|
danger |
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
|
watch |
A potential heapspray has been detected. 93 megabytes was sprayed onto the heap of the wscript.exe process |
|
watch |
Communicates with host for which no DNS query was performed |
|
watch |
Executes one or more WMI queries |
|
watch |
Installs itself for autorun at Windows startup |
|
watch |
Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
|
watch |
One or more non-whitelisted processes were created |
|
watch |
The process wscript.exe wrote an executable file to disk |
|
watch |
Wscript.exe initiated network communications indicative of a script based payload download |
|
watch |
wscript.exe-based dropper (JScript |
|
notice |
A process attempted to delay the analysis task. |
|
notice |
Allocates read-write-execute memory (usually to unpack itself) |
|
notice |
Creates executable files on the filesystem |
|
notice |
Executes one or more WMI queries which can be used to identify virtual machines |
|
notice |
File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
|
notice |
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
|
info |
Queries for the computername |
