text is bigger th an: 0x1000 00 < 0x1e5 e00Ĭontains functionality to dynamically determine API callsĬode function: 0_2_004047 88 QueryPe rformanceF Imageenvie rollBarsAl waysVisibl SetChecked etChecked$ qqro,LoadL ibraryA,Ge tProcAddre ss, Static file information: File size 2930176 > 1048576 Submission file is bigger than most known malware samples Static PE information: More than 490 > 100 exports fo und Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers Key opened: HKEY_CURRE NT_USER\So ftware\Bor land\Delph i\Locales Parts of this applications are using Borland Delphi (Probably coded in Delphi) text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section sdmpīinary or memory string: OriginalFi lenamemsvf ij% vs DjV uReader.ex eĬode function: 0_2_0058F5 24 GetLast Error,Form atMessageA ,Ĭontains functionality to load and extract PE file embedded resourcesĬode function: 0_2_0054D6 E4 FindRes ourceA, sdmpīinary or memory string: OriginalFi lenameuser 32j% vs Dj VuReader.e xe sdmpīinary or memory string: OriginalFi lenameDjVu Reader6 vs DjVuReade r.exe Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Static PE information: Resource n ame: RT_BI TMAP type: GLS_BINAR Y_LSB_FIRS T sdmpįound potential string decryption / allocating functionsĬode function: String fun ction: 005 6F020 appe ars 33 tim esĬode function: String fun ction: 005 E572C appe ars 51 tim es Source: C:\Users\u ser\Deskto p\DjVuRead er.exeĬode function: 0_2_004746 3C elCopyToCl mageenproc nsistentBi tmap$qqr52 t$t24Hyieu xelFormat$ iuc$0$iuc$ 6%,OpenCli pboard,Emp t圜lipboar GetReBackg round$qqrv itmaptoDIB Ex$qqrp23H IEBaseBitm apiiii,Set ClipboardD ata,CloseC Imageenpro oClipboard $qqrv,Ĭontains functionality to record screenshotsĬode function: 0_2_005928 D8 GetObje ctA,GetDC, CreateComp atibleDC,C reateBitma p,CreateCo mpatibleBi tmap,GetDe viceCaps,G etDeviceCa ps,SelectO bject,GetD IBColorTab le,GetDIBi ts,SelectO bject,Crea teDIBSecti on,GetDIBi ts,SelectO bject,Sele ctPalette, RealizePal ette,FillR ect,SetTex tColor,Set BkColor,Se tDIBColorT able,PatBl t,CreateCo mpatibleDC ,SelectObj ect,Select Palette,Re alizePalet te,SetText Color,SetB kColor,Bit Blt,Select Palette,Se lectObject ,DeleteDC, SelectPale tte,Ĭreates a DirectInput object (often for capturing keystrokes) Deobfuscate/Decode Files or Information 1Ĭontains functionality for read data from the clipboard
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |