Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename_IsI coRes.exe 1048576īinary string: D:\CodeBas es\isdev\s rc\Shared\ ISVBLogUti l\Release\ LogUtil.pd b source: msiexec.ex e, 0000000 1.00000002. Static PE information: Resource n ame: RT_VE RSION type : COM exec utable for DOS PE file contains executable resources (Code or Archives) Source: C:\Windows \Installer \MSI4D54.t mp String found in binary or memory: od o.com/CPS0 com/dwfcom poser-supp ortADSK_SI LENT_LICEN SETutti String found in binary or memory: p.entrust. String found in binary or memory: p.comodoca. pkioverhe id.nl/DomO rganisatie LatestCRL- G2.crl0 String found in binary or memory: 0 equals ww w. m (Yahoo) String found in binary or memory: login.yaho o.com0 equ als (Y ahoo) String found in binary or memory: login.yaho o.com equa ls (Ya hoo) Source: C:\Windows \System32\ msiexec.ex eįound strings which match to known social media urls msiĬhecks for available system drives (often done to infect USB drives) Found application associated with file extension.Successful, ratio: 100% (good quality ratio 96.4%).Number of analysed new started processes analysed: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |