![freefilesync malware 7.7 freefilesync malware 7.7](https://windows-cdn.softpedia.com/screenshots/Portable-FreeFileSync_5.png)
![freefilesync malware 7.7 freefilesync malware 7.7](https://1.bp.blogspot.com/-3L6wQcJFY4Q/XpBHJqu09yI/AAAAAAAAIgw/O8q47wKMlHUR9GT704y0-u96EyZFYgY9ACNcBGAsYHQ/s1600/install%2Biobit%252811%2529-min.jpg)
Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_DEBUG Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_BASEREL OC Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_RESOURC E Static PE information: data direc tory type: IMAGE_DIR ECTORY_ENT RY_IMPORT PE file contains a mix of data directories often seen in goodware Static PE information: certificat e valid Process created: C:\Users\u ser\Deskto p\FreeFile Sync.exe ' C:\Users\u ser\Deskto p\FreeFile Sync.exe' /load Process created: C:\Users\u ser\Deskto p\FreeFile Sync.exe ' C:\Users\u ser\Deskto p\FreeFile Sync.exe' /install Process created: C:\Users\u ser\Deskto p\FreeFile Sync.exe ' C:\Users\u ser\Deskto p\FreeFile Sync.exe' -install Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Source: C:\Users\u ser\Deskto p\FreeFile Sync.exeįound potential string decryption / allocating functionsĬode function: String fun ction: 002 C7210 appe ars 33 tim es Remotely Track Device Without Authorizationĭeobfuscate/Decode Files or Information 1 Eavesdrop on Insecure Network Communication