text) which is very likely to contain packed code (zlib compression ratio Īutomated click: I agree to these ter ms and con ditionsįile opened: C:\Windows \SysWOW64\ msftedit.d ll Matched rule: PUP_Instal lRex_AntiF Wb date =, author = Florian R oth, descr iption = M alware Ins tallRex / AntiFW, li cense = ht tps://crea tivecommon s.org/lice nses/by-nc /4.0/, sco re =, has h = bb5607 cd2ee51f03 9f60e32cf7 edc4e21a2d 95cd Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Static PE information: Resource n ame: RT_RC DATA type: PE32+ exe cutable (G UI) x86-64, for MS W indows Static PE information: Resource n ame: RT_RC DATA type: PE32 exec utable (GU I) Intel 8 0386, for MS Windows PE file contains executable resources (Code or Archives) Source: C:\Users\u ser\Deskto p\InstallB C201401.ex e Matched rule: Malware In stallRex / AntiFW Au thor: Flor ian RothĬreates files inside the system directory Source: InstallBC2 01401.exe, type: SAM PLE Malicious sample detected (through community Yara rule) String found in binary or memory: .sy 07 String found in binary or memory: crl.ws.sym / tss-ca-g2. String found in binary or memory: aia.ws.sym / tss-ca-g2. String found in binary or memory: p.thawte.c om0 String found in binary or memory: g2-crl.tha wte.com/Th awteCSG2.c rl0
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |