Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ePAY-Advice_Rf[UC7749879100].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Kontos.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nslD140.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\AEGISIIIRadeonHelper.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Fatalismen.Int
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Provokations.Fje
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\avatar-default-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\be.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\changes-allow-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\dotnet.api
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\ebook-reader.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\emblem-photos-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\font-select-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\network-wired-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\pan-start-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\printer-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Rekapitulerer\Inseminerede79\pt-br.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\omfartsvejene\Reberbanernes\Muhamedaneres\Sminknings\LogoCanary.png
|
PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ePAY-Advice_Rf[UC7749879100].exe
|
C:\Users\user\Desktop\ePAY-Advice_Rf[UC7749879100].exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Shabbyish\Retablerings
|
Aphetism
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4568000
|
direct allocation
|
page execute and read and write
|
|
|
|
5E0000
|
heap
|
page read and write
|
||
|
4F68000
|
direct allocation
|
page execute and read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
630000
|
heap
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
262F000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
218E000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
6E165000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2833000
|
heap
|
page read and write
|
||
|
2834000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
272F000
|
stack
|
page read and write
|
||
|
6368000
|
direct allocation
|
page execute and read and write
|
||
|
6E161000
|
unkown
|
page execute read
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
283B000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
429000
|
unkown
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
7B8000
|
heap
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
6D68000
|
direct allocation
|
page execute and read and write
|
||
|
433000
|
unkown
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
424000
|
unkown
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5968000
|
direct allocation
|
page execute and read and write
|
||
|
3B68000
|
direct allocation
|
page execute and read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
283D000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
283B000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
2836000
|
heap
|
page read and write
|
||
|
283C000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
6E160000
|
unkown
|
page readonly
|
||
|
6E163000
|
unkown
|
page readonly
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
283E000
|
heap
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
3100000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3AB0000
|
direct allocation
|
page execute and read and write
|
There are 63 hidden memdumps, click here to show them.