DOCSLIB.ORG

Automated Malware Analysis Report for Bitrecover-Msg

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for Bitrecover-Msg ID: 80545 Sample Name: bitrecover-msg- converter-wizard.exe Cookbook: default.jbs Time: 17:08:33 Date: 27/09/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report bitrecover-msg-converter-wizard.exe 4 Overview 4 General Information 4 Detection 4 Confidence 5 Classification 5 Analysis Advice 6 Signature Overview 6 AV Detection: 7 Spreading: 7 Networking: 7 Key, Mouse, Clipboard, Microphone and Screen Capturing: 7 System Summary: 7 Data Obfuscation: 8 Persistence and Installation Behavior: 8 Boot Survival: 8 Hooking and other Techniques for Hiding and Protection: 8 Malware Analysis System Evasion: 8 Anti Debugging: 8 HIPS / PFW / Operating System Protection Evasion: 8 Language, Device and Operating System Detection: 9 Behavior Graph 9 Simulations 9 Behavior and APIs 9 Antivirus Detection 10 Initial Sample 10 Dropped Files 10 Unpacked PE Files 10 Domains 10 URLs 10 Yara Overview 10 Initial Sample 10 PCAP (Network Traffic) 10 Dropped Files 11 Memory Dumps 11 Unpacked PEs 11 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 11 Dropped Files 11 Screenshots 12 Thumbnails 12 Startup 13 Created / dropped Files 13 Domains and IPs 18 Contacted Domains 18 URLs from Memory and Binaries 19 Contacted IPs 20 Static File Info 21 General 21 File Icon 21 Copyright Joe Security LLC 2018 Page 2 of 37 Static PE Info 21 General 21 Authenticode Signature 21 Entrypoint Preview 22 Data Directories 22 Sections 23 Resources 23 Imports 23 Version Infos 24 Possible Origin 24 Network Behavior 24 Code Manipulations 24 Statistics 24 Behavior 24 System Behavior 25 Analysis Process: bitrecover-msg-converter-wizard.exe PID: 3972 Parent PID: 3700 25 General 25 File Activities 25 File Created 25 File Deleted 25 File Written 25 File Read 26 Analysis Process: bitrecover-msg-converter-wizard.tmp PID: 3984 Parent PID: 3972 26 General 26 File Activities 26 File Created 26 File Deleted 28 File Moved 28 File Written 28 File Read 35 Registry Activities 36 Key Created 36 Key Value Created 36 Analysis Process: MSGConverterWizard.exe PID: 1680 Parent PID: 3984 37 General 37 File Activities 37 Registry Activities 37 Disassembly 37 Code Analysis 37 Copyright Joe Security LLC 2018 Page 3 of 37 Analysis Report bitrecover-msg-converter-wizard.exe Overview General Information Joe Sandbox Version: 23.0.0 Analysis ID: 80545 Start date: 27.09.2018 Start time: 17:08:33 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 8m 24s Hypervisor based Inspection enabled: false Report type: light Sample file name: bitrecover-msg-converter-wizard.exe Cookbook file name: default.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies HCA enabled EGA enabled HDC enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean16.winEXE@5/21@0/0 EGA Information: Successful, ratio: 100% HDC Information: Successful, ratio: 11.7% (good quality ratio 11.5%) Quality average: 86% Quality standard deviation: 22.1% HCA Information: Successful, ratio: 94% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Found application associated with file extension: .exe Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: MSGConverterWizard.exe Detection Strategy Score Range Reporting Detection Copyright Joe Security LLC 2018 Page 4 of 37 Strategy Score Range Reporting Detection Threshold 16 0 - 100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold 3 0 - 5 true Classification Copyright Joe Security LLC 2018 Page 5 of 37 Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox Sample searches for specific file, try point organization specific fake files to the analysis machine Signature Overview • AV Detection • Spreading • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • System Summary • Data Obfuscation • Persistence and Installation Behavior • Boot Survival • Hooking and other Techniques for Hiding and Protection Copyright Joe Security LLC 2018 Page 6 of 37 • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection Click to jump to signature section AV Detection: Antivirus detection for unpacked file Spreading: Enumerates the file system Contains functionality to enumerate / list files inside a directory Networking: Contains functionality to download additional files from the internet Found strings which match to known social media urls Urls found in memory or binary data Key, Mouse, Clipboard, Microphone and Screen Capturing: Creates a window with clipboard capturing capabilities System Summary: Contains functionality to communicate with device drivers Contains functionality to shutdown / reboot the system Detected potential crypto function Found potential string decryption / allocating functions PE file contains executable resources (Code or Archives) PE file contains strange resources Sample file is different than original file name gathered from version info Sample reads its own file content PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) Classification label Contains functionality to adjust token privileges (e.g. debug / backup) Contains functionality to check free disk space Contains functionality to instantiate COM classes Contains functionality to load and extract PE file embedded resources Creates files inside the program directory Creates files inside the user directory Creates temporary files Parts of this applications are using the .NET runtime (Probably coded in C#) Reads ini files Copyright Joe Security LLC 2018 Page 7 of 37 Reads software policies Reads the Windows registered organization settings Spawns processes Uses an in-process (OLE) Automation server Reads the Windows registered owner settings Executable creates window controls seldom found in malware Found GUI installer (many successful clicks) Found graphical window changes (likely an installer) Uses Microsoft Silverlight Creates a directory in C:\Program Files Creates a software uninstall entry Submission file is bigger than most known malware samples Binary contains paths to debug symbols Data Obfuscation: Contains functionality to dynamically determine API calls PE file contains an invalid checksum Uses code obfuscation techniques (call, push, ret) Persistence and Installation Behavior: Drops PE files Boot Survival: Stores files to the Windows start menu directory Hooking and other Techniques for Hiding and Protection: Contains functionality to check if a window is minimized (may be used to check if an application is visible) Extensive use of GetProcAddress (often used to hide API calls) Disables application error messsages (SetErrorMode) Malware Analysis System Evasion: Enumerates the file system Found dropped PE file which has not been started or loaded Found evasive API chain (date check) Contains functionality to enumerate / list files inside a directory Contains functionality to query system information Anti Debugging: Checks for debuggers (devices) Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) Contains functionality to check if a debugger is running (IsDebuggerPresent) Contains functionality to dynamically determine API calls Contains functionality which may be used to detect a debugger (GetProcessHeap) Contains functionality to register its own exception handler Creates guard pages, often used to prevent reverse engineering and debugging HIPS / PFW / Operating System Protection Evasion: Contains functionality to launch a program with higher privileges Copyright Joe Security LLC 2018 Page 8 of 37 Creates a process in suspended mode (likely to inject code) Contains functionality to create a new security descriptor May try to detect the Windows Explorer process (often used for injection) Language, Device and Operating System Detection: Contains functionality locales information (e.g. system language) Queries the volume information (name, serial number etc) of a device Contains functionality to create pipes for IPC Contains functionality to query local / system time Contains functionality to query the account / user name Contains functionality to query windows version Queries the cryptographic machine GUID Behavior Graph Hide Legend Legend: Process Behavior Graph ID: 80545 Signature Sample: bitrecover-msg-converter-wizard.exe Startdate: 27/09/2018 Created File Architecture:
Load more

Recommended publications
  • Inno Setup Preprocessor Help
    Inno Setup Preprocessor: Introduction Inno Setup Preprocessor (ISPP) is a preprocessor add-on for Inno Setup. The main purpose of ISPP is to automate compile-time tasks and decrease the probability of typos in your scripts. For example, you can declare an ISPP variable (compile-time variable) – your application name, for instance – and then use its value in several places of your script. If for some reason you need to change the name of your application, you'll have to change it only once in your script. Without ISPP, you would probably need to change all occurrences of your application name throughout the script (AppName, AppVerName, DefaultGroupName etc. [Setup] section directives). Another example of using ISPP would be gathering version information from your application by reading the version info of an EXE file, and using it in AppVerName [Setup] section directive or anywhere else. Without ISPP, you would have to modify your script each time version of your application changes. Also, conditional in- and exclusion of portions of script is made possible by ISPP: you can create one single script for different versions/levels of your applications (for example, trial versus fully functional). Finally, ISPP makes it possible to split long lines using a line spanning symbol. Note: ISPP works exclusively at compile-time, and has no run-time functionality. All topics Documentation Conventions Directives Functions Predefined Variables Line Spanning Example Script User Defined Macros ISPPBuiltins.iss Visibility of Identifiers Expression Syntax Extended Command Line Compiler Translation Current translation Inno Setup Preprocessor: Documentation Conventions Directive syntax documenting conventions Directive usage syntax uses the following conventions.
    [Show full text]
  • LOOT Documentation Release Latest
    LOOT Documentation Release latest WrinklyNinja Dec 02, 2017 Application Documentation 1 Introduction 1 2 Installation & Uninstallation3 3 Initialisation 5 4 The Main Interface 7 4.1 The Header Bar..............................................7 4.2 Plugin Cards & Sidebar Items......................................9 4.3 Filters................................................... 10 5 Editing Plugin Metadata 11 6 Editing Settings 15 6.1 General Settings............................................. 15 6.2 Game Settings.............................................. 16 7 Themes 17 8 Contributing & Support 19 9 Credits 21 10 Version History 23 10.1 0.12.0 - Unreleased............................................ 23 10.2 0.11.0 - 2017-05-13........................................... 24 10.3 0.10.3 - 2017-01-08........................................... 25 10.4 0.10.2 - 2016-12-03........................................... 26 10.5 0.10.1 - 2016-11-12........................................... 27 10.6 0.10.0 - 2016-11-06........................................... 27 10.7 0.9.2 - 2016-08-03............................................ 28 10.8 0.9.1 - 2016-06-23............................................ 29 10.9 0.9.0 - 2016-05-21............................................ 30 10.10 0.8.1 - 2015-09-27............................................ 31 10.11 0.8.0 - 2015-07-22............................................ 32 10.12 0.7.1 - 2015-06-22............................................ 32 10.13 0.7.0 - 2015-05-20...........................................
    [Show full text]
  • What Is Inno Setup? Inno Setup Version 5.5.6 Copyright © 1997-2015 Jordan Russell
    What is Inno Setup? Inno Setup version 5.5.6 Copyright © 1997-2015 Jordan Russell. All rights reserved. Portions Copyright © 2000-2015 Martijn Laan. All rights reserved. Inno Setup home page Inno Setup is a free installer for Windows programs. First introduced in 1997, Inno Setup today rivals and even surpasses many commercial installers in feature set and stability. Key features: Support for every Windows release since 2000, including: Windows 10, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003, and Windows 2000. (No service packs are required.) Extensive support for installation of 64-bit applications on the 64-bit editions of Windows. Both the x64 and Itanium architectures are supported. (On the Itanium architecture, Service Pack 1 or later is required on Windows Server 2003 to install in 64-bit mode.) Supports creation of a single EXE to install your program for easy online distribution. Disk spanning is also supported. Standard Windows wizard interface. Customizable setup types, e.g. Full, Minimal, Custom. Complete uninstall capabilities. Installation of files: Includes integrated support for "deflate", bzip2, and 7-Zip LZMA/LZMA2 file compression. The installer has the ability to compare file version info, replace in-use files, use shared file counting, register DLL/OCX's and type libraries, and install fonts. Creation of shortcuts anywhere, including in the Start Menu and on the desktop. Creation of registry and .INI entries. Running other programs before, during or after install. Support for multilingual installs, including right-to-left language support. Support for passworded and encrypted installs.
    [Show full text]
  • “Add-On-Packages” in R Installation and Administration
    R Installation and Administration Version 2.15.3 Patched (2013-03-03) R Core Team Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the con- ditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the R Core Team. Copyright c 2001{2012 R Core Team ISBN 3-900051-09-7 i Table of Contents 1 Obtaining R ::::::::::::::::::::::::::::::::::::: 1 1.1 Getting and unpacking the sources ::::::::::::::::::::::::::::: 1 1.2 Getting patched and development versions :::::::::::::::::::::: 1 1.2.1 Using Subversion and rsync:::::::::::::::::::::::::::::::: 1 2 Installing R under Unix-alikes ::::::::::::::::: 3 2.1 Simple compilation ::::::::::::::::::::::::::::::::::::::::::::: 3 2.2 Help options ::::::::::::::::::::::::::::::::::::::::::::::::::: 4 2.3 Making the manuals:::::::::::::::::::::::::::::::::::::::::::: 4 2.4 Installation :::::::::::::::::::::::::::::::::::::::::::::::::::: 6 2.5 Uninstallation :::::::::::::::::::::::::::::::::::::::::::::::::: 8 2.6 Sub-architectures::::::::::::::::::::::::::::::::::::::::::::::: 8 2.6.1 Multilib
    [Show full text]
  • Package 'Rinno'
    Package ‘RInno’ March 31, 2017 Type Package OS_type windows Title An Installation Framework for Shiny Apps Version 0.0.3 Maintainer Jon Hill <[email protected]> URL www.ficonsulting.com BugReports https://github.com/ficonsulting/RInno/issues Description Installs shiny apps using Inno Setup, an open source software that builds in- stallers for Windows programs <http://www.jrsoftware.org/ishelp/>. License GPL-3 | file LICENSE Encoding UTF-8 LazyData true Depends R (>= 3.3.2) Imports curl (>= 2.4), httr (>= 1.2.1), installr (>= 0.18.0), jsonlite (>= 1.2), stringr (>= 1.2.0) Suggests knitr, magrittr, rmarkdown, shiny, stringi, covr, testthat VignetteBuilder knitr RoxygenNote 6.0.1 NeedsCompilation no Author Jon Hill [aut, cre, cph], W. Lee Pang [aut, cph] (DesktopDeployR project at https://github.com/wleepang/DesktopDeployR) Repository CRAN Date/Publication 2017-03-31 12:45:56 UTC R topics documented: code.............................................2 compile_iss . .3 1 2 code copy_installation . .3 create_app . .4 create_bat . .6 create_config . .7 create_pkgs . .8 directives . .9 example_app . 10 files ............................................. 11 get_R . 11 icons . 12 install_inno . 13 languages . 14 run.............................................. 14 setup . 15 start_iss . 17 tasks . 18 Index 19 code Pascal script to check registry for R Description Modern Delphi-like Pascal adds a lot of customization possibilities to the installer. For examples, please visit Pascal Scripting Introduction. Usage code(iss) Arguments iss Character vector which cummulatively becomes an Inno Setup Script (ISS). Details This script checks the registry for R, so that R will only be installed if necessary. Value Chainable character vector, which can be used as the text argument of writeLines to generate an ISS.
    [Show full text]
  • Spotlight–8 Image Analysis Software
    NASA/TM—2006-214084 Spotlight–8 Image Analysis Software Robert Klimek and Ted Wright Glenn Research Center, Cleveland, Ohio January 2006 The NASA STI Program Office . in Profile Since its founding, NASA has been dedicated to • CONFERENCE PUBLICATION. Collected the advancement of aeronautics and space papers from scientific and technical science. The NASA Scientific and Technical conferences, symposia, seminars, or other Information (STI) Program Office plays a key part meetings sponsored or cosponsored by in helping NASA maintain this important role. NASA. The NASA STI Program Office is operated by • SPECIAL PUBLICATION. Scientific, Langley Research Center, the Lead Center for technical, or historical information from NASA’s scientific and technical information. The NASA programs, projects, and missions, NASA STI Program Office provides access to the often concerned with subjects having NASA STI Database, the largest collection of substantial public interest. aeronautical and space science STI in the world. The Program Office is also NASA’s institutional • TECHNICAL TRANSLATION. English- mechanism for disseminating the results of its language translations of foreign scientific research and development activities. These results and technical material pertinent to NASA’s are published by NASA in the NASA STI Report mission. Series, which includes the following report types: Specialized services that complement the STI • TECHNICAL PUBLICATION. Reports of Program Office’s diverse offerings include completed research or a major significant creating custom thesauri, building customized phase of research that present the results of databases, organizing and publishing research NASA programs and include extensive data results . even providing videos. or theoretical analysis. Includes compilations of significant scientific and technical data and For more information about the NASA STI information deemed to be of continuing Program Office, see the following: reference value.
    [Show full text]
  • Automated Malware Analysis Report for Mousotronsetup
    ID: 68736 Sample Name: Mousotronsetup.exe Cookbook: default.jbs Time: 02:00:32 Date: 19/07/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Signature Overview 6 AV Detection: 6 Spreading: 6 Networking: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 System Summary: 6 Data Obfuscation: 7 Persistence and Installation Behavior: 7 Boot Survival: 7 Hooking and other Techniques for Hiding and Protection: 7 Malware Analysis System Evasion: 7 Anti Debugging: 8 HIPS / PFW / Operating System Protection Evasion: 8 Language, Device and Operating System Detection: 8 Behavior Graph 8 Simulations 9 Behavior and APIs 9 Antivirus Detection 9 Initial Sample 9 Dropped Files 9 Unpacked PE Files 9 Domains 9 URLs 9 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 Dropped Files 10 Screenshots 11 Startup 11 Created / dropped Files 11 Contacted Domains/Contacted IPs 14 Contacted Domains 14 Contacted IPs 14 Static File Info 14 General 14 File Icon 15 Static PE Info 15 General 15 Entrypoint Preview 15 Copyright Joe Security LLC 2018 Page 2 of 31 Data Directories 16 Sections 16 Resources 17 Imports 17 Version Infos 17 Possible Origin 17 Network Behavior 18 Code Manipulations 18 Statistics 18 Behavior 18 System Behavior 18 Analysis Process: Mousotronsetup.exe PID: 3448 Parent PID: 3040 18 General 18 File Activities 19 File Created
    [Show full text]
  • Building Gretl on MS Windows
    Building gretl on MS Windows Allin Cottrell July 16, 2020 1 Introduction From the 2017d release forward, building gretl on MS Windows is relatively straightforward. Note that this depends on MSYS2 and Mingw-w64; the gretl developers have neither the time nor the relevant expertise to support a gretl build using Microsoft’s own compiler/toolchain. The basic idea is that with the help of the specified (free) tools one can do on Windows the same sort of “./configure ; make ; make install” routine that one does on Linux or similar OS. This document explains how to install MSYS2, Mingw-w64 and related tools. It then presents a shell script which can be used to perform the required set-up for building gretl, starting from a basic install of MSYS2, followed by discussion of the various steps involved. We recommend reading the whole of this document before diving in. 2 MSYS2 and Mingw-w64 MSYS2 provides a unix-type shell; the Mingw-w64 compiler and related tools can then be in- stalled from within that shell, using the package manager pacman (ported from Arch Linux) which ships as a base component of MSYS2. There’s excellent documentation for pacman read- ily available on the web. It’s easy to use, but you’ll want to take a short while to acquaint yourself with basic usage; see https://wiki.archlinux.org/index.php/pacman and/or the brief “cheat sheet” at http://ricardo.ecn.wfu.edu/pub/gretl/winbuild/pacman.txt. MSYS2 can be found at http://www.msys2.org/. Download and installation are pretty straight- forward, but we recommend reading the long-form guide at https://github.com/msys2/msys2/wiki/MSYS2-installation You will have to choose between 32-bit (i686) and 64-bit (x86 64) versions of MSYS2.
    [Show full text]
  • Automated Customization in the CWRL PC Lab
    Computer Writing and Research Lab White Paper Series: #060928-1 Automated Customization in the CWRL PC Lab Will Martin [email protected] University of Texas at Austin 28 September 2006 Keywords : customization, software Abstract : CWRL computers are on a "mirrored" system. This allows for quick software updates and ease of control by system administrators. However, it also makes it difficult for individual users to customize the settings on CWRL computers. This whitepaper addresses the issue of customization by offering one way to customize CWRL PCs. __________________________________________ The Problem The CWRL labs are configured to make it possible for individual instructors and students to install custom software. All users have essentially complete administrative powers, with rare exceptions (such as altering the system clock). Changes such as program installation or configuration are not persistent: when the user logs out, the computer removes any changes made during the session and restores itself to a pristine state for the next user. Only the network administrator can make permanent changes to the system, and this is rarely done during the term, since adding or removing programs can sometimes lead to instability. In general, this system is good. It allows lab users a great deal of flexibility, it removes any viruses or other malware from the systems, and ensures the greatest possible amount of up- time. At the same time, however, the lack of persistence across sessions means that users who frequently want to use custom programs must install them every time they log into a CWRL computer. This can be onerous. Furthermore, instructors who wish to use a custom application as part of a lesson must coach their students through the program's installation process.
    [Show full text]
  • Freeware-List.Pdf
    FreeWare List A list free software from www.neowin.net a great forum with high amount of members! Full of information and questions posted are normally answered very quickly 3D Graphics: 3DVia http://www.3dvia.com...re/3dvia-shape/ Anim8or - http://www.anim8or.com/ Art Of Illusion - http://www.artofillusion.org/ Blender - http://www.blender3d.org/ CreaToon http://www.creatoon.com/index.php DAZ Studio - http://www.daz3d.com/program/studio/ Freestyle - http://freestyle.sourceforge.net/ Gelato - http://www.nvidia.co...ge/gz_home.html K-3D http://www.k-3d.org/wiki/Main_Page Kerkythea http://www.kerkythea...oomla/index.php Now3D - http://digilander.li...ng/homepage.htm OpenFX - http://www.openfx.org OpenStages http://www.openstages.co.uk/ Pointshop 3D - http://graphics.ethz...loadPS3D20.html POV-Ray - http://www.povray.org/ SketchUp - http://sketchup.google.com/ Sweet Home 3D http://sweethome3d.sourceforge.net/ Toxic - http://www.toxicengine.org/ Wings 3D - http://www.wings3d.com/ Anti-Virus: a-squared - http://www.emsisoft..../software/free/ Avast - http://www.avast.com...ast_4_home.html AVG - http://free.grisoft.com/ Avira AntiVir - http://www.free-av.com/ BitDefender - http://www.softpedia...e-Edition.shtml ClamWin - http://www.clamwin.com/ Microsoft Security Essentials http://www.microsoft...ity_essentials/ Anti-Spyware: Ad-aware SE Personal - http://www.lavasoft....se_personal.php GeSWall http://www.gentlesec...m/download.html Hijackthis - http://www.softpedia...ijackThis.shtml IObit Security 360 http://www.iobit.com/beta.html Malwarebytes'
    [Show full text]
  • Opsi Setup Detector
    opsi Setup Detector uib gmbh Bonifaziusplatz 1b 55118 Mainz Tel.:+49 6131 275610 www.uib.de Stand: $Date: 2013-10-23 23:06:53 +0200 (mer 23 oct 2013) $ [email protected] opsi Setup Detector i Contents 1 opsi Setup Detector (free) 1 1.1 Introduction...................................................1 1.2 Preconditions for using the opsi Setup Detector...............................1 1.3 Setting up the opsi Setup Detector......................................1 1.3.1 Language Support...........................................2 1.3.2 Files of the opsi Setup Detector....................................2 1.4 The Menu of opsi Setup Detektor.......................................3 1.5 Automated Analysis of a Setup file......................................3 1.6 Setup-EXE with embedded MSI.......................................4 1.7 Supported Installer Types...........................................4 1.7.1 Installer Type MSI...........................................4 1.7.2 Installer Type Advanced+MSI....................................5 1.7.3 Installer Type Inno Setup.......................................6 1.7.4 Installer Type InstallShield......................................7 1.7.5 Installer Type InstallShield+MSI...................................8 1.7.6 Installer Type NSIS.......................................... 10 1.8 Creating a new opsi Packet.......................................... 11 opsi Setup Detector 1 / 11 1 opsi Setup Detector (free) 1.1 Introduction The basic steps of software packaging and distribution are: • analyzing the setup and creating the files on the opsi workbench • packing the opsi package • installing the opsi package on the opsi server • installing the software on the clients (roll out) The opsi setup detector is a tool for supporting the packaging of software to prepare for software rollouts. All the steps can be done from the graphical user interface: selecting and analyzing the setup, creating the files on the opsi workbench, packing and installing the package on the opsi server.
    [Show full text]
  • Universidad Técnica De Ambato Facultad De
    UNIVERSIDAD TÉCNICA DE AMBATO FACULTAD DE INGENIERÍA EN SISTEMAS CARRERA DE INGENIERÍA EN SISTEMAS COMPUTACIONALES E INFORMÁTICOS TEMA: “AUDITORIA INFORMÁTICA EN LOS DEPARTAMENTOS DE PERSONAL, MÉDICO, TRABAJO SOCIAL, COACTIVAS, PLANIFICACIÓN DE LA EMPRESA MUNICIPAL DE AGUA POTABLE Y ALCANTARILLADO” Proyecto de Pasantía de Grado, previo a la obtención del Título de Ingeniera en Sistemas Computacionales e Informáticos Autor: Evelin Fernanda Canseco Estrella Tutor: Ing. Teresa Freire. Ambato – Ecuador Agosto – 2007 i APROBACIÓN DEL TUTOR En calidad de Tutor del proyecto Investigativo sobre el tema: “Auditoria Informática en los departamentos de Personal, Médico, Trabajo Social, Coactivas, Planificación de la Empresa Municipal de Agua Potable y Alcantarillado de Ambato”, de Evelin Fernanda Canseco Estrella, estudiante de la carrera de Ingeniería en Sistemas Computacionales e Informáticas de la Facultad de Ingeniería en Sistemas, Universidad Técnica de Ambato, considero que dicho informe investigativo reúne los requisitos suficientes para ser sometidos a la evaluación de conformidad con el Art. 68 del capítulo IV pasantía, del Reglamento de Graduación de pregrado de la Universidad Técnica de Ambato Ambato, Agosto 2007. El Tutor --------------------- Ing. Teresa Freire ii Dedicatoria A mis padres y a mis hermanos que son las personas más importantes de mi vida ya que siempre me han apoyado en las decisiones que he tomado, y a todos aquellos quienes de una u otra manera han estado presentes en los momentos importantes. iii Agradecimiento A Dios y a mis padres quienes me dieron la vida, y por el apoyo brindado durante todo este tiempo. A la Ing. Teresa Freire quien me brindo sus conocimientos y así culminar este proyecto.
    [Show full text]