elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Security Series.XSS. [Cross Site Scripting]


+  Foro de elhacker.net
|-+  Seguridad Informática
| |-+  Análisis y Diseño de Malware (Moderador: fary)
| | |-+  esto sera un virus? 4n4ldetector
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: esto sera un virus? 4n4ldetector  (Leído 4,303 veces)
colcrt

Desconectado Desconectado

Mensajes: 87


Ver Perfil
esto sera un virus? 4n4ldetector
« en: 24 Julio 2016, 22:37 pm »

hola chicos

me dio por probar esta tools pero algo me causo curiosidad aqui esta el registro pero nose si es un falso positivo o hay un virus, ya le pase varios antivirus y no encontro nada


Código:
Information:
  Size: 3,89 MB - [It is advisable to cut the file]
  md5 Hash: B6113983ED77D6FE99BDEE461E7BE004
  EntryPoint: 0A4FE0
  SizeOfHeaders: 00000400
  SizeOfImage: 003DF000
  ImageBase: 00400000
  Characteristics: 0102
  Architecture: x86
  File Type: EXE
  Sections Number:7
  Subsystem: Windows GUI
  UAC Execution Level Manifest: asInvoker
  Compiler: Microsoft Visual Studio

Binder/Joiner/Crypter:
  Dropper code detected - 14,67 KB


Windows REG:
  software\microsoft\windows\currentversion\explorer\startmenu\startpanel

Windows REG (UNICODE):
  software\microsoft\windows\currentversion\explorer\accent
  software\microsoft\windows nt\currentversion\winlogon
  software\microsoft\windows\currentversion\explorer\advanced
  software\microsoft\windows\currentversion\explorer\startpage
  software\microsoft\windows\currentversion\policies\system
  software\microsoft\windows\currentversion\oobe
  software\microsoft\windows\currentversion\immersiveshell
  software\microsoft\windows\currentversion\explorer\accentcolorizediconabtest
  software\microsoft\windows\currentversion\parental controls
  software\microsoft\windows\currentversion\explorer\multitaskingview\allupview
  software\classes\local settings\
  software\microsoft\windows\currentversion\traynotify
  software\microsoft\windows\currentversion\explorer\controlpanel\namespace\
  software\microsoft\windows nt\currentversion\windows
  software\microsoft\windows\currentversion\explorer\notificationcustomization
  software\microsoft\windows\currentversion\explorer\advanced\delayedapps
  software\microsoft\windows\currentversion\explorer\logonstats
  software\policies\microsoft\windows\explorer
  software\microsoft\windows nt\currentversion\noimemodeimes
  software\microsoft\windows\currentversion\runonceex
  software\microsoft\windows\currentversion\control panel\cpls
  software\microsoft\windows nt\currentversion\windows,load
  software\microsoft\windows\currentversion\control panel\dont load
  software\microsoft\windows\currentversion\explorer\serialize
  software\microsoft\windows\currentversion\themes
  software\microsoft\windows\currentversion\systemprotecteduserdata
  software\microsoft\windows\currentversion\runonce
  software\microsoft\windows\currentversion\explorer\startupapproved
  software\microsoft\windows\currentversion\explorer
  software\microsoft\windows\currentversion\themes\personalize
  software\microsoft\windows\currentversion\settingsync\syncdata
  software\microsoft\windows\currentversion\settingsync
  software\microsoft\windows\currentversion\policies\explorer
  software\microsoft\windows\currentversion\immersiveshell\edgeui
  software\microsoft\windows\currentversion\search
  software\policies\microsoft\windows\onedrive
  software\microsoft\windows\currentversion\onedriveramps
  software\microsoft\windows\currentversion\oobe\telemetrycorrelation
  software\microsoft\windows\currentversion\explorer\taskband
  software\microsoft\windows\currentversion\pushnotifications\applications
  software\microsoft\windows\currentversion\diagnostics\performance\shell\responsemonitor
  software\microsoft\windows nt\currentversion\winlogon\alternateshells\availableshells
  software\microsoft\tablettip\1.7\
  software\microsoft\windows\currentversion\authentication\logonui\sessiondata
  software\microsoft\windows\currentversion\contentdeliverymanager
  software\microsoft\windows\currentversion\flightedfeatures
  software\microsoft\windows\currentversion\windowsupdate\updatediscoverability
  software\microsoft\windows\currentversion\oobe\stats
  software\microsoft\windows\currentversion\startmenu
  software\microsoft\alluserinstallagent
  software\microsoft\windows nt\currentversion\winlogon\alternateshells
  software\microsoft\windows\currentversion\explorer\fileexts
  software\microsoft\windows\currentversion\fileassociations
  software\microsoft\windows\shell\associations\urlassociations
  software\microsoft\windows\currentversion\useroobe
  software\microsoft\windows\currentversion\cloudexperiencehost
  software\microsoft\windows\currentversion\retaildemo\oobewrite
  software\microsoft\windows\currentversion\explorer\fileexts\%s
  software\microsoft\windows\shell\associations\urlassociations\%s
  software\microsoft\windows nt\currentversion\profilelist
  software\microsoft\windows\currentversion\run
  software\microsoft\windows\currentversion\policies\explorer\run
  software\classes\
  software\microsoft\windows\currentversion\thememanager
  software\microsoft\windows\currentversion\explorer\controlpanel
  software\microsoft\windows\currentversion\explorer\autoplayhandlers
  software\microsoft\windows\currentversion\control panel
  software\microsoft\windows\currentversion\explorer\notificationarea\promotedicon1
  software\microsoft\windows\currentversion\explorer\notificationarea\promotedicon2
  software\microsoft\windows\currentversion\immersiveshell\statestore
  software\microsoft\internet explorer\typedurls
  software\microsoft\windows\currentversion\explorer\typedpaths
  software\microsoft\windows\currentversion\explorer\runmru
  software\microsoft\windows\currentversion\explorer\doc find spec mru
  software\microsoft\windows\currentversion\explorer\comdlg32\opensavepidlmru
  software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedpidlmru
  software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedpidlmrulegacy
  software\microsoft\windows\currentversion\explorer\comdlg32\firstfolder
  software\microsoft\ctf\consentux
  software\classes\clsid\{031e4825-7b94-4dc3-b131-e946b44c8dd5}
  software\microsoft\windows nt\currentversion\server
  software\microsoft\windows nt\currentversion\windows,run
  software\policies\microsoft\windowsstore
  software\microsoft\windows\currentversion\smden
  software\microsoft\windows\currentversion\explorer\tbden
  software\microsoft\windows\tablet pc
  software\microsoft\windows\currentversion\explorer\oemwc
  software\microsoft\windows\currentversion\explorer\wcden
  software\microsoft\windows\currentversion\explorer\applicationdestinations\
  software\clients
  software\microsoft\windows\currentversion\explorer\startpage\newshortcuts
  software\microsoft\windows\currentversion\openwith
  software\microsoft\windows\currentversion\explorer\appkey\%d
  software\microsoft\windows\currentversion\explorer\remote\%d
  software\microsoft\windows\dwm
  software\microsoft\windows\currentversion\explorer\appcontract
  software\microsoft\windows nt\currentversion\time zones
  software\microsoft\windows\currentversion\explorer\startmenu\colors
  software\microsoft\windows\currentversion\settingsync\groups\%s
  software\microsoft\windows\currentversion\appx\appxalluserstore\upgrade\%ls
  software\microsoft\windows\currentversion\updatediscoverability
  software\microsoft\windows\currentversion\appreadiness\%s
  software\microsoft\windows\currentversion\authentication\logonui\accesspage\camera
  software\microsoft\windows\currentversion\explorer\svden
  software\microsoft\provisioning\
  software\microsoft\provisioning\applaunchid
  software\microsoft\windows\currentversion\explorer\shellserviceobjects\{872f8dc8-dde4-43bd-ac7a-e3d9fe86ceac}
  software\microsoft\windows\currentversion\onedriveoptin
  software\microsoft\windows\currentversion\oobe\testhooks
  software\microsoft\windows\currentversion\settingsync\syncdata\bootstrap
  software\microsoft\windows nt\currentversion\usercpl
  software\microsoft\internet explorer\main
  software\microsoft\windows\currentversion\explorer\startpage\creativeplacement\creative%d
  software\microsoft\windows\currentversion\explorer\startpage\creativeplacement
  software\microsoft\windows\currentversion\explorer\controlpanel\namespace\%s
  software\microsoft\windows\currentversion\controls folder (wow64)
  software\microsoft\windows\currentversion\policies\explorer\searchextensions
  Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer - DisableTaskMgr
  Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - DisableTaskMgr
  Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
  Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run

File Access:
  .textlp12explorer.exe
  .textlp07explorer.exe
  .textlp06explorer.exe
  .textlp01explorer.exe
  .textlp00explorer.exe
  explorer.exe

File Access (UNICODE):
  rundll32.exe
  %%windir%%\syswow64\rundll32.exe
  %%windir%%\system32\rundll32.exe
  oobe\firstlogonanim.exe
  provtool.exe
  runonce.exe
  b%systemroot%\system32\sndvol.exe
  calc.exe
  taskmgr.exe
  {d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\calc.exe
  {1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
  {f38bf404-1d43-42f2-9305-67de0b28fc23}\explorer.exe
  %systemroot%\system32\rundll32.exe
  install.exe
  %systemroot%\system32\rundll32.exe
  @explorer.exe

Interests Words (UNICODE):
  outlook

Anti-VM/Sandbox/Debug Tricks (UNICODE):
  LabTools - taskmgr

URLs (UNICODE):
  http://schemas.microsoft.com/Search/2013/SettingContent

Payloads:
  Shellcode Byte Patterns
En línea

4n0nym0us

Desconectado Desconectado

Mensajes: 48



Ver Perfil WWW
Re: esto sera un virus? 4n4ldetector
« Respuesta #1 en: 3 Agosto 2016, 12:47 pm »

Hola buenos días!

No se trata de un malware, incluso está firmada por Microsoft. Puede haber entrado por alguna actualización de Windows... aparece tanta información acerca del sistema porque se trata de un "explorer.exe"  :-*
En línea

No importa cuan rápida y avanzada sea la tecnología, la mente humana aún es el procesador más versátil y creativo que hay.
Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
Sera posible esto?
Hacking Mobile
#Borracho.- 4 4,860 Último mensaje 10 Noviembre 2005, 12:49 pm
por #Borracho.-
sera verdad esto
Foro Libre
cotin 7 3,878 Último mensaje 9 Junio 2010, 22:58 pm
por La Muertع Blancα
que cifrado sera esto? MD5?
Criptografía
rub'n 5 4,742 Último mensaje 2 Marzo 2014, 21:33 pm
por Gh057
No se si esto será normal....
Redes
krakort 1 2,081 Último mensaje 3 Julio 2014, 21:59 pm
por derden32
4n4lDetector v1.5
Análisis y Diseño de Malware
4n0nym0us 0 4,249 Último mensaje 9 Noviembre 2017, 00:29 am
por 4n0nym0us
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines