Closed jowabels closed 9 years ago
brad-sp
commented
9 years ago We don't have a regsvr option, we have a regsvr package. I tested your sample with the regsvr package and it works just fine. FWIW it also works fine without the regsvr package -- there aren't any exports for the DLL and apparently no process name checks.
MerX1030
commented
9 years ago Tried executing the sample in Windows 7 environment using regsvr package and got an empty bson in the logs. So no APIs were displayed in the Behavioral Analysis section. Is that what you were experiencing? In my case, the analysis seems to have terminated abruptly even though the sample is still running. Then I got an empty bson. http://pastebin.com/uMx5JKCr
MerX1030
commented
9 years ago Hahaha. I was using an old version of cuckoomon and loaders. I thought I copied them to the correct machine. I got confused and copied them on another instead. Sorry bout that. Sample works fine now on my side. Kindly verify on your side.
jowabels
commented
9 years ago I see. Thanks for the info!
Hi!
There seems to be an issue on submitting a .DLL sample with "regsvr" option, as it does not produce the expected behavior of the malware. Sample was verified to work beforehand on VM using regsvr32.exe. Hoping you could help shed the light on the matter. Below are the file details. Thanks.
SHA1: 3b2143b70a79f4fe325aab9fdc4befff53316a8a MD5: ef57bfad6bc622ccbd0bb5963910e7ec