Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename vs bluebeam.r evu.extrem e.2018.2-M PT.exe Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Source: bluebeam.r evu.extrem e.2018.2-M PT.exe revu.extr eme.2018.2 -MPT.exeĬode function: 0_2_6DA219 7E GetWind owLongA,Ge tWindowLon gA,SendMes sageA,SetC apture,Get WindowRect ,GetWindow LongA,GetW indowLongA ,SendMessa geA,Releas eCapture,S etCapture, GetWindowL ongA,GetWi ndowLongA, SendMessag eA,GetWind owLongA,Ge tWindowLon gA,SendMes sageA,GetW indowRect, GetParent, GetDlgCtrl ID,SendMes sageA,Rele aseCapture ,NtdllDefW indowProc_ A,Ĭode function: 0_2_6DA21A DB NtdllDe fWindowPro c_A, Source: C:\Users\u ser\Deskto p\bluebeam. text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_INITIALI ZED_DATA, IMAGE_SCN_ MEM_WRITE, IMAGE_SCN _CNT_CODE, IMAGE_SCN _MEM_READĬontains functionality to call native functions Source: 0.2.bluebe am.revu.ex treme.2018.
Source: 0.0.bluebe am.revu.ex treme.2018. Matched rule: Sample fro m CN Honke r Pentest Toolset - file Acune tix_Web_Vu lnerabilit y_Scanner_ 8.x_Enterp rise_Editi on_KeyGen. Source: bluebeam.r evu.extrem e.2018.2-M PT.exe, ty pe: SAMPLE Malicious sample detected (through community Yara rule)
0 kommentar(er)
