Contains functionality to download additional files from the internet | Show sources |
Source: C:\gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe.exe | Code function: 0_0_00405CB0 DeleteFileA,URLDownloadToFileA,ShellExecuteA, |
Urls found in memory or binary data | Show sources |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://er.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://fc-zenit.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://kremlin.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://kvk-business.com/sozdanie-saytov/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://mvd.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://pella.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://premier.gov.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://pvppw.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://vkontakte.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://www.gofuckbiz.com/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://www.niagarastar.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://www.odnoklassniki.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://www.pfc-cska.com/splash/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://www.rfs.ru/ |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://zhyk.ru/ |
Contains functionality to download and execute PE files | Show sources |
Source: C:\gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe.exe | Code function: 0_0_00405CB0 DeleteFileA,URLDownloadToFileA,ShellExecuteA, |
Found strings which match to known social media urls | Show sources |
Source: svchost.exe, gbot-ddos.prv-3eebf8a3de8fbb1a92aeae7b22f81e23.exe, svchost.exe.dr | String found in binary or memory: http://vkontakte.ru/ equals www.vkontakte.ru (VKontakte) |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: queries for: ddos.prv |
Tries to resolve domain names, but no domain seems valid (experied dropper behavior) | Show sources |
Source: unknown | DNS traffic detected: |