About

Monday, February 20, 2017

Analysis of iLinkweb setup


Started Analysis of unknown setup:

This file seems to be a setup files, due to the strings and api used were related to a setup files.


This is the behaviour it shows when I execute the sample.
I try to download that missing dll from the internet,

 



Screenshot of Manually downloaded dll file which is required by setup files

 

I executed the sample again, it throws another error,


I need to feed the dll file manually again.

Another error,


This time we unable to find the sample in the internet.
 
I go for static analysis:


This sample is iLinkweb setup.

Usage of the files:

It is a software which enables transfers of file from local pc to server. Mostly used in conjunction with Finacle (a core banking solution).

 
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

SEO Poisoning Leads to Fake Claude Code Infostealer Attacks

Attackers are exploiting the Claude Code adoption wave. A six-stage fileless infostealer is being delivered through a poisoned search result...