Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers
text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section Source: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er +11 MrA ntiFun.EXEīinary contains device paths (device paths are often used for kernel mode user mode communication)īinary contains paths to development resourcesĬlassification label: mal64.evad temporary filesįile created: C:\Users\u ser~1\AppD ata\Local\ Temp\cetra iners Source: C:\Users\u ser\Deskto p\Stranded Deep V0.4 8.00 64Bit Trainer + 11 MrAntiF un.EXE Static PE information: Resource n ame: RT_RC DATA type: PE32 exec utable (GU I) In(stri pped to ex ternal PDB ), for MS Windows PE file contains executable resources (Code or Archives) Source: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\extr acted\Stra nded Deep V0.48.00 6 4Bit Train er +11 MrA ntiFun.EXE
Key, Mouse, Clipboard, Microphone and Screen Capturing:ĭropped file seen in connection with other malwareĭropped File: C:\Users\u ser\AppDat a\Local\Te mp\cetrain ers\CET6C4 D.tmp\Stra nded Deep V0.48.00 6 4Bit Train er +11 MrA ntiFun.EXE CD86234CF 14DFC0E66A E9E575326F D0CF74723A 5A60337F70 79C0540B6D A5C8B String found in binary or memory: w.paypal.c om/xclick/ business=d ark_byte%4 0hotmail.c om&no_note =1&tax=0&l c=USopenht tp://cheat String found in binary or memory: w.paypal.c om/xclick/ business=d ark_byte%4 0hotmail.c om&no_note =1&tax=0&l c=US String found in binary or memory: w.globalsi gn.com/rep ository/03 String found in binary or memory: w.globalsi gn.com/rep ository/0 String found in binary or memory: ure.global /c acert/gsti mestamping g2.crt0 String found in binary or memory: ure.global /c acert/gsco designg2.c rt04 String found in binary or memory: p2.globals ign.com/gs codesigng2 0 String found in binary or memory: um.cheaten / globalsig n.com/gs/g stimestamp ingg2.crl0 T String found in binary or memory: atengine.o rg/