![]() ![]() Static file information: File size 5651456 > 1048576 Submission file is bigger than most known malware samples Process created: C:\Users\u ser\Deskto p\winx dvd ripper pl atinum 8.2 0_59336416 21.exe 'C: \Users\use r\Desktop\ winx dvd r ipper plat inum 8.20_ 5933641621. Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers Key opened: HKEY_CURRE NT_USER\So ftware\Bor land\Delph i\Locales Source: C:\Users\u ser\Deskto p\winx dvd ripper pl atinum 8.2 0_59336416 21.exe Parts of this applications are using Borland Delphi (Probably coded in Delphi) ![]() Mutant created: \Sessions\ 1\BaseName dObjects\L ocal\WERRe portingFor Process296 8įile created: C:\Program Data\Micro soft\Windo ws\WER\Tem p\WERB9BA. 00020000.s dmpīinary or memory string: OriginalFi lenameDebo tnet.exe vs win x dvd ripp er platinu m 8.20_593 3641621.ex eĬlassification label: mal64.evad mutexes Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Process created: C:\Windows \SysWOW64\ WerFault.e xe C:\Wind ows\SysWOW 64\WerFaul t.exe -u - p 2968 -s 732 Source: C:\Windows \SysWOW64\ WerFault.e xeįile created: C:\Windows \AppCompat \Programs\ Amcache.hv e.tmp Remotely Track Device Without AuthorizationĬreates files inside the system directory Standard Non-Application Layer Protocol 2Įavesdrop on Insecure Network Communication ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |