Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.W32.FraudLoad.F32_DET.Eldorado.15068.22232.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ca823b93c9345ee13ec5a9915514517e6e239_7522e4b5_e8a78a02-e37a-4086-8c01-d63afe47cecb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F60.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 03:28:02 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50A9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5118.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.FraudLoad.F32_DET.Eldorado.15068.22232.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.FraudLoad.F32_DET.Eldorado.15068.22232.dll",#1
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.FraudLoad.F32_DET.Eldorado.15068.22232.dll",#1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 568
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
||
http://www.flyingpig.com
|
unknown
|
||
http://www.flyingpig.com/support/hog2/downloads/
|
unknown
|
||
http://www.flyingpig.com/support/
|
unknown
|
||
http://www.installshield.com0
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
\REGISTRY\A\{09c7ca7c-a0f0-3634-6f02-8dd1df2e77a9}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3470000
|
heap
|
page read and write
|
||
10F0000
|
heap
|
page read and write
|
||
10008000
|
unkown
|
page write copy
|
||
323C000
|
stack
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
10006000
|
unkown
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
1000B000
|
unkown
|
page readonly
|
||
169F000
|
stack
|
page read and write
|
||
4D7F000
|
stack
|
page read and write
|
||
118E000
|
stack
|
page read and write
|
||
1000B000
|
unkown
|
page readonly
|
||
10000000
|
unkown
|
page readonly
|
||
3260000
|
heap
|
page read and write
|
||
10008000
|
unkown
|
page write copy
|
||
E7C000
|
stack
|
page read and write
|
||
3280000
|
heap
|
page read and write
|
||
F7D000
|
stack
|
page read and write
|
||
4CFF000
|
stack
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
114E000
|
stack
|
page read and write
|
||
10006000
|
unkown
|
page read and write
|
||
14A0000
|
heap
|
page read and write
|
||
4CBE000
|
stack
|
page read and write
|
||
3390000
|
heap
|
page read and write
|
||
4D3E000
|
stack
|
page read and write
|
||
14AB000
|
heap
|
page read and write
|
||
1100000
|
heap
|
page read and write
|
||
34D0000
|
heap
|
page read and write
|
||
328A000
|
heap
|
page read and write
|
||
2FDC000
|
stack
|
page read and write
|
||
179F000
|
stack
|
page read and write
|
||
FE0000
|
heap
|
page read and write
|
||
14AF000
|
heap
|
page read and write
|
There are 24 hidden memdumps, click here to show them.