Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Virustotal: Detection: 36% |
Perma Link |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: |
Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Source: |
Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Code function: 2_2_00007FF7F43E2A2C DbgPrint,ExAllocatePoolWithTag,ZwQuerySystemInformation,ExFreePoolWithTag,ExFreePoolWithTag, |
2_2_00007FF7F43E2A2C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Code function: 2_2_00007FF7F43E1190: IoDriverObjectType,ObReferenceObjectByName,DbgPrint,ObfDereferenceObject,DbgPrint,IoDriverObjectType,ObReferenceObjectByName,DbgPrint,DbgPrint,IoEnumerateDeviceObjectList,ExAllocatePoolWithTag,IoEnumerateDeviceObjectList,IoGetAttachedDeviceReference,KeInitializeEvent,IoBuildDeviceIoControlRequest,IofCallDriver,KeWaitForSingleObject,DbgPrint,ObfDereferenceObject,DbgPrint,rand,ObfDereferenceObject,DbgPrint,DbgPrint,ExFreePoolWithTag,DbgPrint,DbgPrint,DbgPrint,ObfDereferenceObject,rand,DbgPrint, |
2_2_00007FF7F43E1190 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Code function: 2_2_00007FF7F43E1190 |
2_2_00007FF7F43E1190 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Code function: String function: 00007FF7F43E2DAD appears 42 times |
|
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Binary string: \Device\%ws |
Source: classification engine |
Classification label: mal48.winEXE@1/0@0/0 |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Virustotal: Detection: 36% |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Source: |
Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Static PE information: real checksum: 0x9e88 should be: 0x118c0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe |
Code function: 2_2_00007FF7F43E2DD4 cpuid |
2_2_00007FF7F43E2DD4 |