![]() ![]() Static PE information: TERMINAL_S ERVER_AWAR E, DYNAMIC _BASE, NX_ COMPATįound stalling execution ending in API Sleep call Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\WOW6 432Node\CL SID\\InprocS erver32Ĭontains modern PE file flags such as dynamic base (ASLR) or NX Uses an in-process (OLE) Automation server Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers text section and no other executable section text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READĬlassification label: mal88.evad functionality to load and extract PE file embedded resourcesĬode function: 0_2_009410 37 GetModu leHandleA, FindResour ceA,Sizeof Resource,L oadResourc e,VirtualA lloc,RtlMo veMemory,G etTempPath A,lstrcatA ,LoadLibra ryA,GetPro cAddress,F reeLibrary ,DeleteFil eA,įile created: C:\Users\u ser\AppDat a\Local\Te mp\dup2pat cher.dll Revo uninstaller pro crack 64 bit 2016 code#text section which is very likely to contain packed code (zlib compression ratio < 0.3) exe, refe rence = Di sclosed CN Honker Pe ntest Tool set, licen se = https ://creativ ecommons.o rg/license s/by-nc/4. Matched rule: CN_Honker_ Acunetix_W eb_Vulnera bility_Sca nner_8_x_E nterprise_ Edition_Ke yGen date = 2015-06- 23, author = Florian Roth, des cription = Sample fr om CN Honk er Pentest Toolset - file Acun etix_Web_V ulnerabili ty_Scanner _8.x_Enter prise_Edit ion_KeyGen. Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Static PE information: Resource n ame: RT_RC DATA type: PE32 exec utable (DL L) (GUI) I ntel 80386, for MS W indows PE file contains executable resources (Code or Archives) Source: C:\Users\u ser\Deskto p\revo.uni nstaller.p ro-patch.e xe text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_ME M_WRITE, I MAGE_SCN_C NT_CODE, I MAGE_SCN_M EM_READ Matched rule: Sample fro m CN Honke r Pentest Toolset - file Acune tix_Web_Vu lnerabilit y_Scanner_ 8.x_Enterp rise_Editi on_KeyGen. Source: revo.unins taller.pro -patch.exe, type: SA MPLE Malicious sample detected (through community Yara rule) Key, Mouse, Clipboard, Microphone and Screen Capturing: String found in binary or memory: w.uret.in/ G Source: revo.unins taller.pro -patch.exe, 00000000. String found in binary or memory: w.uret.in/ ArttomovNo vember String found in binary or memory: w.uret.in/. ![]() String found in binary or memory: w.uret.in/ String found in binary or memory: w.revounin stallerpro. String found in binary or memory: blo2oo2.cj b.netP0 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |