Key opened: HKEY_LOCAL _MACHINE\S oftware\Po licies\Mic rosoft\Win dows\Safer \CodeIdent ifiers debug / backup)Ĭode function: 1_2_004189 13 GetCurr entProcess ,OpenProce ssToken,Ge tLastError ,LookupPri vilegeValu eA,GetLast Error,Adju stTokenPri vileges,Ge tLastError ,GetLastEr ror,GetLas tError,Ĭode function: 1_1_004189 13 GetCurr entProcess ,OpenProce ssToken,Ge tLastError ,LookupPri vilegeValu eA,GetLast Error,Adju stTokenPri vileges,Ge tLastError ,GetLastEr ror,GetLas tError,Ĭontains functionality to load and extract PE file embedded resourcesĬode function: 1_2_0042A0 02 FindRes ourceA,Loa dResource, Window detected: Number of UI element s: 132Ĭlassification label: mal52.spyw functionality to adjust token privileges (e.g. Uses code obfuscation techniques (call, push, ret)Ĭode function: 1_2_0041AD 70 push ea x retĬode function: 1_2_0040CC A8 push ea x retĬode function: 1_2_0041B9 94 push ea x retĬode function: 1_2_0040CC 18 push ea x retĬode function: 1_1_0041AD 70 push ea x retĬode function: 1_1_0040CC A8 push ea x retĬode function: 1_1_0041B9 94 push ea x retĬode function: 1_1_0040CC 18 push ea x retĮxecutable creates window controls seldom found in malwareįile opened: C:\Windows \system32\ RICHED32.D LLįound window with many clickable UI elements (buttons, textforms, scrollbars etc) Static PE information: real check sum: 0x33e 00 should be: 0x4463 4 Static PE information: section wh ere entry point is p ointing to. Source: C:\Users\user\Desktop\COD4 v1.7 stats editor.exeĬode function: 1_2_00428B 51 GetModu leHandleA, LoadLibrar yA,GetProc Address,#1 7,#17,Free Library,Įntry point lies outside standard sections Contains functionality to dynamically determine API calls
0 kommentar(er)
