![]() ![]()
Download the trainer or find it in the WeMod app. rsrc is bigger th an: 0x1000 00 < 0x481 200Ĭontains modern PE file flags such as dynamic base (ASLR) or NX Static file information: File size 4777472 > 1048576 Submission file is bigger than most known malware samples Window detected: Number of UI element s: 33 Window detected: More than 3 window c hanges det ectedįound window with many clickable UI elements (buttons, textforms, scrollbars etc) Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\CLSI D\ \InProcSer ver32įound graphical window changes (likely an installer) Uses an in-process (OLE) Automation server tmp\extra cted\CET_T RAINER.CET RAINER' '- ORIGIN:C:\ Users\user \Desktop\' EXE' 'C:\ Users\user ~1\AppData \Local\Tem p\cetraine rs\CET6C4D. Process created: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\extr acted\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE 'C:\Users \user~1\Ap pData\Loca l\Temp\cet rainers\CE T6C4D.tmp\ extracted\ Stranded D eep V0.48. Process created: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE 'C:\Users \user~1\Ap pData\Loca l\Temp\cet rainers\CE T6C4D.tmp\ Stranded D eep V0.48. Process created: C:\Users\u ser\Deskto p\Stranded Deep V0.4 8.00 64Bit Trainer 11 MrAntiF un.EXE 'C: \Users\use r\Desktop\ Stranded D eep V0.48. #Stranded deep trainer mrantifun modSQL strings found in memory and binary dataīinary or memory string: create tab le modules (ptrid int eger not n ull, modul eid intege r not null, name cha r(256) not null, pri mary key ( ptrid, mod uleid) ) īinary or memory string: CREATE TAB LE pointer files_endw ithoffsetl ist ( `pt rid`INTEGE R NOT NULL, `offset nr`INTEGER NOT NULL, `offsetv alue`INTEG ER NOT NUL L, PRIMAR Y KEY(ptri d,offsetnr )) īinary or memory string: CREATE TAB LE pointer files (`pt rid`INTEGE R NOT NULL PRIMARY K EY AUTOINC REMENT,`na me`char(25 6) NOT NUL L,`maxleve l`INTEGER, `compresse dptr`INTEG ER,`unalli gned`INTEG ER,`MaxBit CountModul eIndex`INT EGER,`MaxB itCountMod uleOffset` INTEGER,`M axBitCount Level`INTE GER,`MaxBi tCountOffs et`INTEGER ) Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section Source: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXEīinary contains device paths (device paths are often used for kernel mode user mode communication)īinary contains paths to development resourcesĬlassification label: mal64.evad temporary filesįile created: C:\Users\u ser~1\AppD ata\Local\ Temp\cetra iners Source: C:\Users\u ser\Deskto p\Stranded Deep V0.4 8.00 64Bit Trainer 11 MrAntiF un.EXE #Stranded deep trainer mrantifun windowsStatic PE information: Resource n ame: RT_RC DATA type: PE32 exec utable (GU I) In(stri pped to ex ternal PDB ), for MS Windows PE file contains executable resources (Code or Archives) Source: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\extr acted\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE Key, Mouse, Clipboard, Microphone and Screen Capturing:ĭropped file seen in connection with other malwareĭropped File: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er 11 MrA ntiFun.EXE CD86234CF 14DFC0E66A E9E575326F D0CF74723A 5A60337F70 79C0540B6D A5C8B String found in binary or memory: w.paypal.c om/xclick/ business=d ark_byte%4 0hotmail.c om
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |