IOC Report
PI#53034601506400.exe

loading gif

Files

File Path
Type
Category
Malicious
PI#53034601506400.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PI#53034601506400.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\PI#53034601506400.exe
"C:\Users\user\Desktop\PI#53034601506400.exe"
malicious
C:\Users\user\Desktop\PI#53034601506400.exe
C:\Users\user\Desktop\PI#53034601506400.exe
malicious

URLs

Name
IP
Malicious
http://kbfvzoboss.bid/alien/fre.php
malicious
http://alphastand.top/alien/fre.php
malicious
http://alphastand.win/alien/fre.php
malicious
http://alphastand.trade/alien/fre.php
malicious
http://www.fontbureau.com/designersG
unknown
http://www.founder.com.cn/cnQ
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://www.fontbureau.com/designers?
unknown
http://www.ibsensoftware.com/
unknown
http://www.sajatypeworks.com7
unknown
http://www.founder.com.cn/cnU
unknown
http://www.tiro.com
unknown
http://www.fontbureau.com/designers
unknown
http://www.goodfont.co.kr
unknown
http://www.jiyu-kobo.co.jp/jp/:
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://www.urwpp.deu4
unknown
http://fontfabrik.com
unknown
http://www.jiyu-kobo.co.jp/5
unknown
http://www.jiyu-kobo.co.jp//
unknown
http://www.jiyu-kobo.co.jp/Y0m
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.fontbureau.com/designers/pe.M
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.urwpp.deDPlease
unknown
http://www.urwpp.de
unknown
http://www.zhongyicts.com.cn
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.sakkal.com
unknown
http://centos.org
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://apache.org
unknown
http://www.jiyu-kobo.co.jp/I
unknown
http://www.jiyu-kobo.co.jp/jp/
unknown
http://www.founder.com.cn/cnGg
unknown
http://www.carterandcone.coml
unknown
http://www.centos.org/
unknown
http://www.founder.com.cn/cn/
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cnion
unknown
http://www.founder.com.cn/cn
unknown
http://www.fontbureau.com/designers/frere-jones.html
unknown
http://www.jiyu-kobo.co.jp/r
unknown
http://httpd.apache.org/
unknown
http://www.fontbureau.com/designers/pe.
unknown
http://www.founder.com.cn/cno_
unknown
http://www.fontbureau.comm
unknown
http://www.jiyu-kobo.co.jp/
unknown
http://www.fontbureau.comgrita5
unknown
http://www.fontbureau.com/designers8
unknown
http://www.jiyu-kobo.co.jp/d
unknown
There are 47 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
162.0.223.13
unknown
Canada
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
2538000
trusted library allocation
page read and write
malicious
3525000
trusted library allocation
page read and write
malicious
3897000
trusted library allocation
page read and write
malicious
415000
remote allocation
page execute and read and write
malicious
5A5A000
trusted library allocation
page read and write
4FD0000
trusted library allocation
page read and write
A2000
unkown
page readonly
5A8F000
trusted library allocation
page read and write
5A8F000
trusted library allocation
page read and write
4FB0000
trusted library allocation
page read and write
4FD0000
trusted library allocation
page read and write