Monday, February 20, 2017

Analysis of iLinkweb setup


Started Analysis of unknown setup:

This file seems to be a setup files, due to the strings and api used were related to a setup files.


This is the behaviour it shows when I execute the sample.
I try to download that missing dll from the internet,

 



Screenshot of Manually downloaded dll file which is required by setup files

 

I executed the sample again, it throws another error,


I need to feed the dll file manually again.

Another error,


This time we unable to find the sample in the internet.
 
I go for static analysis:


This sample is iLinkweb setup.

Usage of the files:

It is a software which enables transfers of file from local pc to server. Mostly used in conjunction with Finacle (a core banking solution).

 
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How Malware Uses GetThreadContext() to Detect Debuggers – And How to Bypass It?

  Introduction In the world of malware reverse engineering , understanding how malware detects debuggers is crucial. One of the most common ...