Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Hippo - Animator.v3.x-Patch - Exe Report (ANUBISLAB)

    Hochgeladen von

    Jessica Lewis
    71 Ansichten6 Seiten
    REPORT

    Originaltitel

    Hippo.animator.v3.X-patch.exe Report (ANUBISLAB)

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    REPORT

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    71 Ansichten6 Seiten

    Hippo - Animator.v3.x-Patch - Exe Report (ANUBISLAB)

    Hochgeladen von

    Jessica Lewis
    REPORT

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 6

    Anubis - Analysis Report

    Analysis Report for hippo.animator.v3.x-patch.exe


    MD5: 7e72728267857bb703fa58abd78ddb0d

    International Secure Systems Lab


    Vienna University of Technology , Eurecom France , UC Santa Barbara
    Contact: anubis@iseclab.org

    Dependency overview:
    hippo.anim.exe

    C:\hippo.anim.exe

    Analysis reason: Primary Analysis Subject

    Table of Contents:
    1. General Information.............................................................................................................................................................................................. 4
    2. hippo.anim.exe...................................................................................................................................................................................................... 4
    a) Registry Activities............................................................................................................................................................................................. 5
    b) File Activities.................................................................................................................................................................................................... 5
    c) Other Activities................................................................................................................................................................................................. 6

    Analysis Report for hippo.animator.v3.x-patch.exe - submitted on 02/11/14, 20:45:38 UTC

    1. General Information
    Information about Anubis' invocation
    Time needed:

    96 s

    Report created:

    02/11/14, 20:45:38 UTC

    Termination reason:

    All tracked processes have exited

    Program version:

    1.76.3886

    Popups
    Process

    Window Name

    Window Text

    Screenshot

    Number of
    Displayed Times

    1>Select the path of target file.


    2>You have succesfully patched it.
    Cracked By: BsB

    2. hippo.anim.exe
    General information about this executable
    Analysis Reason:

    Primary Analysis Subject

    Filename:

    hippo.anim.exe

    MD5:

    7e72728267857bb703fa58abd78ddb0d

    SHA-1:

    f71e379fea63c091c3226e3439a73fca0adc46b5

    File Size:

    51712

    Command Line:

    "C:\hippo.anim.exe"

    Process-status at analysis end:

    dead

    Exit Code:

    Load-time Dlls
    Module Name

    Base Address

    Size

    C:\WINDOWS\system32\ntdll.dll

    0x7C900000

    0x000AF000

    C:\WINDOWS\system32\kernel32.dll

    0x7C800000

    0x000F6000

    Module Name

    Base Address

    Size

    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll

    0x10000000

    0x0009E000

    C:\WINDOWS\system32\UxTheme.dll

    0x5AD70000

    0x00038000

    C:\WINDOWS\system32\MSCTF.dll

    0x74720000

    0x0004C000

    C:\WINDOWS\system32\comdlg32.dll

    0x763B0000

    0x00049000

    C:\WINDOWS\WinSxS\X86_Microsoft.Windows.CommonControls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

    0x773D0000

    0x00103000

    C:\WINDOWS\system32\msvcrt.dll

    0x77C10000

    0x00058000

    C:\WINDOWS\system32\ADVAPI32.dll

    0x77DD0000

    0x0009B000

    C:\WINDOWS\system32\RPCRT4.dll

    0x77E70000

    0x00092000

    C:\WINDOWS\system32\GDI32.dll

    0x77F10000

    0x00049000

    C:\WINDOWS\system32\SHLWAPI.dll

    0x77F60000

    0x00076000

    C:\WINDOWS\system32\Secur32.dll

    0x77FE0000

    0x00011000

    C:\WINDOWS\system32\shell32.dll

    0x7C9C0000

    0x00817000

    C:\WINDOWS\system32\user32.dll

    0x7E410000

    0x00091000

    Run-time Dlls

    http://anubis.iseclab.org/

    Page 4 of 6

    Analysis Report for hippo.animator.v3.x-patch.exe - submitted on 02/11/14, 20:45:38 UTC

    Popups
    Window Name

    Window Text

    Screenshot

    Hippo Animator v3.x

    _BACK Hippo Animator v3.x Hippo Edit.dll


    http://www.hippostudios.co/ BsB January 20,
    2014 Make Backup Hippo Animator v3.x

    Number of Displayed
    Times
    1

    2.a) hippo.anim.exe - Registry Activities


    Registry Values Read:
    Key

    Name

    Value

    Times

    HKLM\SOFTWARE\Microsoft\CTF\SystemShared\

    CUAS

    HKLM\SYSTEM\Setup

    OsLoaderPath

    HKLM\SYSTEM\Setup

    SystemPartition

    \Device\HarddiskVolume1

    HKLM\SYSTEM\Setup

    SystemSetupInProgress0

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\
    AeDebug

    Auto

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\
    AeDebug

    Debugger

    drwtsn32 -p %ld -e %ld -g

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\
    Windows

    AppInit_DLLs

    HKLM\Software\Microsoft\Windows\CurrentVersion

    DevicePath

    %SystemRoot%\inf

    HKLM\Software\Microsoft\Windows\CurrentVersion\Setup

    DriverCachePath

    %SystemRoot%\Driver Cache

    HKLM\Software\Microsoft\Windows\CurrentVersion\Setup

    LogLevel

    HKLM\Software\Microsoft\Windows\CurrentVersion\Setup

    ServicePackCachePath c:\windows\ServicePackFiles\
    ServicePackCache

    HKLM\Software\Microsoft\Windows\CurrentVersion\Setup

    ServicePackSourcePathD:\

    HKLM\Software\Microsoft\Windows\CurrentVersion\Setup

    SourcePath

    D:\

    HKLM\Software\Policies\Microsoft\Windows\Safer\
    CodeIdentifiers

    TransparentEnabled

    HKLM\System\CurrentControlSet\Control\ComputerName
    \ActiveComputerName

    ComputerName

    PC

    HKLM\System\CurrentControlSet\Control\ProductOptions

    ProductType

    WinNT

    HKLM\System\CurrentControlSet\Control\Terminal Server TSAppCompat

    HKLM\System\CurrentControlSet\Services\Tcpip\
    Parameters

    Domain

    HKLM\System\CurrentControlSet\Services\Tcpip\
    Parameters

    Hostname

    HKLM\System\Setup

    SystemSetupInProgress0

    HKLM\System\WPA\PnP

    seed

    1274198464

    HKU\S-1-5-21-842925246-1425521274-308236825-500\
    Keyboard Layout\Toggle

    Language Hotkey

    HKU\S-1-5-21-842925246-1425521274-308236825-500\
    Keyboard Layout\Toggle

    Layout Hotkey

    HKU\S-1-5-21-842925246-1425521274-308236825-500\
    Software\Microsoft\Windows\CurrentVersion\Explorer\
    User Shell Folders

    Local Settings

    %USERPROFILE%\Local Settings

    HKU\S-1-5-21-842925246-1425521274-308236825-500\
    Software\Microsoft\Windows\CurrentVersion\Explorer\
    User Shell Folders

    Personal

    %USERPROFILE%\My Documents

    pc

    2.b) hippo.anim.exe - File Activities

    http://anubis.iseclab.org/

    Page 5 of 6

    Analysis Report for hippo.animator.v3.x-patch.exe - submitted on 02/11/14, 20:45:38 UTC

    Files Deleted:
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll

    Files Created:
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Acknowledge -BRK-.FON
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll

    Files Modified:
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Acknowledge -BRK-.FON
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll

    File System Control Communication:


    File

    Control Code

    Times

    C:\Program Files\Common Files\

    0x00090028

    Memory Mapped Files:


    File Name
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Acknowledge -BRK-.FON
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll
    C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
    C:\WINDOWS\WindowsShell.Manifest
    C:\WINDOWS\system32\MSCTF.dll
    C:\WINDOWS\system32\SETUPAPI.dll
    C:\WINDOWS\system32\UxTheme.dll
    C:\WINDOWS\system32\WINSTA.dll
    C:\WINDOWS\system32\WTSAPI32.dll
    C:\WINDOWS\system32\faultrep.dll
    C:\WINDOWS\system32\imm32.dll
    C:\WINDOWS\system32\shell32.dll

    2.c) hippo.anim.exe - Other Activities


    Mutexes Created:
    CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
    CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
    CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
    CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
    CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
    CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274308236825-500
    MSCTF.Shared.MUTEX.IFG

    Windows SEH exceptions:


    Description

    Times

    Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at


    0x10001ddc

    http://anubis.iseclab.org/

    Page 6 of 6

    Das könnte Ihnen auch gefallen