| WRITES_TO_PROCESS_STACK_MEMORY | 0 |
| BUFFER_INSIDE_WRITES_COUNT | 0 |
| REFERENCES_TO_PROCESS_INTERNALS | 2 |
| BUFFER_OUTSIDE_WRITES_COUNT | 7 |
| FAR_JUMPS_COUNT | 0 |
| FULLY_INITIALIZED_INSTRUCTIONS | 73 |
| PROVIDED_ABSOLUTE_MEMORY_ADDRESSES | 6 |
| PROC_CALLS_INSIDE_INV_BUFFER | 0 |
| BUFFER_OUTSIDE_READS_COUNT | 3 |
| UNDEFINED_DIRECT_CALLS | 0 |
| JUMPS_INSIDE_INV_BUFFER | 0 |
| CORRECTLY_PARSED_INSTRUCTIONS | 100 |
| MEMORY_MODIFYING_MATH_INSTRUCTIONS | 0 |
| BUFFER_INSIDE_READS_COUNT | 0 |
| SYSTEM_CALLS_COUNT | 0 |
| UNRECOGNIZED_CALL_TARGETS | 3 |
| REFERENCES_TO_PROCESS_IMPORTS | 0 |
| CORRECT_PROCEDURES_CALLS | 0 |
| EIP_RETRIEVAL_INSTRUCTIONS | 0 |
| JUMPS_TO_PROCESS_INTERNALS | 0 |
| EXECUTED_ARITHMETIC_INSTRUCTIONS | 17 |
| CALLS_TARGETED_IMPORTS_SECTION | 0 |
| UNRECOGNIZED_JUMP_TARGETS | 0 |
| CONSEQUENT_SINGLE_BYTE_INSTRUCTIONS | 4 |
| REFERENCES_TO_PROCESS_EXPORTS | 0 |
| EXECUTES_BITS_OPERATING_INSTRUCTIONS | 0 |
| IMMEDIATE_OPERANDS_INSTRUCTIONS | 0 |
| INDIRECT_BUFFER_REFERENCES | 1 |
| MAX_WRITTEN_MEMORY_BLOCK | 0 |
| CORRECTLY_EXECUTED_INSTRUCTIONS | 76 |
| READS_FROM_PROCESS_STACK_MEMORY | 4 |
| CALLS_TARGETED_EXPORTS_SECTION | 0 |
| FSUB DS:[EDI + 0x61] (0x00000061) | |
| ADC BL (0x00),CL (0x00) | |
| INC ESP (0x09A1752F) | |
| POP ESI (0x00000000) | |
| SUB DS:[EAX - 0x9BC1031] (0xF643EFCF),ESI (0x00000000) | ;random write instruction |
| LODSD | |
| DEC EDX (0x00000000) | |
| OUT DX (0xFFFF),AL (0xDC) | |
| XCHG EDX (0xFFFFFFFF),EAX (0x676167DC) | |
| OR EAX (0xFFFFFFFF),0xF4D87CCA | |
| MOVSD ES:[EDI] (0x00000000),DWORD DS:[ESI] (0x00000004) | ;random read instruction |
| DEC ECX (0x00000000) | |
| ADC DH (0x67),DH (0x67) | |
| SUB FS:[EBX + 0x69] (0x09A4A8B9),BH (0x00) | |
| ADC BL (0x00),DS:[EDX - 0x64] (0x6761CE78) | ;random read instruction |
| INS ES:[EDI] (0x00000000),DX (0xCEDC) | |
| MOV ECX (0xFFFFFFFF),0xC9C52BF1 | |
| SBB DS:[EBP - 0x74] (0xFFFFFF8C),DH (0xCE) | ;random write instruction |
| XLAT | |
| SBB [0x5AAF83E9] (0x5AAF83E9),EDI (0x00000000) | ;random write instruction |
| PUSH EDI (0x00000000) | |
| CLI | |
| OUT 0xC6,AL (0xFF) | |
| SUB EBX (0x00000000),DS:[ECX + 0x4A] (0xC9C52C3B) | ;random read instruction |
| MOV BH (0x00),0x1D | |
| CMC | |
| INTO | |
| CALL d546:e85cd384 (0xFD5ED384) | |
| FSUB DS:[EDI + 0x61] (0x00000061) | |
| ADC BL (0x00),CL (0xF1) | |
| INC ESP (0x09A17530) | |
| POP ESI (0x00000004) | |
| SUB DS:[EAX - 0x9BC1031] (0xF643EFCE),ESI (0x00000000) | ;random write instruction |
| LODSD | |
| DEC EDX (0x6761CEDC) | |
| OUT DX (0xCEDB),AL (0xDC) | |
| XCHG EDX (0x6761CEDB),EAX (0x676167DC) | |
| OR EAX (0x6761CEDB),0xF4D87CCA | |
| MOVSD ES:[EDI] (0x00000000),DWORD DS:[ESI] (0x00000004) | ;random read instruction |
| DEC ECX (0xC9C52BF1) | |
| ADC DH (0x67),DH (0x67) | |
| SUB FS:[EBX + 0x69] (0x09A4C6AA),BH (0x1D) | |
| ADC BL (0xF1),DS:[EDX - 0x64] (0x6761CE78) | ;random read instruction |
| INS ES:[EDI] (0x00000000),DX (0xCEDC) | |
| MOV ECX (0xC9C52BF0),0xC9C52BF1 | |
| SBB DS:[EBP - 0x74] (0xFFFFFF8C),DH (0xCE) | ;random write instruction |
| XLAT | |
| SBB [0x5AAF83E9] (0x5AAF83E9),EDI (0x00000000) | ;random write instruction |
| PUSH EDI (0x00000000) | |
| CLI | |
| OUT 0xC6,AL (0xDB) | |
| SUB EBX (0x00001DF1),DS:[ECX + 0x4A] (0xC9C52C3B) | ;random read instruction |
| MOV BH (0x1D),0x1D | |
| CMC | |
| INTO | |
| CALL d546:e85cd384 (0xFD5ED384) | |
| FSUB DS:[EDI + 0x61] (0x00000061) | |
| ADC BL (0xF1),CL (0xF1) | |
| INC ESP (0x09A17531) | |
| POP ESI (0x00000004) | |
| SUB DS:[EAX - 0x9BC1031] (0xEE3DEEAA),ESI (0x00000000) | ;random write instruction |
| LODSD | |
| DEC EDX (0x6761CEDC) | |
| OUT DX (0xCEDB),AL (0xDC) | |
| XCHG EDX (0x6761CEDB),EAX (0x676167DC) | |
| OR EAX (0x6761CEDB),0xF4D87CCA | |
| MOVSD ES:[EDI] (0x00000000),DWORD DS:[ESI] (0x00000004) | ;random read instruction |
| DEC ECX (0xC9C52BF1) | |
| ADC DH (0x67),DH (0x67) | |
| SUB FS:[EBX + 0x69] (0x09A4C69B),BH (0x1D) | ; Address 0x09A4C69B is process internal [suspicious memory write instruction] |
| ADC BL (0xE2),DS:[EDX - 0x64] (0x6761CE78) | ;random read instruction |
| INS ES:[EDI] (0x00000000),DX (0xCEDC) | |
| MOV ECX (0xC9C52BF0),0xC9C52BF1 | |
| SBB DS:[EBP - 0x74] (0xFFFFFF8C),DH (0xCE) | ;random write instruction |
| XLAT | |
| SBB [0x5AAF83E9] (0x5AAF83E9),EDI (0x00000000) | ;random write instruction |
| PUSH EDI (0x00000000) | |
| CLI | |
| OUT 0xC6,AL (0xDB) | |
| SUB EBX (0x00001DE2),DS:[ECX + 0x4A] (0xC9C52C3B) | ;random read instruction |
| MOV BH (0x1D),0x1D | |
| CMC | |
| INTO | |
| CALL d546:e85cd384 (0xFD5ED384) | |
| FSUB DS:[EDI + 0x61] (0x00000061) | |
| ADC BL (0xE2),CL (0xF1) | |
| INC ESP (0x09A17532) | |
| POP ESI (0x00000004) | |
| SUB DS:[EAX - 0x9BC1031] (0xEE3DEEAA),ESI (0x00000000) | ;random write instruction |
| LODSD | |
| DEC EDX (0x6761CEDC) | |
| OUT DX (0xCEDB),AL (0xDC) | |
| XCHG EDX (0x6761CEDB),EAX (0x676167DC) | |
| OR EAX (0x6761CEDB),0xF4D87CCA | |
| MOVSD ES:[EDI] (0x00000000),DWORD DS:[ESI] (0x00000004) | ;random read instruction |
| DEC ECX (0xC9C52BF1) | |
| ADC DH (0x67),DH (0x67) | |
| SUB FS:[EBX + 0x69] (0x09A4C68C),BH (0x1D) | ; Address 0x09A4C68C is process internal [suspicious memory write instruction] |
| ADC BL (0xD3),DS:[EDX - 0x64] (0x6761CE78) | ;random read instruction |
| INS ES:[EDI] (0x00000000),DX (0xCEDC) | |
No comments:
Post a Comment