"FLVSplitter.ax" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "AviSplitter.ax" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "MpegSplitter.ax" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "rmmerge.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "capture.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "rv20.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "encsession.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "hxltcolor.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "mp4creator.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"mencoder.exe" has type "PE32 executable (console) Intel 80386 (stripped to external PDB) for MS Windows" "rmtools.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "vsfilter.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "inetc.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "raac.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\RealMediaSplitter.ax"" ( Show Process) Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\MpegSplitter.ax"" ( Show Process) Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax"" ( Show Process) Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\MatroskaSplitter.ax"" ( Show Process) Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\FLVSplitter.ax"" ( Show Process) Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax"" ( Show Process) Spawned process "regsvr32.exe" with commandline "regsvr32 /s "%PROGRAMFILES%\FreeTime\FormatFactory\FFModules\Filters\AviSplitter.ax"" ( Show Process)
Spawned process "eBay.exe" ( Show Process) Spawned process "FormatFactory.exe" ( Show Process) The analysis extracted a known ransomware file YARA signature "XtremeRATStrings" classified file "avdevice-52.dll" as "rat,xtreme" based on indicators: "-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32" (Author: Seth Hardy) YARA signature "XtremeRATStrings" classified file "libmplayer.dll" as "rat,xtreme" based on indicators: "-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32" (Author: Seth Hardy)
YARA signature "GlassesCode" classified file "ff_libmad.dll" as "glasses,apt1" based on indicators: "b8abaaaaaaf7e1d1ea8d04522bc8" (Author: Seth Hardy) YARA signature "XtremeRATStrings" classified file "avformat-52.dll" as "rat,xtreme" based on indicators: "-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32" (Author: Seth Hardy) YARA signature "XtremeRATStrings" classified file "avutil-50.dll" as "rat,xtreme" based on indicators: "-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32" (Author: Seth Hardy) YARA signature "XtremeRATStrings" classified file "ffmpeg.exe" as "rat,xtreme" based on indicators: "-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32" (Author: Seth Hardy) Found malicious artifacts related to "103.224.182.252" (ASN: 22489, Owner: Castle Access Inc).
0 kommentar(er)
