Program did not start
MALICIOUS | SUSPICIOUS | INFO |
---|---|---|
LATENTBOT was detected
|
No suspicious indicators. |
No info indicators. |
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x002B4B8C | 0x002B4C00 | IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ | 6.35036 |
.itext | 0x002B6000 | 0x00002220 | 0x00002400 | IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ | 6.08773 |
.data | 0x002B9000 | 0x0000B318 | 0x0000B400 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 5.96419 |
.bss | 0x002C5000 | 0x00005ADC | 0x00000000 | IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 0 |
.idata | 0x002CB000 | 0x0000430A | 0x00004400 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 5.23088 |
.didata | 0x002D0000 | 0x0000088A | 0x00000A00 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 3.74949 |
.tls | 0x002D1000 | 0x00000040 | 0x00000000 | IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 0 |
.rdata | 0x002D2000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 0.205446 |
.reloc | 0x002D3000 | 0x00034760 | 0x00034800 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ | 6.73762 |
.rsrc | 0x00308000 | 0x00043200 | 0x00043200 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 5.80643 |
No exports.
Click at the process to see the details.
Image |
---|
c:\users\admin\desktop\a201dfd1858dd7beb422165ff251381b.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\msimg32.dll |
c:\windows\system32\version.dll |
c:\windows\system32\mpr.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\comdlg32.dll |
c:\windows\system32\winspool.drv |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\wtsapi32.dll |
c:\windows\system32\winsta.dll |
c:\windows\system32\uxtheme.dll |
c:\windows\system32\clbcatq.dll |
c:\windows\system32\ws2_32.dll |
c:\windows\system32\nsi.dll |
c:\windows\system32\profapi.dll |
c:\windows\system32\mswsock.dll |
c:\windows\system32\dnsapi.dll |
c:\windows\system32\iphlpapi.dll |
c:\windows\system32\winnsi.dll |
c:\windows\system32\setupapi.dll |
c:\windows\system32\cfgmgr32.dll |
c:\windows\system32\devobj.dll |
c:\windows\system32\propsys.dll |
c:\windows\system32\ntmarta.dll |
c:\windows\system32\wldap32.dll |
c:\windows\system32\fwpuclnt.dll |
c:\windows\system32\rasadhlp.dll |
c:\windows\system32\wship6.dll |
c:\windows\system32\wshtcpip.dll |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=HELLO | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=START&ID=80565951307F4245A6D82A0E3A1BBCCA | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=80565951307F4245A6D82A0E3A1BBCCA | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=80565951307F4245A6D82A0E3A1BBCCA | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=HELLO | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=START&ID=71C6CBA281064179AEFB86C2DC8D90E6 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=71C6CBA281064179AEFB86C2DC8D90E6 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=71C6CBA281064179AEFB86C2DC8D90E6 | US |
binary
text
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=71C6CBA281064179AEFB86C2DC8D90E6 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=71C6CBA281064179AEFB86C2DC8D90E6 | US |
binary
text
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 410 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=71C6CBA281064179AEFB86C2DC8D90E6 | US |
binary
text
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=HELLO | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=START&ID=5A98768D6D6444D0A86D00D7F5F80464 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=5A98768D6D6444D0A86D00D7F5F80464 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | –– | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=5A98768D6D6444D0A86D00D7F5F80464 | US |
binary
––
|
––
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 410 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=HELLO&ID=5A98768D6D6444D0A86D00D7F5F80464 | US |
binary
––
|
––
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=HELLO&ID= | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=START&ID=8180BACBCD22481A8326EC6AABCCC04B | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=8180BACBCD22481A8326EC6AABCCC04B | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=8180BACBCD22481A8326EC6AABCCC04B | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=8180BACBCD22481A8326EC6AABCCC04B | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=8180BACBCD22481A8326EC6AABCCC04B | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 410 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=8180BACBCD22481A8326EC6AABCCC04B | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=HELLO | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ACTION=START&ID=432EB41F4CAE443D913D08B82DEC1A14 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=432EB41F4CAE443D913D08B82DEC1A14 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | 200 | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=432EB41F4CAE443D913D08B82DEC1A14 | US |
binary
binary
|
|
suspicious |
3208 | a201dfd1858dd7beb422165ff251381b.exe | POST | –– | 18.218.52.120:1992 | http://18.218.52.120:1992/$rdgate?ID=432EB41F4CAE443D913D08B82DEC1A14 | US |
binary
––
|
––
|
suspicious |
PID | Process | IP | ASN | CN | Reputation |
---|---|---|---|---|---|
3208 | a201dfd1858dd7beb422165ff251381b.exe | 18.218.52.120:1992 | Amazon.com, Inc. | US | suspicious |
PID | Process | Class | Message |
---|---|---|---|
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | MALWARE [PTsecurity] LatentBot HTTP POST Checkin |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | MALWARE [PTsecurity] LatentBot HTTP POST Checkin |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | MALWARE [PTsecurity] LatentBot HTTP POST Checkin |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | MALWARE [PTsecurity] LatentBot HTTP POST Checkin |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | MALWARE [PTsecurity] LatentBot HTTP POST Checkin |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | MALWARE [PTsecurity] LatentBot HTTP POST Checkin |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
3208 | a201dfd1858dd7beb422165ff251381b.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] eStream SQL Remote Desktop |
No debug info.