burgerfere.blogg.se

String found in binary or memory: nload.dopd f.com/down load/setup /8.3.934/O fficeAddIn (x86).msi String found in binary or memory: nload.dopd f.com/down load/setup /8.3.934/O fficeAddIn (圆4).msi String found in binary or memory: ts.godaddy. String found in binary or memory: tificates. String found in binary or memory: syndicatio n.org/2006 /appsynapp licationap uputil.cpp upgradeexc lusivetrue enclosured igestalgor String found in binary or memory: syndicatio n.org/2006 /appsyn JA3 fingerprint: 54328bd36c 14bd82ddaa 0c04b25ed9 adĬontains functionality to download additional files from the internetĬode function: 0_2_00205B 06 Interne tReadFile, WriteFile, WriteFile, GetLastErr or,GetLast Error,ĭNS traffic detected: queries fo r: secure. JA3 SSL client fingerprint seen in connection with other malware Source: C:\Users\u ser\Deskto p\dopdf-fu ll.exeĬode function: 0_2_001D60 30 Decrypt FileW,Ĭode function: 0_2_001D50 8B CryptHa shPublicKe yInfo,_mem cmp,_memcm p,GetLastE rror,Ĭode function: 0_2_001D52 02 _memset ,CryptCATA dminCalcHa shFromFile Handle,Get LastError, GetLastErr or,CryptCA TAdminCalc HashFromFi leHandle,G etLastErro r,GetLastE rror,GetLa stError,Wi nVerifyTru st,WinVeri fyTrust,Wi nVerifyTru st,Ĭode function: 0_2_001FC5 39 _memset ,CryptAcqu ireContext W,GetLastE rror,Crypt CreateHash ,GetLastEr ror,CryptH ashData,Re adFile,Get LastError, CryptDestr oyHash,Cry ptReleaseC ontext,Get LastError, CryptGetHa shParam,Ge tLastError ,SetFilePo interEx,Ge tLastError ,Ĭode function: 0_2_001D5E 12 Decrypt FileW,Decr yptFileW, Uses Microsoft's Enhanced Cryptographic Provider Standard Non-Application Layer Protocol 2ĭeobfuscate/Decode Files or Information 1Įxfiltration Over Command and Control Channel

Report size getting too big, too many NtReadVirtualMemory calls found.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtAllocateVirtualMemory calls found.Report size exceeded maximum capacity and may have missing disassembly code.Excluded domains from analysis (whitelisted): au.net,, au.net,, ,,.Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, CompatTelRunner.exe.