watch |
Antivirus |
Contains references to security software |
binaries (download) |
notice |
Str_Win32_Http_API |
Match Windows Http API call |
memory |
notice |
Str_Win32_Internet_API |
Match Windows Inet API call |
memory |
info |
anti_dbg |
Checks if being debugged |
memory |
info |
antisb_threatExpert |
Anti-Sandbox checks for ThreatExpert |
memory |
info |
Check_Dlls |
(no description) |
memory |
info |
DebuggerCheck__QueryInfo |
(no description) |
memory |
info |
DebuggerCheck__RemoteAPI |
(no description) |
memory |
info |
DebuggerException__ConsoleCtrl |
(no description) |
memory |
info |
DebuggerException__SetConsoleCtrl |
(no description) |
memory |
info |
DebuggerHiding__Active |
(no description) |
memory |
info |
DebuggerHiding__Thread |
(no description) |
memory |
info |
disable_dep |
Bypass DEP |
memory |
info |
SEH__vectored |
(no description) |
memory |
info |
ThreadControl__Context |
(no description) |
memory |
info |
win_hook |
Affect hook table |
memory |
info |
create_com_service |
Create a COM server |
memory |
info |
create_service |
Create a windows service |
memory |
info |
cred_local |
Steal credential |
memory |
info |
escalate_priv |
Escalade priviledges |
memory |
info |
hijack_network |
Hijack network configuration |
memory |
info |
inject_thread |
Code injection with CreateRemoteThread in a remote process |
memory |
info |
keylogger |
Run a keylogger |
memory |
info |
migrate_apc |
APC queue tasks migration |
memory |
info |
network_dga |
Communication using dga |
memory |
info |
network_dns |
Communications use DNS |
memory |
info |
network_dropper |
File downloader/dropper |
memory |
info |
network_ftp |
Communications over FTP |
memory |
info |
network_http |
Communications over HTTP |
memory |
info |
network_p2p_win |
Communications over P2P network |
memory |
info |
network_smtp_dotNet |
Communications smtp |
memory |
info |
network_tcp_listen |
Listen for incoming communication |
memory |
info |
network_tcp_socket |
Communications over RAW socket |
memory |
info |
network_udp_sock |
Communications over UDP network |
memory |
info |
screenshot |
Take screenshot |
memory |
info |
sniff_audio |
Record Audio |
memory |
info |
spreading_file |
Malware can spread east-west file |
memory |
info |
spreading_share |
Malware can spread east-west using share drive |
memory |
info |
Str_Win32_Wininet_Library |
Match Windows Inet API library declaration |
memory |
info |
Str_Win32_Winsock2_Library |
Match Winsock 2 API library declaration |
memory |
info |
win_files_operation |
Affect private profile |
memory |
info |
win_mutex |
Create or check mutex |
memory |
info |
win_private_profile |
Affect private profile |
memory |
info |
win_registry |
Affect system registries |
memory |
info |
win_token |
Affect system token |
memory |