Program did not start
MALICIOUS | SUSPICIOUS | INFO |
---|---|---|
Loads dropped or rewritten executable
|
Executed as Windows Service
|
No info indicators. |
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00006409 | 0x00006600 | IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ | 6.41622 |
.rdata | 0x00008000 | 0x0000138E | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 5.14383 |
.data | 0x0000A000 | 0x00020358 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 4.0044 |
.ndata | 0x0002B000 | 0x00013000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x0003E000 | 0x0002AD00 | 0x0002AE00 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 5.33783 |
No exports.
Click at the process to see the details.
Image |
---|
c:\users\admin\appdata\local\temp\smartalertssetup.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\uxtheme.dll |
c:\windows\system32\userenv.dll |
c:\windows\system32\profapi.dll |
c:\windows\system32\setupapi.dll |
c:\windows\system32\cfgmgr32.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\devobj.dll |
c:\windows\system32\apphelp.dll |
c:\windows\system32\propsys.dll |
c:\windows\system32\dwmapi.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\oleacc.dll |
c:\windows\system32\clbcatq.dll |
c:\windows\system32\version.dll |
c:\windows\system32\shfolder.dll |
c:\windows\system32\ntmarta.dll |
c:\windows\system32\wldap32.dll |
c:\windows\system32\shdocvw.dll |
c:\users\admin\appdata\local\temp\nspf279.tmp\system.dll |
c:\program files\winzip smart monitor\winzip smart monitor service.exe |
c:\users\admin\appdata\local\temp\nspf279.tmp\execdos.dll |
Image |
---|
c:\program files\winzip smart monitor\winzip smart monitor service.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\wtsapi32.dll |
c:\windows\system32\userenv.dll |
c:\windows\system32\profapi.dll |
c:\windows\system32\version.dll |
c:\windows\system32\wintrust.dll |
c:\windows\system32\crypt32.dll |
c:\windows\system32\msasn1.dll |
c:\windows\system32\winhttp.dll |
c:\windows\system32\webio.dll |
c:\windows\system32\wininet.dll |
c:\windows\system32\urlmon.dll |
c:\windows\system32\iertutil.dll |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\imagehlp.dll |
c:\windows\system32\cryptsp.dll |
c:\windows\system32\rsaenh.dll |
c:\windows\system32\ncrypt.dll |
c:\windows\system32\bcrypt.dll |
c:\windows\system32\bcryptprimitives.dll |
c:\windows\system32\gpapi.dll |
Image |
---|
c:\users\admin\appdata\local\temp\smartalertssetup.exe |
c:\program files\winzip smart monitor\winzip smart monitor service.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\wtsapi32.dll |
c:\windows\system32\userenv.dll |
c:\windows\system32\profapi.dll |
c:\windows\system32\version.dll |
c:\windows\system32\wintrust.dll |
c:\windows\system32\crypt32.dll |
c:\windows\system32\msasn1.dll |
c:\windows\system32\winhttp.dll |
c:\windows\system32\webio.dll |
c:\windows\system32\wininet.dll |
c:\windows\system32\urlmon.dll |
c:\windows\system32\iertutil.dll |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\imagehlp.dll |
c:\windows\system32\cryptsp.dll |
c:\windows\system32\rsaenh.dll |
c:\windows\system32\ncrypt.dll |
c:\windows\system32\bcrypt.dll |
c:\windows\system32\bcryptprimitives.dll |
c:\windows\system32\gpapi.dll |
c:\windows\system32\cryptnet.dll |
c:\windows\system32\wldap32.dll |
c:\windows\system32\sensapi.dll |
c:\windows\system32\ws2_32.dll |
c:\windows\system32\nsi.dll |
c:\windows\system32\sspicli.dll |
c:\windows\system32\credssp.dll |
c:\windows\system32\mswsock.dll |
c:\windows\system32\wshqos.dll |
c:\windows\system32\wshtcpip.dll |
c:\windows\system32\wship6.dll |
c:\windows\system32\iphlpapi.dll |
c:\windows\system32\winnsi.dll |
c:\windows\system32\dhcpcsvc6.dll |
c:\windows\system32\dhcpcsvc.dll |
c:\windows\system32\cfgmgr32.dll |
c:\windows\system32\dnsapi.dll |
c:\windows\system32\rasadhlp.dll |
c:\windows\system32\fwpuclnt.dll |
c:\windows\system32\setupapi.dll |
c:\windows\system32\devobj.dll |
c:\windows\system32\cabinet.dll |
c:\windows\system32\devrtl.dll |
c:\windows\system32\clbcatq.dll |
c:\windows\system32\rpcrtremote.dll |
c:\windows\system32\winsta.dll |
c:\windows\system32\wbem\wbemprox.dll |
c:\windows\system32\wbemcomn.dll |
c:\windows\system32\wbem\wbemsvc.dll |
c:\windows\system32\wbem\fastprox.dll |
c:\windows\system32\ntdsapi.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
c:\windows\system32\normaliz.dll |
c:\windows\system32\schannel.dll |
c:\windows\system32\rasapi32.dll |
c:\windows\system32\rasman.dll |
c:\windows\system32\rtutils.dll |
c:\windows\system32\nlaapi.dll |
c:\windows\system32\napinsp.dll |
c:\windows\system32\pnrpnsp.dll |
c:\windows\system32\winrnr.dll |
c:\windows\system32\netprofm.dll |
c:\windows\system32\npmproxy.dll |
c:\windows\system32\ntmarta.dll |
c:\windows\system32\secur32.dll |
c:\windows\system32\apphelp.dll |
c:\program files\winzip smart monitor\winzipsmartmonitor.exe |
Image |
---|
c:\program files\winzip smart monitor\winzipsmartmonitor.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\wtsapi32.dll |
c:\windows\system32\version.dll |
c:\windows\system32\ws2_32.dll |
c:\windows\system32\nsi.dll |
c:\windows\system32\wintrust.dll |
c:\windows\system32\crypt32.dll |
c:\windows\system32\msasn1.dll |
c:\windows\system32\winhttp.dll |
c:\windows\system32\webio.dll |
c:\windows\system32\wininet.dll |
c:\windows\system32\urlmon.dll |
c:\windows\system32\iertutil.dll |
c:\windows\system32\psapi.dll |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\winsta.dll |
c:\windows\system32\profapi.dll |
c:\windows\system32\imagehlp.dll |
c:\windows\system32\cryptsp.dll |
c:\windows\system32\rsaenh.dll |
c:\windows\system32\ncrypt.dll |
c:\windows\system32\bcrypt.dll |
c:\windows\system32\bcryptprimitives.dll |
c:\windows\system32\userenv.dll |
c:\windows\system32\gpapi.dll |
c:\windows\system32\sspicli.dll |
c:\windows\system32\clbcatq.dll |
c:\windows\system32\wbem\wbemprox.dll |
c:\windows\system32\wbemcomn.dll |
c:\windows\system32\rpcrtremote.dll |
c:\windows\system32\wbem\wbemsvc.dll |
c:\windows\system32\wbem\fastprox.dll |
c:\windows\system32\ntdsapi.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
c:\windows\system32\ntmarta.dll |
c:\windows\system32\wldap32.dll |
c:\windows\system32\dnsapi.dll |
c:\windows\system32\iphlpapi.dll |
c:\windows\system32\winnsi.dll |
c:\windows\system32\normaliz.dll |
c:\windows\system32\schannel.dll |
c:\windows\system32\rasapi32.dll |
c:\windows\system32\rasman.dll |
c:\windows\system32\rtutils.dll |
c:\windows\system32\sensapi.dll |
c:\windows\system32\nlaapi.dll |
c:\windows\system32\rasadhlp.dll |
c:\windows\system32\mswsock.dll |
c:\windows\system32\wshtcpip.dll |
c:\windows\system32\wship6.dll |
c:\windows\system32\fwpuclnt.dll |
c:\windows\system32\credssp.dll |
c:\windows\system32\secur32.dll |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2196 | WinZip Smart Monitor Service.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D | US |
der
|
|
whitelisted |
2196 | WinZip Smart Monitor Service.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAEU4rgWp2Ty1wBkYdRCEyE%3D | US |
der
|
|
whitelisted |
2196 | WinZip Smart Monitor Service.exe | GET | 200 | 205.185.216.42:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US |
compressed
|
|
whitelisted |
2196 | WinZip Smart Monitor Service.exe | GET | 200 | 54.230.93.57:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US |
der
|
|
whitelisted |
2196 | WinZip Smart Monitor Service.exe | GET | 200 | 54.230.93.58:80 | http://x.ss2.us/x.cer | US |
der
|
|
whitelisted |
2196 | WinZip Smart Monitor Service.exe | GET | 200 | 54.230.93.2:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US |
der
|
|
whitelisted |
PID | Process | IP | ASN | CN | Reputation |
---|---|---|---|---|---|
2196 | WinZip Smart Monitor Service.exe | 93.184.220.29:80 | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2196 | WinZip Smart Monitor Service.exe | 52.54.209.7:443 | Amazon.com, Inc. | US | unknown |
2196 | WinZip Smart Monitor Service.exe | 54.230.93.170:80 | Amazon.com, Inc. | US | unknown |
2196 | WinZip Smart Monitor Service.exe | 205.185.216.42:80 | Highwinds Network Group, Inc. | US | whitelisted |
2196 | WinZip Smart Monitor Service.exe | 54.230.93.57:80 | Amazon.com, Inc. | US | unknown |
1412 | WinZipSmartMonitor.exe | 34.199.57.221:443 | Amazon.com, Inc. | US | unknown |
–– | –– | 34.199.57.221:443 | Amazon.com, Inc. | US | unknown |
–– | –– | 54.230.93.58:80 | Amazon.com, Inc. | US | suspicious |
–– | –– | 54.230.93.2:80 | Amazon.com, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
ocsp.digicert.com | 93.184.220.29
|
whitelisted |
updaterv.winzip.com | 52.54.209.7
52.4.170.111 |
unknown |
x.ss2.us | 54.230.93.170
54.230.93.58 54.230.93.183 54.230.93.43 |
whitelisted |
www.download.windowsupdate.com | 205.185.216.42
205.185.216.10 |
whitelisted |
o.ss2.us | 54.230.93.57
54.230.93.230 54.230.93.52 54.230.93.31 |
whitelisted |
api.winzip.com | 34.199.57.221
54.236.190.125 |
unknown |
ocsp.rootg2.amazontrust.com | 54.230.93.2
54.230.93.218 54.230.93.36 54.230.93.212 |
whitelisted |
No debug info.