Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_LO AD_CONFIG is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_BA SERELOC is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_RE SOURCE is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IM PORT is in. PE file contains a valid data directory to section mapping Static PE information: TERMINAL_S ERVER_AWAR E, DYNAMIC _BASE, NX_ COMPAT
Static PE information: certificat e validĬontains modern PE file flags such as dynamic base (ASLR) or NX Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiersįile read: C:\Users\u ser\Deskto p\fireshot -firefox-p lugin.exe text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section
Source: fireshot-c hrome-plug in.exe.0.d rĬontains functionality to load and extract PE file embedded resourcesĬode function: 0_2_001347 A0 LoadLib raryExA,Fi ndResource ExA,FindRe sourceExA, FindResour ceExA,Load Resource,L ockResourc e,SizeofRe source,Fre eLibrary,įile created: C:\Users\u ser\Deskto p\native-f ireshot.lo g Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Source: C:\Users\u ser\Deskto p\fireshot -firefox-p lugin.exeįound potential string decryption / allocating functionsĬode function: String fun ction: 001 3C140 appe ars 57 tim esĬode function: String fun ction: 001 34120 appe ars 32 tim es String found in binary or memory: / CPS0D String found in binary or memory: tfireshot. String found in binary or memory: p.sectigo. String found in binary or memory: p.comodoca.
sectigo.c om/Sectigo RSATimeSta mpingCA.cr t0# sectigo.c om/Sectigo RSATimeSta mpingCA.cr l0t com/COMODO RSACertifi cationAuth ority.crl0 q