Malware

This information concerns the security of your account (SCAM)

NUNCA HAY QUE HACER CASO A ESTE TIPO DE CORREOS SON UN TIMO. Esto ha llegado hoy a mi correo: Hi! I am a hacker who has access to your operating system. I also have full access to your account: At the time of hacking your account(@gmail.com) had this password: You can say: this is my, but old password! Or: I can change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I’ve been watching you for a few […]

Process Monitor v3.40

Introduction Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Download https://docs.microsoft.com/es-es/sysinternals/downloads/procmon

FLOSS – FireEye Labs Obfuscated String Solver

The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries. Quick Run To try FLOSS right away, download a standalone executable file from the releases page: https://github.com/fireeye/flare-floss/releases For a detailed description of installing FLOSS, review the documention here. Standalone nightly builds: Windows 64bit: here Windows 32bit: here Linux: here OSX: here

Process Monitor v3.32

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. For more information https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

Vault 7: CIA Hacking Tools Revealed

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking […]

Virus WinRARw.exe – ispyu.exe – Ice Software

Antivirus Resultado Actualización Bkav W32.FamVT.RazyNHmA.Trojan 20161229 CrowdStrike Falcon (ML) malicious_confidence_91% (D) 20161024 Invincea worm.win32.gamarue.an 20161216 Kaspersky UDS:DangerousObject.Multi.Generic 20161230 Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20161230 Symantec Heur.AdvML.B 20161230

Windows services (detailed)

 

Windows processes

pestudio

pestudio is an application that performs Malware Initial Assessment of any executable file (*.exe, *.dll, *.sys, *.cpl, etc…). Malicious executable often attempts to hide its malicious intents and to evade detection. In doing so, it generally presents suspicious patterns and other anomalies. The goal of pestudio is to detect these and to provide indicators about the executable being analyzed in order to ease malware initial assessment. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk. Download https://www.winitor.com/