Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe

"C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe"

Details

Is windows:	false
Is dropped:	false
PID:	936
Target ID:	0
Parent PID:	4004
Name:	SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe"
Size:	2931336
MD5:	64A34C1DA55F5CA2FE610703986FDED7
Time:	05:33:47
Date:	25/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	2949120
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Potential Persistence Via COM Hijacking From Suspicious Locations	System Summary
PE / OLE file has an invalid certificate	System Summary
PE file contains executable resources (Code or Archives)	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://www.startssl.com/sfsca.crt0

unknown

http://ocsp.startssl.com/sub/class2/code/ca0

unknown

http://aia.startssl.com/certs/sub.class2.code.ca.crt0#

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://www.startssl.com/sfsca.crl0

unknown

http://www.startssl.com/policy.pdf04

unknown

http://blog.aloaha.com

unknown

http://ocsp.thawte.com0

unknown

http://crl.startssl.com/sfsca.crl0

unknown

http://www.startssl.com/policy.pdf0

unknown

http://www.startssl.com/intermediate.pdf0

unknown

http://www.startssl.com/0

unknown

http://crl.startssl.com/crtc2-crl.crl0

unknown

http://www.aloaha.com/wi-software-en/uprade-your-aloaha-pdf-suite.php

unknown

There are 4 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38C0BD58-DB01-4975-AA5D-0C4127BA83C1}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38C0BD58-DB01-4975-AA5D-0C4127BA83C1}\LocalServer32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A731860C-EAEA-48FA-B84D-2E378A156F5B}\3.12

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A731860C-EAEA-48FA-B84D-2E378A156F5B}\3.12\FLAGS

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A731860C-EAEA-48FA-B84D-2E378A156F5B}\3.12\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A731860C-EAEA-48FA-B84D-2E378A156F5B}\3.12\HELPDIR

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38C0BD58-DB01-4975-AA5D-0C4127BA83C1}\ProgID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38C0BD58-DB01-4975-AA5D-0C4127BA83C1}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38C0BD58-DB01-4975-AA5D-0C4127BA83C1}\VERSION

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.Provider

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.Provider\Clsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4513E3E6-DB46-4305-A8B1-1490F28F8707}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4513E3E6-DB46-4305-A8B1-1490F28F8707}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4513E3E6-DB46-4305-A8B1-1490F28F8707}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4513E3E6-DB46-4305-A8B1-1490F28F8707}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B1B8145-5EB1-4DAC-9E1F-3CEE3D7C11B7}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B1B8145-5EB1-4DAC-9E1F-3CEE3D7C11B7}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B1B8145-5EB1-4DAC-9E1F-3CEE3D7C11B7}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B1B8145-5EB1-4DAC-9E1F-3CEE3D7C11B7}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87825E6D-B51E-490A-B46F-AF4372BD86E7}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87825E6D-B51E-490A-B46F-AF4372BD86E7}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87825E6D-B51E-490A-B46F-AF4372BD86E7}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{40C058D1-DF0D-4818-B6F0-F24D28C7D854}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{40C058D1-DF0D-4818-B6F0-F24D28C7D854}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{40C058D1-DF0D-4818-B6F0-F24D28C7D854}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{823004E3-B685-48B5-82B0-D996DFE26A1F}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{823004E3-B685-48B5-82B0-D996DFE26A1F}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{823004E3-B685-48B5-82B0-D996DFE26A1F}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D71A37CC-3516-4DB6-BD92-95C60F76FD8B}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D71A37CC-3516-4DB6-BD92-95C60F76FD8B}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8BD36A7-4851-4FDE-938E-BCE9DBA5DE8F}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8BD36A7-4851-4FDE-938E-BCE9DBA5DE8F}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8BD36A7-4851-4FDE-938E-BCE9DBA5DE8F}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8BD36A7-4851-4FDE-938E-BCE9DBA5DE8F}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C453F5E-CEA9-4FB0-AC7D-2017E291E0CC}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C453F5E-CEA9-4FB0-AC7D-2017E291E0CC}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C453F5E-CEA9-4FB0-AC7D-2017E291E0CC}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFB5547-E3C7-4DCF-85D7-45E0FB522382}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFB5547-E3C7-4DCF-85D7-45E0FB522382}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFB5547-E3C7-4DCF-85D7-45E0FB522382}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65AB8D3F-F3FB-4DA1-9D2E-F654835B7319}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1AAB3153-5D7E-4F8E-8692-F960859719E9}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1AAB3153-5D7E-4F8E-8692-F960859719E9}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1AAB3153-5D7E-4F8E-8692-F960859719E9}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F97D696-50B8-4C8A-96F2-C70259EE98A1}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F97D696-50B8-4C8A-96F2-C70259EE98A1}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A3CEA2D-3391-48EC-ADE3-1604C0170641}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A3CEA2D-3391-48EC-ADE3-1604C0170641}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4FEE1C5A-1726-4063-9EDD-C21B5E3497D0}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4FEE1C5A-1726-4063-9EDD-C21B5E3497D0}\ProgID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4FEE1C5A-1726-4063-9EDD-C21B5E3497D0}\LocalServer32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4FEE1C5A-1726-4063-9EDD-C21B5E3497D0}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4FEE1C5A-1726-4063-9EDD-C21B5E3497D0}\VERSION

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.saverclass

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.saverclass\Clsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A84390-F605-4DB8-8F9F-4772286ECEF8}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A84390-F605-4DB8-8F9F-4772286ECEF8}\ProgID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A84390-F605-4DB8-8F9F-4772286ECEF8}\LocalServer32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A84390-F605-4DB8-8F9F-4772286ECEF8}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A84390-F605-4DB8-8F9F-4772286ECEF8}\VERSION

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.CryptoAPI

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.CryptoAPI\Clsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B69DE96C-5CB4-4414-BEB1-77A3B9E189E9}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B69DE96C-5CB4-4414-BEB1-77A3B9E189E9}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B69DE96C-5CB4-4414-BEB1-77A3B9E189E9}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B69DE96C-5CB4-4414-BEB1-77A3B9E189E9}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F900A07E-D207-4A83-AEE6-EC681B4BAEA0}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F900A07E-D207-4A83-AEE6-EC681B4BAEA0}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F900A07E-D207-4A83-AEE6-EC681B4BAEA0}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F900A07E-D207-4A83-AEE6-EC681B4BAEA0}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0EDC8AD4-932D-40F4-9DD0-AE34BE94CC53}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0EDC8AD4-932D-40F4-9DD0-AE34BE94CC53}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0EDC8AD4-932D-40F4-9DD0-AE34BE94CC53}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0EDC8AD4-932D-40F4-9DD0-AE34BE94CC53}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1ACB6BC2-64E1-441F-B9AB-B040D29ED7D3}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1ACB6BC2-64E1-441F-B9AB-B040D29ED7D3}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1ACB6BC2-64E1-441F-B9AB-B040D29ED7D3}\Forward

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D68516AC-E91F-41E1-ACFE-1D162F4AB14D}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D68516AC-E91F-41E1-ACFE-1D162F4AB14D}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}\ProxyStubClsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39C27122-EFBF-47D6-83E9-5D43A77393F8}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39C27122-EFBF-47D6-83E9-5D43A77393F8}\ProgID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39C27122-EFBF-47D6-83E9-5D43A77393F8}\LocalServer32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39C27122-EFBF-47D6-83E9-5D43A77393F8}\TypeLib

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39C27122-EFBF-47D6-83E9-5D43A77393F8}\VERSION

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.hash

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AloahaCredentials.hash\Clsid

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55258794-0042-4B57-ADD3-80D509F616D0}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FC633FF-E350-44B3-8FC0-822CAF8616D5}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D79DB0DE-AD97-42B6-8792-3ABDA3BB70D6}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{944D8796-987C-45D5-86E2-C2CD0F512EBB}

NULL

There are 113 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

84E000

heap

page read and write

A7E000

stack

page read and write

863000

heap

page read and write

2DB0000

heap

page read and write

7A0000

heap

page read and write

84A000

heap

page read and write

A3F000

stack

page read and write

82E000

stack

page read and write

513000

unkown

page execute read

23F0000

trusted library allocation

page read and write

879000

heap

page read and write

7D0000

trusted library allocation

page execute read

2F90000

heap

page read and write

2BF0000

heap

page read and write

879000

heap

page read and write

401000

unkown

page execute read

85C000

heap

page read and write

879000

heap

page read and write

6B3000

unkown

page read and write

400000

unkown

page readonly

4CF000

unkown

page execute read

840000

heap

page read and write

6BA000

unkown

page readonly

1F0000

heap

page read and write

863000

heap

page read and write

2BE0000

heap

page read and write

2BE7000

heap

page read and write

86A000

heap

page read and write

2350000

heap

page read and write

513000

unkown

page execute read

400000

unkown

page readonly

86D000

heap

page read and write

7E0000

heap

page read and write

19C000

stack

page read and write

9B000

stack

page read and write

6BA000

unkown

page readonly

B7F000

stack

page read and write

4CF000

unkown

page execute read

2370000

heap

page read and write

401000

unkown

page execute read

23E0000

heap

page read and write

There are 31 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe

Processes

URLs

Registry

Memdumps

IOC Report
SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe