Queries the volume information (name, serial number etc) of a device PE file contains sections with non-standard names May sleep (evasive loops) to hinder dynamic analysis JA3 SSL client fingerprint seen in connection with other malware IP address seen in connection with other malware Detected unpacking (creates a PE file in dynamic memory)Ĭontains functionality for read data from the clipboardĬontains functionality to detect virtual machines (SLDT)Ĭontains functionality to shutdown / reboot the systemĬreates a process in suspended mode (likely to inject code)įound dropped PE file which has not been started or loaded
0 Comments
Leave a Reply. |