May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) Hooking and other Techniques for Hiding and Protection: Static file information: File size 2343540 > 1048576įile opened: C:\Program Files\Jav a\jre1.8.0 _144\bin\m svcr100.dl l Submission file is bigger than most known malware samples
Window detected: More than 3 window c hanges det ected Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\CLSI D\ \InProcSer ver32įound graphical window changes (likely an installer) Uses an in-process (OLE) Automation server Process created: C:\Program Files\Jav a\jre1.8.0 _144\bin\j ava.exe 'C :\Program Files\Java \jre1.8.0_ 144\bin\ja va.exe' - javaagent: 'C:\Users\ SAMTAR~1\A ppData\Loc al\Temp\ja rtracer.ja r' -jar 'C :\Users\us er\Desktop \jdiskrepo rt-1.4.1.j ar' 0_144\bin\ java.exe' -javaagent :'C:\Users \SAMTAR~1\ AppData\Lo cal\Temp\j artracer.j ar' -jar ' C:\Users\u ser\Deskto p\jdiskrep ort-1.4.1. Process created: C:\Windows \System32\ cmd.exe C: \Windows\s ystem32\cm d.exe /c ' 'C:\Progra m Files\Ja va\jre1.8. Key opened: HKEY_LOCAL _MACHINE\S oftware\Po licies\Mic rosoft\Win dows\Safer \CodeIdent ifiers Section loaded: C:\Program Files\Jav a\jre1.8.0 _144\bin\j ava.dll Source: C:\Program Files\Jav a\jre1.8.0 _144\bin\j ava.exeįile created: C:\Users\u ser\AppDat a\Roaming\ JGoodiesįile created: C:\Users\S AMTAR~1\Ap pData\Loca l\Temp\hsp erfdata_us er\3952 Key, Mouse, Clipboard, Microphone and Screen Capturing: String found in binary or memory: ert.com String found in binary or memory: a.sun.com/ products/j avahelp/to c_1_0.dtd String found in binary or memory: a.sun.com/ products/j avahelp/ma p_1_0.dtd String found in binary or memory: a.sun.com/ products/j avahelp/he lpset_1_0. String found in binary or memory: a.oracle.c om/
String found in binary or memory: report.sun. Number of analysed new started processes analysed:
#Jgoodies jdiskreport windows 7#
Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java.
0 kommentar(er)
