Virtual drive.exe cyberlink virtual drive11/11/2023 ![]() The input sample is signed with a certificate issued by "CN=Symantec Time Stamping Services CA - G2, O=Symantec Corporation, C=US" (SHA1: 65:43:99:29:B6:79:73:EB:19:2D:6F:F2:43:E6:76:7A:DF:08:34:E4 see report for more information) The input sample is signed with a certificate issued by "CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA" (SHA1: 6C:07:45:3F:FD:DA:08:B8:37:07:C0:9B:82:FB:3D:15:F3:53:36:B1 see report for more information) Possibly tries to detect the presence of a debugger Source Hybrid Analysis Technology relevance 10/10 See related instructions: ".+0 sub esp, 00000118h+6 mov eax, dword ptr +11 xor eax, esp+13 mov dword ptr, eax+20 lea eax, dword ptr +23 push eax+24 mov dword ptr, 00000114h+32 call dword ptr GetVersionExW+38 mov eax, 00000002h+43 cmp dword ptr, eax+47 je 004ECAC8h". Which is directly followed by "cmp dword ptr, eax" and "je 004ECAC8h". See related instructions: ".+0 sub esp, 00000118h+6 mov eax, dword ptr +11 xor eax, esp+13 mov dword ptr, eax+20 lea eax, dword ptr +23 push eax+24 mov dword ptr, 00000114h+32 call dword ptr GetVersionExW+38 cmp dword ptr, 02h+43 je 004ECA54h". ![]() Which is directly followed by "cmp dword ptr, 02h" and "je 004ECA54h". See related instructions: ".+0 sub esp, 00000118h+6 mov eax, dword ptr +11 xor eax, esp+13 mov dword ptr, eax+20 lea eax, dword ptr +23 push eax+24 mov dword ptr, 00000114h+32 call dword ptr GetVersionExW+38 cmp dword ptr, 02h+43 je 004EC9E4h". Which is directly followed by "cmp dword ptr, 02h" and "je 004EC9E4h". ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2023
Categories |