text section and no other executable section text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READĬlassification label: mal92.evad functionality to load and extract PE file embedded resourcesĬode function: 0_2_001B10 37 GetModu leHandleA, FindResour ceA,Sizeof Resource,L oadResourc e,VirtualA lloc,RtlMo veMemory,G etTempPath A,lstrcatA ,LoadLibra ryA,GetPro cAddress,F reeLibrary ,DeleteFil eA,įile created: C:\Users\u ser\AppDat a\Local\Te mp\dup2pat cher.dll
#Bluebeam revu standard v 10 code#
text section which is very likely to contain packed code (zlib compression ratio < 0.3) reloc IMAG E_SCN_CNT_ INITIALIZE D_DATA, IM AGE_SCN_ME M_WRITE, I MAGE_SCN_M EM_READ exe, refe rence = Di sclosed CN Honker Pe ntest Tool set, licen se = https ://creativ ecommons.o rg/license s/by-nc/4. Matched rule: CN_Honker_ Acunetix_W eb_Vulnera bility_Sca nner_8_x_E nterprise_ Edition_Ke yGen date = 2015-06- 23, author = Florian Roth, des cription = Sample fr om CN Honk er Pentest Toolset - file Acun etix_Web_V ulnerabili ty_Scanner _8.x_Enter prise_Edit ion_KeyGen.
Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename vs bluebeam.r evu.extrem e.2018.2-M PT.exe Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Source: bluebeam.r evu.extrem e.2018.2-M PT.exe revu.extr eme.2018.2 -MPT.exeĬode function: 0_2_6DA219 7E GetWind owLongA,Ge tWindowLon gA,SendMes sageA,SetC apture,Get WindowRect ,GetWindow LongA,GetW indowLongA ,SendMessa geA,Releas eCapture,S etCapture, GetWindowL ongA,GetWi ndowLongA, SendMessag eA,GetWind owLongA,Ge tWindowLon gA,SendMes sageA,GetW indowRect, GetParent, GetDlgCtrl ID,SendMes sageA,Rele aseCapture ,NtdllDefW indowProc_ A,Ĭode function: 0_2_6DA21A DB NtdllDe fWindowPro c_A, Source: C:\Users\u ser\Deskto p\bluebeam.
text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_INITIALI ZED_DATA, IMAGE_SCN_ MEM_WRITE, IMAGE_SCN _CNT_CODE, IMAGE_SCN _MEM_READĬontains functionality to call native functions Source: 0.2.bluebe am.revu.ex treme.2018.
Source: 0.0.bluebe am.revu.ex treme.2018. Matched rule: Sample fro m CN Honke r Pentest Toolset - file Acune tix_Web_Vu lnerabilit y_Scanner_ 8.x_Enterp rise_Editi on_KeyGen. Source: bluebeam.r evu.extrem e.2018.2-M PT.exe, ty pe: SAMPLE Malicious sample detected (through community Yara rule)