procMemory | ZeroBOX

Process memory dump for None (PID 2832, dump 1)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: schtasks_Zero

  • cwBjAGgAdABhAHMAawBzAA== (schtasks)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: anti_dbg

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • a2VybmVsMzIuZGxs (kernel32.dll)