Name BINRES RVA 0x11c50 Size 0x2400 Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows Language Neutral Name BINRES RVA 0x11c18 Size 0x37 Type ASCII text, with CRLF line terminators Language Neutral Name BINRES RVA 0x11870 Size 0x3a6 Type ASCII text, with CRLF line terminators Language Neutral Name BINRES RVA 0x115f0 Size 0x280 Type ASCII text, with CRLF line terminators Language Neutral Name BINRES RVA 0x11494 Size 0x15a Type ASCII text, with CRLF line terminators Language Neutral Name BINRES RVA 0x11174 Size 0x31e Type ASCII text, with CRLF line terminators Language Neutral Name BINRES RVA 0x11060 Size 0x112 Type ASCII text, with CRLF line terminators Language Neutral Name BINRES RVA 0xf430 Size 0x1c2f Type ASCII text, with CRLF line terminators Language English tls Entropy 0 Virtual Address 0xc000 Virtual Size 0x8 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e Name BSS Entropy 0 Virtual Address 0xa000 Virtual Size 0圆91 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e Reads terminal service related keys (often RDP related) ![]() Remote desktop is a common feature in operating systems. ![]() Reads the registry for installed applications ![]() Reads information about supported languages Opens the Kernel Security Device Driver (KsecDD) of WindowsĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |