![]() We found a PE file, some ActiveX control objects, and two text files.Checking we find that it is a CAB SFX file.When we check the script, we see it launches cmd in the minimized state, then goes to the temp folder where WinRAR will extract the files, then tries to find the file, which is present inside the folder and executes it using wmic and then exits. ![]() The bat file also has the same name as the benign file outside the folder.When we look inside the folder, we see many files, but the most important file is highlighted, which is a bat file containing a malicious script.Also, note there is a trailing space at the end of the file and folder name (in yellow). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |