![]() String found in binary or memory: /D eadHunter String found in binary or memory: /C oolgeek789 String found in binary or memory: /B enoitPoule t String found in binary or memory: javu-fonts. ![]() jrsoftwar e.org/ishe lp/index.p hp?topic=s etupcmdlin eSetupU jrsoftwar e.org/ishe lp/index.p hp?topic=s etupcmdlin e Source: Nagstamon- 3.4.1-win6 4_setup.ex e String found in binary or memory: .sy 07 ![]() String found in binary or memory: crl.ws.sym / tss-ca-g2. ![]() String found in binary or memory: aia.ws.sym / tss-ca-g2. String found in binary or memory: / tl.crt0 String found in binary or memory: / tl.crl0 String found in binary or memory: / ThawtePCA. String found in binary or memory: ipodi.sour ceforge.ne t/DTD/sodi podi-0.dtd String found in binary or memory: rg/OFLhttp ://scripts. String found in binary or memory: rg/OFL String found in binary or memory: io/licensi ng/ String found in binary or memory: project.or g/ String found in binary or memory: p.thawte.c om0 String found in binary or memory: p.digicert. String found in binary or memory: 4.digicert. String found in binary or memory: 3.digicert. String found in binary or memory: ativecommo ns.org/ns# String found in binary or memory: erts.digic ert.com/Di giCertSHA2 AssuredIDC odeSigning CA.crt0 String found in binary or memory: erts.digic ert.com/Di giCertAssu redIDRootC A.crt0 1-win64_se tup.tmpĬode function: 2_2_005EA2 D0 FindFir stFileW,Ge tLastError ,Ĭode function: 2_2_0040CB FC FindFir stFileW,Fi ndClose,Ĭode function: 2_2_006424 84 FindFir stFileW,Se tFileAttri butesW,Fin dNextFileW ,FindClose ,Ĭode function: 2_2_0040C6 30 GetModu leHandleW, GetProcAdd ress,FindF irstFileW, FindClose, lstrlenW,l strlenW, Source: C:\Users\u ser\AppDat a\Local\Te mp\is-PJSK 7.tmp\Nags tamon-3.4. exeĬode function: 0_2_0040B2 68 FindFir stFileW,Fi ndClose,Ĭode function: 0_2_0040AC 9C GetModu leHandleW, GetProcAdd ress,FindF irstFileW, FindClose, lstrlenW,l strlenW, Source: C:\Users\u ser\Deskto p\Nagstamo n-3.4.1-wi n64_setup. Uses code obfuscation techniques (call, push, ret)Ĭontains functionality to enumerate / list files inside a directory Stores files to the Windows start menu directory Sample file is different than original file name gathered from version info Sample execution stops while process was sleeping (likely an evasion) Queries the volume information (name, serial number etc) of a device PE file contains sections with non-standard names PE file contains executable resources (Code or Archives) system language)Ĭontains functionality to check if a window is minimized (may be used to check if an application is visible)Ĭontains functionality to launch a program with higher privilegesĬontains functionality to query CPU information (cpuid)Ĭontains functionality to shutdown / reboot the systemĬreates a process in suspended mode (likely to inject code)Ĭreates a start menu entry (Start Menu\Programs\Startup)įound dropped PE file which has not been started or loadedįound evasive API chain checking for process token informationįound potential string decryption / allocating functions Contains functionality locales information (e.g.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |