14.2.build3.exe.400000.0.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
14.2.build3.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
14.2.build3.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
29.2.mstsca.exe.9715a0.1.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
29.2.mstsca.exe.9715a0.1.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
29.2.mstsca.exe.9715a0.1.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
20.2.mstsca.exe.400000.0.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
20.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
20.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
27.2.mstsca.exe.400000.0.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
27.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
27.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
11.2.build3.exe.8115a0.1.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
11.2.build3.exe.8115a0.1.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
11.2.build3.exe.8115a0.1.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
27.2.mstsca.exe.400000.0.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
27.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
27.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
31.2.mstsca.exe.9315a0.1.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
31.2.mstsca.exe.9315a0.1.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
31.2.mstsca.exe.9315a0.1.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
11.2.build3.exe.8115a0.1.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
11.2.build3.exe.8115a0.1.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
26.2.mstsca.exe.23115a0.1.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
26.2.mstsca.exe.23115a0.1.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
26.2.mstsca.exe.23115a0.1.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
30.2.mstsca.exe.400000.0.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
30.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
30.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
9.2.build2.exe.400000.0.unpack | JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | |
8.2.build2.exe.35a15a0.1.raw.unpack | JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | |
9.2.build2.exe.400000.0.raw.unpack | JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | |
8.2.build2.exe.35a15a0.1.unpack | JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | |
30.2.mstsca.exe.400000.0.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
30.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
30.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
32.2.mstsca.exe.400000.0.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
32.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
32.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
32.2.mstsca.exe.400000.0.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
32.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
32.2.mstsca.exe.400000.0.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
29.2.mstsca.exe.9715a0.1.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
29.2.mstsca.exe.9715a0.1.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
20.2.mstsca.exe.400000.0.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
20.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
20.2.mstsca.exe.400000.0.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
17.2.mstsca.exe.9715a0.1.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
17.2.mstsca.exe.9715a0.1.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
24.2.UXNob1Dp32.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
24.2.UXNob1Dp32.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
24.2.UXNob1Dp32.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
26.2.mstsca.exe.23115a0.1.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
26.2.mstsca.exe.23115a0.1.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
14.2.build3.exe.400000.0.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
14.2.build3.exe.400000.0.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
14.2.build3.exe.400000.0.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
10.2.UXNob1Dp32.exe.5db15a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
10.2.UXNob1Dp32.exe.5db15a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
10.2.UXNob1Dp32.exe.5db15a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
31.2.mstsca.exe.9315a0.1.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
31.2.mstsca.exe.9315a0.1.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
17.2.mstsca.exe.9715a0.1.raw.unpack | JoeSecurity_Clipboard_Hijacker | Yara detected Clipboard Hijacker | Joe Security | |
17.2.mstsca.exe.9715a0.1.raw.unpack | Windows_Trojan_Clipbanker_f9f9e79d | unknown | unknown | - 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
|
17.2.mstsca.exe.9715a0.1.raw.unpack | Windows_Trojan_Clipbanker_787b130b | unknown | unknown | - 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
- 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
- 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
- 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
|
5.2.UXNob1Dp32.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
5.2.UXNob1Dp32.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
5.2.UXNob1Dp32.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
6.2.UXNob1Dp32.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
6.2.UXNob1Dp32.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
6.2.UXNob1Dp32.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
24.2.UXNob1Dp32.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
24.2.UXNob1Dp32.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
24.2.UXNob1Dp32.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
12.2.UXNob1Dp32.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
12.2.UXNob1Dp32.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
12.2.UXNob1Dp32.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
23.2.UXNob1Dp32.exe.5de15a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
23.2.UXNob1Dp32.exe.5de15a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
23.2.UXNob1Dp32.exe.5de15a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
6.2.UXNob1Dp32.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
6.2.UXNob1Dp32.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
6.2.UXNob1Dp32.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
4.2.UXNob1Dp32.exe.5dc15a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
4.2.UXNob1Dp32.exe.5dc15a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
4.2.UXNob1Dp32.exe.5dc15a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
23.2.UXNob1Dp32.exe.5de15a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
23.2.UXNob1Dp32.exe.5de15a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
23.2.UXNob1Dp32.exe.5de15a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
5.2.UXNob1Dp32.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
5.2.UXNob1Dp32.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
5.2.UXNob1Dp32.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
3.2.UXNob1Dp32.exe.5e515a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
3.2.UXNob1Dp32.exe.5e515a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
3.2.UXNob1Dp32.exe.5e515a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
3.2.UXNob1Dp32.exe.5e515a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
3.2.UXNob1Dp32.exe.5e515a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
3.2.UXNob1Dp32.exe.5e515a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
1.2.UXNob1Dp32.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
1.2.UXNob1Dp32.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
1.2.UXNob1Dp32.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
12.2.UXNob1Dp32.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
12.2.UXNob1Dp32.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
12.2.UXNob1Dp32.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
1.2.UXNob1Dp32.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
1.2.UXNob1Dp32.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
1.2.UXNob1Dp32.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
0.2.UXNob1Dp32.exe.5e315a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
0.2.UXNob1Dp32.exe.5e315a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
0.2.UXNob1Dp32.exe.5e315a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
10.2.UXNob1Dp32.exe.5db15a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
10.2.UXNob1Dp32.exe.5db15a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
10.2.UXNob1Dp32.exe.5db15a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
0.2.UXNob1Dp32.exe.5e315a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
0.2.UXNob1Dp32.exe.5e315a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
0.2.UXNob1Dp32.exe.5e315a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
4.2.UXNob1Dp32.exe.5dc15a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
4.2.UXNob1Dp32.exe.5dc15a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
4.2.UXNob1Dp32.exe.5dc15a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
Click to see the 114 entries |