This section lists file attributes found within family samples. These attributes are extracted
from the files’ Windows PE (Portable Executable) specification and various system flags. Portable
Executable Attributes give malware researchers insight into a file’s functionality, executable details,
platform and runtime environment.
File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
Show More
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates
icons commonly associated with legitimate software to mislead users into believing the malware is
safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version
information data structure for samples within this family. To mislead users, malware actors often add
fake version information mimicking legitimate software.
Name
Value
File Description
Amazon Browser Bar
File Version
1.0
I W Build Date
20130904T144534
I W Keyword
distro-amzn-opencandy-rs
I W Version
2.3.7
Product Name
Amazon Browser Bar
Product Version
1.0
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this
family. File system activity can provide valuable insight into how malware functions on the operating
system.
This section lists registry keys and values that were created, modified and/or deleted by
samples in this family. Windows Registry activity can provide valuable insight into malware
functionality. Additionally, malware often creates registry values to allow itself to automatically
start and indefinitely persist after an initial infection has compromised the system.
This section lists Windows API calls that are used by the samples in this family. Windows API
usage analysis is a valuable tool that can help identify malicious activity, such as keylogging,
security privilege escalation, data encryption, data exfiltration, interference with antivirus software,
and network request manipulation.
Category
API
Process Shell Execute
CreateProcess
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows
Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security
privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data,
and hide malicious activity.
Please DO NOT use this comment system for support or billing questions.
For SpyHunter technical support requests, please contact our technical support team
directly by opening a customer support ticket
via your SpyHunter. For billing issues, please refer to our "Billing
Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our
"Inquiries and Feedback" page.
Enigmasoftware.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.
