IOC Report
1lAxaLKP7E.exe

loading gif

Files

File Path
Type
Category
Malicious
1lAxaLKP7E.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\Desktop\._cache_svchost.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\Synaptics\Synaptics.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Melber
data
dropped
C:\Users\user\AppData\Local\Temp\aut6951.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\aut6A3C.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\selectee
ASCII text, with very long lines (65536), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\1lAxaLKP7E.exe
"C:\Users\user\Desktop\1lAxaLKP7E.exe"
malicious
C:\Windows\SysWOW64\svchost.exe
"C:\Users\user\Desktop\1lAxaLKP7E.exe"
malicious
C:\Users\user\Desktop\._cache_svchost.exe
"C:\Users\user\Desktop\._cache_svchost.exe"
malicious
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe"

URLs

Name
IP
Malicious
http://xred.site50.net/syn/SSLLibrary.dll
unknown
malicious
http://xred.site50.net/syn/SSLLibrary.dl
unknown
http://xred.site50.net/syn/Synaptics.rar
unknown
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
unknown
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
unknown
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
unknown
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=T
unknown
http://xred.site50.net/syn/SUpdate.iniH)
unknown
http://xred.site50.net/syn/SUpdate.ini
unknown
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
unknown
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
unknown
There are 1 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Synaptics Pointing Device Driver

Memdumps

Base Address
Regiontype
Protect
Malicious
3640000
direct allocation
page read and write
malicious
631000
unkown
page execute and read and write
malicious
400000
system
page execute and read and write
malicious
E20000
direct allocation
page read and write
malicious
DE2000
heap
page read and write
E0B000
heap
page read and write
DE2000
heap
page read and write
DE2000
heap
page read and write
30A3000
heap
page read and write
E0B000
heap
page read and write
E0B000
heap
page read and write
EFA000
heap
page read and write
E0B000
heap
page read and write
7B000
unkown
page readonly
71000
unkown
page execute read
DE2000
heap
page read and write
660000
heap
page read and write
7B000
unkown
page readonly
DF7000
heap
page read and write
2E2C000
heap
page read and write
E0B000
heap
page read and write
E0B000
heap
page read and write
DE2000
heap
page read and write
E0B000
heap
page read and write
DF8000
heap
page read and write
E37000
heap
page read and write
2C70000
heap
page read and write
DE2000
heap
page read and write
E37000
heap
page read and write
DE2000
heap
page read and write
E37000
heap
page read and write
E0B000
heap
page read and write
DE2000
heap
page read and write
3873000
direct allocation
page read and write
E0B000
heap
page read and write
E0B000
heap
page read and write
E37000
heap
page read and write
DE2000
heap
page read and write
DE2000
heap
page read and write
2E2C000
heap
page read and write
DE2000
heap
page read and write
E37000
heap
page read and write
2E2C000
heap
page read and write
70000
unkown
page readonly
E37000
heap
page read and write
DF7000
heap
page read and write
671000
unkown
page execute read
DE2000
heap
page read and write
71000
unkown
page execute read
DE2000
heap
page read and write
72BE000
stack
page read and write
EE0000
heap
page read and write
DF7000
heap
page read and write
F36000
heap
page read and write