![]() Filename: ASP_v2_0_P.exe, Detection: malicious, Browse. ![]() Antivirus: ReversingLabs, Detection: 0%.Antivirus: Metadefender, Detection: 0%, Browse.Antivirus: Virustotal, Detection: 2%, Browse.Remotely Track Device Without Authorization patch.v2.0 -painter.e xe, 000000 00.0000000 2.63162994 6.00000000 00E10000.0 0000002.00 000001.sdm pīinary or memory string: NProgram M anagerīinary or memory string: Shell_Tray WndReBarWi ndow32MSTa skSwWClass ToolbarWin dow32SVĮavesdrop on Insecure Network Communication May try to detect the Windows Explorer process (often used for injection) Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\WOW6 432Node\CL SID\\InProcS erver32Įxecutable creates window controls seldom found in malware Uses an in-process (OLE) Automation server Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers Key opened: HKEY_CURRE NT_USER\So ftware\Bor land\Delph i\Locales ![]() Parts of this applications are using Borland Delphi (Probably coded in Delphi) exeįile created: C:\Users\u ser\AppDat a\Local\Te mp\vgm_pla yer.dll Source: C:\Users\u ser\Deskto p\adobe.sn r.patch.v2. ![]() MPRESS1 ZL IB complex ity 1.0003 091277Ĭlassification label: mal60.evad temporary files text) which is very likely to contain packed code (zlib compression ratio < 0.011) Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |