Automated Malware Analysis Report for Mousotronsetup

Total Page:16

File Type:pdf, Size:1020Kb

Automated Malware Analysis Report for Mousotronsetup ID: 68736 Sample Name: Mousotronsetup.exe Cookbook: default.jbs Time: 02:00:32 Date: 19/07/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Signature Overview 6 AV Detection: 6 Spreading: 6 Networking: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 System Summary: 6 Data Obfuscation: 7 Persistence and Installation Behavior: 7 Boot Survival: 7 Hooking and other Techniques for Hiding and Protection: 7 Malware Analysis System Evasion: 7 Anti Debugging: 8 HIPS / PFW / Operating System Protection Evasion: 8 Language, Device and Operating System Detection: 8 Behavior Graph 8 Simulations 9 Behavior and APIs 9 Antivirus Detection 9 Initial Sample 9 Dropped Files 9 Unpacked PE Files 9 Domains 9 URLs 9 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 Dropped Files 10 Screenshots 11 Startup 11 Created / dropped Files 11 Contacted Domains/Contacted IPs 14 Contacted Domains 14 Contacted IPs 14 Static File Info 14 General 14 File Icon 15 Static PE Info 15 General 15 Entrypoint Preview 15 Copyright Joe Security LLC 2018 Page 2 of 31 Data Directories 16 Sections 16 Resources 17 Imports 17 Version Infos 17 Possible Origin 17 Network Behavior 18 Code Manipulations 18 Statistics 18 Behavior 18 System Behavior 18 Analysis Process: Mousotronsetup.exe PID: 3448 Parent PID: 3040 18 General 18 File Activities 19 File Created 19 File Deleted 19 File Written 19 File Read 19 Analysis Process: Mousotronsetup.tmp PID: 3472 Parent PID: 3448 20 General 20 File Activities 20 File Created 20 File Moved 21 File Written 21 File Read 23 Registry Activities 23 Key Created 23 Key Value Created 24 Analysis Process: Mousotron.exe PID: 3552 Parent PID: 3472 25 General 25 File Activities 25 Registry Activities 25 Key Value Created 25 Key Value Modified 25 Disassembly 31 Code Analysis 31 Copyright Joe Security LLC 2018 Page 3 of 31 Analysis Report Overview General Information Joe Sandbox Version: 23.0.0 Analysis ID: 68736 Start time: 02:00:32 Joe Sandbox Product: CloudBasic Start date: 19.07.2018 Overall analysis duration: 0h 7m 11s Hypervisor based Inspection enabled: false Report type: light Sample file name: Mousotronsetup.exe Cookbook file name: default.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies HCA enabled EGA enabled HDC enabled Analysis stop reason: Timeout Detection: SUS Classification: sus26.spyw.winEXE@5/11@0/0 EGA Information: Successful, ratio: 100% HDC Information: Successful, ratio: 52.7% (good quality ratio 44.5%) Quality average: 73.3% Quality standard deviation: 35.9% HCA Information: Successful, ratio: 57% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Correcting counters for adjusted boot time Found application associated with file extension: .exe Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Report size getting too big, too many NtQueryValueKey calls found. Detection Strategy Score Range Reporting Detection Threshold 26 0 - 100 Report FP / FN Confidence Copyright Joe Security LLC 2018 Page 4 of 31 Strategy Score Range Further Analysis Required? Confidence Threshold 2 0 - 5 true Classification Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook Copyright Joe Security LLC 2018 Page 5 of 31 Sample searches for specific file, try point organization specific fake files to the analysis machine Signature Overview • AV Detection • Spreading • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • System Summary • Data Obfuscation • Persistence and Installation Behavior • Boot Survival • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection Click to jump to signature section AV Detection: Antivirus detection for unpacked file Spreading: Enumerates the file system Contains functionality to enumerate / list files inside a directory Networking: Urls found in memory or binary data Key, Mouse, Clipboard, Microphone and Screen Capturing: Installs a global keyboard hook Contains functionality for read data from the clipboard Contains functionality to read the clipboard data Contains functionality to retrieve information about pressed keystrokes Installs a global mouse hook System Summary: Dropped file seen in connection with other malware Contains functionality to communicate with device drivers Contains functionality to shutdown / reboot the system Creates mutexes Detected potential crypto function Found potential string decryption / allocating functions PE file contains executable resources (Code or Archives) PE file contains strange resources Sample file is different than original file name gathered from version info Sample reads its own file content Classification label Copyright Joe Security LLC 2018 Page 6 of 31 Contains functionality to adjust token privileges (e.g. debug / backup) Contains functionality to check free disk space Contains functionality to instantiate COM classes Contains functionality to load and extract PE file embedded resources Creates files inside the program directory Creates files inside the user directory Creates temporary files Parts of this applications are using Borland Delphi (Probably coded in Delphi) Reads ini files Reads software policies Reads the Windows registered organization settings Spawns processes Uses an in-process (OLE) Automation server Reads the Windows registered owner settings Executable creates window controls seldom found in malware Found GUI installer (many successful clicks) Found graphical window changes (likely an installer) Found installer window with terms and condition text Creates a directory in C:\Program Files Creates a software uninstall entry Submission file is bigger than most known malware samples Contains modern PE file flags such as dynamic base (ASLR) or NX Data Obfuscation: Contains functionality to dynamically determine API calls PE file contains sections with non-standard names Uses code obfuscation techniques (call, push, ret) Persistence and Installation Behavior: Drops PE files Boot Survival: Stores files to the Windows start menu directory Hooking and other Techniques for Hiding and Protection: Contains functionality to check if a window is minimized (may be used to check if an application is visible) Extensive use of GetProcAddress (often used to hide API calls) Disables application error messsages (SetErrorMode) Malware Analysis System Evasion: Enumerates the file system Found dropped PE file which has not been started or loaded Found evasive API chain (date check) Found large amount of non-executed APIs Queries keyboard layouts Contains functionality to enumerate / list files inside a directory Contains functionality to query system information Program exit points Queries a list of all running processes Copyright Joe Security LLC 2018 Page 7 of 31 Anti Debugging: Checks for debuggers (devices) Contains functionality to check if a debugger is running (IsDebuggerPresent) Contains functionality to dynamically determine API calls HIPS / PFW / Operating System Protection Evasion: Contains functionality to launch a program with higher privileges Contains functionality to add an ACL to a security descriptor Contains functionality to create a new security descriptor May try to detect the Windows Explorer process (often used for injection) Language, Device and Operating System Detection: Contains functionality locales information (e.g. system language) Queries the volume information (name, serial number etc) of a device Contains functionality to create pipes for IPC Contains functionality to query local / system time Contains functionality to query the account / user name Contains functionality to query time zone information Contains functionality to query windows version Behavior Graph Hide Legend Behavior Graph Legend: ID: 68736 Sample: Mousotronsetup.exe Process Startdate: 19/07/2018 Architecture: WINDOWS Signature Score: 26 Created File DNS/IP Info Dropped file seen in Antivirus detection Is Dropped connection with other started for unpacked file malware Is Windows Process Number of created Registry Values Mousotronsetup.exe Number of created Files Visual Basic 2 Delphi dropped Java .Net C# or VB.NET C:\Users\HERBBL~1\...\Mousotronsetup.tmp, PE32 started C, C++ or other language Is malicious Mousotronsetup.tmp 29 24 dropped dropped C:\Program Files\Mousotron\is-MT9NN.tmp, PE32 C:\Program Files\Mousotron\is-VKG7F.tmp, PE32 started Mousotron.exe 12 Installs a global keyboard hook Copyright Joe Security LLC 2018 Page 8 of 31 Simulations Behavior and APIs Time Type Description 02:01:03 API Interceptor
Recommended publications
  • Inno Setup Preprocessor Help
    Inno Setup Preprocessor: Introduction Inno Setup Preprocessor (ISPP) is a preprocessor add-on for Inno Setup. The main purpose of ISPP is to automate compile-time tasks and decrease the probability of typos in your scripts. For example, you can declare an ISPP variable (compile-time variable) – your application name, for instance – and then use its value in several places of your script. If for some reason you need to change the name of your application, you'll have to change it only once in your script. Without ISPP, you would probably need to change all occurrences of your application name throughout the script (AppName, AppVerName, DefaultGroupName etc. [Setup] section directives). Another example of using ISPP would be gathering version information from your application by reading the version info of an EXE file, and using it in AppVerName [Setup] section directive or anywhere else. Without ISPP, you would have to modify your script each time version of your application changes. Also, conditional in- and exclusion of portions of script is made possible by ISPP: you can create one single script for different versions/levels of your applications (for example, trial versus fully functional). Finally, ISPP makes it possible to split long lines using a line spanning symbol. Note: ISPP works exclusively at compile-time, and has no run-time functionality. All topics Documentation Conventions Directives Functions Predefined Variables Line Spanning Example Script User Defined Macros ISPPBuiltins.iss Visibility of Identifiers Expression Syntax Extended Command Line Compiler Translation Current translation Inno Setup Preprocessor: Documentation Conventions Directive syntax documenting conventions Directive usage syntax uses the following conventions.
    [Show full text]
  • LOOT Documentation Release Latest
    LOOT Documentation Release latest WrinklyNinja Dec 02, 2017 Application Documentation 1 Introduction 1 2 Installation & Uninstallation3 3 Initialisation 5 4 The Main Interface 7 4.1 The Header Bar..............................................7 4.2 Plugin Cards & Sidebar Items......................................9 4.3 Filters................................................... 10 5 Editing Plugin Metadata 11 6 Editing Settings 15 6.1 General Settings............................................. 15 6.2 Game Settings.............................................. 16 7 Themes 17 8 Contributing & Support 19 9 Credits 21 10 Version History 23 10.1 0.12.0 - Unreleased............................................ 23 10.2 0.11.0 - 2017-05-13........................................... 24 10.3 0.10.3 - 2017-01-08........................................... 25 10.4 0.10.2 - 2016-12-03........................................... 26 10.5 0.10.1 - 2016-11-12........................................... 27 10.6 0.10.0 - 2016-11-06........................................... 27 10.7 0.9.2 - 2016-08-03............................................ 28 10.8 0.9.1 - 2016-06-23............................................ 29 10.9 0.9.0 - 2016-05-21............................................ 30 10.10 0.8.1 - 2015-09-27............................................ 31 10.11 0.8.0 - 2015-07-22............................................ 32 10.12 0.7.1 - 2015-06-22............................................ 32 10.13 0.7.0 - 2015-05-20...........................................
    [Show full text]
  • What Is Inno Setup? Inno Setup Version 5.5.6 Copyright © 1997-2015 Jordan Russell
    What is Inno Setup? Inno Setup version 5.5.6 Copyright © 1997-2015 Jordan Russell. All rights reserved. Portions Copyright © 2000-2015 Martijn Laan. All rights reserved. Inno Setup home page Inno Setup is a free installer for Windows programs. First introduced in 1997, Inno Setup today rivals and even surpasses many commercial installers in feature set and stability. Key features: Support for every Windows release since 2000, including: Windows 10, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003, and Windows 2000. (No service packs are required.) Extensive support for installation of 64-bit applications on the 64-bit editions of Windows. Both the x64 and Itanium architectures are supported. (On the Itanium architecture, Service Pack 1 or later is required on Windows Server 2003 to install in 64-bit mode.) Supports creation of a single EXE to install your program for easy online distribution. Disk spanning is also supported. Standard Windows wizard interface. Customizable setup types, e.g. Full, Minimal, Custom. Complete uninstall capabilities. Installation of files: Includes integrated support for "deflate", bzip2, and 7-Zip LZMA/LZMA2 file compression. The installer has the ability to compare file version info, replace in-use files, use shared file counting, register DLL/OCX's and type libraries, and install fonts. Creation of shortcuts anywhere, including in the Start Menu and on the desktop. Creation of registry and .INI entries. Running other programs before, during or after install. Support for multilingual installs, including right-to-left language support. Support for passworded and encrypted installs.
    [Show full text]
  • “Add-On-Packages” in R Installation and Administration
    R Installation and Administration Version 2.15.3 Patched (2013-03-03) R Core Team Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the con- ditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the R Core Team. Copyright c 2001{2012 R Core Team ISBN 3-900051-09-7 i Table of Contents 1 Obtaining R ::::::::::::::::::::::::::::::::::::: 1 1.1 Getting and unpacking the sources ::::::::::::::::::::::::::::: 1 1.2 Getting patched and development versions :::::::::::::::::::::: 1 1.2.1 Using Subversion and rsync:::::::::::::::::::::::::::::::: 1 2 Installing R under Unix-alikes ::::::::::::::::: 3 2.1 Simple compilation ::::::::::::::::::::::::::::::::::::::::::::: 3 2.2 Help options ::::::::::::::::::::::::::::::::::::::::::::::::::: 4 2.3 Making the manuals:::::::::::::::::::::::::::::::::::::::::::: 4 2.4 Installation :::::::::::::::::::::::::::::::::::::::::::::::::::: 6 2.5 Uninstallation :::::::::::::::::::::::::::::::::::::::::::::::::: 8 2.6 Sub-architectures::::::::::::::::::::::::::::::::::::::::::::::: 8 2.6.1 Multilib
    [Show full text]
  • Package 'Rinno'
    Package ‘RInno’ March 31, 2017 Type Package OS_type windows Title An Installation Framework for Shiny Apps Version 0.0.3 Maintainer Jon Hill <[email protected]> URL www.ficonsulting.com BugReports https://github.com/ficonsulting/RInno/issues Description Installs shiny apps using Inno Setup, an open source software that builds in- stallers for Windows programs <http://www.jrsoftware.org/ishelp/>. License GPL-3 | file LICENSE Encoding UTF-8 LazyData true Depends R (>= 3.3.2) Imports curl (>= 2.4), httr (>= 1.2.1), installr (>= 0.18.0), jsonlite (>= 1.2), stringr (>= 1.2.0) Suggests knitr, magrittr, rmarkdown, shiny, stringi, covr, testthat VignetteBuilder knitr RoxygenNote 6.0.1 NeedsCompilation no Author Jon Hill [aut, cre, cph], W. Lee Pang [aut, cph] (DesktopDeployR project at https://github.com/wleepang/DesktopDeployR) Repository CRAN Date/Publication 2017-03-31 12:45:56 UTC R topics documented: code.............................................2 compile_iss . .3 1 2 code copy_installation . .3 create_app . .4 create_bat . .6 create_config . .7 create_pkgs . .8 directives . .9 example_app . 10 files ............................................. 11 get_R . 11 icons . 12 install_inno . 13 languages . 14 run.............................................. 14 setup . 15 start_iss . 17 tasks . 18 Index 19 code Pascal script to check registry for R Description Modern Delphi-like Pascal adds a lot of customization possibilities to the installer. For examples, please visit Pascal Scripting Introduction. Usage code(iss) Arguments iss Character vector which cummulatively becomes an Inno Setup Script (ISS). Details This script checks the registry for R, so that R will only be installed if necessary. Value Chainable character vector, which can be used as the text argument of writeLines to generate an ISS.
    [Show full text]
  • Spotlight–8 Image Analysis Software
    NASA/TM—2006-214084 Spotlight–8 Image Analysis Software Robert Klimek and Ted Wright Glenn Research Center, Cleveland, Ohio January 2006 The NASA STI Program Office . in Profile Since its founding, NASA has been dedicated to • CONFERENCE PUBLICATION. Collected the advancement of aeronautics and space papers from scientific and technical science. The NASA Scientific and Technical conferences, symposia, seminars, or other Information (STI) Program Office plays a key part meetings sponsored or cosponsored by in helping NASA maintain this important role. NASA. The NASA STI Program Office is operated by • SPECIAL PUBLICATION. Scientific, Langley Research Center, the Lead Center for technical, or historical information from NASA’s scientific and technical information. The NASA programs, projects, and missions, NASA STI Program Office provides access to the often concerned with subjects having NASA STI Database, the largest collection of substantial public interest. aeronautical and space science STI in the world. The Program Office is also NASA’s institutional • TECHNICAL TRANSLATION. English- mechanism for disseminating the results of its language translations of foreign scientific research and development activities. These results and technical material pertinent to NASA’s are published by NASA in the NASA STI Report mission. Series, which includes the following report types: Specialized services that complement the STI • TECHNICAL PUBLICATION. Reports of Program Office’s diverse offerings include completed research or a major significant creating custom thesauri, building customized phase of research that present the results of databases, organizing and publishing research NASA programs and include extensive data results . even providing videos. or theoretical analysis. Includes compilations of significant scientific and technical data and For more information about the NASA STI information deemed to be of continuing Program Office, see the following: reference value.
    [Show full text]
  • Building Gretl on MS Windows
    Building gretl on MS Windows Allin Cottrell July 16, 2020 1 Introduction From the 2017d release forward, building gretl on MS Windows is relatively straightforward. Note that this depends on MSYS2 and Mingw-w64; the gretl developers have neither the time nor the relevant expertise to support a gretl build using Microsoft’s own compiler/toolchain. The basic idea is that with the help of the specified (free) tools one can do on Windows the same sort of “./configure ; make ; make install” routine that one does on Linux or similar OS. This document explains how to install MSYS2, Mingw-w64 and related tools. It then presents a shell script which can be used to perform the required set-up for building gretl, starting from a basic install of MSYS2, followed by discussion of the various steps involved. We recommend reading the whole of this document before diving in. 2 MSYS2 and Mingw-w64 MSYS2 provides a unix-type shell; the Mingw-w64 compiler and related tools can then be in- stalled from within that shell, using the package manager pacman (ported from Arch Linux) which ships as a base component of MSYS2. There’s excellent documentation for pacman read- ily available on the web. It’s easy to use, but you’ll want to take a short while to acquaint yourself with basic usage; see https://wiki.archlinux.org/index.php/pacman and/or the brief “cheat sheet” at http://ricardo.ecn.wfu.edu/pub/gretl/winbuild/pacman.txt. MSYS2 can be found at http://www.msys2.org/. Download and installation are pretty straight- forward, but we recommend reading the long-form guide at https://github.com/msys2/msys2/wiki/MSYS2-installation You will have to choose between 32-bit (i686) and 64-bit (x86 64) versions of MSYS2.
    [Show full text]
  • Automated Customization in the CWRL PC Lab
    Computer Writing and Research Lab White Paper Series: #060928-1 Automated Customization in the CWRL PC Lab Will Martin [email protected] University of Texas at Austin 28 September 2006 Keywords : customization, software Abstract : CWRL computers are on a "mirrored" system. This allows for quick software updates and ease of control by system administrators. However, it also makes it difficult for individual users to customize the settings on CWRL computers. This whitepaper addresses the issue of customization by offering one way to customize CWRL PCs. __________________________________________ The Problem The CWRL labs are configured to make it possible for individual instructors and students to install custom software. All users have essentially complete administrative powers, with rare exceptions (such as altering the system clock). Changes such as program installation or configuration are not persistent: when the user logs out, the computer removes any changes made during the session and restores itself to a pristine state for the next user. Only the network administrator can make permanent changes to the system, and this is rarely done during the term, since adding or removing programs can sometimes lead to instability. In general, this system is good. It allows lab users a great deal of flexibility, it removes any viruses or other malware from the systems, and ensures the greatest possible amount of up- time. At the same time, however, the lack of persistence across sessions means that users who frequently want to use custom programs must install them every time they log into a CWRL computer. This can be onerous. Furthermore, instructors who wish to use a custom application as part of a lesson must coach their students through the program's installation process.
    [Show full text]
  • Automated Malware Analysis Report for Bitrecover-Msg
    ID: 80545 Sample Name: bitrecover-msg- converter-wizard.exe Cookbook: default.jbs Time: 17:08:33 Date: 27/09/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report bitrecover-msg-converter-wizard.exe 4 Overview 4 General Information 4 Detection 4 Confidence 5 Classification 5 Analysis Advice 6 Signature Overview 6 AV Detection: 7 Spreading: 7 Networking: 7 Key, Mouse, Clipboard, Microphone and Screen Capturing: 7 System Summary: 7 Data Obfuscation: 8 Persistence and Installation Behavior: 8 Boot Survival: 8 Hooking and other Techniques for Hiding and Protection: 8 Malware Analysis System Evasion: 8 Anti Debugging: 8 HIPS / PFW / Operating System Protection Evasion: 8 Language, Device and Operating System Detection: 9 Behavior Graph 9 Simulations 9 Behavior and APIs 9 Antivirus Detection 10 Initial Sample 10 Dropped Files 10 Unpacked PE Files 10 Domains 10 URLs 10 Yara Overview 10 Initial Sample 10 PCAP (Network Traffic) 10 Dropped Files 11 Memory Dumps 11 Unpacked PEs 11 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 11 Dropped Files 11 Screenshots 12 Thumbnails 12 Startup 13 Created / dropped Files 13 Domains and IPs 18 Contacted Domains 18 URLs from Memory and Binaries 19 Contacted IPs 20 Static File Info 21 General 21 File Icon 21 Copyright Joe Security LLC 2018 Page 2 of 37 Static PE Info 21 General 21 Authenticode Signature 21 Entrypoint Preview 22 Data Directories 22 Sections 23 Resources 23 Imports 23 Version Infos 24 Possible Origin 24 Network Behavior 24 Code Manipulations 24 Statistics 24 Behavior 24
    [Show full text]
  • Freeware-List.Pdf
    FreeWare List A list free software from www.neowin.net a great forum with high amount of members! Full of information and questions posted are normally answered very quickly 3D Graphics: 3DVia http://www.3dvia.com...re/3dvia-shape/ Anim8or - http://www.anim8or.com/ Art Of Illusion - http://www.artofillusion.org/ Blender - http://www.blender3d.org/ CreaToon http://www.creatoon.com/index.php DAZ Studio - http://www.daz3d.com/program/studio/ Freestyle - http://freestyle.sourceforge.net/ Gelato - http://www.nvidia.co...ge/gz_home.html K-3D http://www.k-3d.org/wiki/Main_Page Kerkythea http://www.kerkythea...oomla/index.php Now3D - http://digilander.li...ng/homepage.htm OpenFX - http://www.openfx.org OpenStages http://www.openstages.co.uk/ Pointshop 3D - http://graphics.ethz...loadPS3D20.html POV-Ray - http://www.povray.org/ SketchUp - http://sketchup.google.com/ Sweet Home 3D http://sweethome3d.sourceforge.net/ Toxic - http://www.toxicengine.org/ Wings 3D - http://www.wings3d.com/ Anti-Virus: a-squared - http://www.emsisoft..../software/free/ Avast - http://www.avast.com...ast_4_home.html AVG - http://free.grisoft.com/ Avira AntiVir - http://www.free-av.com/ BitDefender - http://www.softpedia...e-Edition.shtml ClamWin - http://www.clamwin.com/ Microsoft Security Essentials http://www.microsoft...ity_essentials/ Anti-Spyware: Ad-aware SE Personal - http://www.lavasoft....se_personal.php GeSWall http://www.gentlesec...m/download.html Hijackthis - http://www.softpedia...ijackThis.shtml IObit Security 360 http://www.iobit.com/beta.html Malwarebytes'
    [Show full text]
  • Opsi Setup Detector
    opsi Setup Detector uib gmbh Bonifaziusplatz 1b 55118 Mainz Tel.:+49 6131 275610 www.uib.de Stand: $Date: 2013-10-23 23:06:53 +0200 (mer 23 oct 2013) $ [email protected] opsi Setup Detector i Contents 1 opsi Setup Detector (free) 1 1.1 Introduction...................................................1 1.2 Preconditions for using the opsi Setup Detector...............................1 1.3 Setting up the opsi Setup Detector......................................1 1.3.1 Language Support...........................................2 1.3.2 Files of the opsi Setup Detector....................................2 1.4 The Menu of opsi Setup Detektor.......................................3 1.5 Automated Analysis of a Setup file......................................3 1.6 Setup-EXE with embedded MSI.......................................4 1.7 Supported Installer Types...........................................4 1.7.1 Installer Type MSI...........................................4 1.7.2 Installer Type Advanced+MSI....................................5 1.7.3 Installer Type Inno Setup.......................................6 1.7.4 Installer Type InstallShield......................................7 1.7.5 Installer Type InstallShield+MSI...................................8 1.7.6 Installer Type NSIS.......................................... 10 1.8 Creating a new opsi Packet.......................................... 11 opsi Setup Detector 1 / 11 1 opsi Setup Detector (free) 1.1 Introduction The basic steps of software packaging and distribution are: • analyzing the setup and creating the files on the opsi workbench • packing the opsi package • installing the opsi package on the opsi server • installing the software on the clients (roll out) The opsi setup detector is a tool for supporting the packaging of software to prepare for software rollouts. All the steps can be done from the graphical user interface: selecting and analyzing the setup, creating the files on the opsi workbench, packing and installing the package on the opsi server.
    [Show full text]
  • Universidad Técnica De Ambato Facultad De
    UNIVERSIDAD TÉCNICA DE AMBATO FACULTAD DE INGENIERÍA EN SISTEMAS CARRERA DE INGENIERÍA EN SISTEMAS COMPUTACIONALES E INFORMÁTICOS TEMA: “AUDITORIA INFORMÁTICA EN LOS DEPARTAMENTOS DE PERSONAL, MÉDICO, TRABAJO SOCIAL, COACTIVAS, PLANIFICACIÓN DE LA EMPRESA MUNICIPAL DE AGUA POTABLE Y ALCANTARILLADO” Proyecto de Pasantía de Grado, previo a la obtención del Título de Ingeniera en Sistemas Computacionales e Informáticos Autor: Evelin Fernanda Canseco Estrella Tutor: Ing. Teresa Freire. Ambato – Ecuador Agosto – 2007 i APROBACIÓN DEL TUTOR En calidad de Tutor del proyecto Investigativo sobre el tema: “Auditoria Informática en los departamentos de Personal, Médico, Trabajo Social, Coactivas, Planificación de la Empresa Municipal de Agua Potable y Alcantarillado de Ambato”, de Evelin Fernanda Canseco Estrella, estudiante de la carrera de Ingeniería en Sistemas Computacionales e Informáticas de la Facultad de Ingeniería en Sistemas, Universidad Técnica de Ambato, considero que dicho informe investigativo reúne los requisitos suficientes para ser sometidos a la evaluación de conformidad con el Art. 68 del capítulo IV pasantía, del Reglamento de Graduación de pregrado de la Universidad Técnica de Ambato Ambato, Agosto 2007. El Tutor --------------------- Ing. Teresa Freire ii Dedicatoria A mis padres y a mis hermanos que son las personas más importantes de mi vida ya que siempre me han apoyado en las decisiones que he tomado, y a todos aquellos quienes de una u otra manera han estado presentes en los momentos importantes. iii Agradecimiento A Dios y a mis padres quienes me dieron la vida, y por el apoyo brindado durante todo este tiempo. A la Ing. Teresa Freire quien me brindo sus conocimientos y así culminar este proyecto.
    [Show full text]