File Behavior
SPYWAR~1.EXE has been seen to perform the following behavior:
* The Process is polymorphic and can change its structure
* Executes Processes stored in Temporary Folders
* Executes a Process
* Includes file creation code which could be used to test for interception by security products
* Writes to another Process's Virtual Memory (Process Hijacking)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment