
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
414000
|
unkown
|
page readonly
|
||
|
2180000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1FD4000
|
heap
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
450000
|
trusted library allocation
|
page execute read
|
||
|
334F000
|
stack
|
page read and write
|
||
|
2190000
|
trusted library allocation
|
page read and write
|
||
|
1F7E000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
35DC000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
371F000
|
stack
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
414000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20DF000
|
stack
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
1F3F000
|
stack
|
page read and write
|
||
|
348F000
|
stack
|
page read and write
|
||
|
30CF000
|
stack
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
5D1000
|
heap
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
1F99000
|
heap
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
5BD000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5D1000
|
heap
|
page read and write
|
There are 53 hidden memdumps, click here to show them.