Extracted/injected images (may contain unpacked executables)
Download #1
Download #2
Match: Network_DNS
Match: Network_SMTP_dotNet
Match: Virtual_currency_Zero
Match: Code_injection
Match: KeyLogger
Match: ScreenShot
Match: DebuggerCheck__GlobalFlags
Match: DebuggerCheck__QueryInfo
Match: DebuggerHiding__Thread
Match: DebuggerHiding__Active
Match: ThreadControl__Context
Match: SEH__vectored
Match: anti_dbg
Match: disable_dep
Match: win_hook
Match: infoStealer_emailClients_Zero
Match: local_credential_Steal
http://www.usertrust.com1 http://ocsp.comodoca.com0 http://crt.usertrust.com/UTNAddTrustObject_CA.crt0% http://schemas.openxmlformats.org/markup-compatibility/2006 http://crl.usertrust.com/UTN-USERFirst-Object.crl05 http://crl.usertrust.com/UTN-USERFirst-Object.crl0t https://secure.comodo.net/CPS0A http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r http://www.nirsoft.net/ http://crl.usertrust.com/AddTrustExternalCARoot.crl05 http://ocsp.usertrust.com0 http://crt.comodoca.com/COMODOCodeSigningCA2.crt0
Match: ScreenShot
Match: DebuggerCheck__GlobalFlags
Match: DebuggerCheck__QueryInfo
Match: DebuggerHiding__Thread
Match: DebuggerHiding__Active
Match: ThreadControl__Context
Match: SEH__vectored
Match: anti_dbg
Match: disable_dep
Match: infoStealer_emailClients_Zero
Match: local_credential_Steal
http://www.nirsoft.net/
Match: ScreenShot
Match: DebuggerCheck__GlobalFlags
Match: DebuggerCheck__QueryInfo
Match: DebuggerHiding__Thread
Match: DebuggerHiding__Active
Match: ThreadControl__Context
Match: SEH__vectored
Match: anti_dbg
Match: disable_dep
Match: local_credential_Steal