{"C2 list": ["www.rizrvd.com/bw82/"], "decoy": ["fundamentaliemef.com", "gallerybrows.com", "leadeligey.com", "octoberx2.online", "climaxnovels.com", "gdsjgf.com", "curateherstories.com", "blacksailus.com", "yjpps.com", "gmobilet.com", "fcoins.club", "foreverlive2027.com", "healthyfifties.com", "wmarquezy.com", "housebulb.com", "thebabyfriendly.com", "primajayaintiperkasa.com", "learnplaychess.com", "chrisbubser.digital", "xn--avenr-wsa.com", "exlineinsurance.com", "thrivezi.com", "tuvandadayvitos24h.online", "illfingers.com", "usmedicarenow.com", "pandabutik.com", "engageautism.info", "magnabeautystyle.com", "texasdryroof.com", "woodlandpizzahartford.com", "dameadamea.com", "sedaskincare.com", "ruaysatu99.com", "mybestaide.com", "nikolaichan.com", "mrcabinetkitchenandbath.com", "ondemandbarbering.com", "activagebenefits.net", "srcsvcs.com", "cbrealvitalize.com", "ismaelworks.com", "medkomp.online", "ninasangtani.com", "h2oturkiye.com", "kolamart.com", "acdfr.com", "twistedtailgatesweeps1.com", "ramjamdee.com", "thedancehalo.com", "joeisono.com", "glasshouseroadtrip.com", "okcpp.com", "riggsfarmfenceservices.com", "mgg360.com", "xn--oi2b190cymc.com", "ctfocbdwholesale.com", "openspiers.com", "rumblingrambles.com", "thepoetrictedstudio.com", "magiclabs.media", "wellnesssensation.com", "lakegastonautoparts.com", "dealsonwheeeles.com", "semenboostplus.com"]}
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack | Malware Configuration Extractor: FormBook {"C2 list": ["www.rizrvd.com/bw82/"], "decoy": ["fundamentaliemef.com", "gallerybrows.com", "leadeligey.com", "octoberx2.online", "climaxnovels.com", "gdsjgf.com", "curateherstories.com", "blacksailus.com", "yjpps.com", "gmobilet.com", "fcoins.club", "foreverlive2027.com", "healthyfifties.com", "wmarquezy.com", "housebulb.com", "thebabyfriendly.com", "primajayaintiperkasa.com", "learnplaychess.com", "chrisbubser.digital", "xn--avenr-wsa.com", "exlineinsurance.com", "thrivezi.com", "tuvandadayvitos24h.online", "illfingers.com", "usmedicarenow.com", "pandabutik.com", "engageautism.info", "magnabeautystyle.com", "texasdryroof.com", "woodlandpizzahartford.com", "dameadamea.com", "sedaskincare.com", "ruaysatu99.com", "mybestaide.com", "nikolaichan.com", "mrcabinetkitchenandbath.com", "ondemandbarbering.com", "activagebenefits.net", "srcsvcs.com", "cbrealvitalize.com", "ismaelworks.com", "medkomp.online", "ninasangtani.com", "h2oturkiye.com", "kolamart.com", "acdfr.com", "twistedtailgatesweeps1.com", "ramjamdee.com", "thedancehalo.com", "joeisono.com", "glasshouseroadtrip.com", "okcpp.com", "riggsfarmfenceservices.com", "mgg360.com", "xn--oi2b190cymc.com", "ctfocbdwholesale.com", "openspiers.com", "rumblingrambles.com", "thepoetrictedstudio.com", "magiclabs.media", "wellnesssensation.com", "lakegastonautoparts.com", "dealsonwheeeles.com", "semenboostplus.com"]} |
Source: Yara match | File source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then jmp 05840BBEh | 0_2_05840040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h | 0_2_058422A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then jmp 05840BBEh | 0_2_05840CC7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then jmp 05840BBEh | 0_2_05840119 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then jmp 05840BBEh | 0_2_05840007 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then jmp 05840BBEh | 0_2_05840B81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h | 0_2_05842290 |
Source: Yara match | File source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_004181B0 NtCreateFile, | 2_2_004181B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00418260 NtReadFile, | 2_2_00418260 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_004182E0 NtClose, | 2_2_004182E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00418390 NtAllocateVirtualMemory, | 2_2_00418390 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_004181AA NtCreateFile, | 2_2_004181AA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0041825C NtReadFile, | 2_2_0041825C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_004182DA NtClose, | 2_2_004182DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9860 NtQuerySystemInformation,LdrInitializeThunk, | 2_2_013D9860 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9660 NtAllocateVirtualMemory,LdrInitializeThunk, | 2_2_013D9660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D96E0 NtFreeVirtualMemory,LdrInitializeThunk, | 2_2_013D96E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9910 NtAdjustPrivilegesToken, | 2_2_013D9910 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9950 NtQueueApcThread, | 2_2_013D9950 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D99A0 NtCreateSection, | 2_2_013D99A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D99D0 NtCreateProcessEx, | 2_2_013D99D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9820 NtEnumerateKey, | 2_2_013D9820 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013DB040 NtSuspendThread, | 2_2_013DB040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9840 NtDelayExecution, | 2_2_013D9840 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D98A0 NtWriteVirtualMemory, | 2_2_013D98A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D98F0 NtReadVirtualMemory, | 2_2_013D98F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9B00 NtSetValueKey, | 2_2_013D9B00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013DA3B0 NtGetContextThread, | 2_2_013DA3B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9A20 NtResumeThread, | 2_2_013D9A20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9A10 NtQuerySection, | 2_2_013D9A10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9A00 NtProtectVirtualMemory, | 2_2_013D9A00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9A50 NtCreateFile, | 2_2_013D9A50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9A80 NtOpenDirectoryObject, | 2_2_013D9A80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013DAD30 NtSetContextThread, | 2_2_013DAD30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9520 NtWaitForSingleObject, | 2_2_013D9520 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9560 NtWriteFile, | 2_2_013D9560 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9540 NtReadFile, | 2_2_013D9540 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D95F0 NtQueryInformationFile, | 2_2_013D95F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D95D0 NtClose, | 2_2_013D95D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9730 NtQueryVirtualMemory, | 2_2_013D9730 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9710 NtQueryInformationToken, | 2_2_013D9710 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013DA710 NtOpenProcessToken, | 2_2_013DA710 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013DA770 NtOpenThread, | 2_2_013DA770 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9770 NtSetInformationFile, | 2_2_013D9770 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9760 NtOpenProcess, | 2_2_013D9760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D97A0 NtUnmapViewOfSection, | 2_2_013D97A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9780 NtMapViewOfSection, | 2_2_013D9780 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9FE0 NtCreateMutant, | 2_2_013D9FE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9610 NtEnumerateValueKey, | 2_2_013D9610 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9670 NtQueryInformationProcess, | 2_2_013D9670 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D9650 NtQueryValueKey, | 2_2_013D9650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013D96D0 NtCreateKey, | 2_2_013D96D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_02649608 | 0_2_02649608 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_0264C52D | 0_2_0264C52D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_0264AB34 | 0_2_0264AB34 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_05842C60 | 0_2_05842C60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_05840F70 | 0_2_05840F70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_05840040 | 0_2_05840040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 0_2_05840007 | 0_2_05840007 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0040102F | 2_2_0040102F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00401030 | 2_2_00401030 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00408C4C | 2_2_00408C4C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00408C50 | 2_2_00408C50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0041B493 | 2_2_0041B493 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0041CD28 | 2_2_0041CD28 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00402D87 | 2_2_00402D87 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00402D90 | 2_2_00402D90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0041CE77 | 2_2_0041CE77 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_00402FB0 | 2_2_00402FB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013B4120 | 2_2_013B4120 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0139F900 | 2_2_0139F900 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013B99BF | 2_2_013B99BF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013BA830 | 2_2_013BA830 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01396800 | 2_2_01396800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01451002 | 2_2_01451002 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0146E824 | 2_2_0146E824 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013C20A0 | 2_2_013C20A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013AB090 | 2_2_013AB090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014628EC | 2_2_014628EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014620A8 | 2_2_014620A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0143CB4F | 2_2_0143CB4F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013BA309 | 2_2_013BA309 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013B3360 | 2_2_013B3360 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0145231B | 2_2_0145231B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01462B28 | 2_2_01462B28 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013BAB40 | 2_2_013BAB40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013CEBB0 | 2_2_013CEBB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0145DBD2 | 2_2_0145DBD2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014503DA | 2_2_014503DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013BEB9A | 2_2_013BEB9A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014423E3 | 2_2_014423E3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013C138B | 2_2_013C138B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0143EB8A | 2_2_0143EB8A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013E8BE8 | 2_2_013E8BE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013CABD8 | 2_2_013CABD8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013BB236 | 2_2_013BB236 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0144FA2B | 2_2_0144FA2B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0145E2C5 | 2_2_0145E2C5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01454AEF | 2_2_01454AEF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014622AE | 2_2_014622AE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014632A9 | 2_2_014632A9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01461D55 | 2_2_01461D55 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01390D20 | 2_2_01390D20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01462D07 | 2_2_01462D07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013B2D50 | 2_2_013B2D50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014625DD | 2_2_014625DD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013C65A0 | 2_2_013C65A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013C2581 | 2_2_013C2581 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01452D82 | 2_2_01452D82 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013AD5E0 | 2_2_013AD5E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0145D466 | 2_2_0145D466 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013A841F | 2_2_013A841F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013BB477 | 2_2_013BB477 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01454496 | 2_2_01454496 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0146DFCE | 2_2_0146DFCE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_014567E2 | 2_2_014567E2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01461FF1 | 2_2_01461FF1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013B6E30 | 2_2_013B6E30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_013B5600 | 2_2_013B5600 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_0145D616 | 2_2_0145D616 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01462EF7 | 2_2_01462EF7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Code function: 2_2_01441EB6 | 2_2_01441EB6 |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameAsyncState.dllF vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.226319020.00000000057E0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameLegacyPathHandling.dllN vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000000.217210974.000000000032E000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224992684.000000000161F000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224222430.000000000086E000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe | Binary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |