37.0.svchost.exe.28291080000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
37.0.svchost.exe.28291080000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
37.0.svchost.exe.28291080000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
37.0.svchost.exe.28291080000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
37.2.svchost.exe.28291080000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
37.2.svchost.exe.28291080000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
37.2.svchost.exe.28291080000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
37.2.svchost.exe.28291080000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
35.0.svchost.exe.23e495b0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
35.0.svchost.exe.23e495b0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
35.0.svchost.exe.23e495b0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
35.0.svchost.exe.23e495b0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
41.0.svchost.exe.2b6680f0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
41.0.svchost.exe.2b6680f0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
41.0.svchost.exe.2b6680f0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
41.0.svchost.exe.2b6680f0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
24.0.svchost.exe.2468b5b0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
24.0.svchost.exe.2468b5b0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
24.0.svchost.exe.2468b5b0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
24.0.svchost.exe.2468b5b0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
41.2.svchost.exe.2b6680f0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
41.2.svchost.exe.2b6680f0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
41.2.svchost.exe.2b6680f0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
41.2.svchost.exe.2b6680f0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
29.0.svchost.exe.236f3940000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
29.0.svchost.exe.236f3940000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
29.0.svchost.exe.236f3940000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
29.0.svchost.exe.236f3940000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
34.0.svchost.exe.1af63d40000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
34.0.svchost.exe.1af63d40000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
34.0.svchost.exe.1af63d40000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
34.0.svchost.exe.1af63d40000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
27.0.svchost.exe.195990b0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
27.0.svchost.exe.195990b0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
27.0.svchost.exe.195990b0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
27.0.svchost.exe.195990b0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
24.2.svchost.exe.2468b5b0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
24.2.svchost.exe.2468b5b0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
24.2.svchost.exe.2468b5b0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
24.2.svchost.exe.2468b5b0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
30.0.svchost.exe.21bd8470000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
30.0.svchost.exe.21bd8470000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
30.0.svchost.exe.21bd8470000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
30.0.svchost.exe.21bd8470000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
30.2.svchost.exe.21bd8470000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
30.2.svchost.exe.21bd8470000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
30.2.svchost.exe.21bd8470000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
30.2.svchost.exe.21bd8470000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
15.2.svchost.exe.1b37c560000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
15.2.svchost.exe.1b37c560000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
15.2.svchost.exe.1b37c560000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
15.2.svchost.exe.1b37c560000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
20.0.svchost.exe.1dbfc920000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
20.0.svchost.exe.1dbfc920000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
20.0.svchost.exe.1dbfc920000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
20.0.svchost.exe.1dbfc920000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
22.0.svchost.exe.1b6d6000000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
22.0.svchost.exe.1b6d6000000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
22.0.svchost.exe.1b6d6000000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
22.0.svchost.exe.1b6d6000000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
26.0.svchost.exe.226f8d40000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
26.0.svchost.exe.226f8d40000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
26.0.svchost.exe.226f8d40000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
26.0.svchost.exe.226f8d40000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
29.2.svchost.exe.236f3940000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
29.2.svchost.exe.236f3940000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
29.2.svchost.exe.236f3940000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
29.2.svchost.exe.236f3940000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
35.2.svchost.exe.23e495b0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
35.2.svchost.exe.23e495b0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
35.2.svchost.exe.23e495b0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
35.2.svchost.exe.23e495b0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
36.2.svchost.exe.1dd8fdb0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
36.2.svchost.exe.1dd8fdb0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
36.2.svchost.exe.1dd8fdb0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
36.2.svchost.exe.1dd8fdb0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
10.2.rundll32.exe.4250000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x53366:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
10.2.rundll32.exe.4250000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
10.2.rundll32.exe.4250000.0.unpack | MALWARE_Win_Fabookie | Detects Fabookie / ElysiumStealer | ditekSHen | - 0x4c6e6:$s1: rwinssyslog
- 0x4caec:$s2: _kasssperskdy
- 0x4ca88:$s3: [Title:%s]
- 0x4cbfc:$s4: [Execute]
- 0x4cc10:$s5: [Snapshot]
- 0x4d484:$s6: Mozilla/4.0 (compatible)
- 0x4de3c:$s9: CUdpClient::Start
|
10.2.rundll32.exe.4250000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x4dcf4:$s1: -k netsvcs
- 0x4d484:$s3: Mozilla/4.0 (compatible)
- 0x4caec:$s4: _kasssperskdy
- 0x4c6e8:$s5: winssyslog
- 0x4da4c:$s6: LoaderDll%d
- 0x4c4c8:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x4c110:$s8: cmd.exe /c start chrome.exe
- 0x4c270:$s8: cmd.exe /c start msedge.exe
- 0x4c440:$s8: cmd.exe /c start firefox.exe
- 0x54f08:$f1: .?AVCHVncManager@@
- 0x55204:$f2: .?AVCNetstatManager@@
- 0x5525c:$f3: .?AVCTcpAgentListener@@
- 0x54ffc:$f4: .?AVIUdpClientListener@@
- 0x5541c:$f5: .?AVCShellManager@@
- 0x553e0:$f6: .?AVCScreenSpy@@
|
10.2.rundll32.exe.4250000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x4caec:$a: _kasssperskdy
- 0x4d6ae:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
36.0.svchost.exe.1dd8fdb0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
36.0.svchost.exe.1dd8fdb0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
36.0.svchost.exe.1dd8fdb0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
36.0.svchost.exe.1dd8fdb0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
33.0.svchost.exe.1e554740000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
33.0.svchost.exe.1e554740000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
33.0.svchost.exe.1e554740000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
33.0.svchost.exe.1e554740000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
21.0.svchost.exe.1f97f120000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
21.0.svchost.exe.1f97f120000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
21.0.svchost.exe.1f97f120000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
21.0.svchost.exe.1f97f120000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
13.2.svchost.exe.1a748340000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
13.2.svchost.exe.1a748340000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
13.2.svchost.exe.1a748340000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
13.2.svchost.exe.1a748340000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
34.2.svchost.exe.1af63d40000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
34.2.svchost.exe.1af63d40000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
34.2.svchost.exe.1af63d40000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
34.2.svchost.exe.1af63d40000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
22.2.svchost.exe.1b6d6000000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
22.2.svchost.exe.1b6d6000000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
22.2.svchost.exe.1b6d6000000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
22.2.svchost.exe.1b6d6000000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
20.2.svchost.exe.1dbfc920000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
20.2.svchost.exe.1dbfc920000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
20.2.svchost.exe.1dbfc920000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
20.2.svchost.exe.1dbfc920000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
26.2.svchost.exe.226f8d40000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
26.2.svchost.exe.226f8d40000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
26.2.svchost.exe.226f8d40000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
26.2.svchost.exe.226f8d40000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
31.2.svchost.exe.1f1ed200000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
31.2.svchost.exe.1f1ed200000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
31.2.svchost.exe.1f1ed200000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
31.2.svchost.exe.1f1ed200000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
13.2.svchost.exe.1a748340000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
13.2.svchost.exe.1a748340000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
13.2.svchost.exe.1a748340000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
13.2.svchost.exe.1a748340000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
27.2.svchost.exe.195990b0000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
27.2.svchost.exe.195990b0000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
27.2.svchost.exe.195990b0000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
27.2.svchost.exe.195990b0000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
25.0.svchost.exe.25139800000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
25.0.svchost.exe.25139800000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
25.0.svchost.exe.25139800000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
25.0.svchost.exe.25139800000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
11.0.svchost.exe.22baf530000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
11.0.svchost.exe.22baf530000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
11.0.svchost.exe.22baf530000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
11.0.svchost.exe.22baf530000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
31.0.svchost.exe.1f1ed200000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
31.0.svchost.exe.1f1ed200000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
31.0.svchost.exe.1f1ed200000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
31.0.svchost.exe.1f1ed200000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
29.2.svchost.exe.236f3940000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
29.2.svchost.exe.236f3940000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
29.2.svchost.exe.236f3940000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
29.2.svchost.exe.236f3940000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
25.0.svchost.exe.25139800000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
25.0.svchost.exe.25139800000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
25.0.svchost.exe.25139800000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
25.0.svchost.exe.25139800000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
27.2.svchost.exe.195990b0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
27.2.svchost.exe.195990b0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
27.2.svchost.exe.195990b0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
27.2.svchost.exe.195990b0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
22.2.svchost.exe.1b6d6000000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
22.2.svchost.exe.1b6d6000000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
22.2.svchost.exe.1b6d6000000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
22.2.svchost.exe.1b6d6000000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
41.2.svchost.exe.2b6680f0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
41.2.svchost.exe.2b6680f0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
41.2.svchost.exe.2b6680f0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
41.2.svchost.exe.2b6680f0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
33.0.svchost.exe.1e554740000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
33.0.svchost.exe.1e554740000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
33.0.svchost.exe.1e554740000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
33.0.svchost.exe.1e554740000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
33.2.svchost.exe.1e554740000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
33.2.svchost.exe.1e554740000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
33.2.svchost.exe.1e554740000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
33.2.svchost.exe.1e554740000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
24.0.svchost.exe.2468b5b0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
24.0.svchost.exe.2468b5b0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
24.0.svchost.exe.2468b5b0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
24.0.svchost.exe.2468b5b0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
24.2.svchost.exe.2468b5b0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
24.2.svchost.exe.2468b5b0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
24.2.svchost.exe.2468b5b0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
24.2.svchost.exe.2468b5b0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
30.0.svchost.exe.21bd8470000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
30.0.svchost.exe.21bd8470000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
30.0.svchost.exe.21bd8470000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
30.0.svchost.exe.21bd8470000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
34.2.svchost.exe.1af63d40000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
34.2.svchost.exe.1af63d40000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
34.2.svchost.exe.1af63d40000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
34.2.svchost.exe.1af63d40000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
25.2.svchost.exe.25139800000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
25.2.svchost.exe.25139800000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
25.2.svchost.exe.25139800000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
25.2.svchost.exe.25139800000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
15.0.svchost.exe.1b37c560000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
15.0.svchost.exe.1b37c560000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
15.0.svchost.exe.1b37c560000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
15.0.svchost.exe.1b37c560000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
30.2.svchost.exe.21bd8470000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
30.2.svchost.exe.21bd8470000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
30.2.svchost.exe.21bd8470000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
30.2.svchost.exe.21bd8470000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
21.2.svchost.exe.1f97f120000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
21.2.svchost.exe.1f97f120000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
21.2.svchost.exe.1f97f120000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
21.2.svchost.exe.1f97f120000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
35.0.svchost.exe.23e495b0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
35.0.svchost.exe.23e495b0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
35.0.svchost.exe.23e495b0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
35.0.svchost.exe.23e495b0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
11.0.svchost.exe.22baf530000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
11.0.svchost.exe.22baf530000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
11.0.svchost.exe.22baf530000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
11.0.svchost.exe.22baf530000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
21.0.svchost.exe.1f97f120000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
21.0.svchost.exe.1f97f120000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
21.0.svchost.exe.1f97f120000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
21.0.svchost.exe.1f97f120000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
11.2.svchost.exe.22baf530000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
11.2.svchost.exe.22baf530000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
11.2.svchost.exe.22baf530000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
11.2.svchost.exe.22baf530000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
25.2.svchost.exe.25139800000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
25.2.svchost.exe.25139800000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
25.2.svchost.exe.25139800000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
25.2.svchost.exe.25139800000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
15.0.svchost.exe.1b37c560000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
15.0.svchost.exe.1b37c560000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
15.0.svchost.exe.1b37c560000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
15.0.svchost.exe.1b37c560000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
26.2.svchost.exe.226f8d40000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
26.2.svchost.exe.226f8d40000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
26.2.svchost.exe.226f8d40000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
26.2.svchost.exe.226f8d40000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
31.2.svchost.exe.1f1ed200000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
31.2.svchost.exe.1f1ed200000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
31.2.svchost.exe.1f1ed200000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
31.2.svchost.exe.1f1ed200000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
35.2.svchost.exe.23e495b0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
35.2.svchost.exe.23e495b0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
35.2.svchost.exe.23e495b0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
35.2.svchost.exe.23e495b0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
20.2.svchost.exe.1dbfc920000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
20.2.svchost.exe.1dbfc920000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
20.2.svchost.exe.1dbfc920000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
20.2.svchost.exe.1dbfc920000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
21.2.svchost.exe.1f97f120000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
21.2.svchost.exe.1f97f120000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
21.2.svchost.exe.1f97f120000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
21.2.svchost.exe.1f97f120000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
36.2.svchost.exe.1dd8fdb0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
36.2.svchost.exe.1dd8fdb0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
36.2.svchost.exe.1dd8fdb0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
36.2.svchost.exe.1dd8fdb0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
37.0.svchost.exe.28291080000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
37.0.svchost.exe.28291080000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
37.0.svchost.exe.28291080000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
37.0.svchost.exe.28291080000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
36.0.svchost.exe.1dd8fdb0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
36.0.svchost.exe.1dd8fdb0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
36.0.svchost.exe.1dd8fdb0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
36.0.svchost.exe.1dd8fdb0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
31.0.svchost.exe.1f1ed200000.0.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6506e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
31.0.svchost.exe.1f1ed200000.0.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
31.0.svchost.exe.1f1ed200000.0.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x58c08:$s1: -k netsvcs
- 0x583c8:$s3: Mozilla/4.0 (compatible)
- 0x576f0:$s4: _kasssperskdy
- 0x56d88:$s5: winssyslog
- 0x58950:$s6: LoaderDll%d
- 0x56c60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x56890:$s8: cmd.exe /c start chrome.exe
- 0x569f0:$s8: cmd.exe /c start msedge.exe
- 0x56bd0:$s8: cmd.exe /c start firefox.exe
- 0x66ef0:$f1: .?AVCHVncManager@@
- 0x672d8:$f2: .?AVCNetstatManager@@
- 0x67348:$f3: .?AVCTcpAgentListener@@
- 0x671c8:$f4: .?AVIUdpClientListener@@
- 0x67578:$f5: .?AVCShellManager@@
- 0x67528:$f6: .?AVCScreenSpy@@
|
31.0.svchost.exe.1f1ed200000.0.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x576f0:$a: _kasssperskdy
- 0x5861e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
26.0.svchost.exe.226f8d40000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
26.0.svchost.exe.226f8d40000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
26.0.svchost.exe.226f8d40000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
26.0.svchost.exe.226f8d40000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
34.0.svchost.exe.1af63d40000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
20.0.svchost.exe.1dbfc920000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
20.0.svchost.exe.1dbfc920000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
20.0.svchost.exe.1dbfc920000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
20.0.svchost.exe.1dbfc920000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
34.0.svchost.exe.1af63d40000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
34.0.svchost.exe.1af63d40000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
34.0.svchost.exe.1af63d40000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
15.2.svchost.exe.1b37c560000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
15.2.svchost.exe.1b37c560000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
15.2.svchost.exe.1b37c560000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
15.2.svchost.exe.1b37c560000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
37.2.svchost.exe.28291080000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
37.2.svchost.exe.28291080000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
37.2.svchost.exe.28291080000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
37.2.svchost.exe.28291080000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
11.2.svchost.exe.22baf530000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
11.2.svchost.exe.22baf530000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
11.2.svchost.exe.22baf530000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
11.2.svchost.exe.22baf530000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
22.0.svchost.exe.1b6d6000000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
22.0.svchost.exe.1b6d6000000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
22.0.svchost.exe.1b6d6000000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
22.0.svchost.exe.1b6d6000000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
27.0.svchost.exe.195990b0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
27.0.svchost.exe.195990b0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
27.0.svchost.exe.195990b0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
27.0.svchost.exe.195990b0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
29.0.svchost.exe.236f3940000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
29.0.svchost.exe.236f3940000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
29.0.svchost.exe.236f3940000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
29.0.svchost.exe.236f3940000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
33.2.svchost.exe.1e554740000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
33.2.svchost.exe.1e554740000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
33.2.svchost.exe.1e554740000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
33.2.svchost.exe.1e554740000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
41.0.svchost.exe.2b6680f0000.0.raw.unpack | SUSP_XORed_MSDOS_Stub_Message | Detects suspicious XORed MSDOS stub message | Florian Roth | - 0x6646e:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
|
41.0.svchost.exe.2b6680f0000.0.raw.unpack | JoeSecurity_ManusCrypt | Yara detected ManusCrypt | Joe Security | |
41.0.svchost.exe.2b6680f0000.0.raw.unpack | MALWARE_Win_Chebka | Detects Chebka | ditekSHen | - 0x59e08:$s1: -k netsvcs
- 0x595c8:$s3: Mozilla/4.0 (compatible)
- 0x588f0:$s4: _kasssperskdy
- 0x57f88:$s5: winssyslog
- 0x59b50:$s6: LoaderDll%d
- 0x57e60:$s7: cmd.exe /c rundll32.exe shell32.dll,
- 0x57a90:$s8: cmd.exe /c start chrome.exe
- 0x57bf0:$s8: cmd.exe /c start msedge.exe
- 0x57dd0:$s8: cmd.exe /c start firefox.exe
- 0x682f0:$f1: .?AVCHVncManager@@
- 0x686d8:$f2: .?AVCNetstatManager@@
- 0x68748:$f3: .?AVCTcpAgentListener@@
- 0x685c8:$f4: .?AVIUdpClientListener@@
- 0x68978:$f5: .?AVCShellManager@@
- 0x68928:$f6: .?AVCScreenSpy@@
|
41.0.svchost.exe.2b6680f0000.0.raw.unpack | Windows_Trojan_Generic_a681f24a | unknown | unknown | - 0x588f0:$a: _kasssperskdy
- 0x5981e:$c: {SDTB8HQ9-96HV-S78H-Z3GI-J7UCTY784HHC}
|
Click to see the 296 entries |