Ond Keylogger
Download
INFECTED INFECTED INFECTED INFECTED
INFECTED INFECTED INFECTED INFECTED
INFECTED INFECTED INFECTED INFECTED
~Uses .NET APIS yet the File is Native
~Original file name PE Explorer.exe
~Never has been scanned before on Virus Total
~Graftor Detection's on VT
~Does not import any .NET APIs
Sandbox Report:
!Copies it self in the C: Drive:
C:\OndKeylogger.exe
then copies to %WINDIR%\SysWOW64\svchost.exe
As svchost.exe (Fake service host process by Microsoft)
!Connects to a remote adress:
IP:
79.49.182.207
PORT:
2404
!Reads System Information
Sus. API Import:
VirtualProtect
GetProcAddress
LoadLibraryA
RegOpenKeyA
!DNS:
calcio886.duckdns.org
URL STRINGS:
www.youtube.com/watch?v=9bZkp7q19f0
++
~~ Much Love From ObbedCode ~~
Always RUN Files in a Sandbox / Virtual Machine
Users browsing this thread: and 1 guests