Process information set: FAILCRITIC ALERRORS | NOGPFAULT ERRORBOX rdataĭisables application error messsages (SetErrorMode) Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IA T is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_LO AD_CONFIG is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_BA SERELOC is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_RE SOURCE is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IM PORT is in. PE file contains a valid data directory to section mapping Static PE information: TERMINAL_S ERVER_AWAR E, DYNAMIC _BASE, NX_ COMPATīinary string: C:\JobRele ase\win\Re lease\cust act\x86\vi ewer.pdb+ source: Bi nary.viewe r.exeīinary string: C:\JobRele ase\win\Re lease\cust act\x86\vi ewer.pdb s ource: Bin ary.viewer. Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_IATĬontains modern PE file flags such as dynamic base (ASLR) or NX Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_LOAD_CO NFIG Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_DEBUG
Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_BASEREL OC Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_RESOURC E Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_IMPORT PE file contains a mix of data directories often seen in goodware Static PE information: certificat e valid tmpĬontains functionality to instantiate COM classesĬode function: 2_2_00CD4B 10 CoIniti alize,CoCr eateInstan ce,Variant Init,IUnkn own_QueryS ervice,IUn known_Quer yInterface _Proxy,IUn known_Quer yInterface _Proxy,Sys AllocStrin g,SysAlloc String,Sys AllocStrin g,VariantI nit,OpenPr ocess,Wait ForSingleO bject,Clos eHandle,Lo calFree,Va riantClear ,VariantCl ear,Varian tClear,Var iantClear, VariantCle ar,SysFree String,Var iantClear, CoUninitia lize,_com_ issue_erro r,IUnknown _Release_P roxy,įile read: C:\Windows \System32\ drivers\et c\hosts Mutant created: \Sessions\ 1\BaseName dObjects\L ocal\WERRe portingFor Process548 0Ĭontains functionality to load and extract PE file embedded resourcesĬode function: 2_2_00CD4A 30 LoadRes ource,Lock Resource,S izeofResou rce,įile created: C:\Program Data\Micro soft\Windo ws\WER\Tem p\WER61DE. Source: C:\Windows \SysWOW64\ WerFault.e xe Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\WOW6 432Node\CL SID\\InprocS erver32 Uses an in-process (OLE) Automation server Process created: C:\Users\u ser\Deskto p\Binary.v iewer.exe 'C:\Users\ user\Deskt op\Binary. Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiersĬontains functionality to enum processes or threadsĬode function: 2_2_00CD37 A0 CreateT oolhelp32S napshot,Cl oseHandle, Process32F irstW,Open Process,Fi ndCloseCha ngeNotific ation,Proc ess32NextW ,CloseHand le, text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section Process created: C:\Windows \SysWOW64\ WerFault.e xe C:\Wind ows\SysWOW 64\WerFaul t.exe -u - p 5480 -s 676įound potential string decryption / allocating functionsĬode function: String fun ction: 00D 138B2 appe ars 46 tim esĬontains functionality to call native functionsĬode function: 2_2_00CD3B 50 GetProc Address,Nt QueryInfor mationProc ess,GetLas tError,Rea dProcessMe mory,ReadP rocessMemo ry,ReadPro cessMemory ,FreeLibra ry, Source: C:\Users\u ser\Deskto p\Binary.v iewer.exe Sample file is different than original file name gathered from version info Static PE information: 32BIT_MACH INE, EXECU TABLE_IMAG E, LARGE_A DDRESS_AWA RE String found in binary or memory: w.thawte.c om/reposit ory0W String found in binary or memory: w.thawte.c om/cps0/ String found in binary or memory: w.advanced installer. String found in binary or memory: / rpa0. String found in binary or memory: / cps0% String found in binary or memory: .sy 0 String found in binary or memory: crl.ws.sym / sha256-tss -ca.crl0 String found in binary or memory: aia.ws.sym / sha256-tss -ca.cer0( String found in binary or memory: / tl.crt0 String found in binary or memory: / tl.crl0 String found in binary or memory: / ThawtePCA. String found in binary or memory: /u niversal-r oot.crl0
0 kommentar(er)
