API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 17th, 2015
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.81 KB | None | 0 0
raw download clone embed print report
  1. Report generated with Buster Sandbox Analyzer 1.88 at 00:31:38 on 16/10/2015
  2.  
  3. Detailed report of suspicious malware actions:
  4.  
  5. Checked for debuggers
  6. Connected to WWW
  7. Created a mutex named: .NET CLR Data_Perf_Library_Lock_PID_f84
  8. Created a mutex named: .NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_f84
  9. Created a mutex named: .NET CLR Networking_Perf_Library_Lock_PID_f84
  10. Created a mutex named: .NET Data Provider for Oracle_Perf_Library_Lock_PID_f84
  11. Created a mutex named: .NET Data Provider for SqlServer_Perf_Library_Lock_PID_f84
  12. Created a mutex named: .NET Memory Cache 4.0_Perf_Library_Lock_PID_f84
  13. Created a mutex named: .NETFramework_Perf_Library_Lock_PID_f84
  14. Created a mutex named: ASP.NET_2.0.50727_Perf_Library_Lock_PID_f84
  15. Created a mutex named: ASP.NET_4.0.30319_Perf_Library_Lock_PID_f84
  16. Created a mutex named: ASP.NET_Perf_Library_Lock_PID_f84
  17. Created a mutex named: aspnet_state_Perf_Library_Lock_PID_f84
  18. Created a mutex named: ContentFilter_Perf_Library_Lock_PID_f84
  19. Created a mutex named: ContentIndex_Perf_Library_Lock_PID_f84
  20. Created a mutex named: CTF.Asm.MutexDefaultS-1-5-21-1275210071-651377827-1801674531-1003
  21. Created a mutex named: CTF.Compart.MutexDefaultS-1-5-21-1275210071-651377827-1801674531-1003
  22. Created a mutex named: CTF.Layouts.MutexDefaultS-1-5-21-1275210071-651377827-1801674531-1003
  23. Created a mutex named: CTF.LBES.MutexDefaultS-1-5-21-1275210071-651377827-1801674531-1003
  24. Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-1275210071-651377827-1801674531-1003MUTEX.DefaultS-1-5-21-1275210071-651377827-1801674531-1003
  25. Created a mutex named: CTF.TMD.MutexDefaultS-1-5-21-1275210071-651377827-1801674531-1003
  26. Created a mutex named: idm_mkb_count_mutex
  27. Created a mutex named: idm_mms_count_mutex
  28. Created a mutex named: ISAPISearch_Perf_Library_Lock_PID_f84
  29. Created a mutex named: Local\!PrivacIE!SharedMemory!Mutex
  30. Created a mutex named: Local\_!MSFTHISTORY!_
  31. Created a mutex named: Local\c:!documents and settings!sab!cookies!
  32. Created a mutex named: Local\c:!documents and settings!sab!local settings!history!history.ie5!
  33. Created a mutex named: Local\c:!documents and settings!sab!local settings!temporary internet files!content.ie5!
  34. Created a mutex named: Local\IDMEventMonitor
  35. Created a mutex named: Local\ZoneAttributeCacheCounterMutex
  36. Created a mutex named: Local\ZonesCacheCounterMutex
  37. Created a mutex named: Local\ZonesCounterMutex
  38. Created a mutex named: Local\ZonesLockedCacheCounterMutex
  39. Created a mutex named: MSCTF.Shared.MUTEX.IIP
  40. Created a mutex named: MSCTF.Shared.MUTEX.MIF
  41. Created a mutex named: MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_f84
  42. Created a mutex named: MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_f84
  43. Created a mutex named: MSDTC_Perf_Library_Lock_PID_f84
  44. Created a mutex named: PerfDisk_Perf_Library_Lock_PID_f84
  45. Created a mutex named: PerfNet_Perf_Library_Lock_PID_f84
  46. Created a mutex named: PerfOS_Perf_Library_Lock_PID_f84
  47. Created a mutex named: PerfProc_Perf_Library_Lock_PID_f84
  48. Created a mutex named: PSched_Perf_Library_Lock_PID_f84
  49. Created a mutex named: RemoteAccess_Perf_Library_Lock_PID_f84
  50. Created a mutex named: RSVP_Perf_Library_Lock_PID_f84
  51. Created a mutex named: ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_f84
  52. Created a mutex named: ServiceModelEndpoint 4.0.0.0_Perf_Library_Lock_PID_f84
  53. Created a mutex named: ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_f84
  54. Created a mutex named: ServiceModelOperation 4.0.0.0_Perf_Library_Lock_PID_f84
  55. Created a mutex named: ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_f84
  56. Created a mutex named: ServiceModelService 4.0.0.0_Perf_Library_Lock_PID_f84
  57. Created a mutex named: Shell.CMruPidlList
  58. Created a mutex named: SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_f84
  59. Created a mutex named: SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_f84
  60. Created a mutex named: Spooler_Perf_Library_Lock_PID_f84
  61. Created a mutex named: TapiSrv_Perf_Library_Lock_PID_f84
  62. Created a mutex named: Tcpip_Perf_Library_Lock_PID_f84
  63. Created a mutex named: TermService_Perf_Library_Lock_PID_f84
  64. Created a mutex named: UniqueMutexName
  65. Created a mutex named: Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_f84
  66. Created a mutex named: WmiApRpl_Perf_Library_Lock_PID_f84
  67. Created process: C:\Documents and Settings\Sab\Desktop\EM\0EM.exe, "C:\Documents and Settings\Sab\Desktop\EM\0EM.exe" , null
  68. Detected Anti-Malware Analyzer routine: File Monitor detection
  69. Detected Anti-Malware Analyzer routine: OllyDbg detection
  70. Detected keylogger functionality
  71. Error reporting dialog change: machine\software\microsoft\windows\windows error reporting\dontshowui = 00000001
  72. Got computer name
  73. Got input locale identifiers
  74. Got user name information
  75. Got volume information
  76. Installs a hook procedure that monitors keystroke messages
  77. Installs a hook procedure that monitors mouse messages
  78. Slept over 2 minutes
  79. Transfered files from and/or to internet
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!