Order Now

3) Using VirusTotal, please search for the following file hash: 1232366c104bdb6e42b04adb7eff4e08 Please analyze this sample (using both VT and the metadata in the attached text file) and write a YARA signature that contains unique strings that is likely

2 min read
Posted on 
November 2nd, 2022
Home 3) Using VirusTotal, please search for the following file hash: 1232366c104bdb6e42b04adb7eff4e08 Please analyze this sample (using both VT and the metadata in the attached text file) and write a YARA signature that contains unique strings that is likely

20181112202335leafminer2.txt
 

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

3) Using VirusTotal, please search for the following file hash: 1232366c104bdb6e42b04adb7eff4e08

  • Please analyze this sample (using both VT and the metadata in the attached text file) and write a YARA signature that contains unique strings that is likely to produce true positive results for threat hunting activities
  • Here’s an example of a rule template you can use when writing your rule:

    rule Leafminer { strings: $s1 = “Sorgu.exe” wide ascii $s2 = “https://iqhost.us:3389/” wide ascii condition: any of them }

You are encouraged to perform additional open source research on the topics of YARA and Leafminer as necessary to support your submission. Please provide a list of all external sources (URLs are sufficient) on the last page of your report.

ASCII Strings:
=====================
This program cannot be run in DOS mode.
.reloc
v2.0.50727
Strings
Sorgu.exe

mscorlib
Object
System
<>c__DisplayClass9_0
<>c__DisplayClass11_0
MainService
CmdService
System.ServiceProcess
ServiceBase
Program
ProjectInstaller
System.Configuration.Install
Installer
PoweredByAttribute
SmartAssembly.Attributes
Attribute
_handle
_timer
System.Threading
_counter
<>9__6_0
RemoteCertificateValidationCallback
System.Net.Security
StringBuilder
System.Text
serviceProcessInstaller
ServiceProcessInstaller
serviceInstaller
ServiceInstaller
.cctor
OnStart
OnStop
TimerElasped
SendRequest
Action
WebClient
System.Net
action
RunCmd
argument
GetKey
EmptyWorkingSet
hwProc
psapi.dll
InitializeComponent
Process
System.Diagnostics
TimerCallback
WebHeaderCollection
HttpRequestHeader
Component
System.ComponentModel
ProcessStartInfo
Encoding
ProcessWindowStyle
DataReceivedEventHandler
�Exception
<.ctor>b__6_0
X509Certificate
System.Security.Cryptography.X509Certificates
X509Chain
SslPolicyErrors
errors
b__0
client
b__1
g__DoEvent0
DataReceivedEventArgs
ServiceAccount
ServiceStartMode
InstallerCollection
AssemblyCompanyAttribute
System.Reflection
AssemblyProductAttribute
ComVisibleAttribute
System.Runtime.InteropServices
NeutralResourcesLanguageAttribute
System.Resources
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
DebuggableAttribute
DebuggingModes
AssemblyDescriptionAttribute
AssemblyTitleAttribute
CompilerGeneratedAttribute
RunInstallerAttribute
String
Invoke
DateTime
get_UtcNow
get_Ticks
Registry
Microsoft.Win32
LocalMachine
RegistryKey
OpenSubKey
ToString
GetValue
SetValue
ServicePointManager
set_ServerCertificateValidationCallback
SetTcpKeepAlive
GetCurrentProcess
get_Handle
Change
Dispose
IsNullOrEmpty
get_Headers
set_Item
get_StartInfo
set_UseShellExecute
set_ErrorDialog
set_RedirectStandardError
set_RedirectStandardOutput
set_RedirectStandardInput
set_CreateNoWindow
get_UTF8
�set_StandardErrorEncoding
set_StandardOutputEncoding
set_WindowStyle
set_FileName
Concat
set_Arguments
add_OutputDataReceived
add_ErrorDataReceived
BeginOutputReadLine
WaitForExit
get_Message
set_AutoLog
DownloadString
GetBytes
UploadData
get_Data
AppendLine
set_Account
set_Password
set_Username
set_Description
set_DisplayName
set_ServiceName
set_StartType
get_Installers
AddRange
Microsoft Corporation
Microsoft
Windows
Operating System
6.1.7600.0
Microsoft Corporation. All rights reserved.
WrapNonExceptionThrows
Host Process for Windows Services
Powered by SmartAssembly 6.11.1.354
_CorExeMain
mscoree.dll
xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”
— Copyright (c) Microsoft Corporation –>

Host Process for Windows Services
Unicode Strings:
=====================
cmd.exe
SOFTWARE\Classes\*
Timespan
https://adobe-flash.us:3389/
�Group Policy Manager
gpmsvc
The service is responsible for managing settings for the computer and users
through the Group Policy component. If the service is disabled, the settings
will not be manageable through Group Policy. Any components or applications that
depend on the Group Policy component might not be functional if the service is
disabled.
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Host Process for Windows Services
CompanyName
Microsoft Corporation
FileDescription
Host Process for Windows Services
FileVersion
6.1.7600.0
InternalName
Sorgu.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
Sorgu.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.0
Assembly Version
0.0.0.0

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Paper Answers
Company
Legal
How Our Service is Used:
Paper Answers essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Paper Answers does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Paper Answers. All rights reserved.
Paper Answers will be listed as ‘Paper Answers’ on your bank statement.

Order your essay today and save 30% with the discount code ESSAYHELP

Order Now