String found in binary or memory: nload.pdff /d ownload/pd farchitect /PDFArchit ect-stable ?downloadB String found in binary or memory: nload.pdff /d ownload/pd farchitect /PDFArchit ect-stable ?download String found in binary or memory: l./ rfc/cookie _spec.html String found in binary or memory: g2-crl.tha wte.com/Th awteCSG2.c rl0 HTTP traffic detected: GET /downl oad/pdfarc hitect/PDF Architect- stable?dow nload HTTP /1.0Host: download.p dfforge.or gUser-Agen t: InnoToo ls_Downloa derĭNS traffic detected: queries fo r: update. HTTP traffic detected: GET /pdfcr eator/upda te-info.tx t HTTP/1.0 Host: upda te.pdfforg e.orgUser- Agent: Inn oTools_Dow nloader IP address seen in connection with other malware Source: C:\Windows \SysWOW64\ rundll32.e xeĬode function: 5_2_6D5C88 AA GetEnvi ronmentVar iableW,Get Environmen tVariableW ,GetEnviro nmentVaria bleW,FindF irstFileW, FindNextFi leW,FindCl ose, Source: C:\Users\u ser\AppDat a\Local\Te mp\is-QEDT 4.tmp\Down loadUpdate Info.tmpĬode function: 4_2_00452A 60 FindFir stFileA,Ge tLastError ,Ĭode function: 4_2_004980 A4 FindFir stFileA,Se tFileAttri butesA,Fin dNextFileA ,FindClose ,Ĭode function: 4_2_004641 58 SetErro rMode,Find FirstFileA ,FindNextF ileA,FindC lose,SetEr rorMode,Ĭode function: 4_2_004627 50 FindFir stFileA,Fi ndNextFile A,FindClos e,Ĭode function: 4_2_00474F 88 FindFir stFileA,Fi ndNextFile A,FindClos e, Source: C:\Users\u ser\AppDat a\Local\Te mp\is-C3P0 L.tmp\PDFC reator-1_5 _0_setup.t mpĬode function: 2_2_00452A 60 FindFir stFileA,Ge tLastError ,Ĭode function: 2_2_00474F 88 FindFir stFileA,Fi ndNextFile A,FindClos e,Ĭode function: 2_2_004980 A4 FindFir stFileA,Se tFileAttri butesA,Fin dNextFileA ,FindClose ,Ĭode function: 2_2_004641 58 SetErro rMode,Find FirstFileA ,FindNextF ileA,FindC lose,SetEr rorMode,Ĭode function: 2_2_004627 50 FindFir stFileA,Fi ndNextFile A,FindClos e,
Contains functionality to enumerate / list files inside a directory
0 kommentar(er)
