Scribd Logo
Upload

Welcome to Scribd!

  • Analysis Report

    Uploaded by

    onurdoganae
    15 views2 pages
    This malware analysis report summarizes the details of the DebugMe.exe file. It lists the file name, size, MD5 and SHA-1 hashes. It also lists the load time DLLs and runtime DLLs used by the file. Registry keys and files accessed by the file are documented. The report notes that the IsDebuggerPresent function is used, indicating an attempt to detect a debugger.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This malware analysis report summarizes the details of the DebugMe.exe file. It lists the file name, size, MD5 and SHA-1 hashes. It also lists the load time DLLs and runtime DLLs used by the file. Registry keys and files accessed by the file are documented. The report notes that the IsDebuggerPresent function is used, indicating an attempt to detect a debugger.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views2 pages

    Analysis Report

    Uploaded by

    onurdoganae
    This malware analysis report summarizes the details of the DebugMe.exe file. It lists the file name, size, MD5 and SHA-1 hashes. It also lists the load time DLLs and runtime DLLs used by the file. Registry keys and files accessed by the file are documented. The report notes that the IsDebuggerPresent function is used, indicating an attempt to detect a debugger.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Malware Analysis Report

    Comodo Malware Analizi

    Genel Bilgiler Dosya Ad:DebugMe.exe MD5: 08f975d925ace7cb699aa0683a49ba9a SHA-1: 9443f6180a90c9d0bb336fee12d334017585ad55 Dosya Boyutu: 61440 Byte Windows Ad:SolweMe DLL Ykleme Zaman (Load time DLLs): Module Name C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\GDI32.dll alma Zaman DLL (Runtime DLLs): Module Name C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\msvcrt.dll Base Address 0x74720000 0x77C10000 Size 0x0004C000 0x00058000 0x0009B000 0x00092000 0x00011000 Base Address 0x7C900000 0x7C800000 0x7E410000 0x77F10000 Size 0x000AF000 0x000F6000 0x00091000 0x00049000

    C:\WINDOWS\system32\ADVAPI32.dll 0x77DD0000 C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll 0x77E70000 0x77FE0000

    Onur DOAN

    onurdoganae@gmail.com

    2013

    Malware Analysis Report

    Kayt Defteri Deerleri: Key HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers HKLM\System\CurrentControlSet\Control\Terminal Server HKU\S-1-5-21-842925246-1425521274-308236825-500\ Keyboard Layout\Toggle HKU\S-1-5-21-842925246-1425521274-308236825-500\ Keyboard Layout\Toggle Dosya Sistem Kontrol: File C:\Program Files\Common Files\ Bellekle Elenen Dosyalar C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\imm32.dll Ayrca dosyada IsDebuggerPresent fonksiyonu bulunmaktadr. Control Code 0x00090028 Name CUAS AppInit_DLLs TransparentEnabled TSAppCompat Language Hotkey Layout Hotkey Value Times 0 1 1 1 1 0 1 2 1 4 4

    Times 1

    Onur DOAN

    onurdoganae@gmail.com

    2013

    You might also like