1.2.40987654323456789098746789098765432345678.exe.3565bbc.5.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.2.40987654323456789098746789098765432345678.exe.49a068c.8.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.2.40987654323456789098746789098765432345678.exe.4a4248c.10.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.0.40987654323456789098746789098765432345678.exe.400000.3.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.3.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2aca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ada9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adeb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.415058.11.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.11.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.11.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.415058.11.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.415058.11.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.4356e4.1.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.2.40987654323456789098746789098765432345678.exe.3545530.6.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.3545530.6.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.3545530.6.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.3545530.6.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.3545530.6.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.4a20000.9.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4a20000.9.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4a20000.9.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.4a20000.9.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.4a20000.9.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.49a068c.8.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.49a068c.8.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.49a068c.8.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.49a068c.8.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.49a068c.8.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.10.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.4356e4.10.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.6.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.6.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.6.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.6.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.6.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.10.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.10.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.10.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.13.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.4356e4.13.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.4356e4.13.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.13.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.13.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.415058.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.415058.0.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.415058.0.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.415058.0.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.415058.0.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
0.2.40987654323456789098746789098765432345678.exe.1ae91ae4.3.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.0.40987654323456789098746789098765432345678.exe.415058.14.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.14.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.14.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.415058.14.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.415058.14.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.7.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.7.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.7.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.7.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.7.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.415058.14.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.14.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.14.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.415058.14.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.415058.14.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.9.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.9.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.9.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.9.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.9.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.4980000.7.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4980000.7.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4980000.7.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.4980000.7.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.4980000.7.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.4a4248c.10.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4a4248c.10.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4a4248c.10.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.4a4248c.10.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.4a4248c.10.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.13.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.0.40987654323456789098746789098765432345678.exe.4356e4.10.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
1.0.40987654323456789098746789098765432345678.exe.400000.8.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.8.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.8.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.8.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.8.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.783060.3.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.783060.3.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.783060.3.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.783060.3.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.783060.3.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.12.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.12.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.12.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.12.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.12.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.400000.2.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.400000.2.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.400000.2.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.400000.2.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.400000.2.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.5.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.5.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.5.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.5.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.5.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.1.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.1.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2aca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ada9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adeb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.7a36ec.4.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2c69:$s6: get_logins
- 0x403e:$pdb: \Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb
|
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.415058.0.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.415058.0.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.415058.0.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.415058.0.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.415058.0.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.783060.3.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.783060.3.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.783060.3.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.783060.3.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.783060.3.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.2.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.2.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2aca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ada9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adeb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.400000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.0.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x2aca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2acf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ad7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ada9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2adeb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2ae82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2aee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x2af9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.3565bbc.5.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.3565bbc.5.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.3565bbc.5.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.3565bbc.5.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.3565bbc.5.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.400000.2.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.400000.2.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.400000.2.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7f691:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.400000.2.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x63f1b:$s1: UnHook
- 0x63eb7:$s2: SetHook
- 0x63ef0:$s3: CallNextHook
- 0x4a43b:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.400000.2.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x478a7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x478d6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x478f8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47918:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x4793d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x4797a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x479a9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x479cb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x479eb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47a10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47a31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47a60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47a82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47aa2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47ac7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47ae8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47b17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47b39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47b59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47b7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x47b9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.0.40987654323456789098746789098765432345678.exe.415058.11.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.11.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.415058.11.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.415058.11.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.415058.11.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
0.2.40987654323456789098746789098765432345678.exe.1ae91ae4.3.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae91ae4.3.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae91ae4.3.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
0.2.40987654323456789098746789098765432345678.exe.1ae91ae4.3.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
0.2.40987654323456789098746789098765432345678.exe.1ae91ae4.3.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.4.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.4.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.0.40987654323456789098746789098765432345678.exe.400000.4.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x7ba91:$s1: Beds Protector v
|
1.0.40987654323456789098746789098765432345678.exe.400000.4.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x6031b:$s1: UnHook
- 0x602b7:$s2: SetHook
- 0x602f0:$s3: CallNextHook
- 0x4683b:$s4: _hook
|
1.0.40987654323456789098746789098765432345678.exe.400000.4.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x43ca7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cd6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43cf8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d18:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d3d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43d7a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43da9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43dcb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43deb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e10:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e31:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e60:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43e82:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ea2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ec7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43ee8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f17:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f39:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f59:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x43f9f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.4980000.7.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4980000.7.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4980000.7.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.4980000.7.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.4980000.7.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x77e91:$s1: Beds Protector v
|
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x5c71b:$s1: UnHook
- 0x5c6b7:$s2: SetHook
- 0x5c6f0:$s3: CallNextHook
- 0x42c3b:$s4: _hook
|
0.2.40987654323456789098746789098765432345678.exe.1ae60000.5.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x400a7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x400d6:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x400f8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40118:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x4013d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x4017a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x401a9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x401cb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x401eb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40210:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40231:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40260:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40282:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x402a2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x402c7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x402e8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40317:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40339:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x40359:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x4037e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x4039f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x6a639:$s1: Beds Protector v
|
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4eec3:$s1: UnHook
- 0x4ee5f:$s2: SetHook
- 0x4ee98:$s3: CallNextHook
- 0x353e3:$s4: _hook
|
0.2.40987654323456789098746789098765432345678.exe.1ae71458.4.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x3284f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x3287e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328a0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328c0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x328e5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32922:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32951:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32973:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32993:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329b8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x329d9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32a90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32abf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32ae1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x32b47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.4356e4.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4356e4.1.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.3545530.6.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.3545530.6.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.4356e4.1.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.4356e4.1.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.4356e4.1.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.3545530.6.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x68839:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.3545530.6.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x4d0c3:$s1: UnHook
- 0x4d05f:$s2: SetHook
- 0x4d098:$s3: CallNextHook
- 0x335e3:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.3545530.6.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x30a4f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30a7e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30aa0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ac0:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ae5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b22:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b51:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b73:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30b93:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bb8:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30bd9:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c08:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c2a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c4a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c6f:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30c90:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30cbf:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30ce1:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d01:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d26:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x30d47:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
1.2.40987654323456789098746789098765432345678.exe.7a36ec.4.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.7a36ec.4.raw.unpack | JoeSecurity_BedsObfuscator | Yara detected Beds Obfuscator | Joe Security | |
1.2.40987654323456789098746789098765432345678.exe.7a36ec.4.raw.unpack | INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector | Detects executables packed with ConfuserEx Mod Beds Protector | ditekSHen | - 0x49fad:$s1: Beds Protector v
|
1.2.40987654323456789098746789098765432345678.exe.7a36ec.4.raw.unpack | INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen | - 0x2e837:$s1: UnHook
- 0x2e7d3:$s2: SetHook
- 0x2e80c:$s3: CallNextHook
- 0x14d57:$s4: _hook
|
1.2.40987654323456789098746789098765432345678.exe.7a36ec.4.raw.unpack | MALWARE_Win_Matiex | Matiex/XetimaLogger keylogger payload | ditekSHen | - 0x121c3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x121f2:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12214:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12234:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12259:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12296:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122c5:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x122e7:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12307:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1232c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1234d:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1237c:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1239e:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123be:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x123e3:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12404:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12433:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12455:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x12475:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x1249a:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
- 0x124bb:$id: --M-A-T-I-E-X--K-E-Y-L-O-G-E-R--
|
Click to see the 181 entries |