Queries disk information (often used to detect virtual machines) PE file contains executable resources (Code or Archives) OS version to string mapping found (often used in BOTs) system language)Ĭontains functionality to check if a window is minimized (may be used to check if an application is visible)Ĭontains functionality to communicate with device driversĬontains functionality to detect sandboxes (mouse cursor move detection)Ĭontains functionality to launch a program with higher privilegesĬontains functionality to record screenshotsĬontains functionality to retrieve information about pressed keystrokesĬontains functionality to shutdown / reboot the systemĬreates a DirectInput object (often for capturing keystrokes)ĭropped file seen in connection with other malwareįound dropped PE file which has not been started or loadedįound potential string decryption / allocating functions Submitted sample is a known malware sampleĬontain functionality to detect virtual machinesĬontains functionality to infect the boot sectorĬhecks for available system drives (often done to infect USB drives)Ĭontains functionality locales information (e.g. Multi AV Scanner detection for submitted file Multi AV Scanner detection for dropped file
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |