+ ------------------- + Number of samples: x + submission date: 200X-XX-XX + sample submission: XXX ++ ------------------- + 1. directory + folder ├ xxx1.exe <-- xxx1 description ├ xxx2.exe <-- xxx2 description 2. details + ------------------- + sample No.: 2.1 + + sample name: xxx.exe ++ sample size: xxx bytes + + sample MD5: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + + ------------------- + 1. process Creation (hidden) process: % SYSTEMROOT % \ system32 \ xxx.exe user 2. the following file is released: % SYSTEMROOT % \ system32 \ xxxadd1.exe % SYSTEMROOT % \ system32 \ xxxadd2.exe: % SYSTEMROOT % \ system32 \ xxxdel1.exe % SYSTEMROOT % \ system32 \ xxxdel2.exe infected with the following file: % SYSTEMROOT % \ system32 \ xxxappend1.exe % SYSTEMROOT % \ system32 \ xxxappend2.exe 3. network behavior 3.1 resolve domain name www.xxx.com --> xxx. xxx. xxx. xxx 3.2 Data Interaction access link: http://www.xxx.com/xxx.exe 4. startup method 4.1 System Service display name: xxx service name: xxx Service Description: xxx file path: % SYSTEMROOT % \ system32 \ xxx.exe Startup Type: auto 4.2 Add the following item/key under HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run: item/key name: xxx path: % SYSTEMROOT % \ system32 \ xxxadd1.exe 5. self-protection 5.1 injection to xxx process 5.2 automatic shutdown of xxx anti-virus software or firewall 6. to sum up, the sample is/not malware.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
