IOC Report
SecuriteInfo.com.UDS.Trojan-Downloader.Win32.GuLoader.gen.21079.10441

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.UDS.Trojan-Downloader.Win32.GuLoader.gen.21079.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\CYKELPARKERINGENS.ini
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\GL-1.0.typelib
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\HERMAPHRODEITY.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\applications-other.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\folder-symbolic.symbolic.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\nscCF70.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\rt64win7.inf
Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trompetens.Pim9
data
dropped
C:\Users\user\AppData\Local\Temp\user-not-tracked-symbolic.svg
SVG Scalable Vector Graphics image
dropped
C:\Users\user\AppData\Local\Temp\video-joined-displays-symbolic.symbolic.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.UDS.Trojan-Downloader.Win32.GuLoader.gen.21079.exe
"C:\Users\user\Desktop\SecuriteInfo.com.UDS.Trojan-Downloader.Win32.GuLoader.gen.21079.exe"
malicious

URLs

Name
IP
Malicious
http://artist151sh.com/paralikgroup%20ori%204_vJdEAWVzP17.bin
malicious
http://creativecommons.org/ns#DerivativeWorks
unknown
http://creativecommons.org/ns#ShareAlike
unknown
http://creativecommons.org/licenses/by-sa/4.0/
unknown
http://creativecommons.org/ns#Distribution
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://creativecommons.org/ns#Notice
unknown
http://creativecommons.org/ns#Reproduction
unknown
http://creativecommons.org/ns#Attribution
unknown
http://creativecommons.org/ns#
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\medtag\Erethitic
enregistration
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bastille56\Skrivebordsskuffe50
Expand String Value
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\reclothing\Taxifly
NDRAAB

Memdumps

Base Address
Regiontype
Protect
Malicious
33A1000
direct allocation
page execute and read and write
 malicious
1C90A83D000
heap
page read and write
1F5A0A4A000
heap
page read and write
400000
unkown
page readonly
1C910040000
heap
page read and write
40A000
unkown
page read and write
531000
heap
page read and write
1C910000000
heap
page read and write
2272DAE1000
heap
page read and write
28E28702000
heap
page read and write
74B9A7B000
stack
page read and write
31AB000
stack
page read and write
2272DA3E000
heap
page read and write
1C90B710000
trusted library allocation
page read and write
1F5A0A41000
heap
page read and write
2314645B000
heap
page read and write
1C83C120000
heap
page read and write
1F5A0A55000
heap
page read and write
5CC000
heap
page read and write
574000
heap
page read and write
552000
heap
page read and write
1C90A829000
heap
page read and write
555000
heap
page read and write
1F5A0A3E000
heap
page read and write
38F0000
trusted library allocation
page read and write
C9F5C7D000
stack
page read and write
5830000
trusted library allocation
page read and write
1C9100AA000
heap
page read and write
62912FB000
stack
page read and write
E8CB7DB000
stack
page read and write
C9F5F7F000
stack
page read and write
26283220000
heap
page read and write
1C910036000
heap
page read and write
6B0000
heap
page read and write
1C91001C000
heap
page read and write
734E1000
unkown
page execute read
435000
unkown
page read and write
1F5A0A69000
heap
page read and write
E8CC3FF000
stack
page read and write
1C90FF20000
trusted library allocation
page read and write
1C90BCA0000
trusted library allocation
page read and write
26283468000
heap
page read and write
23146402000
heap
page read and write
26283500000
heap
page read and write
1F5A0A30000
heap
page read and write
2272DAD0000
heap
page read and write
23146513000
heap
page read and write
74B9B7E000
stack
page read and write
1C90FE30000
trusted library allocation
page read and write
1C910260000
trusted library allocation
page read and write
2272DA66000
heap
page read and write
1C83CF50000
trusted library allocation
page read and write
1C83CF30000
trusted library allocation
page read and write
227C000
stack
page read and write
1C83C1AA000
heap
page read and write
52C000
heap
page read and write
28E28560000
trusted library allocation
page read and write
1C83C18B000
heap
page read and write
1F5A0A71000
heap
page read and write
1C83C2D5000
heap
page read and write
1F5A0A80000
heap
page read and write
1C90FE1E000
trusted library allocation
page read and write
1F5A0A4F000
heap
page read and write
38E1000
trusted library allocation
page read and write
1C90A86E000
heap
page read and write
9DE000
heap
page read and write
553000
heap
page read and write
E8CBCFF000
stack
page read and write
1C9100AC000
heap
page read and write
452000
unkown
page readonly
2272D9B0000
heap
page read and write
5A3000
heap
page read and write
1C83C2D0000
heap
page read and write
557000
heap
page read and write
5AA000
heap
page read and write
1C90A877000
heap
page read and write
57C000
heap
page read and write
E8CC2FF000
stack
page read and write
5BF000
heap
page read and write
62916FE000
stack
page read and write
1F5A0A3A000
heap
page read and write
23146458000
heap
page read and write
5DC000
heap
page read and write
5A5000
heap
page read and write
1C83CCF0000
trusted library allocation
page read and write
1C9100E1000
heap
page read and write
5EB000
heap
page read and write
21BC000
stack
page read and write
5CC000
heap
page read and write
59A000
heap
page read and write
1C90FF70000
remote allocation
page read and write
1F5A0A66000
heap
page read and write
28E28613000
heap
page read and write
38F0000
trusted library allocation
page read and write
1C90A7B0000
heap
page read and write
5849000
trusted library allocation
page read and write
1C83C1B2000
heap
page read and write
1F5A0A6F000
heap
page read and write
734E6000
unkown
page readonly
99000
stack
page read and write
1C83C140000
heap
page read and write
27DD000
stack
page read and write
1F5A0A7F000
heap
page read and write
26283502000
heap
page read and write
1C90A914000
heap
page read and write
C9F5CFE000
stack
page read and write
50ADFF000
stack
page read and write
50A8FB000
stack
page read and write
5DB000
heap
page read and write
5BF000
heap
page read and write
E8CC4FF000
stack
page read and write
2628343E000
heap
page read and write
1C83C1A0000
heap
page read and write
1C90FF60000
trusted library allocation
page read and write
5841000
trusted library allocation
page read and write
4F0000
heap
page read and write
5AC000
heap
page read and write
1C90B700000
trusted library allocation
page read and write
9D0000
heap
page read and write
4F8000
heap
page read and write
28E28602000
heap
page read and write
1C83C1C1000
heap
page read and write
1C910109000
heap
page read and write
21E0000
heap
page read and write
557000
heap
page read and write
1C83C18C000
heap
page read and write
5EC000
heap
page read and write
1F5A0A48000
heap
page read and write
1C83C1B9000
heap
page read and write
1C83C2D9000
heap
page read and write
5BF000
heap
page read and write
2804000
trusted library allocation
page read and write
6290C7B000
stack
page read and write
401000
unkown
page execute read
5841000
trusted library allocation
page read and write
3370000
trusted library allocation
page read and write
7204EFF000
stack
page read and write
1F5A0B02000
heap
page read and write
5DC000
heap
page read and write
1C910054000
heap
page read and write
1F5A0A45000
heap
page read and write
26283402000
heap
page read and write
26283380000
trusted library allocation
page read and write
9CE000
stack
page read and write
5B6000
heap
page read and write
1C90B104000
heap
page read and write
734E0000
unkown
page readonly
1C91004D000
heap
page read and write
629127D000
stack
page read and write
74B9E7E000
stack
page read and write
575000
heap
page read and write
50A6FE000
stack
page read and write
1C83CF60000
trusted library allocation
page read and write
1C90B703000
trusted library allocation
page read and write
543000
heap
page read and write
1C83CF40000
heap
page readonly
1F5A1202000
trusted library allocation
page read and write
2290000
heap
page read and write
1C910102000
heap
page read and write
E8CBBFB000
stack
page read and write
E8CBFFE000
stack
page read and write
26283428000
heap
page read and write
582A000
trusted library allocation
page read and write
1F5A0A4C000
heap
page read and write
1C90A8A5000
heap
page read and write
27EC000
trusted library allocation
page read and write
5AA000
heap
page read and write
1C90B159000
heap
page read and write
5C6000
heap
page read and write
5820000
trusted library allocation
page read and write
7204DFB000
stack
page read and write
1C83C1C1000
heap
page read and write
1C910014000
heap
page read and write
28E28655000
heap
page read and write
26283280000
heap
page read and write
1C90A7E0000
trusted library allocation
page read and write
2272DA87000
heap
page read and write
74B9AFE000
stack
page read and write
509FEB000
stack
page read and write
2272E300000
heap
page read and write
1F5A0A43000
heap
page read and write
572000
heap
page read and write
5DC000
heap
page read and write
C9F551B000
stack
page read and write
5841000
trusted library allocation
page read and write
5B7000
heap
page read and write
1C90FF00000
trusted library allocation
page read and write
1C83C1B9000
heap
page read and write
1C83C1C1000
heap
page read and write
6290FFE000
stack
page read and write
5849000
trusted library allocation
page read and write
1C90A900000
heap
page read and write
23146413000
heap
page read and write
1C910108000
heap
page read and write
57E000
heap
page read and write
5833000
trusted library allocation
page read and write
AA94579000
stack
page read and write
74B9D7E000
stack
page read and write
1C83C19C000
heap
page read and write
72046BB000
stack
page read and write
1C83C1B9000
heap
page read and write
1F5A0A13000
heap
page read and write
38E0000
trusted library allocation
page read and write
9D6000
heap
page read and write
1F5A0A00000
heap
page read and write
1C90A750000
heap
page read and write
1C90B113000
heap
page read and write
1C90A740000
heap
page read and write
2272DB02000
heap
page read and write
1F5A0A6B000
heap
page read and write
1C90B015000
heap
page read and write
1C90FE10000
trusted library allocation
page read and write
3590000
heap
page read and write
C9F5A7C000
stack
page read and write
1C83C2C0000
trusted library allocation
page read and write
E8CC0FD000
stack
page read and write
1C90FF70000
remote allocation
page read and write
1C83C1B2000
heap
page read and write
5BF000
heap
page read and write
62910FF000
stack
page read and write
1C910061000
heap
page read and write
38EE000
trusted library allocation
page read and write
1C9100E9000
heap
page read and write
50A4FA000
stack
page read and write
5BF000
heap
page read and write
19A000
stack
page read and write
57E000
heap
page read and write
1C90A900000
heap
page read and write
1C83C2C0000
trusted library allocation
page read and write
26283210000
heap
page read and write
C9F59FF000
stack
page read and write
59A000
heap
page read and write
452000
unkown
page readonly
28E28600000
heap
page read and write
1C83C148000
heap
page read and write
2272DA6E000
heap
page read and write
35B0000
trusted library allocation
page read and write
5AB000
heap
page read and write
1F5A0A49000
heap
page read and write
1F5A0A42000
heap
page read and write
23146475000
heap
page read and write
1C910103000
heap
page read and write
5CC000
heap
page read and write
5BF000
heap
page read and write
1F5A0A46000
heap
page read and write
57E000
heap
page read and write
5CC000
heap
page read and write
1C90FF70000
remote allocation
page read and write
7204CFB000
stack
page read and write
575000
heap
page read and write
5BF000
heap
page read and write
1C83C1C3000
heap
page read and write
53C000
heap
page read and write
21E4000
heap
page read and write
1C90FF50000
trusted library allocation
page read and write
5833000
trusted library allocation
page read and write
1C910100000
heap
page read and write
1C90FE34000
trusted library allocation
page read and write
2272DAC7000
heap
page read and write
26283400000
heap
page read and write
2272DA00000
heap
page read and write
1F5A0A53000
heap
page read and write
1C90B118000
heap
page read and write
1C83CFB0000
trusted library allocation
page read and write
1F5A0940000
heap
page read and write
5AB000
heap
page read and write
1C90B820000
trusted library allocation
page read and write
5AA000
heap
page read and write
2272D940000
heap
page read and write
1C9100F3000
heap
page read and write
1C90FE10000
trusted library allocation
page read and write
5BF000
heap
page read and write
26283454000
heap
page read and write
4F20000
trusted library allocation
page read and write
5AA000
heap
page read and write
AA94479000
stack
page read and write
1C83C18D000
heap
page read and write
1C83CCE0000
trusted library allocation
page read and write
1C90B159000
heap
page read and write
1C83BFE0000
heap
page read and write
E8CC5FF000
stack
page read and write
28E28590000
remote allocation
page read and write
1C90FD00000
trusted library allocation
page read and write
1C90FEE0000
trusted library allocation
page read and write
1C90FE40000
trusted library allocation
page read and write
50A7FB000
stack
page read and write
28E28590000
remote allocation
page read and write
5851000
trusted library allocation
page read and write
5B6000
heap
page read and write
59A000
heap
page read and write
28E284C0000
heap
page read and write
1C90FEE0000
trusted library allocation
page read and write
38F0000
trusted library allocation
page read and write
2272DA29000
heap
page read and write
1C83C2B0000
trusted library allocation
page read and write
E8CBDFD000
stack
page read and write
1C9100EF000
heap
page read and write
30000
heap
page read and write
5DC000
heap
page read and write
1C90A857000
heap
page read and write
5AB000
heap
page read and write
400000
unkown
page readonly
26283464000
heap
page read and write
408000
unkown
page readonly
5849000
trusted library allocation
page read and write
1C90A898000
heap
page read and write
2272E202000
heap
page read and write
5720000
trusted library allocation
page read and write
1C90A893000
heap
page read and write
1F5A0A29000
heap
page read and write
1C83C240000
heap
page read and write
38EE000
trusted library allocation
page read and write
1C83C2E0000
trusted library allocation
page read and write
5833000
trusted library allocation
page read and write
231461C0000
heap
page read and write
AA944FE000
stack
page read and write
23146A02000
trusted library allocation
page read and write
578000
heap
page read and write
C9F5DFD000
stack
page read and write
1C90FE54000
trusted library allocation
page read and write
629117C000
stack
page read and write
1F5A0A7D000
heap
page read and write
401000
unkown
page execute read
1C90B102000
heap
page read and write
2272DA68000
heap
page read and write
1C90FF40000
trusted library allocation
page read and write
5B7000
heap
page read and write
1C90A813000
heap
page read and write
1C90A88E000
heap
page read and write
1F5A0A54000
heap
page read and write
5B7000
heap
page read and write
5DC000
heap
page read and write
28E28E02000
trusted library allocation
page read and write
1F5A0A77000
heap
page read and write
1C83C1B2000
heap
page read and write
23146429000
heap
page read and write
74B9F7F000
stack
page read and write
1C90A874000
heap
page read and write
28E28640000
heap
page read and write
5DC000
heap
page read and write
231463F0000
trusted library allocation
page read and write
1F5A0A47000
heap
page read and write
40A000
unkown
page write copy
1C90B002000
heap
page read and write
23146220000
heap
page read and write
2272DABF000
heap
page read and write
1C83C18C000
heap
page read and write
582F000
trusted library allocation
page read and write
1C90B720000
trusted library allocation
page read and write
231461B0000
heap
page read and write
2272DA13000
heap
page read and write
1F5A0A6D000
heap
page read and write
5BF000
heap
page read and write
50A3F7000
stack
page read and write
1C910104000
heap
page read and write
5CC000
heap
page read and write
26283C02000
trusted library allocation
page read and write
376E000
stack
page read and write
1C90A902000
heap
page read and write
1C90FF70000
trusted library allocation
page read and write
408000
unkown
page readonly
1C90B000000
heap
page read and write
2230000
trusted library allocation
page read and write
1C90B118000
heap
page read and write
5849000
trusted library allocation
page read and write
28E284D0000
heap
page read and write
7204BFB000
stack
page read and write
1C90FCF0000
trusted library allocation
page read and write
1F5A0950000
heap
page read and write
E8CC1FE000
stack
page read and write
1C910280000
trusted library allocation
page read and write
38E0000
trusted library allocation
page read and write
553000
heap
page read and write
1F5A0A51000
heap
page read and write
23146441000
heap
page read and write
23146502000
heap
page read and write
28E28590000
remote allocation
page read and write
1C90FE18000
trusted library allocation
page read and write
5850000
trusted library allocation
page read and write
5920000
trusted library allocation
page read and write
1F5A0A76000
heap
page read and write
1C90A800000
heap
page read and write
28E28530000
heap
page read and write
50A5FA000
stack
page read and write
28E2865C000
heap
page read and write
38F0000
trusted library allocation
page read and write
1F5A0A52000
heap
page read and write
5AA000
heap
page read and write
1C90FE50000
trusted library allocation
page read and write
26DF000
stack
page read and write
1C83C1A1000
heap
page read and write
62915FD000
stack
page read and write
578000
heap
page read and write
1C90A907000
heap
page read and write
23146400000
heap
page read and write
1F5A09E0000
trusted library allocation
page read and write
57E000
heap
page read and write
572000
heap
page read and write
1C90A902000
heap
page read and write
62914FF000
stack
page read and write
386F000
stack
page read and write
5100000
heap
page read and write
1C90FE31000
trusted library allocation
page read and write
572000
heap
page read and write
59A000
heap
page read and write
1C90A891000
heap
page read and write
2272D9E0000
trusted library allocation
page read and write
1F5A0A86000
heap
page read and write
26283413000
heap
page read and write
5A4000
heap
page read and write
2272D950000
heap
page read and write
571000
heap
page read and write
5AA000
heap
page read and write
62913FD000
stack
page read and write
578000
heap
page read and write
59A000
heap
page read and write
38E1000
trusted library allocation
page read and write
1C91002B000
heap
page read and write
1C90A8B3000
heap
page read and write
1C83CFB0000
trusted library allocation
page read and write
582D000
trusted library allocation
page read and write
2272DB13000
heap
page read and write
6290E7C000
stack
page read and write
1F5A0A50000
heap
page read and write
1C83C185000
heap
page read and write
28E28629000
heap
page read and write
26283479000
heap
page read and write
1C90FF30000
trusted library allocation
page read and write
1C90B100000
heap
page read and write
4C0000
trusted library allocation
page read and write
1C83BFF0000
trusted library allocation
page read and write
AA93FEB000
stack
page read and write
1F5A09B0000
heap
page read and write
1C90FE40000
trusted library allocation
page read and write
26283440000
heap
page read and write
426000
unkown
page read and write
575000
heap
page read and write
734E4000
unkown
page readonly
557000
heap
page read and write
26283513000
heap
page read and write
1C90FEE0000
trusted library allocation
page read and write
AA943FC000
stack
page read and write
There are 432 hidden memdumps, click here to show them.