Registry key queried: HKEY_LOCAL _MACHINE\H ARDWARE\DE SCRIPTION\ System nam e: SystemB iosVersion Registry key queried: HKEY_LOCAL _MACHINE\S YSTEM\Cont rolSet001\ Control\Cl ass\\0000 na me: Driver Desc 94.Svc.exe TID: 4528Ĭontains capabilities to detect virtual machines Source: C:\Users\u ser\Deskto p\StartAll Back.v2.9.
May sleep (evasive loops) to hinder dynamic analysis Tries to detect sandboxes / dynamic malware analysis system (registry check)įile opened: HKEY_LOCAL _MACHINE\H ARDWARE\AC PI\DSDT\VB OX_ System information queried: FirmwareTa bleInforma tion Query firmware table information (likely to detect VMs) Static PE information: section na me: entropy : 7.999005 26289 bootīinary may include packed or encrypted code Static PE information: section wh ere entry point is p ointing to. bootĮntry point lies outside standard sections PE file contains sections with non-standard names Static PE information: real check sum: 0x1f0 722 should be: 0x1f1 131 Static PE information: TERMINAL_S ERVER_AWAR E, DYNAMIC _BASE, NX_ COMPAT boot is bigger th an: 0x1000 00 < 0x19c ea8Ĭontains modern PE file flags such as dynamic base (ASLR) or NX text) which is very likely to contain packed code (zlib compression ratio 1048576 Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Static PE information: 32BIT_MACH INE, EXECU TABLE_IMAG E PE file contains section with special chars Multi AV Scanner detection for domain / URL Multi AV Scanner detection for submitted file Our software is designed to be user friendly, cost effective and reliable. Our software suite helps organizations manage, protect and recover their data, applications and systems. StartAllBack is a comprehensive suite of digital asset management, backup and recovery software tools.
0 kommentar(er)
