Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- found by Angel Hun @SeraphimDomain
- mosbussum[.]nl/a3.exe
- I *think* its EvilAmmy:
- https://twitter.com/SeraphimDomain/status/980811174399819781
- https://www.hybrid-analysis.com/sample/47f8893dfd5477783d016f397db0f37697e535b0d8f0117ee525eff76707e232/5ac3d92b7ca3e1522c5f96d4
- -------------
- interesting api calls
- -------------
- CreateFileA ( "C:\Users\xxx\AppData\Local\Temp\1.bat", GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, 0, NULL )
- CreateProcessA ( NULL, "C:\Users\xxx\AppData\Local\Temp\1.bat", NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, 0x002ee290, 0x002e9c58 )
- CreateProcessW ( "C:\Windows\system32\PING.EXE", "ping localhost -n 2 ", NULL, NULL, TRUE, EXTENDED_STARTUPINFO_PRESENT, NULL, "C:\Users\Win732\AppData\Local\Temp", 0x0020e7fc, 0x0020e848 )
Add Comment
Please, Sign In to add comment
