Infosec Binary Analisys. updatewin2.exe

Similar documents
Infosec Binary Analisys. dew.fgh

Infosec Binary Analisys. amd6.exe

Infosec Binary Analisys. amd4.exe

DOMAINS TO ADD TO FORTINAC ALLOWED DOMAINS LIST

Anti-Virus Comparative Summary Report 2008

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version:

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version:

Summary. Verdict: Malware DETECTION SECTION CLASSIFICATION HIGH LEVEL BEHAVIOR DISTRIBUTION ACTIVITY OVERVIEW

Episode I 10/13/2011. The Internet and how am I connected. A Firewall what. And a Wireless whatchama call it. (the box with the blinking lights)

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:

Summary. Verdict: Malware CLASSIFICATION DETECTION SECTION HIGH LEVEL BEHAVIOR DISTRIBUTION ACTIVITY OVERVIEW

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:

ID: Sample Name: 11youtube3.com Cookbook: default.jbs Time: 08:17:42 Date: 12/04/2018 Version:

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version:

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version:

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:

Infosec Binary Analisys. Order_2018[10].jar

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version:

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version:

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version:

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0.

Compliments of. Getting Help

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version:

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version:

ID: Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:46:31 Date: 01/02/2018 Version:

Beagle.BG-BJ/Mitglieder (Tooso) Propagation infectionvectors.com March 2005

ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0.

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version:

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:

ID: Sample Name: process.0xfffffa8004b x dmp Cookbook: default.jbs Time: 22:45:59 Date: 02/12/2017 Version: 20.0.

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version:

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version:

Comodo Unknown File Hunter Software Version 2.1

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version:

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version:

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version:

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version:

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version:

AhnLab-V AntiVir Antiy-AVL Avast

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version:

ID: Sample Name: binarydata Cookbook: default.jbs Time: 22:09:57 Date: 22/11/2017 Version:

ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version:

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version:

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:

Comodo APT Assessment Tool

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version:

ID: Sample Name: meterpreter64bit.exe Cookbook: default.jbs Time: 16:01:45 Date: 24/11/2017 Version:

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version:

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version:

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version:

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version:

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.

ID: Sample Name: emotet.exe Cookbook: defaultwindowsofficecookbook.jbs Time: 07:07:14 Date: 07/11/2017 Version:

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version:

ID: Sample Name: flashlight_sky.apk Cookbook: defaultandroidfilecookbook.jbs Time: 16:39:31 Date: 07/02/2018 Version:

McAfee Threat Intelligence Exchange Product Guide. (McAfee epolicy Orchestrator)

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version:

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version:

ID: Sample Name: Liste1.jar Cookbook: default.jbs Time: 23:20:23 Date: 02/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version:

ID: Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version:

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version:

Online Security and Safety Protect Your Computer - and Yourself!

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.

Package virustotal. May 1, 2017

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version:

Summary. Verdict: Malware CLASSIFICATION DETECTION SECTION HIGH LEVEL BEHAVIOR DISTRIBUTION ACTIVITY OVERVIEW

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version:

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version:

Transcription:

updatewin2.exe MalScore: 100 File type: File size: PE32 executable (GUI) Intel 80386, for MS Windows 274.50 KB (281088 bytes) Compile time: 2017-11-21 07:08:45 MD5: SHA1: Import hash: 996ba35165bb62473d2a6743a5200d45 52169b0b5cce95c6905873b8d12a759c234bd2e0 5921adaaf66f8c259aeda9e22686cd4b Submitted: 2019-01-22 05:48:04 URL(s) file hosting http://rosalos.ug/xxx/updatewin2.exe Antivirus Report Report date Detection Ratio Permalink 2019-01-22 00:24:39 48/71 Import library SHELL32.dll KERNEL32.dll GDI32.dll USER32.dll Page 1 Date: 2019-02-21 23:04:06

7 Behaviors detected by system signatures Attempts to repeatedly call a single API many times in order to delay analysis time - Spam: updatewin2.exe (2696) called API NtClose 62783 times The sample wrote data to the system hosts file. - added: 127.0.0.1 ds.download.windowsupdate.com - added: 127.0.0.1 www.update.microsoft.com - added: 127.0.0.1 download.windowsupdate.com - added: 127.0.0.1 fe2.update.microsoft.com - added: 127.0.0.1 whoer.net - added: 127.0.0.1 www.whoer.net - added: 127.0.0.1 windowsupdate.com - added: 127.0.0.1 www.windowsupdate.com - added: 127.0.0.1 microsoft.com - added: 127.0.0.1 www.microsoft.com - added: 127.0.0.1 www.windowsupdate.com - added: 127.0.0.1 windowsupdate.com - added: 127.0.0.1 www.microsoft.com - added: 127.0.0.1 www.360totalsecurity.com - added: 127.0.0.1 360totalsecurity.com - added: 127.0.0.1 www.gratissoftwaresite.com - added: 127.0.0.1 gratissoftwaresite.com - added: 127.0.0.1 tweakers.net - added: 127.0.0.1 www.tweakers.net - added: 127.0.0.1 www.avg.com - added: 127.0.0.1 avg.com - added: 127.0.0.1 www.bestevirusscanner.net - added: 127.0.0.1 bestevirusscanner.net - added: 127.0.0.1 www.consumentenbond.nl - added: 127.0.0.1 consumentenbond.nl - added: 127.0.0.1 cheaplicensing.com - added: 127.0.0.1 www.cheaplicensing.com - added: 127.0.0.1 global.ahnlab.com - added: 127.0.0.1 www.global.ahnlab.com - added: 127.0.0.1 www.ahnlab.com - added: 127.0.0.1 ahnlab.com - added: 127.0.0.1 downloads.tomsguide.com - added: 127.0.0.1 www.downloads.tomsguide.com - added: 127.0.0.1 www.download82.com - added: 127.0.0.1 download82.com - added: 127.0.0.1 download.cnet.com - added: 127.0.0.1 www.download.cnet.com - added: 127.0.0.1 www.avast.com - added: 127.0.0.1 avast.com - added: 127.0.0.1 support.avast.com - added: 127.0.0.1 www.support.avast.com - added: 127.0.0.1 www.consumentenbond.com - added: 127.0.0.1 consumentenbond.com - added: 127.0.0.1 www.goedkoopsteantivirus.com - added: 127.0.0.1 goedkoopsteantivirus.com - added: 127.0.0.1 www.toptenreviews.com - added: 127.0.0.1 toptenreviews.com - added: 127.0.0.1 www.antivirus.nl - added: 127.0.0.1 antivirus.nl - added: 127.0.0.1 www.bol.com - added: 127.0.0.1 bol.com - added: 127.0.0.1 www.avira.com - added: 127.0.0.1 avira.com - added: 127.0.0.1 www.bitdefender.com - added: 127.0.0.1 bitdefender.com Page 2 Date: 2019-02-21 23:04:06

- added: 127.0.0.1 licentie2go.com - added: 127.0.0.1 www.licentie2go.com - added: 127.0.0.1 www.bullguard.com - added: 127.0.0.1 bullguard.com - added: 127.0.0.1 www.kpn.com - added: 127.0.0.1 kpn.com - added: 127.0.0.1 virusscanner.software - added: 127.0.0.1 www.virusscanner.software - added: 127.0.0.1 www.comodo.com - added: 127.0.0.1 comodo.com - added: 127.0.0.1 www.drweb.com - added: 127.0.0.1 drweb.com - added: 127.0.0.1 download.drweb.com - added: 127.0.0.1 www.download.drweb.com - added: 127.0.0.1 vms.drweb.com - added: 127.0.0.1 www.vms.drweb.com - added: 127.0.0.1 alternativeto.ne - added: 127.0.0.1 www.alternativeto.ne - added: 127.0.0.1 softonic.com - added: 127.0.0.1 www.softonic.com - added: 127.0.0.1 www.softpedia.com - added: 127.0.0.1 softpedia.com - added: 127.0.0.1 www.flipkart.com - added: 127.0.0.1 flipkart.com - added: 127.0.0.1 virustotal.com - added: 127.0.0.1 www.virustotal.com - added: 127.0.0.1 www.emsisoft.com - added: 127.0.0.1 emsisoft.com - added: 127.0.0.1 www.antimalwaresoftware.com - added: 127.0.0.1 antimalwaresoftware.com - added: 127.0.0.1 www.pcwebplus.com - added: 127.0.0.1 pcwebplus.com - added: 127.0.0.1 www.pcmag.com - added: 127.0.0.1 pcmag.com - added: 127.0.0.1 www.eset.com - added: 127.0.0.1 eset.com - added: 127.0.0.1 www.surfspot.com - added: 127.0.0.1 surfspot.com - added: 127.0.0.1 www.topantivirus.com - added: 127.0.0.1 topantivirus.com - added: 127.0.0.1 www.techzine.com - added: 127.0.0.1 techzine.com - added: 127.0.0.1 www.eset.com - added: 127.0.0.1 eset.com - added: 127.0.0.1 www.fortinet.com - added: 127.0.0.1 fortinet.com - added: 127.0.0.1 fortiguard.com - added: 127.0.0.1 www.fortiguard.com - added: 127.0.0.1 forticlient.com - added: 127.0.0.1 www.forticlient.com - added: 127.0.0.1 www.kpn.com - added: 127.0.0.1 kpn.com - added: 127.0.0.1 www.kaspersky.com - added: 127.0.0.1 kaspersky.com - added: 127.0.0.1 www.consumentenbond.com - added: 127.0.0.1 consumentenbond.com - added: 127.0.0.1 www.surfspot.com - added: 127.0.0.1 surfspot.com - added: 127.0.0.1 www.topreviews.com - added: 127.0.0.1 topreviews.com - added: 127.0.0.1 www.amecomputers.com - added: 127.0.0.1 amecomputers.com - added: 127.0.0.1 www.instantsoftware.com Page 3 Date: 2019-02-21 23:04:06

- added: 127.0.0.1 instantsoftware.com - added: 127.0.0.1 www.malwarebytes.com - added: 127.0.0.1 malwarebytes.com - added: 127.0.0.1 www.malwarebytes.org - added: 127.0.0.1 malwarebytes.org - added: 127.0.0.1 download.cnet.com - added: 127.0.0.1 www.download.cnet.com - added: 127.0.0.1 www.bleepingcomputer.com - added: 127.0.0.1 bleepingcomputer.com - added: 127.0.0.1 www.majorgeeks.com - added: 127.0.0.1 majorgeeks.com - added: 127.0.0.1 www.seniorweb.com - added: 127.0.0.1 seniorweb.com - added: 127.0.0.1 www.amazon.com - added: 127.0.0.1 amazon.com - added: 127.0.0.1 www.techspot.com - added: 127.0.0.1 techspot.com - added: 127.0.0.1 filehippo.com - added: 127.0.0.1 www.filehippo.com - added: 127.0.0.1 www.idealsoftware.com - added: 127.0.0.1 idealsoftware.com - added: 127.0.0.1 uptodown.com - added: 127.0.0.1 www.uptodown.com - added: 127.0.0.1 www.mcafee.com - added: 127.0.0.1 mcafee.com - added: 127.0.0.1 home.mcafee.com - added: 127.0.0.1 www.home.mcafee.com - added: 127.0.0.1 www.coolblue.com - added: 127.0.0.1 coolblue.com - added: 127.0.0.1 www.pcmag.com - added: 127.0.0.1 pcmag.com - added: 127.0.0.1 www.sky.com - added: 127.0.0.1 sky.com - added: 127.0.0.1 norton.com - added: 127.0.0.1 www.norton.com - added: 127.0.0.1 www.kieskeurig.com - added: 127.0.0.1 kieskeurig.com - added: 127.0.0.1 internetsecurity.xfinity.com - added: 127.0.0.1 www.internetsecurity.xfinity.com - added: 127.0.0.1 www.symantec.com - added: 127.0.0.1 symantec.com - added: 127.0.0.1 www.campusshop.com - added: 127.0.0.1 campusshop.com - added: 127.0.0.1 www.pandasecurity.com - added: 127.0.0.1 pandasecurity.com - added: 127.0.0.1 www.paradigit.com - added: 127.0.0.1 paradigit.com - added: 127.0.0.1 www.sophos.com - added: 127.0.0.1 sophos.com - added: 127.0.0.1 home.sophos.com - added: 127.0.0.1 www.home.sophos.com - added: 127.0.0.1 sophos.virtualsecurity.com - added: 127.0.0.1 www.sophos.virtualsecurity.com - added: 127.0.0.1 www.gratissoftware.com - added: 127.0.0.1 gratissoftware.com - added: 127.0.0.1 www.seniorweb.com - added: 127.0.0.1 seniorweb.com - added: 127.0.0.1 www.softwareadvice.com - added: 127.0.0.1 softwareadvice.com - added: 127.0.0.1 www.symantec.com - added: 127.0.0.1 symantec.com - added: 127.0.0.1 hostedendpoint.spn.com - added: 127.0.0.1 www.hostedendpoint.spn.com Page 4 Date: 2019-02-21 23:04:06

- added: 127.0.0.1 www.g2crowd.com - added: 127.0.0.1 g2crowd.com - added: 127.0.0.1 www.trendmicro.com - added: 127.0.0.1 trendmicro.com - added: 127.0.0.1 www.goedkoopsteantivirus.com - added: 127.0.0.1 goedkoopsteantivirus.com - added: 127.0.0.1 download.cnet.com - added: 127.0.0.1 www.download.cnet.com - added: 127.0.0.1 www.ign.com - added: 127.0.0.1 ign.com - added: 127.0.0.1 www.trusteer.com - added: 127.0.0.1 trusteer.com - added: 127.0.0.1 my.webrootanywhere.com - added: 127.0.0.1 www.my.webrootanywhere.com - added: 127.0.0.1 www.webroot.com - added: 127.0.0.1 webroot.com - added: 127.0.0.1 www.techradar.com - added: 127.0.0.1 techradar.com - added: 127.0.0.1 support.microsoft.com - added: 127.0.0.1 www.support.microsoft.com - added: 127.0.0.1 www.microsoft.com - added: 127.0.0.1 microsoft.com - added: 127.0.0.1 pulse.microsoft.com - added: 127.0.0.1 www.pulse.microsoft.com - added: 127.0.0.1 pcmweb.com - added: 127.0.0.1 www.pcmweb.com - added: 127.0.0.1 www.security.com - added: 127.0.0.1 security.com - added: 127.0.0.1 ccm.net - added: 127.0.0.1 www.ccm.net - added: 127.0.0.1 www.enigmasoftware.com - added: 127.0.0.1 enigmasoftware.com - added: 127.0.0.1 howtoremove.guide - added: 127.0.0.1 www.howtoremove.guide - added: 127.0.0.1 www.2-viruses.com - added: 127.0.0.1 2-viruses.com - added: 127.0.0.1 www.2-spyware.com - added: 127.0.0.1 2-spyware.com - added: 127.0.0.1 sensorstechforum.com - added: 127.0.0.1 www.sensorstechforum.com - added: 127.0.0.1 greatis.com - added: 127.0.0.1 www.greatis.com - added: 127.0.0.1 www.pchubs.com - added: 127.0.0.1 pchubs.com - added: 127.0.0.1 www.pcrisk.com - added: 127.0.0.1 pcrisk.com - added: 127.0.0.1 www.malware-board.com - added: 127.0.0.1 malware-board.com - added: 127.0.0.1 pcthreatskiller.com - added: 127.0.0.1 www.pcthreatskiller.com - added: 127.0.0.1 pcfixhelp.net - added: 127.0.0.1 www.pcfixhelp.net - added: 127.0.0.1 stepsforkillingthreats.com - added: 127.0.0.1 www.stepsforkillingthreats.com - added: 127.0.0.1 www.removemalwarevirus.com - added: 127.0.0.1 removemalwarevirus.com - added: 127.0.0.1 spyware-techie.com - added: 127.0.0.1 www.spyware-techie.com - added: 127.0.0.1 anti-spyware-101.com - added: 127.0.0.1 www.anti-spyware-101.com - added: 127.0.0.1 www.removeallvirus.com - added: 127.0.0.1 removeallvirus.com - added: 127.0.0.1 www.pcthreat.com Page 5 Date: 2019-02-21 23:04:06

- added: 127.0.0.1 pcthreat.com - added: 127.0.0.1 www.pcinfectionsupport.com - added: 127.0.0.1 pcinfectionsupport.com - added: 127.0.0.1 www.howtouninstallpcmalware.com - added: 127.0.0.1 howtouninstallpcmalware.com - added: 127.0.0.1 computerprotectionpro.com - added: 127.0.0.1 www.computerprotectionpro.com Creates RWX memory Possible date expiration check, exits too soon after checking local time - process: updatewin2.exe, PID 2696 Dynamic (imported) function loading detected - DynamicLoader: kernel32.dll/createtoolhelp32snapshot - DynamicLoader: kernel32.dll/module32firstw - DynamicLoader: kernel32.dll/globalalloc - DynamicLoader: kernel32.dll/loadlibrarya - DynamicLoader: kernel32.dll/virtualalloc - DynamicLoader: kernel32.dll/virtualprotect - DynamicLoader: kernel32.dll/virtualfree - DynamicLoader: kernel32.dll/getversionexa - DynamicLoader: kernel32.dll/terminateprocess - DynamicLoader: kernel32.dll/exitprocess - DynamicLoader: kernel32.dll/seterrormode - DynamicLoader: kernel32.dll/createfilew - DynamicLoader: kernel32.dll/getfilesize - DynamicLoader: kernel32.dll/setfilepointer - DynamicLoader: kernel32.dll/writefile - DynamicLoader: kernel32.dll/closehandle - DynamicLoader: kernel32.dll/writeconsolew - DynamicLoader: kernel32.dll/setfilepointerex - DynamicLoader: kernel32.dll/getconsolemode - DynamicLoader: kernel32.dll/getconsolecp - DynamicLoader: kernel32.dll/flushfilebuffers - DynamicLoader: kernel32.dll/heaprealloc - DynamicLoader: kernel32.dll/heapsize - DynamicLoader: kernel32.dll/getprocessheap - DynamicLoader: kernel32.dll/lcmapstringw - DynamicLoader: kernel32.dll/getstringtypew - DynamicLoader: kernel32.dll/getfiletype - DynamicLoader: kernel32.dll/setstdhandle - DynamicLoader: kernel32.dll/freeenvironmentstringsw - DynamicLoader: kernel32.dll/getenvironmentstringsw - DynamicLoader: kernel32.dll/unhandledexceptionfilter - DynamicLoader: kernel32.dll/setunhandledexceptionfilter - DynamicLoader: kernel32.dll/getcurrentprocess - DynamicLoader: kernel32.dll/terminateprocess - DynamicLoader: kernel32.dll/isprocessorfeaturepresent - DynamicLoader: kernel32.dll/queryperformancecounter - DynamicLoader: kernel32.dll/getcurrentprocessid - DynamicLoader: kernel32.dll/getcurrentthreadid - DynamicLoader: kernel32.dll/getsystemtimeasfiletime - DynamicLoader: kernel32.dll/initializeslisthead - DynamicLoader: kernel32.dll/isdebuggerpresent - DynamicLoader: kernel32.dll/getstartupinfow - DynamicLoader: kernel32.dll/getmodulehandlew - DynamicLoader: kernel32.dll/rtlunwind - DynamicLoader: kernel32.dll/raiseexception - DynamicLoader: kernel32.dll/getlasterror - DynamicLoader: kernel32.dll/setlasterror - DynamicLoader: kernel32.dll/entercriticalsection Page 6 Date: 2019-02-21 23:04:06

- DynamicLoader: kernel32.dll/leavecriticalsection - DynamicLoader: kernel32.dll/deletecriticalsection - DynamicLoader: kernel32.dll/initializecriticalsectionandspincount - DynamicLoader: kernel32.dll/tlsalloc - DynamicLoader: kernel32.dll/tlsgetvalue - DynamicLoader: kernel32.dll/tlssetvalue - DynamicLoader: kernel32.dll/tlsfree - DynamicLoader: kernel32.dll/freelibrary - DynamicLoader: kernel32.dll/getprocaddress - DynamicLoader: kernel32.dll/loadlibraryexw - DynamicLoader: kernel32.dll/getstdhandle - DynamicLoader: kernel32.dll/getmodulefilenamew - DynamicLoader: kernel32.dll/multibytetowidechar - DynamicLoader: kernel32.dll/widechartomultibyte - DynamicLoader: kernel32.dll/exitprocess - DynamicLoader: kernel32.dll/getmodulehandleexw - DynamicLoader: kernel32.dll/getacp - DynamicLoader: kernel32.dll/heapalloc - DynamicLoader: kernel32.dll/heapfree - DynamicLoader: kernel32.dll/findclose - DynamicLoader: kernel32.dll/findfirstfileexw - DynamicLoader: kernel32.dll/findnextfilew - DynamicLoader: kernel32.dll/isvalidcodepage - DynamicLoader: kernel32.dll/getoemcp - DynamicLoader: kernel32.dll/getcpinfo - DynamicLoader: kernel32.dll/getcommandlinea - DynamicLoader: kernel32.dll/getcommandlinew - DynamicLoader: USER32.dll/MessageBoxA - DynamicLoader: SHELL32.dll/SHGetFolderPathW - DynamicLoader: SHLWAPI.dll/PathAppendW - DynamicLoader: msvcr100.dll/atexit - DynamicLoader: kernel32.dll/initializecriticalsectionex - DynamicLoader: kernel32.dll/flsalloc - DynamicLoader: kernel32.dll/flssetvalue - DynamicLoader: kernel32.dll/initializecriticalsectionex - DynamicLoader: kernel32.dll/flsalloc - DynamicLoader: kernel32.dll/flsgetvalue - DynamicLoader: kernel32.dll/flssetvalue - DynamicLoader: kernel32.dll/lcmapstringex Unconventionial language used in binary resources: Serbian SetUnhandledExceptionFilter detected (possible anti-debug) Page 7 Date: 2019-02-21 23:04:06

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback