String found in binary or memory: estamp.app le.com/ts0 1 String found in binary or memory: p.sectigo. String found in binary or memory: p.comodoca. String found in binary or memory: um.java.su n.com/thre ad.jspa?th readID=426 291&messag eID=199706 3 String found in binary or memory: nload.bitr ock.com/fe edback.php sions String found in binary or memory: nload.bitr ock.com/fe edback.php
String found in binary or memory: s.fedorapr / en-US/Fedo ra/13/html /SELinux_F AQ/index.h tml#id3037 154 sectigo.c om/Sectigo RSATimeSta mpingCA.cr t0# sectigo.c om/Sectigo RSATimeSta mpingCA.cr l0t com/COMODO RSACertifi cationAuth ority.crl0 q Uses code obfuscation techniques (call, push, ret) Sample file is different than original file name gathered from version info Queries the volume information (name, serial number etc) of a device Queries information about the installed CPU (vendor, model number etc) Potential key logger detected (key state polling based) PE file contains sections with non-standard names PE file contains more sections than normal system language)Ĭontains functionality to check if a window is minimized (may be used to check if an application is visible)Ĭontains functionality to dynamically determine API callsĬontains functionality to query CPU information (cpuid)Ĭontains functionality to read the clipboard dataĬontains functionality to retrieve information about pressed keystrokesĬontains functionality which may be used to detect a debugger (GetProcessHeap)Įxtensive use of GetProcAddress (often used to hide API calls)įound dropped PE file which has not been started or loadedįound potential string decryption / allocating functions
Contains functionality for read data from the clipboardĬontains functionality locales information (e.g.
0 kommentar(er)
