MalAgent.J_89690 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive
Mutexes created
Directory level activity
File level activity
Registry level activity
Library level activity- load - library - advapi32
- load - library - ntdll
- load - library - kernel32.dll
- load - library - KERNEL32.DLL
- load - library - msimg32.dll
- load - library - user32
- load - library - kernel32
- load - library - ntdll.dll
- load - library - C:\WINDOWS\system32\uxtheme.dll
- load - library - uxtheme.dll
- load - library - KERNEL32
- load - library - uxtheme.dll
Process API calls used
- NtCreateSection
- ZwMapViewOfSection
- NtProtectVirtualMemory
- VirtualProtectEx
Registry API calls used
System API calls used
- LdrLoadDll
- LdrGetDllHandle
- LdrGetProcedureAddress
- LdrGetDllHandle
Filesystem API calls used
Network
UDP source >> destination - 192.168.30.254 >> 192.168.30.6
- 192.168.30.6 >> 192.168.30.254
- 192.168.30.6 >> 192.168.30.255
- 192.168.30.6 >> 8.8.8.8
TCP source >> destination - 192.168.30.6 >> 162.0.217.254
- 192.168.30.6 >> 192.168.30.254
- 192.168.30.6 >> 211.171.233.126
- 192.168.30.6 >> 37.56.98.218
Domains:- api.2ip.ua with IP - 162.0.217.254
- zerit.top with IP - 190.219.109.25
- fuyt.org with IP - 189.165.11.22
DNS Request:- api.2ip.ua
- fuyt.org
- zerit.top
HTTP Request:- GET URI - http://zerit.top/dl/build2.exe
- GET URI - http://fuyt.org/lancer/get.php?pid=5B65631F251A0B7C522ACCB13663C4A4&first=true
- GET URI - http://fuyt.org/files/1/build3.exe
DLL related data Number of DLL's imported = 2
|