text section and no other executable section Mutant created: \Sessions\ 1\BaseName dObjects\L ocal\SM0:6 008:120:Wi lError_01 Source: C:\Windows \System32\ conhost.ex e dllT vs Cl ean.exeĬlassification label: sus22.winE mutexes Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename vs Clean.exe String found in binary or memory: emas.xmlso ap.org/ws/ 2005/05/id entity/cla ims/name String found in binary or memory: tsu.best8 String found in binary or memory: tsu.best/s andboxtest /CLEAN/USB /O3OQ5529T MOYQI0Q2I4 H/HELLO String found in binary or memory: tsu.best/s andboxtest /CLEAN/USB /O3OQ5529T MOYQI0Q2I4 H/FAIL String found in binary or memory: tsu.best/s andboxtest /CLEAN/USB /O3OQ5529T MOYQI0Q2I4 H/BYE String found in binary or memory: tsu.best/s andboxtest / String found in binary or memory: tsu.best String found in binary or memory: ckip.dyndn s.org/ Tries to download or post to a non-existing http route (HTTP/1.1 404 Not Found / 503 Service Unavailable) HTTP traffic detected: GET /sandb oxtest/CLE AN/USB/O3O Q5529TMOYQ I0Q2I4H/BY E HTTP/1.1 Host: malt su.bestĭNS traffic detected: queries fo r: maltsu. HTTP traffic detected: GET /sandb oxtest/CLE AN/USB/O3O Q5529TMOYQ I0Q2I4H/FA IL HTTP/1. 1Host: ma ltsu.bestC onnection: Keep-Aliv e HTTP traffic detected: GET /sandb oxtest/CLE AN/USB/O3O Q5529TMOYQ I0Q2I4H/HE LLO HTTP/1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |