other source binded it with a virus
It took me some time to track down this forum, I would like to thank you for your work. I first downloaded this hook from another source (downloadly.ir) it was working fine, but it seems it has been bundled with a virus and gave me some red flags so I did some digging and eventually found the source of this hook. Below some information about the dirty version.dll.
hybrid analysis red flags: http://www.hybrid-analysis.com/sample/d6670efa10094a946cba5e9e1b8f585836a8e545f854a0b7dcef475db91ccc6a/6527c6fe8727fe055a050a58
SHA265: d6670efa10094a946cba5e9e1b8f585836a8e545f854a0b7dcef475db91ccc6a
I uploaded this assumed VIRUS here, maybe handy for analysis
https://pixeldrain.com/u/qd61uDj3 (watch out virus, only download for analysis)
I would like to know what exactly is added, any tips on how to find this out?
kind regard, T
|