In attach Win32/Nedsym.G (or Win32/Extats.A by ESET):
http://www.microsoft.com/security/porta ... 2fNedsym.G
http://www.virusradar.com/Win32_Extats.A/description
Packed 1eabfea287faec24a52088612b319b29 VT 28/47 https://www.virustotal.com/en/file/bbce ... /analysis/
UnPacked a307aebabac30c0aef35b4c9c4e9176b VT 24/47 https://www.virustotal.com/en/file/47dc ... /analysis/
Malwr Snadbox analysis here:
https://malwr.com/analysis/NDU0MzhhMzZl ... FjZWUyMDA/
It was packed using an assembly packer written using FASM.
Calls the usual RunPE APIs using the CallWindowProc function:
http://www.microsoft.com/security/porta ... 2fNedsym.G
http://www.virusradar.com/Win32_Extats.A/description
Packed 1eabfea287faec24a52088612b319b29 VT 28/47 https://www.virustotal.com/en/file/bbce ... /analysis/
UnPacked a307aebabac30c0aef35b4c9c4e9176b VT 24/47 https://www.virustotal.com/en/file/47dc ... /analysis/
Malwr Snadbox analysis here:
https://malwr.com/analysis/NDU0MzhhMzZl ... FjZWUyMDA/
It was packed using an assembly packer written using FASM.
Calls the usual RunPE APIs using the CallWindowProc function:
Attachments
pass: infected
(163.62 KiB) Downloaded 51 times
(163.62 KiB) Downloaded 51 times
