Process created: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE 'C:\Users \user~1\Ap pData\Loca l\Temp\cet rainers\CE T6C4D.tmp\ Stranded D eep V0.48. Process created: C:\Users\u ser\Deskto p\Stranded Deep V0.4 8.00 64Bit Trainer 11 MrAntiF un.EXE 'C: \Users\use r\Desktop\ Stranded D eep V0.48. SQL strings found in memory and binary dataīinary or memory string: create tab le modules (ptrid int eger not n ull, modul eid intege r not null, name cha r(256) not null, pri mary key ( ptrid, mod uleid) ) īinary or memory string: CREATE TAB LE pointer files_endw ithoffsetl ist ( `pt rid`INTEGE R NOT NULL, `offset nr`INTEGER NOT NULL, `offsetv alue`INTEG ER NOT NUL L, PRIMAR Y KEY(ptri d,offsetnr )) īinary or memory string: CREATE TAB LE pointer files (`pt rid`INTEGE R NOT NULL PRIMARY K EY AUTOINC REMENT,`na me`char(25 6) NOT NUL L,`maxleve l`INTEGER, `compresse dptr`INTEG ER,`unalli gned`INTEG ER,`MaxBit CountModul eIndex`INT EGER,`MaxB itCountMod uleOffset` INTEGER,`M axBitCount Level`INTE GER,`MaxBi tCountOffs et`INTEGER ) Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section Source: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXEīinary contains device paths (device paths are often used for kernel mode user mode communication)īinary contains paths to development resourcesĬlassification label: mal64.evad temporary filesįile created: C:\Users\u ser~1\AppD ata\Local\ Temp\cetra iners Source: C:\Users\u ser\Deskto p\Stranded Deep V0.4 8.00 64Bit Trainer 11 MrAntiF un.EXE Static PE information: Resource n ame: RT_RC DATA type: PE32 exec utable (GU I) In(stri pped to ex ternal PDB ), for MS Windows PE file contains executable resources (Code or Archives) Source: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\extr acted\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE Key, Mouse, Clipboard, Microphone and Screen Capturing:ĭropped file seen in connection with other malwareĭropped File: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE CD86234CF 14DFC0E66A E9E575326F D0CF74723A 5A60337F70 79C0540B6D A5C8B String found in binary or memory: w.paypal.c om/xclick/ business=d ark_byte%4 0hotmail.c om
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |