00000002.0 0000001.sd mpīinary or memory string: OriginalFi lenamenlsb ij% vs fre ebobux.exe 00000002.0 0000001.sd mpīinary or memory string: OriginalFi lenamenlsb res.dllj% vs freebob ux.exe Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_BI TMAP type: GLS_BINAR Y_LSB_FIRS T Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Source: C:\Users\u ser\AppDat a\Local\Te mp\7C35.tm p\CLWCP.ex eĬode function: 5_2_004391 64 NtdllDe fWindowPro c_A,GetCap ture,Ĭode function: 5_2_004554 3C NtdllDe fWindowPro c_A,Ĭode function: 5_2_0042E4 9C NtdllDe fWindowPro c_A,Ĭode function: 5_2_004498 28 GetSubM enu,SaveDC ,RestoreDC ,73BBB080, SaveDC,Res toreDC,Ntd llDefWindo wProc_A,Ĭode function: 5_2_00455B EC IsIconi c,SetActiv eWindow,Is WindowEnab led,SetWin dowPos,Ntd llDefWindo wProc_A,Ĭode function: 5_2_00455C B0 IsIconi c,SetActiv eWindow,Is WindowEnab led,NtdllD efWindowPr oc_A,SetWi ndowPos,Se tFocus,įound potential string decryption / allocating functionsĬode function: String fun ction: 004 0621C appe ars 62 tim esĬode function: String fun ction: 004 0411C appe ars 74 tim es Contains functionality to call native functions
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |