Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [+] Searching memory by Yara rules.
- [+] Detect malware by Yara rules.
- [+] Process Name : RegAsm.exe
- [+] Process ID : 1816
- [+] Malware name : Nanocore
- [+] Base Address(VAD) : 0x400000
- [+] Size : 0x38000
- ----------------------------------------------------------------------
- Process: RegAsm.exe (1816)
- [Config Info]
- Version : 1.2.2.0
- Mutex : 8de974fe015d424391265d0b68e76a20
- Group : Default
- Domain1 : gregvictor.hopto.org
- Domain2 : 103.200.5.128
- Port : 8776
- RunOnStartup : Enable
- RequestElevation : Disable
- BypassUAC : Enable
- ClearZoneIdentifier : Enable
- ClearAccessControl : Disable
- SetCriticalProcess : Disable
- PreventSystemSleep : Enable
- ActivateAwayMode : Disable
- EnableDebugMode : Disable
- RunDelay : 0
- ConnectDelay : 4000
- RestartDelay : 5000
- TimeoutInterval : 5000
- KeepAliveTimeout : 30000
- MutexTimeout : 5000
- LanTimeout : 2500
- WanTimeout : 8000
- BufferSize : ffff0000
- MaxPacketSize : 0000a000
- GCThreshold : 0000a000
- UseCustomDNS : Enable
- PrimaryDNSServer : 8.8.8.8
- BackupDNSServer : 8.8.4.4
Add Comment
Please, Sign In to add comment