Hitachi SH big-endian COFF object, not stripped Name RT_STRING RVA 0x445e8 Size 0x7aa Type Hitachi SH big-endian COFF object, not stripped Language English Name RT_STRING RVA 0x43c40 Size 0x9a6 Type data Language English Name RT_STRING RVA 0x43958 Size 0x2e2 Type data Language English Name RT_STRING RVA 0x43880 Size 0xd2 Type AmigaOS bitmap font Language English Name RT_STRING RVA 0x42fd8 Size 0x8a2 Type data Language English Name RT_STRING RVA 0x42d60 Size 0x274 Type data Language English Name WEVT_TEMPLATE RVA 0x42888 Size 0x4d2 Type data Language English Name MUI RVA 0x45870 Size 0xf8 Type data Language English Sample was identified as clean by Antivirus engines Source Hybrid Analysis Technology relevance 1/10 Reads the active computer ( Show ( Show ( Show ( Show ( Show ( Show ( Show ( Show ( Show at ( Show ( Show ( Show ( Show ( Show ( Show ( Show ( Show ( Show ( Show Stream) The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. The input sample is signed with a certificate Masquerading occurs when the name or location of an executable, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation.įound a system process name at an unusual pathwayĬode signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Opens the Kernel Security Device Driver (KsecDD) of Windows Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |