Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.FileRepMalware.5727.29935.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
|
initial sample
|
||
|
C:\shttps\http.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
 |
|
|
C:\shttps\uninst.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\shttps\desc.htm
|
HTML document, ASCII text
|
dropped
|
||
|
C:\shttps\http.cfg
|
ASCII text
|
dropped
|
||
|
C:\shttps\http.exe.manifest
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\shttps\lang_notes.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\shttps\langpacks\en\shs_lang.cfg
|
ASCII text, with very long lines (311)
|
dropped
|
||
|
C:\shttps\langpacks\ru\shs_lang.cfg
|
Non-ISO extended-ASCII text, with very long lines (311)
|
dropped
|
||
|
C:\shttps\license.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\shttps\vpn_if_client_down.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\shttps\vpn_if_client_up.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\shttps\vpn_if_up.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.5727.29935.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.5727.29935.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.gnu.org/
|
unknown
|
||
|
http://www.delorie.com/djgpp/
|
unknown
|
||
|
https://%.9s:%u%s
|
unknown
|
||
|
https://openvpn.net/
|
unknown
|
||
|
http://smallsrv.com/donation.shtml
|
unknown
|
||
|
http://smallsrv.com/webmail.exe
|
unknown
|
||
|
http://smallsrv.com/news.htm
|
unknown
|
||
|
https://gnutls.org/manual/html_node/Priority-Strings.html
|
unknown
|
||
|
http://127.0.0.1/$_admin_$host
|
unknown
|
||
|
http://127.0.0.1/$_admin_$conf
|
unknown
|
||
|
http://www.php.net
|
unknown
|
||
|
https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html
|
unknown
|
||
|
https://hostname.etc/$_vpn_$/
|
unknown
|
||
|
https://%.9s:%u%s%.16s:%u%sopen
|
unknown
|
||
|
http://127.0.0.1/$_admin_$stat
|
unknown
|
||
|
http://Web.Golux.Com/coar/cgi/
|
unknown
|
||
|
http://other.host
|
unknown
|
||
|
http://smallsrv.com/index.htm#new
|
unknown
|
||
|
http://127.0.0.1/My/index.htm.
|
unknown
|
||
|
http://smallsrv.com/libsec111.zip
|
unknown
|
||
|
https://build.openvpn.net/downloads/releases/
|
unknown
|
||
|
http://smallsrv.com/ipbase.zip
|
unknown
|
||
|
http://www.gnutls.org
|
unknown
|
||
|
http://127.0.0.1/
|
unknown
|
||
|
http://127.0.0.1/$_admin_$state
|
unknown
|
||
|
http://Your_IP_address/IMAGES/bgr.gif.
|
unknown
|
||
|
http://smallsrv.com/index.htm#newhttp://smallsrv.com/news.htmdesc.htmhttp://smallsrv.com/donation.sh
|
unknown
|
||
|
https://fsf.org/
|
unknown
|
||
|
http://127.0.0
|
unknown
|
||
|
http://Your_IP_address_here/test.html
|
unknown
|
||
|
http://smallsrv.com/seclibgnutls.zip
|
unknown
|
||
|
http://smallsrv.com/sendmail.exe
|
unknown
|
||
|
http://www.OpenSSL.org
|
unknown
|
||
|
http://127.0.0.1/My/
|
unknown
|
There are 24 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
48F000
|
unkown
|
page execute and read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
139000
|
heap
|
page read and write
|
||
|
167000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
161000
|
heap
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
183000
|
heap
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
C3F000
|
stack
|
page read and write
|
||
|
DD5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
167000
|
heap
|
page read and write
|
||
|
162000
|
heap
|
page read and write
|
||
|
DD9000
|
heap
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
151000
|
heap
|
page read and write
|
||
|
155000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
14A000
|
heap
|
page read and write
|
||
|
12F000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
69B000
|
stack
|
page read and write
|
||
|
12F000
|
heap
|
page read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
491000
|
unkown
|
page write copy
|
||
|
490000
|
unkown
|
page execute and write copy
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
139000
|
heap
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
28F4000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
45B000
|
unkown
|
page execute and write copy
|
||
|
139000
|
heap
|
page read and write
|
||
|
12F000
|
heap
|
page read and write
|
||
|
491000
|
unkown
|
page read and write
|
||
|
F0000
|
heap
|
page read and write
|
||
|
167000
|
heap
|
page read and write
|
||
|
FA000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
There are 44 hidden memdumps, click here to show them.