Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\WOW6 432Node\CL SID\\InProcS erver32Įxecutable creates window controls seldom found in malware Uses an in-process (OLE) Automation server Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers
Key opened: HKEY_CURRE NT_USER\So ftware\Bor land\Delph i\Locales Parts of this applications are using Borland Delphi (Probably coded in Delphi) exeįile created: C:\Users\u ser\AppDat a\Local\Te mp\vgm_pla yer.dll Source: C:\Users\u ser\Deskto p\adobe.sn r.patch.v2. MPRESS1 ZL IB complex ity 1.0003 091277Ĭlassification label: mal60.evad temporary files
text) which is very likely to contain packed code (zlib compression ratio < 0.011) Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST