Infosec Binary Analisys. Order_2018[10].jar
|
|
- Bernadette Walters
- 5 years ago
- Views:
Transcription
1 Order_2018[10].jar MalFamily: Adwind MalScore: 100 File type: File size: Java archive data (JAR) KB ( bytes) Compile time: :00:00 MD5: SHA1: 2b75faa67abae20e bb48aee 9f6e3ade58140db6799fe485271d81eaeafe2425 Submitted: :52:50 Antivirus Report Report date Detection Ratio Permalink :54:49 26/61 10 Behaviors detected by system signatures Created network traffic indicative of malicious activity - signature: ET DNS Query to a *.top domain - Likely Hostile Attempts to disable System Restore Creates a hidden or system file - file: C:\Users\Seven01\oUsZTWQEGIh\gOKhHhQlZaP.kJXFFD - file: C:\Users\Seven01\oUsZTWQEGIh\ID.txt - file: C:\Users\Seven01\oUsZTWQEGIh Installs itself for autorun at Windows startup - key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WDVvVoXJRza - data: "C:\Users\Seven01\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Seven01\oUsZTWQEGIh\gOKhHhQlZaP.kJXFFD" Execution Options\MWASER.EXE\debugger Execution Options\V3SP.exe\debugger Page 1 Date: :36:39
2 Execution Options\clamscan.exe\debugger Execution Options\SCANWSCS.EXE\debugger Execution Options\MSASCui.exe\debugger Execution Options\WebCompanion.exe\debugger Execution Options\K7RTScan.exe\debugger Execution Options\CisTray.exe\debugger Execution Options\guardxkickoff_x64.exe\debugger Execution Options\K7PSSrvc.exe\debugger Execution Options\ProcessHacker.exe\debugger Execution Options\SDFSSvc.exe\debugger Execution Options\K7AVScan.exe\debugger Execution Options\GdBgInx64.exe\debugger Execution Options\AVKTray.exe\debugger Execution Options\fsgk32.exe\debugger Execution Options\K7EmlPxy.EXE\debugger Execution Options\V3Svc.exe\debugger Execution Options\MCShieldDS.exe\debugger Execution Options\AVKProxy.exe\debugger Execution Options\SAPISSVC.EXE\debugger Execution Options\GDScan.exe\debugger Execution Options\scproxysrv.exe\debugger Page 2 Date: :36:39
3 Execution Options\SDTray.exe\debugger Execution Options\SASCore64.exe\debugger Execution Options\FSHDLL64.exe\debugger Execution Options\virusutilities.exe\debugger Execution Options\nvcod.exe\debugger Execution Options\twssrv.exe\debugger Execution Options\EMLPROXY.EXE\debugger Execution Options\coreServiceShell.exe\debugger Execution Options\NS.exe\debugger Execution Options\mbamscheduler.exe\debugger Execution Options\fssm32.exe\debugger Execution Options\ClamWin.exe\debugger Execution Options\trigger.exe\debugger Execution Options\fsorsp.exe\debugger Execution Options\BullGuardUpdate.exe\debugger Execution Options\FortiTray.exe\debugger Execution Options\avpmapp.exe\debugger Execution Options\utsvc.exe\debugger Execution Options\mbamservice.exe\debugger Execution Options\FProtTray.exe\debugger Execution Options\escanmon.exe\debugger Page 3 Date: :36:39
4 Execution Options\nnf.exe\debugger Execution Options\K7TSMain.exe\debugger Execution Options\K7FWSrvc.exe\debugger Execution Options\acs.exe\debugger Execution Options\PtWatchDog.exe\debugger Execution Options\ONLINENT.EXE\debugger Execution Options\FilUp.exe\debugger Execution Options\FCDBlog.exe\debugger Execution Options\FSM32.EXE\debugger Execution Options\SDScan.exe\debugger Execution Options\FCHelper64.exe\debugger Execution Options\njeeves2.exe\debugger Execution Options\av_task.exe\debugger Execution Options\V3Medic.exe\debugger Execution Options\FPAVServer.exe\debugger Execution Options\CertReg.exe\debugger Execution Options\Bav.exe\debugger Execution Options\PSUAService.exe\debugger Execution Options\SBPIMSvc.exe\debugger Execution Options\FortiProxy.exe\debugger Execution Options\MCShieldRTM.exe\debugger Page 4 Date: :36:39
5 Execution Options\econceal.exe\debugger Execution Options\BullGuard.exe\debugger Execution Options\FilMsg.exe\debugger Execution Options\SUPERDelete.exe\debugger Execution Options\tshark.exe\debugger Execution Options\VIPREUI.exe\debugger Execution Options\nseupdatesvc.exe\debugger Execution Options\nwscmon.exe\debugger Execution Options\freshclam.exe\debugger Execution Options\nvcsvc.exe\debugger Execution Options\QUHLPSVC.EXE\debugger Execution Options\uiUpdateTray.exe\debugger Execution Options\procexp.exe\debugger Execution Options\OPSSVC.EXE\debugger Execution Options\cmdagent.exe\debugger Execution Options\BullGuardBhvScanner.exe\debugger Execution Options\BgScan.exe\debugger Execution Options\FortiSSLVPNdaemon.exe\debugger Execution Options\AdAwareTray.exe\debugger Execution Options\capinfos.exe\debugger Execution Options\Zanda.exe\debugger Page 5 Date: :36:39
6 Execution Options\dragon_updater.exe\debugger Execution Options\ScSecSvc.exe\debugger Execution Options\LittleHook.exe\debugger Execution Options\PtSvcHost.exe\debugger Execution Options\SCANNER.EXE\debugger Execution Options\BavTray.exe\debugger Execution Options\FSMA32.EXE\debugger Execution Options\FortiClient_Diagnostic_Tool.exe\debugger Execution Options\MpCmdRun.exe\debugger Execution Options\nvoy.exe\debugger Execution Options\UnThreat.exe\debugger Execution Options\K7SysMon.Exe\debugger Execution Options\NisSrv.exe\debugger Execution Options\Zlh.exe\debugger Execution Options\cis.exe\debugger Execution Options\AVK.exe\debugger Execution Options\UserReg.exe\debugger Execution Options\TRAYICOS.EXE\debugger Execution Options\SBAMTray.exe\debugger Execution Options\MpUXSrv.exe\debugger Execution Options\GDKBFltExe32.exe\debugger Page 6 Date: :36:39
7 Execution Options\AVKService.exe\debugger Execution Options\filwscc.exe\debugger Execution Options\ClamTray.exe\debugger Execution Options\FortiFW.exe\debugger Execution Options\V3Proxy.exe\debugger Execution Options\uiWatchDog.exe\debugger Execution Options\MsMpEng.exe\debugger Execution Options\nprosec.exe\debugger Execution Options\AVKWCtlx64.exe\debugger Execution Options\twsscan.exe\debugger Execution Options\freshclamwrap.exe\debugger Execution Options\MCShieldCCC.exe\debugger Execution Options\mergecap.exe\debugger Execution Options\fshoster32.exe\debugger Execution Options\TRAYSSER.EXE\debugger Execution Options\iptray.exe\debugger Execution Options\CONSCTLX.EXE\debugger Execution Options\V3Up.exe\debugger Execution Options\op_mon.exe\debugger Execution Options\SUPERAntiSpyware.exe\debugger Execution Options\VIEWTCP.EXE\debugger Page 7 Date: :36:39
8 Execution Options\FortiESNAC.exe\debugger Execution Options\K7TSecurity.exe\debugger Execution Options\K7TSMngr.exe\debugger Execution Options\escanpro.exe\debugger Execution Options\fmon.exe\debugger Execution Options\GDSC.exe\debugger Execution Options\schmgr.exe\debugger Execution Options\MWAGENT.EXE\debugger Execution Options\K7CrvSvc.exe\debugger Execution Options\PtSessionAgent.exe\debugger Execution Options\fcappdb.exe\debugger Execution Options\text2pcap.exe\debugger Execution Options\editcap.exe\debugger Execution Options\SBAMSvc.exe\debugger Execution Options\SSUpdate64.exe\debugger Execution Options\SDWelcome.exe\debugger Execution Options\nanosvc.exe\debugger Execution Options\AdAwareDesktop.exe\debugger Execution Options\ConfigSecurityPolicy.exe\debugger Execution Options\BavWebClient.exe\debugger Execution Options\BavUpdater.exe\debugger Page 8 Date: :36:39
9 Execution Options\uiWinMgr.exe\debugger Execution Options\psview.exe\debugger Execution Options\BDSSVC.EXE\debugger Execution Options\BavSvc.exe\debugger Execution Options\quamgr.exe\debugger Execution Options\nfservice.exe\debugger Execution Options\V3Main.exe\debugger Execution Options\PSANHost.exe\debugger Execution Options\uiSeAgnt.exe\debugger Execution Options\mbam.exe\debugger Execution Options\dumpcap.exe\debugger Execution Options\zlhh.exe\debugger Execution Options\econser.exe\debugger Execution Options\BullGuarScanner.exe\debugger Execution Options\AdAwareService.exe\debugger Execution Options\AgentSvc.exe\debugger Execution Options\SASTask.exe\debugger Execution Options\coreFrameworkHost.exe\debugger Execution Options\wireshark.exe\debugger Execution Options\rawshark.exe\debugger Execution Options\MCS-Uninstall.exe\debugger Page 9 Date: :36:39
10 Execution Options\cavwp.exe\debugger Execution Options\nanoav.exe\debugger Execution Options\bavhm.exe\debugger Execution Options\nbrowser.exe\debugger Execution Options\PSUAMain.exe\debugger Execution Options\FPWin.exe\debugger Execution Options\guardxservice.exe\debugger Execution Options\FortiClient.exe\debugger A process created a hidden window - Process: java.exe -> "C:\Program Files (x86)\java\jre1.8.0_74\bin\java.exe" -jar C:\Users\Seven01\AppData\Local\Temp\_ class - Process: java.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: java.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: java.exe -> cmd.exe - Process: java.exe -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v WDVvVoXJRza /t REG_EXPAND_SZ /d "\"C:\Users\Seven01\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\Seven01\oUsZTWQEGIh\gOKhHhQlZaP.kJXFFD\"" /f - Process: java.exe -> attrib +h "C:\Users\Seven01\oUsZTWQEGIh\*.*" - Process: java.exe -> attrib +h "C:\Users\Seven01\oUsZTWQEGIh" - Process: java.exe -> C:\Users\Seven01\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\Seven01\oUsZTWQEGIh\gOKhHhQlZaP.kJXFFD - Process: java.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: java.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: java.exe -> xcopy "C:\Program Files (x86)\java\jre1.8.0_74" "C:\Users\Seven01\AppData\Roaming\Oracle\" /e - Process: java.exe -> cmd.exe - Process: javaw.exe -> C:\Users\Seven01\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\Seven01\AppData\Local\Temp\_ class - Process: javaw.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: javaw.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: javaw.exe -> cmd.exe - Process: javaw.exe -> taskkill /IM ProcessHacker.exe /T /F - Process: javaw.exe -> cmd.exe /c regedit.exe /s C:\Users\Seven01\AppData\Local\Temp\rHYYVTtfJg reg - Process: javaw.exe -> taskkill /IM procexp.exe /T /F - Process: javaw.exe -> taskkill /IM MSASCui.exe /T /F - Process: javaw.exe -> taskkill /IM MsMpEng.exe /T /F Page 10 Date: :36:39
11 - Process: javaw.exe -> taskkill /IM MpUXSrv.exe /T /F - Process: javaw.exe -> taskkill /IM MpCmdRun.exe /T /F - Process: javaw.exe -> taskkill /IM NisSrv.exe /T /F - Process: javaw.exe -> taskkill /IM ConfigSecurityPolicy.exe /T /F - Process: javaw.exe -> taskkill /IM procexp.exe /T /F - Process: javaw.exe -> taskkill /IM wireshark.exe /T /F - Process: javaw.exe -> taskkill /IM tshark.exe /T /F - Process: javaw.exe -> taskkill /IM text2pcap.exe /T /F - Process: javaw.exe -> taskkill /IM rawshark.exe /T /F - Process: javaw.exe -> taskkill /IM mergecap.exe /T /F - Process: javaw.exe -> taskkill /IM editcap.exe /T /F - Process: javaw.exe -> taskkill /IM dumpcap.exe /T /F - Process: javaw.exe -> taskkill /IM capinfos.exe /T /F - Process: javaw.exe -> taskkill /IM mbam.exe /T /F - Process: javaw.exe -> taskkill /IM mbamscheduler.exe /T /F - Process: javaw.exe -> taskkill /IM mbamservice.exe /T /F - Process: javaw.exe -> taskkill /IM AdAwareService.exe /T /F - Process: javaw.exe -> taskkill /IM AdAwareTray.exe /T /F - Process: javaw.exe -> taskkill /IM WebCompanion.exe /T /F - Process: javaw.exe -> taskkill /IM AdAwareDesktop.exe /T /F - Process: javaw.exe -> taskkill /IM V3Main.exe /T /F - Process: javaw.exe -> taskkill /IM V3Svc.exe /T /F - Process: javaw.exe -> taskkill /IM V3Up.exe /T /F - Process: javaw.exe -> taskkill /IM V3SP.exe /T /F - Process: javaw.exe -> taskkill /IM V3Proxy.exe /T /F - Process: javaw.exe -> taskkill /IM V3Medic.exe /T /F - Process: javaw.exe -> taskkill /IM BgScan.exe /T /F - Process: javaw.exe -> taskkill /IM BullGuard.exe /T /F - Process: javaw.exe -> taskkill /IM BullGuardBhvScanner.exe /T /F - Process: javaw.exe -> taskkill /IM BullGuarScanner.exe /T /F - Process: javaw.exe -> taskkill /IM LittleHook.exe /T /F - Process: javaw.exe -> taskkill /IM BullGuardUpdate.exe /T /F - Process: javaw.exe -> taskkill /IM clamscan.exe /T /F - Process: javaw.exe -> taskkill /IM ClamTray.exe /T /F - Process: javaw.exe -> taskkill /IM ClamWin.exe /T /F - Process: javaw.exe -> taskkill /IM cis.exe /T /F - Process: javaw.exe -> taskkill /IM CisTray.exe /T /F - Process: javaw.exe -> taskkill /IM cmdagent.exe /T /F - Process: javaw.exe -> taskkill /IM cavwp.exe /T /F - Process: javaw.exe -> taskkill /IM dragon_updater.exe /T /F - Process: javaw.exe -> taskkill /IM MWAGENT.EXE /T /F - Process: javaw.exe -> taskkill /IM MWASER.EXE /T /F - Process: javaw.exe -> taskkill /IM CONSCTLX.EXE /T /F - Process: javaw.exe -> taskkill /IM avpmapp.exe /T /F - Process: javaw.exe -> taskkill /IM econceal.exe /T /F - Process: javaw.exe -> taskkill /IM escanmon.exe /T /F - Process: java.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: java.exe -> cmd.exe /C cscript.exe C:\Users\Seven01\AppData\Local\Temp\Retrive vbs - Process: java.exe -> cmd.exe Reads data out of its own binary image - self_read: process: cscript.exe, pid: 2968, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2968, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x , length: 0x Page 11 Date: :36:39
12 - self_read: process: cscript.exe, pid: 2328, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2328, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 1216, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 3000, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 676, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2844, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 572, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x000000e8, length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x000001e0, length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x00015e00, length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x00015e58, length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x00015f50, length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x , length: 0x self_read: process: cscript.exe, pid: 2104, offset: 0x , length: 0x Attempts to connect to a dead IP:Port (95 unique times) \x08\xef\xbf\xb6z\x16\xef\xbf\x8c\xef\xbf\xb5z\x160\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbf\xb8\xef\xbf\xb3\xef\xbe\x8f\x18\xef\xbe\xbc\xef\xbf\xb3\xef\xbe\x8f\x188kk\x17:0 h\xef\xbf\xb6\xef\xbe\x8f\x18,\xef\xbf\xb6\xef\xbe\x8f\x188kk\x17:0 \xef\xbe\xb8\xef\xbf\xad\xef\xbf\xae\x17 \xef\xbf\xad\xef\xbf\xae\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x Page 12 Date: :36:39
13 \xef\xbf\xb8\xef\xbf\xb1\xef\xbe\x8d\x18\xef\xbe\xbc\xef\xbf\xb1\xef\xbe\x8d\x188kk\x17:0 \xef\xbf\xa8\xef\xbf\xb1\xef\xbf\x84\x17\xef\xbe\xac\xef\xbf\xb1\xef\xbf\x84\x170\xef\xbf\x81\xef\xbe\x a5\x17:0 8\xef\xbf\xb2\xef\xbf\x84\x17\xef\xbf\xbc\xef\xbf\xb1\xef\xbf\x84\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 (\xef\xbf\xae\xef\xbe\x8a\x17\xef\xbf\xac\xef\xbf\xad\xef\xbe\x8a\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbf\x98\xef\xbf\xad\xef\xbf\x8b\x17\xef\xbe\x9c\xef\xbf\xad\xef\xbf\x8b\x170\xef\xbf\x81\xef\xbe\x a5\x17:0 \xef\xbe\x98\xef\xbf\xb1\xef\xbe\xb3\x17\\xef\xbf\xb1\xef\xbe\xb3\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 x\xef\xbf\xb7z\x17<\xef\xbf\xb7z\x178kk\x17:0 \xef\xbe\x88\xef\xbf\xb3\xef\xbf\x85\x17l\xef\xbf\xb3\xef\xbf\x85\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbe\xa8\xef\xbf\xb0\xef\xbf\x85\x17l\xef\xbf\xb0\xef\xbf\x85\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbe\xb8\xef\xbf\xb5\xef\xbf\xa4\x17 \xef\xbf\xb5\xef\xbf\xa4\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x H\xef\xbf\xb4\xef\xbe\xb5\x17\x0c\xef\xbf\xb4\xef\xbe\xb5\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \x18\xef\xbf\xb4\xef\xbf\x97\x17\xef\xbf\x9c\xef\xbf\xb3\xef\xbf\x97\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x \xef\xbe\x98\xef\xbf\xb4\xef\xbe\x98\x18\\xef\xbf\xb4\xef\xbe\x98\x188kk\x17:0 (\xef\xbf\xb4\xef\xbf\x8c\x17\xef\xbf\xac\xef\xbf\xb3\xef\xbf\x8c\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 H\xef\xbf\xb1\xef\xbe\xb2\x17\x0c\xef\xbf\xb1\xef\xbe\xb2\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \x08\xef\xbf\xb2\xef\xbf\xb1\x17\xef\xbf\x8c\xef\xbf\xb1\xef\xbf\xb1\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x 8\xef\xbf\xb0\xef\xbe\x9f\x16\xef\xbf\xbc\xef\xbf\xaf\xef\xbe\x9f\x160\xef\xbf\x81\xef\xbe\xa5\x17:0 X\xef\xbf\xb5\xef\xbf\x9f\x17\x1c\xef\xbf\xb5\xef\xbf\x9f\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x 8\xef\xbf\xb2\xef\xbf\x96\x17\xef\xbf\xbc\xef\xbf\xb1\xef\xbf\x96\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x (\xef\xbf\xb6\xef\xbf\xad\x17\xef\xbf\xac\xef\xbf\xb5\xef\xbf\xad\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\xb 1\x17:0 \x08\xef\xbf\xb1\xef\xbf\x81\x17\xef\xbf\x8c\xef\xbf\xb0\xef\xbf\x81\x170\xef\xbf\x81\xef\xbe\xa5\x17: 0 x\xef\xbf\xb2g\x18<\xef\xbf\xb2g\x188kk\x17:0 \x08\xef\xbf\xb6\xef\xbf\xa1\x17\xef\xbf\x8c\xef\xbf\xb5\xef\xbf\xa1\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x 8\xef\xbf\xb2\xef\xbf\xb2\x17\xef\xbf\xbc\xef\xbf\xb1\xef\xbf\xb2\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbf\x88\xef\xbf\xafz\x17\xef\xbe\x8c\xef\xbf\xafz\x178kk\x17:0 \x08\xef\xbf\xaf\xef\xbe\xa0\x18\xef\xbf\x8c\xef\xbf\xae\xef\xbe\xa0\x188kk\x17:0 x\xef\xbf\xb7\xef\xbf\xac\x17<\xef\xbf\xb7\xef\xbf\xac\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbf\x88\xef\xbf\xb1{\x16\xef\xbe\x8c\xef\xbf\xb1{\x160\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbf\xa8\xef\xbf\xb3\xef\xbe\x9f\x18\xef\xbe\xac\xef\xbf\xb3\xef\xbe\x9f\x188kk\x17:0 h\xef\xbf\xb5\xef\xbf\x9f\x17,\xef\xbf\xb5\xef\xbf\x9f\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x Page 13 Date: :36:39
14 \xef\xbe\x88\xef\xbf\xb5\xef\xbf\xa9\x16l\xef\xbf\xb5\xef\xbf\xa9\x16\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbe\x98\xef\xbf\xb2\x7f\x18\\xef\xbf\xb2\x7f\x188kk\x17:0 \x18\xef\xbf\xb3\xef\xbf\xa7\x17\xef\xbf\x9c\xef\xbf\xb2\xef\xbf\xa7\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x \x08\xef\xbf\xb7\xef\xbf\x81\x17\xef\xbf\x8c\xef\xbf\xb6\xef\xbf\x81\x170\xef\xbf\x81\xef\xbe\xa5\x17: 0 \xef\xbf\x88\xef\xbf\xb5\xef\xbe\x94\x18\xef\xbe\x8c\xef\xbf\xb5\xef\xbe\x94\x188kk\x17:0 \xef\xbf\x88\xef\xbf\xb0\xef\xbf\xa6\x17\xef\xbe\x8c\xef\xbf\xb0\xef\xbf\xa6\x17\xef\xbe\xa0\xef\xbf\xa f\xef\xbe\x \xef\xbf\x98\xef\xbf\xb39\x17\xef\xbe\x9c\xef\xbf\xb39\x178kk\x17:0 \x18\xef\xbf\xb1\xef\xbf\x9d\x17\xef\xbf\x9c\xef\xbf\xb0\xef\xbf\x9d\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x \xef\xbf\xa8\xef\xbf\xb5\xef\xbf\xaa\x16\xef\xbe\xac\xef\xbf\xb5\xef\xbf\xaa\x16\xef\xbe\xa0\xef\xbf\xa f\xef\xbe\x \xef\xbe\x88\xef\xbf\xb5[\x17l\xef\xbf\xb5[\x178kk\x17:0 x\xef\xbf\xb2\xef\xbf\x82\x17<\xef\xbf\xb2\xef\xbf\x82\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x x\xef\xbf\xb2\xef\xbe\xa0\x18<\xef\xbf\xb2\xef\xbe\xa0\x188kk\x17:0 \xef\xbf\xa8\xef\xbf\xb1\xef\xbe\x8c\x17\xef\xbe\xac\xef\xbf\xb1\xef\xbe\x8c\x17\xef\xbe\xa0\xef\xbf\x af\xef\xbe\x \xef\xbe\xb8\xef\xbf\xb5\xef\xbe\xb3\x17 \xef\xbf\xb5\xef\xbe\xb3\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbf\xb8\xef\xbf\xb58\x17\xef\xbe\xbc\xef\xbf\xb58\x178kk\x17:0 \xef\xbf\xa8\xef\xbf\xb5\xef\xbf\x9e\x17\xef\xbe\xac\xef\xbf\xb5\xef\xbf\x9e\x17\xef\xbe\xa0\xef\xbf\xa f\xef\xbe\x X\xef\xbf\xb4\xef\xbe\x8c\x18\x1c\xef\xbf\xb4\xef\xbe\x8c\x188kk\x17:0 H\xef\xbf\xb3\xef\xbe\xb0\x17\x0c\xef\xbf\xb3\xef\xbe\xb0\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbe\xb8\xef\xbf\xb4\xef\xbe\x92\x18 \xef\xbf\xb4\xef\xbe\x92\x188kk\x17:0 \xef\xbe\xa8\xef\xbf\xb5\xef\xbf\x81\x17l\xef\xbf\xb5\xef\xbf\x81\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x X\xef\xbf\xb6\xef\xbf\xa0\x17\x1c\xef\xbf\xb6\xef\xbf\xa0\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\xb1\x17: 0 \xef\xbf\x98\xef\xbf\xb0\xef\xbf\x91\x17\xef\xbe\x9c\xef\xbf\xb0\xef\xbf\x91\x17\xef\xbe\xa0\xef\xbf\xa f\xef\xbe\x (\xef\xbf\xaf\xef\xbf\xa1\x17\xef\xbf\xac\xef\xbf\xae\xef\xbf\xa1\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\xb 1\x17:0 \xef\xbf\xa8\xef\xbf\xb4\xef\xbe\xb1\x17\xef\xbe\xac\xef\xbf\xb4\xef\xbe\xb1\x170\xef\xbf\x81\xef\xbe\ xa5\x17:0 8\xef\xbf\xb2\xef\xbf\x84\x17\xef\xbf\xbc\xef\xbf\xb1\xef\xbf\x84\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x (\xef\xbf\xaf\xef\xbe\x96\x18\xef\xbf\xac\xef\xbf\xae\xef\xbe\x96\x188kk\x17:0 \xef\xbf\xa8\xef\xbf\xb6\xef\xbe\xb3\x17\xef\xbe\xac\xef\xbf\xb6\xef\xbe\xb3\x170\xef\xbf\x81\xef\xbe\ xa5\x17:0 \x18\xef\xbf\xb38\x17\xef\xbf\x9c\xef\xbf\xb28\x178kk\x17:0 h\xef\xbf\xaf\xef\xbf\xa9\x17,\xef\xbf\xaf\xef\xbf\xa9\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x Page 14 Date: :36:39
15 \xef\xbf\xa8\xef\xbf\xb2\xef\xbf\x87\x16\xef\xbe\xac\xef\xbf\xb2\xef\xbf\x87\x16\xef\xbe\xa0\xef\xbf\xa f\xef\xbe\x x\xef\xbf\xb3\xef\xbf\xae\x17<\xef\xbf\xb3\xef\xbf\xae\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \x18\xef\xbf\xb3\xef\xbf\x9d\x17\xef\xbf\x9c\xef\xbf\xb2\xef\xbf\x9d\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x \xef\xbf\x98\xef\xbf\xb1\xef\xbe\xb2\x17\xef\xbe\x9c\xef\xbf\xb1\xef\xbe\xb2\x170\xef\xbf\x81\xef\xbe\ xa5\x17:0 \xef\xbe\x98\xef\xbf\xb2\xef\xbf\xa4\x16\\xef\xbf\xb2\xef\xbf\xa4\x160\xef\xbf\x81\xef\xbe\xa5\x17:0 h\xef\xbf\xb3\xef\xbe\x8b\x18,\xef\xbf\xb3\xef\xbe\x8b\x188kk\x17:0 \x18\xef\xbf\xb1\xef\xbf\xb8\x16\xef\xbf\x9c\xef\xbf\xb0\xef\xbf\xb8\x160\xef\xbf\x81\xef\xbe\xa5\x17: 0 \xef\xbe\x98\xef\xbf\xb5\xef\xbf\x84\x16\\xef\xbf\xb5\xef\xbf\x84\x16\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbf\xa8\xef\xbf\xb6\xef\xbf\x90\x17\xef\xbe\xac\xef\xbf\xb6\xef\xbf\x90\x170\xef\xbf\x81\xef\xbe\x a5\x17:0 \x18\xef\xbf\xb1\xef\xbf\x90\x17\xef\xbf\x9c\xef\xbf\xb0\xef\xbf\x90\x170\xef\xbf\x81\xef\xbe\xa5\x17: 0 h\xef\xbf\xb2\xef\xbe\x8c\x18,\xef\xbf\xb2\xef\xbe\x8c\x188kk\x17:0 (\xef\xbf\xb3\xef\xbf\x82\x17\xef\xbf\xac\xef\xbf\xb2\xef\xbf\x82\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \x18\xef\xbf\xb5\xef\xbe\x96\x18\xef\xbf\x9c\xef\xbf\xb4\xef\xbe\x96\x188kk\x17:0 \xef\xbe\x98\xef\xbf\xb4\xef\xbe\xb2\x17\\xef\xbf\xb4\xef\xbe\xb2\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbf\x98\xef\xbf\xb1\xef\xbf\x9f\x17\xef\xbe\x9c\xef\xbf\xb1\xef\xbf\x9f\x17\xef\xbe\xa0\xef\xbf\xaf\ xef\xbe\x x\xef\xbf\xb2\xef\xbf\x85\x16<\xef\xbf\xb2\xef\xbf\x85\x16\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbe\x98\xef\xbf\xb4\xef\xbe\x9a\x18\\xef\xbf\xb4\xef\xbe\x9a\x188kk\x17:0 \xef\xbe\xa8\xef\xbf\xb4\xef\xbf\xaa\x16l\xef\xbf\xb4\xef\xbf\xaa\x16\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x \xef\xbe\xa8\xef\xbf\xae\xef\xbf\x89\x17l\xef\xbf\xae\xef\xbf\x89\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 X\xef\xbf\xb0\xef\xbe\x9f\x18\x1c\xef\xbf\xb0\xef\xbe\x9f\x188kk\x17:0 \x08\xef\xbf\xb0\xef\xbf\xaf\x17\xef\xbf\x8c\xef\xbf\xaf\xef\xbf\xaf\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\ x \xef\xbf\x88\xef\xbf\xb3\xef\xbe\x8b\x18\xef\xbe\x8c\xef\xbf\xb3\xef\xbe\x8b\x188kk\x17:0 X\xef\xbf\xb2\xef\xbf\x81\x17\x1c\xef\xbf\xb2\xef\xbf\x81\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\xb1\x17: 0 \xef\xbe\x88\xef\xbf\xaf\xef\xbf\xa7\x16l\xef\xbf\xaf\xef\xbf\xa7\x16\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\xb 1\x17:0 \xef\xbf\xa8\xef\xbf\xb2\xef\xbe\xb6\x03\xef\xbe\xac\xef\xbf\xb2\xef\xbe\xb6\x03\xef\xbe\xa0\xef\xbf\x af\xef\xbe\x 8\xef\xbf\xb5\xef\xbf\x8b\x17\xef\xbf\xbc\xef\xbf\xb4\xef\xbf\x8b\x170\xef\xbf\x81\xef\xbe\xa5\x17:0 \xef\xbe\x88\xef\xbf\xb5\xef\xbf\x86\x16l\xef\xbf\xb5\xef\xbf\x86\x16\xef\xbe\xa0\xef\xbf\xaf\xef\xbe\x H\xef\xbf\xb69\x17\x0c\xef\xbf\xb69\x178kk\x17:0 X\xef\xbf\xb5z\x16\x1c\xef\xbf\xb5z\x160\xef\xbf\x81\xef\xbe\xa5\x17:0 Page 15 Date: :36:39
16 \x08\xef\xbf\xb5\xef\xbf\xa4\x17\xef\xbf\x8c\xef\xbf\xb4\xef\xbf\xa4\x17\xef\xbe\xa0\xef\xbf\xaf\xef\xb e\x \xef\xbf\x88\xef\xbf\xb1\xef\xbf\xa7\x17\xef\xbe\x8c\xef\xbf\xb1\xef\xbf\xa7\x17\xef\xbe\xa0\xef\xbf\xa f\xef\xbe\x \xef\xbf\xb8\xef\xbf\xb3\xef\xbe\xab\x18\xef\xbe\xbc\xef\xbf\xb3\xef\xbe\xab\x188kk\x17:0 A process attempted to delay the analysis task. - Process: taskkill.exe tried to sleep 1560 seconds, actually delayed analysis time by 0 seconds - Process: cscript.exe tried to sleep 540 seconds, actually delayed analysis time by 0 seconds Detected script timer window indicative of sleep style evasion - Window: WSH-Timer Possible date expiration check, exits too soon after checking local time - process: java.exe, PID Host(s) detected IP Address Hostname Reverse DNS ns1648.ztomy.com. 1 Countr(y ies) detected Hosts Country 1 Turkey Page 16 Date: :36:39
Infosec Binary Analisys. dew.fgh
dew.fgh MalFamily: Malicious MalScore: 100 File type: File size: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive 344.03 KB (352285 bytes) Compile time: 2014-10-07
More informationInfosec Binary Analisys. amd4.exe
amd4.exe MalScore: 100 File type: File size: PE32 executable (GUI) Intel 80386, for MS Windows 2559.79 KB (2621224 bytes) Compile time: 2018-05-02 17:08:30 MD5: SHA1: Import hash: 25705698d4403963b89432c39ee4eeed
More informationInfosec Binary Analisys. amd6.exe
amd6.exe MalScore: 100 File type: File size: PE32 executable (GUI) Intel 80386, for MS Windows 2507.29 KB (2567464 bytes) Compile time: 2018-05-02 17:08:30 MD5: SHA1: Import hash: c64b759c1022c22eaf2e4825eca431df
More informationID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:
ID: 33355 Sample Name: ff2c8cadaa0fd8da138ccefce3e001f53a5dceccd45b15ae23f4d51.evaljs.js Cookbook: default.jbs Time: 1:44:00 Date: 04//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report
More informationID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:
ID: 80115 Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report js.jar Overview General Information
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationJava Trojan UDURRANI UDURRANI
Java Trojan!1 Summary Payload received via email. User executes the payload Payload is initiated as a java jar file Payload uses powershell and wscript as helper script(s) Java is heavily obfuscated, using
More informationID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:
ID: 47020 Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: :19:47 Date: 19/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version:
ID: 3923 Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/0/201 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version:
ID: 57706 Cookbook: urldownload.jbs Time: 19:5:34 Date: 02/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version:
ID: 0 Cookbook: urldownload.jbs Time: 20:4:24 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal
ID: Cookbook: urldownload.jbs Time: 0:25:02 Date: 29//201 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://15.1..14/neko.sh Overview General Information Detection Confidence
More informationID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version:
ID: 52 Cookbook: urldownload.jbs Time: 1:41:45 Date: 23/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:
ID: 1259 Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 1:29:43 Date: 25/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version:
ID: 64646 Cookbook: urldownload.jbs Time: 1:4:3 Date: 19/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:
ID: 371 Sample Name: fly.jse Cookbook: default.jbs Time: 1:17:2 Date: 11/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence Classification
More informationID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version:
ID: 153 Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/0/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:
ID: 48 Sample Name: maintools.js Cookbook: default.jbs Time: 1:43:3 Date: 1/02/2018 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version:
ID: 4706 Cookbook: urldownload.jbs Time: 22:46:20 Date: 1/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version:
ID: 41304 Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview
More informationID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0.
ID: 64992 Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 21/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:
ID: 3393 Sample Name: quzpecasrh Cookbook: default.jbs Time: 1:55:54 Date: 0//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationID: Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:46:31 Date: 01/02/2018 Version:
ID: 44491 Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:4:31 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version:
ID: 6045 Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/0/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:
ID: 50646 Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:
ID: 41280 Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information
More information500 Business Center Drive Pittsburgh, PA USA Phone: Fax: CAGE Code 1BGJ7
500 Business Center Drive Pittsburgh, PA 15205 USA Phone: +1.412.494.2800 Fax: +1.412.494.5550 CAGE Code 1BGJ7 www.secureswitch.com SwitchCenter Installation: SwitchCenter software requires a computer
More informationID: Sample Name: Liste1.jar Cookbook: default.jbs Time: 23:20:23 Date: 02/11/2017 Version:
ID: 35936 Sample Name: Liste1.jar Cookbook: default.jbs Time: 23:20:23 Date: 02/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:
ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version:
ID: 4441 Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version:
ID: 5250 Sample Name: test.txt Cookbook: default.jbs Time: 13:18:3 Date: 31/03/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:
ID: 58133 Sample Name: Serial.txt Cookbook: default.jbs Time: 02:5:20 Date: 0/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:
ID: 34788 Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 0:43:5 Date: 21/10/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:
ID: 52376 Cookbook: browseurl.jbs Time: 15:4:15 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version:
ID: 6600 Cookbook: urldownload.jbs Time: 21:2:55 Date: 2/06/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:
More informationID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version:
ID: 4253 Sample Name: text_0.txt Cookbook: default.jbs Time: 1:20:15 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version:
ID: 5945 Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version:
ID: 55401 Sample Name: E203182DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0.
ID: 25 Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:4 Date: 20/09/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Payment_Remittance#.xps
More informationID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version:
ID: 5253 Cookbook: browseurl.jbs Time: 12:5:02 Date: 02/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version:
ID: 52374 Cookbook: browseurl.jbs Time: 15:46:3 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0.
ID: 4457 Sample Name: #Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General
More informationID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version:
ID: 0309 Sample Name: image002 Cookbook: default.jbs Time: 1:19:2 Date: 1/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.
ID: 64635 Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 1/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection
More informationID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version:
ID: 5702 Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version:
ID: 62529 Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:
ID: 50648 Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31: Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:
ID: 42035 Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection
More informationYour Personal, Portable, Malware Analysis Sandbox. Brian github.com/rurik
Your Personal, Portable, Malware Analysis Sandbox Brian Baskin @bbaskin github.com/rurik Origin Story Nori-Ben: Seaweed Lunch Box Simplest box to make Cheap Minimal ingredients Noriben Simple Malware Analysis
More informationID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version:
ID: 52775 Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:
ID: 46296 Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version:
ID: 5139 Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Sample Name: zzz.ps1 Cookbook: default.jbs Time: 20:46:52 Date: 16/03/2018 Version:
ID: 50654 Sample Name: zzz.ps1 Cookbook: default.jbs Time: 20:46:52 Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version:
ID: 54427 Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification
More informationID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:
ID: 67658 Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification Analysis Advice Signature Overview
More informationID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version:
ID: 42670 Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationSummary. Verdict: Malware CLASSIFICATION DETECTION SECTION HIGH LEVEL BEHAVIOR DISTRIBUTION ACTIVITY OVERVIEW
Page 1 Summary File Name: 1705011024.exe File Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows SHA1: afdb6ba117cf573fdae3bbe184a5a5cfa78fcd91 MD5: 9534643cdc33e1c6b47b9afd40ca8eb0
More informationID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.
ID: 56519 Sample Name: 20180542 INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information
More informationID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:
ID: 37366 Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version:
ID: 94 Cookbook: urldownload.jbs Time: 1:10:9 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0.
ID: 5762 Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: :36:2 Date: 04/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection
More informationID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version:
ID: 45263 Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification
More informationID: Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version:
ID: 42511 Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:
ID: 42417 Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version:
ID: 6036 Sample Name: wtf.bat Cookbook: default.jbs Time: 1:32:35 Date: 19/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationID: Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/2017 Version:
ID: 38864 Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More information1. Go to the URL Click on JDK download option
Download and installation of java 1. Go to the URL http://www.oracle.com/technetwork/java/javase/downloads/index.html Click on JDK download option 2. Select the java as per your system type (32 bit/ 64
More informationID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.
ID: 63341 Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 08:43:14 Date: 10/06/2018 Version: 22.0.0 Table of Contents
More informationID: Sample Name: rechnung_ js Cookbook: default.jbs Time: 19:18:52 Date: 08/04/2018 Version:
ID: 53668 Sample Name: rechnung_164920244621218163584.js Cookbook: default.jbs Time: 19:18:52 Date: 08/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version:
ID: 388 Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:4 Date: 22/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version:
ID: 49 Cookbook: urldownload.jbs Time: 19:: Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice
More informationID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:
ID: 53619 Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version:
ID: 6467 Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date:
ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents
More informationID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version:
ID: 41861 Sample Name: PO65445465.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03::36 Date: 08/01/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date:
ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents
More informationID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.
ID: 54478 Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version:
ID: 51630 Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Sample Name: VCE.Mobile apk Cookbook: defaultandroidfilecookbook.jbs Time: 22:06:32 Date: 10/01/2018 Version: 20.0.
ID: 42258 Sample Name: VCE.Mobile.8.0.7.apk Cookbook: defaultandroidfilecookbook.jbs Time: 22:06:32 Date: 10/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General
More informationID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version:
ID: 41000 Cookbook: browseurl.jbs Time: 1:05:31 Date: 26/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationCreating Jar Files. Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site
Creating Jar Files Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site What is a Jar File? Java archive (jar) files are compressed files that can store one or many files. Jar files
More informationID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:
ID: 001 Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:4 Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:
ID: 4019 Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24: Date: 1/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version:
ID: 61542 Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationROPInjector: Using Return- Oriented Programming for Polymorphism and AV Evasion
University of Piraeus Department of Digital Systems ROPInjector: Using Return- Oriented Programming for Polymorphism and AV Evasion G. Poulios, C. Ntantogian, C. Xenakis {gpoulios, dadoyan, xenakis}@unipi.gr
More informationTLP:GREEN FBI. FBI Liaison Alert System #A mw SUMMARY TECHNICAL DETAILS
Liaison Alert System #A-000044-mw The following information was obtained through investigations and is provided in accordance with the 's mission and policies to prevent and protect against federal crimes
More informationID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version:
ID: 34266 Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal
ID: 82913 Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://www.learningtoolkit.club Overview General Information
More informationID: Sample Name: _ doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0.
ID: 34737 Sample Name: 20170927_655387.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationCreating Android Apps from Rh10
Creating Android Apps from Rh10 INTRODUCTION This document was originally written when RoboHelp 10 was the current version and came in a zip file with the required files. As they might not be compatible
More informationdata block 0, word 0 block 0, word 1 block 1, word 0 block 1, word 1 block 2, word 0 block 2, word 1 block 3, word 0 block 3, word 1 Word index cache
Taking advantage of spatial locality Use block size larger than one word Example: two words Block index tag () () Alternate representations Word index tag block, word block, word block, word block, word
More informationID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.
ID: 61258 Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection
More informationID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:
ID: 82 Sample Name: GeZNwROcB.bin Cookbook: default.jbs Time: 1:22:4 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationSetting up the Sophos Mobile Control External EAS Proxy
Setting up the Sophos Mobile Control External EAS Proxy Setting up the External EAS Proxy This document tries to explain the concept of the Sophos Mobile Control External EAS Proxy which is available for
More informationID: Sample Name: gsa_wearable.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:49:05 Date: 16/10/2017 Version:
ID: 34303 Sample Name: sa_wearable.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:49:05 Date: 1/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Classification
More informationID: Sample Name: process.0xfffffa8004b x dmp Cookbook: default.jbs Time: 22:45:59 Date: 02/12/2017 Version: 20.0.
ID: 38941 Sample Name: process.0xfffffa8004b120.0x480000.dmp Cookbook: default.jbs Time: 22:4:9 Date: 02/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationID: Sample Name: 11youtube3.com Cookbook: default.jbs Time: 08:17:42 Date: 12/04/2018 Version:
ID: 54295 Sample Name: 11youtube3.com Cookbook: default.jbs Time: 08:1:42 Date: 12/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version:
ID: 66665 Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More information