![]() Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Key, Mouse, Clipboard, Microphone and Screen Capturing:Ĭontains functionality to shutdown / reboot the systemĬode function: 1_2_004034 15 EntryPo int,#17,Se tErrorMode ,OleInitia lize,SHGet FileInfoW, GetCommand LineW,GetM oduleHandl eW,CharNex tW,GetTemp PathW,GetW indowsDire ctoryW,lst rcatW,Dele teFileW,Ol eUninitial ize,ExitPr ocess,lstr catW,lstrc mpiW,Creat eDirectory W,SetCurre ntDirector yW,DeleteF ileW,CopyF ileW,Close Handle,Get CurrentPro cess,ExitW indowsEx, Network traffic detected: HTTP traff ic on port 443 -> 49 715 Network traffic detected: HTTP traff ic on port 49715 -> 443 String found in binary or memory: w.imobie.j p/phonetra ns/specs.h tm ![]() String found in binary or memory: w.imobie.c om/phonetr ans/specs. String found in binary or memory: w.imobie.c om/fr/phon etrans/spe cs.htm String found in binary or memory: w.imobie.c om/de/phon etrans/spe cs.htm String found in binary or memory: w.imobie.c om/ar/phon etrans/spe cs.htm String found in binary or memory: od o.com/CPS0 L String found in binary or memory: / CPS0D String found in binary or memory: i.goog/rep ository/0 String found in binary or memory: p.sectigo. String found in binary or memory: p.pki.goog /gtsr100 String found in binary or memory: p.pki.goog /gts1c301 String found in binary or memory: p.pki.goog /gts1c3 String found in binary or memory: p.pki.goog /gsr10) String found in binary or memory: p.comodoca. String found in binary or memory: s.sf.net/N SIS_ErrorE rror String found in binary or memory: e.imobie.c om/phonetr ans-64.7zh ttp://dljp. sectigo.c om/Sectigo RSATimeSta mpingCA.cr t0# String found in binary or memory: s.pki.goog /gts1c3/fV JxbV-Ktmk. sectigo.c om/Sectigo RSATimeSta mpingCA.cr l0t ![]() com/COMODO RSAExtende dValidatio nCodeSigni ngCA.crl0 com/COMODO RSACertifi cationAuth ority.crl0 q JA3 SSL client fingerprint seen in connection with other malware ![]() 2.3:49715 version: TLS 1.2īinary string: C:\Users\s eaqi\Docum ents\iMobi e Product\ GoogleTrac ingLib\Rel ease\Googl eTracingLi b.pdb sour ce: phonet rans-en-ne w-setup.ex e, 0000000 1.00000002. Uses secure TLS version for HTTPS connections Static PE information: certificat e validįile opened: C:\Windows \SysWOW64\ MSVCR100.d ll Static PE information: 32BIT_MACH INE, EXECU TABLE_IMAG E, RELOCS_ STRIPPED ![]() Source: C:\Users\u ser\Deskto p\phonetra ns-en-new- setup.exe DLL planting / hijacking vulnerabilities found ![]()
0 Comments
Leave a Reply. |