The complete process list of the searched processes is the following:. As previously stated, these strings are not plaintext: they are obfuscated with an XOR operation using the hardcoded value "0x47".
Despite the simple key, the decoding routine brings chunks of encrypted strings from many locations. In fact, the obfuscated string is formed by getting some of the characters from the data section, and the rest as stack strings.
In the following decoding routine example, we can also see the decoding of the command-and-control servers. After that, the bot declares which commands it executes. Figure Content of libraries. The other files contained inside the package are of two types, the first one is the complete 7-zip command-line program, with its DLLs and executable, useful to compress and decompress data to share with the C2. The second one comprehends all libraries which are dependencies for the Mozilla Firefox browser, necessary for data exfiltration.
We compared the two main versions of the same malware released in , the v2 and the v4. The main functions of these two samples show the same structure, but the complexity of the features has indisputably grown.
After scanning, the tool will reveal all identified threats. There may be other threats that our first scan fails to detect. When removal procedure is complete, you may now close Malicious Software Removal Tool.
We hope that Speedy PC Pro have been completely deleted from the computer. Please restart Windows to proceed with the normal operation. Download the free anti-malware scanner called MalwareBytes Anti-Malware. Malwarebytes Anti-Malware Download Link this will open a new window.
After downloading, install the program. It may run automatically or you have to double-click on the downloaded file MB3-Setup. Proceed with the installation using only the default setup. If you need the complete setup procedure, it is available on the download page. On Malwarebytes Anti-malware console, click on Scan to run the most comprehensive detection method and find any hidden items linked to Speedy PC Pro When scanning is done, Malwarebytes Anti-Malware will display the list of identified threats.
Remove all identified threats and restart the computer to finalized the scan process. A malware fighter and virus hunter that also work as IT consultant specializing in computer security. Free antivirus Download Malwarebytes free to scan and remove malware from your device, or get proactive protection with Malwarebytes Premium. Trusted by customers worldwide. Mac computers. Android devices. How to remove a virus on your computer. Step 1 — Install a virus scanner. Step 2 — Review threats After the online virus scan, Malwarebytes reports on any threats that were found and asks if you want to remove them.
Step 2 — Review threats. Step 3 — Remove threats Once you give the ok, our virus removal tool will clean up threats so your device, files, and privacy are secure. Step 3 — Remove threats. Proactively protect your device from future viruses with Malwarebytes Premium.
See pricing. Fort Worth, TX. Sarasota, FL. We have no interest in modifying your homepage, search engine settings or installing crap on your system. If we find any potential dangers, whether they are false positives or not, you should know. Most other download sites are not as diligent. The virus and malware tests for Speedy Painter are maintained by Tina de Pierre.
The file tested:. Hassle-Free Downloads. No Adware.
0コメント