Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack |
Malware Configuration Extractor: FormBook {"C2 list": ["www.rizrvd.com/bw82/"], "decoy": ["fundamentaliemef.com", "gallerybrows.com", "leadeligey.com", "octoberx2.online", "climaxnovels.com", "gdsjgf.com", "curateherstories.com", "blacksailus.com", "yjpps.com", "gmobilet.com", "fcoins.club", "foreverlive2027.com", "healthyfifties.com", "wmarquezy.com", "housebulb.com", "thebabyfriendly.com", "primajayaintiperkasa.com", "learnplaychess.com", "chrisbubser.digital", "xn--avenr-wsa.com", "exlineinsurance.com", "thrivezi.com", "tuvandadayvitos24h.online", "illfingers.com", "usmedicarenow.com", "pandabutik.com", "engageautism.info", "magnabeautystyle.com", "texasdryroof.com", "woodlandpizzahartford.com", "dameadamea.com", "sedaskincare.com", "ruaysatu99.com", "mybestaide.com", "nikolaichan.com", "mrcabinetkitchenandbath.com", "ondemandbarbering.com", "activagebenefits.net", "srcsvcs.com", "cbrealvitalize.com", "ismaelworks.com", "medkomp.online", "ninasangtani.com", "h2oturkiye.com", "kolamart.com", "acdfr.com", "twistedtailgatesweeps1.com", "ramjamdee.com", "thedancehalo.com", "joeisono.com", "glasshouseroadtrip.com", "okcpp.com", "riggsfarmfenceservices.com", "mgg360.com", "xn--oi2b190cymc.com", "ctfocbdwholesale.com", "openspiers.com", "rumblingrambles.com", "thepoetrictedstudio.com", "magiclabs.media", "wellnesssensation.com", "lakegastonautoparts.com", "dealsonwheeeles.com", "semenboostplus.com"]} |
Source: Yara match |
File source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then jmp 05840BBEh |
0_2_05840040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h |
0_2_058422A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then jmp 05840BBEh |
0_2_05840CC7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then jmp 05840BBEh |
0_2_05840119 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then jmp 05840BBEh |
0_2_05840007 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then jmp 05840BBEh |
0_2_05840B81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h |
0_2_05842290 |
Source: Yara match |
File source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_004181B0 NtCreateFile, |
2_2_004181B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00418260 NtReadFile, |
2_2_00418260 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_004182E0 NtClose, |
2_2_004182E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00418390 NtAllocateVirtualMemory, |
2_2_00418390 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_004181AA NtCreateFile, |
2_2_004181AA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0041825C NtReadFile, |
2_2_0041825C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_004182DA NtClose, |
2_2_004182DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9860 NtQuerySystemInformation,LdrInitializeThunk, |
2_2_013D9860 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
2_2_013D9660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
2_2_013D96E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9910 NtAdjustPrivilegesToken, |
2_2_013D9910 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9950 NtQueueApcThread, |
2_2_013D9950 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D99A0 NtCreateSection, |
2_2_013D99A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D99D0 NtCreateProcessEx, |
2_2_013D99D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9820 NtEnumerateKey, |
2_2_013D9820 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013DB040 NtSuspendThread, |
2_2_013DB040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9840 NtDelayExecution, |
2_2_013D9840 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D98A0 NtWriteVirtualMemory, |
2_2_013D98A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D98F0 NtReadVirtualMemory, |
2_2_013D98F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9B00 NtSetValueKey, |
2_2_013D9B00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013DA3B0 NtGetContextThread, |
2_2_013DA3B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9A20 NtResumeThread, |
2_2_013D9A20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9A10 NtQuerySection, |
2_2_013D9A10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9A00 NtProtectVirtualMemory, |
2_2_013D9A00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9A50 NtCreateFile, |
2_2_013D9A50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9A80 NtOpenDirectoryObject, |
2_2_013D9A80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013DAD30 NtSetContextThread, |
2_2_013DAD30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9520 NtWaitForSingleObject, |
2_2_013D9520 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9560 NtWriteFile, |
2_2_013D9560 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9540 NtReadFile, |
2_2_013D9540 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D95F0 NtQueryInformationFile, |
2_2_013D95F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D95D0 NtClose, |
2_2_013D95D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9730 NtQueryVirtualMemory, |
2_2_013D9730 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9710 NtQueryInformationToken, |
2_2_013D9710 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013DA710 NtOpenProcessToken, |
2_2_013DA710 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013DA770 NtOpenThread, |
2_2_013DA770 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9770 NtSetInformationFile, |
2_2_013D9770 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9760 NtOpenProcess, |
2_2_013D9760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D97A0 NtUnmapViewOfSection, |
2_2_013D97A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9780 NtMapViewOfSection, |
2_2_013D9780 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9FE0 NtCreateMutant, |
2_2_013D9FE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9610 NtEnumerateValueKey, |
2_2_013D9610 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9670 NtQueryInformationProcess, |
2_2_013D9670 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D9650 NtQueryValueKey, |
2_2_013D9650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013D96D0 NtCreateKey, |
2_2_013D96D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_02649608 |
0_2_02649608 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_0264C52D |
0_2_0264C52D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_0264AB34 |
0_2_0264AB34 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_05842C60 |
0_2_05842C60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_05840F70 |
0_2_05840F70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_05840040 |
0_2_05840040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 0_2_05840007 |
0_2_05840007 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0040102F |
2_2_0040102F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00401030 |
2_2_00401030 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00408C4C |
2_2_00408C4C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00408C50 |
2_2_00408C50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0041B493 |
2_2_0041B493 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0041CD28 |
2_2_0041CD28 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00402D87 |
2_2_00402D87 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00402D90 |
2_2_00402D90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0041CE77 |
2_2_0041CE77 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_00402FB0 |
2_2_00402FB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013B4120 |
2_2_013B4120 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0139F900 |
2_2_0139F900 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013B99BF |
2_2_013B99BF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013BA830 |
2_2_013BA830 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01396800 |
2_2_01396800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01451002 |
2_2_01451002 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0146E824 |
2_2_0146E824 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013C20A0 |
2_2_013C20A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013AB090 |
2_2_013AB090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014628EC |
2_2_014628EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014620A8 |
2_2_014620A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0143CB4F |
2_2_0143CB4F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013BA309 |
2_2_013BA309 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013B3360 |
2_2_013B3360 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0145231B |
2_2_0145231B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01462B28 |
2_2_01462B28 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013BAB40 |
2_2_013BAB40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013CEBB0 |
2_2_013CEBB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0145DBD2 |
2_2_0145DBD2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014503DA |
2_2_014503DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013BEB9A |
2_2_013BEB9A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014423E3 |
2_2_014423E3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013C138B |
2_2_013C138B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0143EB8A |
2_2_0143EB8A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013E8BE8 |
2_2_013E8BE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013CABD8 |
2_2_013CABD8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013BB236 |
2_2_013BB236 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0144FA2B |
2_2_0144FA2B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0145E2C5 |
2_2_0145E2C5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01454AEF |
2_2_01454AEF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014622AE |
2_2_014622AE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014632A9 |
2_2_014632A9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01461D55 |
2_2_01461D55 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01390D20 |
2_2_01390D20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01462D07 |
2_2_01462D07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013B2D50 |
2_2_013B2D50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014625DD |
2_2_014625DD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013C65A0 |
2_2_013C65A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013C2581 |
2_2_013C2581 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01452D82 |
2_2_01452D82 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013AD5E0 |
2_2_013AD5E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0145D466 |
2_2_0145D466 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013A841F |
2_2_013A841F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013BB477 |
2_2_013BB477 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01454496 |
2_2_01454496 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0146DFCE |
2_2_0146DFCE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_014567E2 |
2_2_014567E2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01461FF1 |
2_2_01461FF1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013B6E30 |
2_2_013B6E30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_013B5600 |
2_2_013B5600 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_0145D616 |
2_2_0145D616 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01462EF7 |
2_2_01462EF7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Code function: 2_2_01441EB6 |
2_2_01441EB6 |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameAsyncState.dllF vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.226319020.00000000057E0000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameLegacyPathHandling.dllN vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000000.217210974.000000000032E000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224992684.000000000161F000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224222430.000000000086E000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Binary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |