AV Voice Changer Software Diamond 4.0 serial key or number
AV Voice Changer Software Diamond 4.0 serial key or number
ROGER FORBES
Av Voice Changer Software Diamond 7.0.29 Crack > http://geags.com/1b5vc8
a757f658d7 AV Voice Changer Software Diamond 7.0.29 .. Results 1 - 50 of 10000 . AV Voice Changer Software Diamond 7.0.53 + Crack Download www.crackzinn.com//AV+Voice+Changer+Software+DIAMOND+7.0.29/.. Jul 27, 2018 . Version Softwares. Home PC Softwares-A PC Softwares-V Voice Changers . av voice changer diamond 7.0.29 full with crack. . avast.. AV Voice Changer Diamond 7.0.29 + Crack[h33t]. 7.0 is the latest edition in the VOICE CHANGER SOFTWARE niklasberg. Audio4Fun AV Voice Changer.. 26 2010 . AV Voice Changer Software Diamond 7.0.29 Voice Changer Diamond Edition - .. Huntington, audio4fun av voice changer diamond 7.0.29 crack rh,Mnh thy bn vozfozum hng . SOUNDCLOUD BOT^VINE BOTWEHEART IT BOT^SOFTWARE.. AV Voice Changer Software 7.0.29. 2301012. Serialkey preview: 121gs-26sgA-GH5 . Added: 22-07-2015; Downloaded: 130 times; Rating: 19 %; Submitted by:.. Sep 11, 2010 . Beginner Hacking-AV Voice Changer Software Diamond Edition 7.0.29. . It's an excellent site for cracked wares, ect, but be carful, as in any.. Download Audio4fun av voice changer diamond 7.0.29 crack [rh]. AV Voice Changer Software Diamond - Free download and software. The Smartphone-like.. AV Voice Changer Software Diamond is useful for users who want to be the Voice Master of Media in cyberspace. They can use it to have fun while chatting.. Free AV Voice Changer Software Gold 7.0.29 Download. . You cannot download any crack or serial number for AV Voice Changer Software Gold on this page.. AV Voice Changer Software Diamond . Audio4Fun AV Voice Changer Diamond 7.0.29 + Crack[H33T . Download Audio4Fun.. Aug 25, 2017 . Av,voice,changer,diamond,7.0,29,serial,keygen Convert,,Av,,Voice,,Changer,,Diamond,,Edition,,7.0.29,,trail,,version,,to,,full,,software AV,,Voice.. Av voice changer software diamond. 7.0.29 + crack. Get file. Voice changer 7.0 diamond serial keygen. Audio4fun av voice changer software diamond,ses.. Av Voice Changer Software Diamond 4.0 serial keygen Esco Wallpaper Changer serials . Av-voice-changer-software 7.0.29 serial keygen Automatic Photo.. AV.Voice.Changer.DIAMOND.v4.0.54-With AV Addons and Keygen (13.8 MB). AV.Voice.Changer.DIAMOND.v4.0.54-With AV Addons and.. Sep 13, 2015 - 2 min - Uploaded by Jeffrey JenkinsDownload Voice Changer Software 7.0.62 for free at: atomrepack.com Thanks for watching .. Voice Changer Software .. Results 1 - 20 of 12000 . AV RingtoneMAX Download Audio4Fun AV Voice Changer Diamond + Crack. If AV. Page "Free av voice changer software v7 0 56.. 201841 . Muflas grover .av voice changer software diamond 7.0.29 youtube. Muflas grover diphyletic, sus static a vice city no cd crack 1.0 apret crack.
Audio4Fun AV Voice Changer Software Diamond 8.0.24.exe
This report is generated from a file or URL submitted to this webservice on December 20th 2017 22:50:57 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v7.20 © Hybrid Analysis
Incident Response
- Remote Access
- Reads terminal service related keys (often RDP related)
- Persistence
- Spawns a lot of processes
Writes data to a remote process - Fingerprint
- Reads the active computer name
Reads the cryptographic machine GUID
Reads the windows installation language - Network Behavior
- Contacts 2 domains and 1 host. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
Malicious Indicators 9
- External Systems
- General
- Installation/Persistance
- Scans for the windows taskbar (often used for explorer injection)
- details
- "<Input Sample>" searching for class "Shell_TrayWnd"
- source
- API Call
- relevance
- 5/10
- Writes data to a remote process
- details
- "<Input Sample>" wrote 1500 bytes to a remote process "C:\Program Files (x86)\Common Files\~cirioza.ibo" (Handle: 312)
"<Input Sample>" wrote 4 bytes to a remote process "C:\Program Files (x86)\Common Files\~cirioza.ibo" (Handle: 312)
"<Input Sample>" wrote 8 bytes to a remote process "C:\Program Files (x86)\Common Files\~cirioza.ibo" (Handle: 312)
"<Input Sample>" wrote 32 bytes to a remote process "C:\Program Files (x86)\Common Files\~cirioza.ibo" (Handle: 312)
"<Input Sample>" wrote 52 bytes to a remote process "C:\Program Files (x86)\Common Files\~cirioza.ibo" (Handle: 312)
"~cirioza.ibo" wrote 32 bytes to a remote process "%TEMP%\GLBA379.tmp" (Handle: 100)
"~cirioza.ibo" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\GLBA379.tmp" (Handle: 100)
"~cirioza.ibo" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\GLBA379.tmp" (Handle: 100)
"~cirioza.ibo" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\GLBA379.tmp" (Handle: 100)
"drvinst.exe" wrote 32 bytes to a remote process "C:\PROGRA~2\AVVOIC~1.0DI\driver\_inst64.exe" (Handle: 332)
"drvinst.exe" wrote 52 bytes to a remote process "C:\PROGRA~2\AVVOIC~1.0DI\driver\_inst64.exe" (Handle: 332)
"drvinst.exe" wrote 4 bytes to a remote process "C:\PROGRA~2\AVVOIC~1.0DI\driver\_inst64.exe" (Handle: 332)
"drvinst.exe" wrote 8 bytes to a remote process "C:\PROGRA~2\AVVOIC~1.0DI\driver\_inst64.exe" (Handle: 332) - source
- API Call
- relevance
- 6/10
- Scans for the windows taskbar (often used for explorer injection)
- Unusual Characteristics
- Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
Suspicious Indicators 29
- Anti-Detection/Stealthyness
- Anti-Reverse Engineering
- PE file has unusual entropy sections
- details
- UPX1
.rsrc
UPX1 with unusual entropies 7.92916516098
7.99998183807
7.91571104959 - source
- Static Parser
- relevance
- 10/10
- PE file is packed with UPX
- details
- "3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe.bin" has a section named "UPX0"
"3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe.bin" has a section named "UPX1"
"~GLH00d6.TMP" has a section named "UPX0"
"~GLH00d6.TMP" has a section named "UPX1"
"~GLH00d6.TMP" has a section named "UPX2" - source
- Static Parser
- relevance
- 10/10
- PE file has unusual entropy sections
- Environment Awareness
- Reads the active computer name
- details
- "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"GLBA379.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"_inst64.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME") - source
- Registry Access
- relevance
- 5/10
- Reads the cryptographic machine GUID
- details
- "_inst64.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
- Reads the active computer name
- General
- Opened the service control manager
- details
- "GLBA379.tmp" called "OpenSCManager" requesting access rights "0XE0000000L"
"GLBA379.tmp" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"GLBA379.tmp" called "OpenSCManager" requesting access rights "SC_MANAGER_ALL_ACCESS" (0xf003f)
"_inst64.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1) - source
- API Call
- relevance
- 10/10
- Reads configuration files
- details
- "<Input Sample>" read file "%PROGRAMFILES%\(x86)\desktop.ini"
"<Input Sample>" read file "%USERPROFILE%\Desktop\desktop.ini" - source
- API Call
- relevance
- 4/10
- Requested access to a system service
- details
- "GLBA379.tmp" called "OpenService" to access the "PcaSvc" service
"_inst64.exe" called "OpenService" to access the "CryptSvc" service
"_inst64.exe" called "OpenService" to access the "ServicesActive" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
"_inst64.exe" called "OpenService" to access the "gpsvc" service - source
- API Call
- relevance
- 10/10
- Sent a control code to a service
- details
- "_inst64.exe" called "ControlService" and sent control code "0X400" to the service "CryptSvc"
"_inst64.exe" called "ControlService" and sent control code "0X40" to the service "gpsvc"
"_inst64.exe" called "ControlService" and sent control code "0X168" to the service "gpsvc" - source
- API Call
- relevance
- 10/10
- Opened the service control manager
- Installation/Persistance
- Drops executable files
- details
- "GLCA9F2.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~GLH0000.TMP" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~GLH0004.TMP" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~GLH00d6.TMP" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows UPX compressed"
"GLBA379.tmp" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"~GLH00c2.TMP" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~GLH00c3.TMP" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"~GLH00c4.TMP" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Extracted File
- relevance
- 10/10
- Drops executable files
- Network Related
- Found potential IP address in binary/memory
- details
- "0.03.0.250"
Heuristic match: "[4.5.2.82, 09/06/00]"
Heuristic match: "File Copy: %PROGRAMFILES%\(x86)\AV Voice Changer 8.0 Diamond\UNWISE.EXE | 11-21-2007 | 04:38:04 | 10.3.0.250 | 161344 | 9a3331d4"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\VCSBGMixer.dll | 11-03-2014 | 19:12:12 | 1.0.0.1 | 155648 | aafefa07"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\VcsComparator.dll | 11-03-2014 | 19:17:00 | 4.0.24.0 | 409600 | e095a040"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\VcsControl.dll | 11-03-2014 | 19:17:02 | 4.0.24.0 | 757760 | 1331aebd"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\VcsCore.exe | 11-03-2014 | 19:17:04 | 4.0.24.0 | 459776 | e762f762"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\VcsFeedback.exe | 11-03-2014 | 19:17:02 | 1.0.0.1 | 160768 | 62ff4160"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\vcsfmctrl.dll | 11-03-2014 | 19:12:32 | 1.0.0.1 | 335872 | a8ce0349"
Heuristic match: "File Copy: C:\Program Files (x86)\AV Voice Changer 8.0 Diamond\VcsFMorpher.dll | 11-03-2014 | 19:02:40 | 9.9.99.0 | 225280 | b500ecce" - source
- String
- relevance
- 3/10
- Found potential IP address in binary/memory
- Remote Access Related
- Reads terminal service related keys (often RDP related)
- details
- "~cirioza.ibo" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
"GLBA379.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
"drvinst.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED") - source
- Registry Access
- relevance
- 10/10
- Reads terminal service related keys (often RDP related)
- System Destruction
- Marks file for deletion
- details
- "C:\3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe" marked "%TEMP%\aut91B7.tmp" for deletion
"C:\3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\kscreht" for deletion
"C:\3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\aut91F6.tmp" for deletion
"C:\3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe" marked "C:\Program Files (x86)\Common Files\~cirioza.ibo" for deletion
"%PROGRAMFILES%\(x86)\Common Files\~cirioza.ibo" marked "C:\Users\%USERNAME%\AppData\Local\Temp\GLBA379.tmp" for deletion
"%TEMP%\GLBA379.tmp" marked "C:\Users\%USERNAME%\AppData\Local\Temp\GLWC1C1.tmp" for deletion
"%TEMP%\GLBA379.tmp" marked "C:\Users\%USERNAME%\AppData\Local\Temp\GLBC5AA.tmp" for deletion
"%TEMP%\GLBA379.tmp" marked "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5BC.tmp" for deletion
"%TEMP%\GLBA379.tmp" marked "C:\Windows\SysWOW64\GLBSINST.%$D" for deletion
"%TEMP%\GLBA379.tmp" marked "C:\Users\%USERNAME%\AppData\Local\Temp\GLBSINST.%$D" for deletion
"%TEMP%\GLBA379.tmp" marked "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5CD.tmp.rtf" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\SETFDF2.tmp" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\SETFE12.tmp" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\amd64\SETFE23.tmp" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\amd64\vcsvad.sys" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\amd64" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\vcsamd64.cat" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}\vcsvad.inf" for deletion
"%PROGRAMFILES(X86)%\AVVOIC~1.0DI\driver\_inst64.exe" marked "C:\Users\%USERNAME%\AppData\Local\Temp\{25120894-eec6-11af-2d13-864656d29a61}" for deletion - source
- API Call
- relevance
- 10/10
- Opens file with deletion access rights
- details
- "<Input Sample>" opened "%TEMP%\aut91B7.tmp" with delete access
"<Input Sample>" opened "C:\Users\%USERNAME%\AppData\Local\Temp\kscreht" with delete access
"<Input Sample>" opened "C:\Users\%USERNAME%\AppData\Local\Temp\aut91F6.tmp" with delete access
"<Input Sample>" opened "C:\Program Files (x86)\Common Files\~cirioza.ibo" with delete access
"~cirioza.ibo" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLBA379.tmp" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLWC1C1.tmp" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLBC5AA.tmp" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5BC.tmp" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\~GLH0000.TMP" with delete access
"GLBA379.tmp" opened "C:\Windows\SysWOW64\GLBSINST.%$DāsퟴHȚ䫿矐紘Y" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLBSINST.%$D" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5CD.tmp.rtf" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\~GLH0001.TMP" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5CE.tmp.rtf" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\~GLH0002.TMP" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5CF.tmp.xml" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\~GLH0003.TMP" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\GLFC5D0.tmp.dll" with delete access
"GLBA379.tmp" opened "C:\Users\%USERNAME%\AppData\Local\Temp\~GLH0004.TMP" with delete access - source
- API Call
- relevance
- 7/10
- Marks file for deletion
- System Security
- Modifies Software Policy Settings
- details
- "_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS")
"_inst64.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS") - source
- Registry Access
- relevance
- 10/10
- Modifies proxy settings
- details
- "GLBA379.tmp" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"GLBA379.tmp" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS") - source
- Registry Access
- relevance
- 10/10
- Queries sensitive IE security settings
- details
- "GLBA379.tmp" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
- source
- Registry Access
- relevance
- 8/10
- Modifies Software Policy Settings
- Unusual Characteristics
- CRC value set in PE header does not match actual value
- details
- "GLCA9F2.tmp" claimed CRC 183306 while the actual is CRC 18711806
"~GLH0000.TMP" claimed CRC 67966 while the actual is CRC 183306 - source
- Static Parser
- relevance
- 10/10
- Entrypoint in PE header is within an uncommon section
- details
- "3635174517d3c788bf819f4c5f0b08094b30095d30bf2be78e7223ef6a6f5a57.exe.bin" has an entrypoint in section "UPX1"
"~GLH00d6.TMP" has an entrypoint in section "UPX1" - source
- Static Parser
- relevance
- 10/10
- Imports suspicious APIs
- details
- IcmpSendEcho
VirtualProtect
GetProcAddress
VirtualAlloc
LoadLibraryA
FtpOpenFileW
connect
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyA
RegEnumKeyExA
StartServiceA
RegDeleteValueA
GetFileAttributesA
GetDriveTypeA
GetTempPathA
WriteFile
DeviceIoControl
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
GetTickCount
GetVersionExA
GetStartupInfoA
OpenProcess
CreateDirectoryA
DeleteFileA
FindFirstFileA
GetTempFileNameA
FindNextFileA
TerminateProcess
CreateFileA
GetCommandLineA
GetModuleHandleA
CreateProcessA
Sleep
ShellExecuteExA
CreateServiceA
CopyFileA
RegCreateKeyA
GetLastActivePopup
FindWindowExA
SetWindowsHookExA
OpenProcessToken
WinExec - source
- Static Parser
- relevance
- 1/10
- Installs hooks/patches the running process
- details
- "<Input Sample>" wrote bytes "c0dfbc771cf9bb77ccf8bb770d64bd7700000000c011d67600000000fc3ed67600000000e013d676000000009457cb7625e0bc77c6e0bc7700000000bc6aca7600000000cf31d676000000009319cb76000000002c32d67600000000" to virtual address "0x75601000" (part of module "NSI.DLL")
- CRC value set in PE header does not match actual value
Audio4fun.com
What’s New in the AV Voice Changer Software Diamond 4.0 serial key or number?
Screen Shot
System Requirements for AV Voice Changer Software Diamond 4.0 serial key or number
- First, download the AV Voice Changer Software Diamond 4.0 serial key or number
-
You can download its setup from given links: