1.drīinary string: c:\BuildAg ent2\work\ 6fdb9594b1 280691\_bi n\Release\ pshook64.p db source: Punto.Swi tcher.v3.4. tmp.1.drīinary string: c:\BuildAg ent2\work\ 6fdb9594b1 280691\_bi n\Release\ punto.pdb source: Pu nto.Switch er.v3.4.9. 1.drīinary string: c:\BuildAg ent2\work\ 6fdb9594b1 280691\_bi n\Release\ pshook.pdb source: P unto.Switc her.v3.4.9. tmp.1.drīinary string: c:\BuildAg ent2\work\ 6fdb9594b1 280691\_bi n\Release\ diary.pdb source: Pu nto.Switch er.v3.4.9. Static PE information: NO_SEH, TE RMINAL_SER VER_AWARE, DYNAMIC_B ASE, NX_CO MPATīinary string: c:\BuildAg ent2\work\ 6fdb9594b1 280691\_bi n\Release\ PSLoader.p db source: Punto.Swi tcher.v3.4. Static file information: File size 1294686 > 1048576Ĭontains modern PE file flags such as dynamic base (ASLR) or NX Submission file is bigger than most known malware samples Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\WOW6 432Node\CL SID\\InProcS erver32 Uses an in-process (OLE) Automation server Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiersįile read: C:\Users\u ser\Deskto p\Punto.Sw itcher.v3. text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section
#PUNTO SWITCHER FREE#
414.exeĬlassification label: mal68.winE functionality to check free disk spaceĬode function: 1_2_004044 2A GetDlgI tem,SetWin dowTextA,S HBrowseFor FolderA,Co TaskMemFre e,lstrcmpi A,lstrcatA ,SetDlgIte mTextA,Get DiskFreeSp aceA,MulDi v,SetDlgIt emTextA,Ĭontains functionality to instantiate COM classesĬode function: 1_2_004020 36 CoCreat eInstance, MultiByteT oWideChar,įile created: C:\Users\u ser\AppDat a\Local\Te mp\nsbADF7. 9.414.exeīinary or memory string: OriginalFi lenameAero. 9.414.exeīinary or memory string: OriginalFi lenamepunt o.exe> vs Punto.Swit cher.v3.4. 4.9.414.ex eīinary or memory string: OriginalFi lenamepsho ok.dll> vs Punto.Swi tcher.v3.4. 4.9.414.ex eīinary or memory string: OriginalFi lenameps64 ldr.exe> v s Punto.Sw itcher.v3. 9.414.exeīinary or memory string: OriginalFi lenamelayo uts.exe> v s Punto.Sw itcher.v3. 9.414.exeīinary or memory string: OriginalFi lenamediar y.exe> vs Punto.Swit cher.v3.4. 4.9.414.e xeīinary or memory string: OriginalFi lenamediar y.dll> vs Punto.Swit cher.v3.4. Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST 4.9.414.ex eĬode function: 1_2_004032 17 EntryPo int,#17,Se tErrorMode ,OleInitia lize,SHGet FileInfoA, GetCommand LineA,GetM oduleHandl eA,CharNex tA,GetTemp PathA,GetT empPathA,G etWindowsD irectoryA, lstrcatA,G etTempPath A,lstrcatA ,SetEnviro nmentVaria bleA,SetEn vironmentV ariableA,S etEnvironm entVariabl eA,DeleteF ileA,OleUn initialize ,ExitProce ss,lstrcat A,lstrcmpi A,CreateDi rectoryA,S etCurrentD irectoryA, DeleteFile A,CopyFile A,CloseHan dle,GetCur rentProces s,ExitWind owsEx,Exit Process, Source: C:\Users\u ser\Deskto p\Punto.Sw itcher.v3. Key, Mouse, Clipboard, Microphone and Screen Capturing:Ĭontains functionality to shutdown / reboot the system String found in binary or memory: .sy 07 String found in binary or memory: crl.ws.sym / tss-ca-g2. String found in binary or memory: aia.ws.sym / tss-ca-g2. String found in binary or memory: p.thawte.c om0 String found in binary or memory: s.sf.net/N SIS_ErrorE rror
String found in binary or memory: s.sf.net/N SIS_Error
0 kommentar(er)
