Quick Key Logger break down
Hello, I had a simple malware sample (keylogger) I could show to reinforce what my previous posts touched on. https://tntrex77.blogspot.com/2018/10/quick-tip-sysinternals.html https://tntrex77.blogspot.com/2018/12/how-i-use-sysinternals.html This was an executable file (.exe) hanging out in the startup folder, trying to be all innocent named "msdefender.exe". "I don't believe you, more like bsdefender.exe!" https://www.virustotal.com/gui/file/0fd7513668d18c2c6be2ed2eed170b86217734d0af0385bca8eddb94404f05f5/detection There were also a few detections from VirusTotal, ( VT blog entry ) First thing I usually do is blast a file with sigcheck: sigcheck -h -v <File> (Hash and VT switches) (Similar output to the VT website, use what you like) Then I pop the file into DIE (Detect It Easy) just to verify file type and quick entropy and strings check. A .rar archive? "But you said you were msdefender.exe!" Let's pop it i...