Reads data out of its own binary image Show sources
| api_process_name | process: 3b6779ad0ca05cd82c7448c259711cb2f3ad2add.exe, pid: 2568, offset: 0x00000000, length: 0x000933f0 |
Network activity detected but not expressed in API logs
Installs itself for autorun at Windows startup Show sources
| registry_write | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs |
| data | C:\PROGRA~1\COMMON~1\System\symsrv.dll |
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |