Windows Malware Firewall
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]
FakeAV - Live Security Platinum
jest klonem rodziny (Smart Fortress 2012, Smart Protection 2012, Personal Shield Pro)
Checked for debuggers
Created process: (null),"C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe" "C:\Users\tachion\Desktop\malware\37FA582FFBC21D53EED54EF8B7D85EBD\37FA582FFBC21D53EED54EF8B7D85EBD.exe",(null)
Defined file type created: C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\luafv\Start = 00000001
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RunOnce\F4D55F3B0010870E64318881B4EB238B = C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe
Detected keylogger functionality
Detected process privilege elevation
Enumerated running processes
File copied itself
File deleted itself
Got computer name
Got user name information
Got volume information
Internet connection: Connects to "113.10.173.15" on port 65243.
Listed all entry names in a remote access phone book
Opened a service named: rasman
Opened a service named: Sens
Security Center settings change: machine\software\microsoft\security center\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\updatesdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\updatesdisablenotify = 00000001
VT - 0
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]