MalAgent.J_89969 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive
Mutexes created
- yushi95.e1.luyouxia.net:23758:Rsssoo yywucwqg
Directory level activity
File level activity
Registry level activity- write - registry - SYSTEM\CurrentControlSet\Services\Rsssoo yywucwqgConnectGroup
- write - registry - SYSTEM\CurrentControlSet\Services\Rsssoo yywucwqgMarkTime
- write - registry - SYSTEM\CurrentControlSet\Services\Rsssoo yywucwqgMarkTime
Library level activity- load - library - kernel32.dll
- load - library - KERNEL32.dll
- load - library - USER32.dll
- load - library - ADVAPI32.dll
- load - library - SHELL32.dll
- load - library - ole32.dll
- load - library - WS2_32.dll
- load - library - MSVCRT.dll
- load - library - SETUPAPI.dll
- load - library - iphlpapi.dll
- load - library - urlmon.dll
- load - library - user32.dll
- load - library - C:\WINDOWS\system32\rpcss.dll
- load - library - C:\WINDOWS\system32\uxtheme.dll
- load - library - uxtheme.dll
- load - library - kernel32.dll
Process API calls used
- VirtualProtectEx
- NtFreeVirtualMemory
- ZwMapViewOfSection
Registry API calls used
- RegOpenKeyExA
- RegCloseKey
- RegCreateKeyExA
- RegSetValueExA
- RegCloseKey
System API calls used
- LdrLoadDll
- LdrGetProcedureAddress
- LdrGetDllHandle
- IsDebuggerPresent
- NtDelayExecution
- NtDelayExecution
Filesystem API calls used
Network
UDP source >> destination
- 192.168.30.254 >> 192.168.30.6
- 192.168.30.6 >> 192.168.30.254
- 192.168.30.6 >> 192.168.30.255
- 192.168.30.6 >> 8.8.8.8
TCP source >> destination
- 192.168.30.6 >> 192.168.30.254
Domains:- yushi95.e1.luyouxia.net with IP - 43.248.201.133
DNS Request:
HTTP Request:
DLL related data
Number of DLL's imported = 1
|
