Source: C:\Users\u ser\AppDat a\Local\Te mp\is-2EKD I.tmp\Free Mind-Windo ws-Install er-1.0.1-m ax-java-in staller-em bedded.tmpĬode function: 15_2_00452 A60 FindFi rstFileA,G etLastErro r,Ĭode function: 15_2_00474 F88 FindFi rstFileA,F indNextFil eA,FindClo se,Ĭode function: 15_2_00498 0A4 FindFi rstFileA,S etFileAttr ibutesA,Fi ndNextFile A,FindClos e,Ĭode function: 15_2_00464 158 SetErr orMode,Fin dFirstFile A,FindNext FileA,Find Close,SetE rrorMode,Ĭode function: 15_2_00462 750 FindFi rstFileA,F indNextFil eA,FindClo se,Ĭode function: 15_2_00463 CDC SetErr orMode,Fin dFirstFile A,FindNext FileA,Find Close,SetE rrorMode, Source: C:\Users\u ser\AppDat a\Local\Te mp\is-O1NK K.tmp\Free Mind-Windo ws-Install er-1.0.1-m ax-java-in staller-em bedded.tmpĬode function: 8_2_00452A 60 FindFir stFileA,Ge tLastError ,Ĭode function: 8_2_00474F 88 FindFir stFileA,Fi ndNextFile A,FindClos e,Ĭode function: 8_2_004980 A4 FindFir stFileA,Se tFileAttri butesA,Fin dNextFileA ,FindClose ,Ĭode function: 8_2_004641 58 SetErro rMode,Find FirstFileA ,FindNextF ileA,FindC lose,SetEr rorMode,Ĭode function: 8_2_004627 50 FindFir stFileA,Fi ndNextFile A,FindClos e,Ĭode function: 8_2_00463C DC SetErro rMode,Find FirstFileA ,FindNextF ileA,FindC lose,SetEr rorMode, Source: 0.2.FreeMi nd-Windows -Installer -1.0.1-max -java-inst aller-embe dded.exe.4 00000.1.un packĬontains functionality to enumerate / list files inside a directory Source: 9.2.FreeMi nd-Windows -Installer -1.0.1-max -java-inst aller-embe dded.exe.4 00000.1.un pack Source: 14.2.FreeM ind-Window s-Installe r-1.0.1-ma x-java-ins taller-emb edded.exe. Source: 15.2.FreeM ind-Window s-Installe r-1.0.1-ma x-java-ins taller-emb edded.tmp. Source: 0.0.FreeMi nd-Windows -Installer -1.0.1-max -java-inst aller-embe dded.exe.4 00000.0.un pack Source: 9.0.FreeMi nd-Windows -Installer -1.0.1-max -java-inst aller-embe dded.exe.4 00000.0.un pack Source: 14.0.FreeM ind-Window s-Installe r-1.0.1-ma x-java-ins taller-emb edded.exe. Source: 16.2.FreeM ind-Window s-Installe r-1.0.1-ma x-java-ins taller-emb edded.tmp. Source: 8.2.FreeMi nd-Windows -Installer -1.0.1-max -java-inst aller-embe dded.tmp.4 00000.0.un pack Uses code obfuscation techniques (call, push, ret) Sample file is different than original file name gathered from version info Queries the volume information (name, serial number etc) of a device PE file contains executable resources (Code or Archives) system language)Ĭontains functionality to call native functionsĬontains functionality to check if a window is minimized (may be used to check if an application is visible)Ĭontains functionality to communicate with device driversĬontains functionality to dynamically determine API callsĬontains functionality to launch a program with higher privilegesĬontains functionality to shutdown / reboot the systemĬontains functionality which may be used to detect a debugger (GetProcessHeap)Įxtensive use of GetProcAddress (often used to hide API calls)įound dropped PE file which has not been started or loadedįound potential string decryption / allocating functions Antivirus or Machine Learning detection for unpacked fileĬontains functionality locales information (e.g.
0 Comments
Leave a Reply. |