The name of this kind of malware is an allusion to a well-known legend regarding Trojan Horse, which was utilized by Greeks to enter into the city of Troy and win the battle. Nisloder, Jobutyve, Waldek, Fuerboos, Nockat, Obfuscator
#TROJAN POWELIKS REMOVAL MCAFEE PC#
Detects Virtual PC through the presence of a file.Detects VMware through the presence of a registry key.Detects VMware through the presence of a file.Detects VirtualBox through the presence of a registry key.Detects VirtualBox through the presence of a file.Checks the presence of disk drives in the registry, possibly for anti-virtualization.Checks the version of Bios, possibly for anti-virtualization.Attempts to identify installed AV products by installation directory.Attempts to identify installed analysis tools by registry key.Stores JavaScript or a script command in the registry, likely for persistence or configuration.Installs itself for autorun at Windows startup.Creates a registry key or value with NUL characters to avoid detection with regedit.Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config.
#TROJAN POWELIKS REMOVAL MCAFEE CODE#
Executed a process and injected code into it, probably while unpacking.Detects SunBelt Sandbox through the presence of a library.Detects Sandboxie through the presence of a library.Detects VirtualBox through the presence of a library.The binary likely contains encrypted or compressed data.Reads data out of its own binary image.Attempts to connect to a dead IP:Port (146 unique times).
0 kommentar(er)
