Information Discovery
Reads data out of its own binary image Show sources
| self_read | process: c596d3996b782414fa812a12d91ac6a23e393efd.exe, pid: 2724, offset: 0x00022a58, length: 0x00113c81 |
Static Anomaly
Anomalous binary characteristics Show sources
| anomaly | Actual checksum does not match that reported in PE header |
Hooking and other Techniques for Hiding Protection
Creates RWX memory