Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.1093.28848.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.1093.28848.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.startssl.com/policy.pdf0
|
unknown
|
||
|
http://www.startssl.com/sfsca.crt0
|
unknown
|
||
|
http://ocsp.startssl.com/sub/class2/code/ca0
|
unknown
|
||
|
http://www.startssl.com/intermediate.pdf0
|
unknown
|
||
|
http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
|
unknown
|
||
|
http://www.startssl.com/0
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.startssl.com/sfsca.crl0
|
unknown
|
||
|
http://crl.startssl.com/crtc2-crl.crl0
|
unknown
|
||
|
http://www.startssl.com/policy.pdf04
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://crl.startssl.com/sfsca.crl0
|
unknown
|
There are 2 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC2B860C-CA40-4AF1-83E3-D4FAA197DA0E}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC2B860C-CA40-4AF1-83E3-D4FAA197DA0E}\LocalServer32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{242D7A7C-A4A1-4663-8DC0-55ACD2CE2E88}\2.2
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{242D7A7C-A4A1-4663-8DC0-55ACD2CE2E88}\2.2\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{242D7A7C-A4A1-4663-8DC0-55ACD2CE2E88}\2.2\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{242D7A7C-A4A1-4663-8DC0-55ACD2CE2E88}\2.2\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC2B860C-CA40-4AF1-83E3-D4FAA197DA0E}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC2B860C-CA40-4AF1-83E3-D4FAA197DA0E}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC2B860C-CA40-4AF1-83E3-D4FAA197DA0E}\VERSION
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaHTMLFormSaver.CryptoAPI
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaHTMLFormSaver.CryptoAPI\Clsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}\ProxyStubClsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCD103DE-03AD-4932-9DAE-0D529E3CE07F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCD103DE-03AD-4932-9DAE-0D529E3CE07F}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCD103DE-03AD-4932-9DAE-0D529E3CE07F}\LocalServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCD103DE-03AD-4932-9DAE-0D529E3CE07F}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCD103DE-03AD-4932-9DAE-0D529E3CE07F}\VERSION
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaHTMLFormSaver.hash
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaHTMLFormSaver.hash\Clsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}\ProxyStubClsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB63ED93-AD1B-48D8-A681-89F5447A5CF0}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB63ED93-AD1B-48D8-A681-89F5447A5CF0}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB63ED93-AD1B-48D8-A681-89F5447A5CF0}\LocalServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB63ED93-AD1B-48D8-A681-89F5447A5CF0}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB63ED93-AD1B-48D8-A681-89F5447A5CF0}\VERSION
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaHTMLFormSaver.saverclass
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaHTMLFormSaver.saverclass\Clsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{775CB4D8-5051-4508-B6E0-FEA6CF8157C7}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{775CB4D8-5051-4508-B6E0-FEA6CF8157C7}\ProxyStubClsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{775CB4D8-5051-4508-B6E0-FEA6CF8157C7}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{775CB4D8-5051-4508-B6E0-FEA6CF8157C7}\Forward
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72898D9B-7AB6-4465-B075-85C32300AFFD}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72898D9B-7AB6-4465-B075-85C32300AFFD}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72898D9B-7AB6-4465-B075-85C32300AFFD}\Forward
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}\ProxyStubClsid
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC3ECFB7-7DEE-46DD-A694-2E77044A2A5F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BB646FC-F47B-4AAD-A77B-09DBB4628C0D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29840D75-252C-44C2-9CBE-53F6C3765B9E}
|
NULL
|
There are 52 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4A7000
|
unkown
|
page execute read
|
||
|
7E3000
|
heap
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
4A7000
|
unkown
|
page execute read
|
||
|
2400000
|
heap
|
page read and write
|
||
|
7EC000
|
heap
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
ABF000
|
stack
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
2410000
|
trusted library allocation
|
page read and write
|
||
|
5E8000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
76E000
|
stack
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page execute read
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
5E2000
|
unkown
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
5E8000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
4EB000
|
unkown
|
page execute read
|
||
|
7E3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
4EB000
|
unkown
|
page execute read
|
||
|
2290000
|
heap
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
2347000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
There are 30 hidden memdumps, click here to show them.