Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
j7aM8mK3Sy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\DatePicker.xll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\j7aM8mK3Sy.exe
|
"C:\Users\user\Desktop\j7aM8mK3Sy.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.quepublishing.com/articles/article.aspx?p=2067634
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
https://stackoverflow.com/questions/43537990/wpf-clickonce-dpi-awareness-per-monitor-v2--
|
unknown
|
||
|
http://www.codeproject.com/Articles/39204/gTimePicker-Control-to-Pick-a-Time-Value-VB-NET
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://blogs.msdn.com/excel/archive/2007/08/01/sam-radakovitz-on-date-pickers.aspx
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
https://www.boostexcel.com/
|
unknown
|
||
|
http://www.fontstuff.com/excel/exltut02.htm
|
unknown
|
||
|
https://www.codeproject.com/Articles/45684/Culture-Aware-Month-Calendar-and-Datepicker
|
unknown
|
||
|
https://www.BoostExcel.com/contact.html
|
unknown
|
||
|
http://pop-up-excel-calendar.billing-invoice-software-office-kit-com.qarchive.org/
|
unknown
|
||
|
http://www.windowsdevcenter.com/pub/a/windows/2004/04/27/excelhacks.html
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.fontstuff.com/excel/exltut03.htm
|
unknown
|
||
|
https://www.BoostExcel.com/date-picker/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://www.cpearson.com/excel/WeekNumbers.aspx
|
unknown
|
There are 11 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Date Picker for Excel\GlobalOptions
|
XlEXEPath
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F2C000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
D7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D7D0000
|
trusted library allocation
|
page read and write
|
||
|
10142000
|
heap
|
page read and write
|
||
|
10248000
|
heap
|
page read and write
|
||
|
10670000
|
trusted library allocation
|
page read and write
|
||
|
FF32D000
|
trusted library allocation
|
page readonly
|
||
|
106A0000
|
trusted library allocation
|
page read and write
|
||
|
B131000
|
heap
|
page read and write
|
||
|
30F4000
|
trusted library allocation
|
page read and write
|
||
|
106B0000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
B1DD000
|
heap
|
page read and write
|
||
|
D860000
|
trusted library allocation
|
page read and write
|
||
|
FF310000
|
trusted library allocation
|
page readonly
|
||
|
B085000
|
heap
|
page read and write
|
||
|
B0C8000
|
heap
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
B077000
|
heap
|
page read and write
|
||
|
10238000
|
heap
|
page read and write
|
||
|
10550000
|
trusted library allocation
|
page read and write
|
||
|
F09000
|
heap
|
page read and write
|
||
|
31CA000
|
trusted library allocation
|
page read and write
|
||
|
105E000
|
heap
|
page read and write
|
||
|
30C4000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
FF324000
|
trusted library allocation
|
page execute read
|
||
|
EE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F1C000
|
trusted library allocation
|
page read and write
|
||
|
DB7B000
|
heap
|
page read and write
|
||
|
2F2A000
|
trusted library allocation
|
page read and write
|
||
|
5203000
|
heap
|
page execute and read and write
|
||
|
30DE000
|
trusted library allocation
|
page read and write
|
||
|
1010A000
|
heap
|
page read and write
|
||
|
10570000
|
trusted library allocation
|
page read and write
|
||
|
10ACB000
|
heap
|
page read and write
|
||
|
1113000
|
heap
|
page read and write
|
||
|
ECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
FDC000
|
stack
|
page read and write
|
||
|
F0C000
|
heap
|
page read and write
|
||
|
31B8000
|
trusted library allocation
|
page read and write
|
||
|
311A000
|
trusted library allocation
|
page read and write
|
||
|
FF31C000
|
trusted library allocation
|
page readonly
|
||
|
E70000
|
heap
|
page read and write
|
||
|
EE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
31C4000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
FF317000
|
trusted library allocation
|
page execute read
|
||
|
8C7000
|
unkown
|
page readonly
|
||
|
DFD0000
|
heap
|
page read and write
|
||
|
31BE000
|
trusted library allocation
|
page read and write
|
||
|
10AC9000
|
heap
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
1096000
|
heap
|
page read and write
|
||
|
B119000
|
heap
|
page read and write
|
||
|
D83E000
|
stack
|
page read and write
|
||
|
B13B000
|
heap
|
page read and write
|
||
|
B85C000
|
stack
|
page read and write
|
||
|
B170000
|
heap
|
page read and write
|
||
|
100F1000
|
heap
|
page read and write
|
||
|
B160000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
10111000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
B1B4000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
8B8000
|
unkown
|
page readonly
|
||
|
3146000
|
trusted library allocation
|
page read and write
|
||
|
30B2000
|
trusted library allocation
|
page read and write
|
||
|
104C000
|
trusted library allocation
|
page read and write
|
||
|
B1E8000
|
heap
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
AFA0000
|
heap
|
page execute and read and write
|
||
|
FF32A000
|
trusted library allocation
|
page execute read
|
||
|
1085000
|
heap
|
page read and write
|
||
|
B358000
|
stack
|
page read and write
|
||
|
B153000
|
heap
|
page read and write
|
||
|
30BC000
|
trusted library allocation
|
page read and write
|
||
|
10260000
|
heap
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
10060000
|
heap
|
page read and write
|
||
|
ED2000
|
trusted library allocation
|
page read and write
|
||
|
11E6000
|
heap
|
page read and write
|
||
|
11E8000
|
heap
|
page read and write
|
||
|
3100000
|
trusted library allocation
|
page read and write
|
||
|
FF31B000
|
trusted library allocation
|
page execute read
|
||
|
B0A9000
|
heap
|
page read and write
|
||
|
310C000
|
trusted library allocation
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
101F7000
|
heap
|
page read and write
|
||
|
FF314000
|
trusted library allocation
|
page readonly
|
||
|
FF32E000
|
trusted library allocation
|
page execute read
|
||
|
1008C000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page execute and read and write
|
||
|
B1D0000
|
heap
|
page read and write
|
||
|
3CF4000
|
trusted library allocation
|
page read and write
|
||
|
101A7000
|
heap
|
page read and write
|
||
|
10A60000
|
heap
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
FF321000
|
trusted library allocation
|
page readonly
|
||
|
101EA000
|
heap
|
page read and write
|
||
|
B1C9000
|
heap
|
page read and write
|
||
|
1022D000
|
heap
|
page read and write
|
||
|
B177000
|
heap
|
page read and write
|
||
|
10A70000
|
heap
|
page read and write
|
||
|
B129000
|
heap
|
page read and write
|
||
|
FF318000
|
trusted library allocation
|
page readonly
|
||
|
31AA000
|
trusted library allocation
|
page read and write
|
||
|
ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
EBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFB0000
|
trusted library allocation
|
page read and write
|
||
|
10107000
|
heap
|
page read and write
|
||
|
D870000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
FF319000
|
trusted library allocation
|
page execute read
|
||
|
101D2000
|
heap
|
page read and write
|
||
|
FF326000
|
trusted library allocation
|
page execute read
|
||
|
106C0000
|
trusted library allocation
|
page read and write
|
||
|
AE2E000
|
stack
|
page read and write
|
||
|
6B2000
|
unkown
|
page readonly
|
||
|
2F18000
|
trusted library allocation
|
page read and write
|
||
|
1053C000
|
stack
|
page read and write
|
||
|
2F1A000
|
trusted library allocation
|
page read and write
|
||
|
101C9000
|
heap
|
page read and write
|
||
|
3098000
|
trusted library allocation
|
page read and write
|
||
|
B0A7000
|
heap
|
page read and write
|
||
|
10560000
|
trusted library allocation
|
page read and write
|
||
|
115D000
|
heap
|
page read and write
|
||
|
B07D000
|
heap
|
page read and write
|
||
|
EC8000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
FF311000
|
trusted library allocation
|
page execute read
|
||
|
10253000
|
heap
|
page read and write
|
||
|
FF32B000
|
trusted library allocation
|
page readonly
|
||
|
7800000
|
trusted library section
|
page read and write
|
||
|
FF31D000
|
trusted library allocation
|
page execute read
|
||
|
1009F000
|
heap
|
page read and write
|
||
|
B0B3000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page execute and read and write
|
||
|
B060000
|
heap
|
page read and write
|
||
|
1008F000
|
heap
|
page read and write
|
||
|
EB4000
|
trusted library allocation
|
page read and write
|
||
|
100EA000
|
heap
|
page read and write
|
||
|
10234000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
D372000
|
trusted library allocation
|
page read and write
|
||
|
1020B000
|
heap
|
page read and write
|
||
|
FF31F000
|
trusted library allocation
|
page execute read
|
||
|
32CA000
|
trusted library allocation
|
page read and write
|
||
|
FF300000
|
trusted library allocation
|
page readonly
|
||
|
10ACD000
|
heap
|
page read and write
|
||
|
10180000
|
heap
|
page read and write
|
||
|
B073000
|
heap
|
page read and write
|
||
|
B120000
|
heap
|
page read and write
|
||
|
30CE000
|
trusted library allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
FF301000
|
trusted library allocation
|
page execute read
|
||
|
10A67000
|
heap
|
page read and write
|
||
|
101B2000
|
heap
|
page read and write
|
||
|
EEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
B81C000
|
stack
|
page read and write
|
||
|
101F3000
|
heap
|
page read and write
|
||
|
1021B000
|
heap
|
page read and write
|
||
|
D7C0000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
B135000
|
heap
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
10690000
|
trusted library allocation
|
page read and write
|
||
|
77FF000
|
stack
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
B172000
|
heap
|
page read and write
|
||
|
FF322000
|
trusted library allocation
|
page execute read
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
DFCE000
|
heap
|
page read and write
|
||
|
101C0000
|
heap
|
page read and write
|
||
|
1024B000
|
heap
|
page read and write
|
||
|
101AA000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
B0F0000
|
heap
|
page read and write
|
||
|
31A4000
|
trusted library allocation
|
page read and write
|
||
|
1092000
|
heap
|
page read and write
|
||
|
B71B000
|
stack
|
page read and write
|
||
|
DFD5000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
B15A000
|
heap
|
page read and write
|
||
|
3C91000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
heap
|
page execute and read and write
|
||
|
FF320000
|
trusted library allocation
|
page execute read
|
||
|
B19E000
|
heap
|
page read and write
|
||
|
FF325000
|
trusted library allocation
|
page readonly
|
||
|
10246000
|
heap
|
page read and write
|
||
|
1049000
|
trusted library allocation
|
page read and write
|
||
|
FF313000
|
trusted library allocation
|
page execute read
|
||
|
D310000
|
trusted library allocation
|
page read and write
|
||
|
100CD000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
B124000
|
heap
|
page read and write
|
||
|
2DBE000
|
trusted library allocation
|
page read and write
|
||
|
10227000
|
heap
|
page read and write
|
||
|
101E5000
|
heap
|
page read and write
|
||
|
10ABE000
|
heap
|
page read and write
|
||
|
10071000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
FF328000
|
trusted library allocation
|
page execute read
|
||
|
5270000
|
heap
|
page read and write
|
||
|
B143000
|
heap
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
DF7E000
|
heap
|
page read and write
|
||
|
AD2D000
|
stack
|
page read and write
|
||
|
10105000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
B089000
|
heap
|
page read and write
|
||
|
3126000
|
trusted library allocation
|
page read and write
|
||
|
10540000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
1058000
|
heap
|
page read and write
|
||
|
10AA1000
|
heap
|
page read and write
|
||
|
EE2000
|
trusted library allocation
|
page read and write
|
||
|
10980000
|
trusted library allocation
|
page read and write
|
||
|
D7F0000
|
trusted library allocation
|
page read and write
|
||
|
10197000
|
heap
|
page read and write
|
||
|
30E8000
|
trusted library allocation
|
page read and write
|
||
|
101DE000
|
heap
|
page read and write
|
||
|
EB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
10430000
|
trusted library allocation
|
page read and write
|
||
|
32B9000
|
trusted library allocation
|
page read and write
|
||
|
10680000
|
trusted library allocation
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
3CA1000
|
trusted library allocation
|
page read and write
|
||
|
30A6000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
10ACF000
|
heap
|
page read and write
|
||
|
FF31A000
|
trusted library allocation
|
page readonly
|
||
|
B95C000
|
stack
|
page read and write
|
||
|
1221000
|
heap
|
page read and write
|
||
|
10AB1000
|
heap
|
page read and write
|
||
|
FF315000
|
trusted library allocation
|
page execute read
|
||
|
3D32000
|
trusted library allocation
|
page read and write
|
||
|
5274000
|
heap
|
page read and write
|
||
|
FF32C000
|
trusted library allocation
|
page execute read
|
||
|
B108000
|
heap
|
page read and write
|
||
|
968000
|
stack
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
B0AF000
|
heap
|
page read and write
|
There are 245 hidden memdumps, click here to show them.