Source: C:\Program Files (x8 6)\Dopewar s\WiseUpdt. exeĬode function: 0_2_1000CD 3A: DiskPr ompt,_lclo se,wsprint fA,wsprint fA,GetModu leFileName A,lstrcpyA ,lstrlenA, wsprintfA, lstrcpyA,l strcatA,ls trcpyA,lst rcatA,wspr intfA,GetD riveTypeA, wsprintfA, CreateFile A,DeviceIo Control,Cl oseHandle, _lopen,Get DlgItemTex tA,Message Beep,wspri ntfA,CopyD lg,CreateD ialogParam A,SetDlgIt emTextA,Sh owWindow,E nableWindo w,UpdateSc reen,Ĭontains functionality to shutdown / reboot the systemĬode function: 0_2_004021 AF EntryPo int,SetErr orMode,Get CommandLin eA,GetModu leHandleA, GetModuleF ileNameA,l strcpyA,_l open,_llse ek,_llseek ,_lread,_l read,_lrea d,_lread,_ lopen,_lls eek,_lclos e,_lread,_ lread,_lre ad,_lread, _lread,_lr ead,Global Alloc,Glob alAlloc,Gl obalLock,_ llseek,_ll seek,_llse ek,wsprint fA,GlobalA lloc,Globa lLock,_lcr eat,_lclos e,_lclose, _lopen,_lc lose,wspri ntfA,LoadL ibraryA,Ge tProcAddre ss,GetProc Address,Ge tProcAddre ss,GetProc Address,Ge tProcAddre ss,GetProc Address,Ge tProcAddre ss,WiseMai n,MessageB oxA,FreeLi brary,Open File,Delet eObject,Ge tVersionEx A,GetCurre ntProcess, OpenProces sToken,Loo kupPrivile geValueA,A djustToken Privileges ,ExitWindo wsEx,WinEx ec,ExitPro cess, Source: C:\Users\u ser\Deskto p\dopedope. planetdop / /downloads /dopewars/ dwupdate.i ni/downloa ds/dopewar sCheckĬontains functionality to communicate with device drivers planetdop / /downloads /dopewars/ dwupdate.i ni String found in binary or memory: ckle.gator. String found in binary or memory: HTTP:///SERVWAREA PPS. com repla ycode: Nam e error (3 )ĭNS traffic detected: queries fo r: gs.gato r.com replaycode : Name err or (3)ĭNS traffic detected: query: tri ckle.gator. Tries to resolve domain names, but no domain seems valid (expired dropper behavior)ĭNS traffic detected: query: gs. Standard Non-Application Layer Protocol 1 Remotely Track Device Without Authorization Timeout during Intezer genetic analysis for unpackpe/0.2.dopedope.exe.48d0000.4.unpackĮavesdrop on Insecure Network Communication.Timeout during Intezer genetic analysis for /opt/package/joesandbox/database/analysis/213661/sample/dopedope.exe.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size exceeded maximum capacity and may have missing behavior information.Execution Graph export aborted for target Trickler_PIC_Beermat_Dopewars.exe, PID 4788 because there are no executed function.Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, CompatTelRunner.exe.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |