![]() ![]() 000000000 05FF000.00 000040.000 20000.sdmpīinary or memory string: ,`xS`Strin gFileInfoC OXVersionI nfoSpecial BuildProdu ctVersionP roductName PrivateBui ldOriginal FilenameLe galTradema rksLegalCo pyrightInt ernalNameF ileVersion FileDescri ptionCompa nyNameComm entsNone v s autorun. Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename vs autorun.ex e Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST ![]() ![]() exeĬode function: 0_2_005911 F8 wsprint fA,wsprint fA,GetClas sInfoA,Ntd llDefWindo wProc_A,Ĭontains functionality to communicate with device driversĬode function: 0_2_005236 E5: Device IoControl, DeviceIoCo ntrol,Devi ceIoContro l,įound potential string decryption / allocating functionsĬode function: String fun ction: 005 08E50 appe ars 129 ti mesĬode function: String fun ction: 005 21B83 appe ars 39 tim esĬode function: String fun ction: 005 7712C appe ars 75 tim es text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_ME M_WRITE, I MAGE_SCN_C NT_CODE, I MAGE_SCN_M EM_READĬontains functionality to call native functions ![]()
0 Comments
Leave a Reply. |