AnalysisEngine.FileWatchers.systempChanged C# (CSharp) Method

FileWatchers Class Documentation Datei anzeigen Open project: rvazarkar/antipwny

systempChanged() private method

private systempChanged ( object sender, FileSystemEventArgs e ) : void
sender object
e System.IO.FileSystemEventArgs
return void 
        private void systempChanged(object sender, FileSystemEventArgs e)
        {
            try
            {
                FileInfo f = new FileInfo(e.FullPath);

                string date = DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString();

                string detect = "";
                if (f.Length == 73802 && f.Name.Contains(".exe"))
                {
                    detect = "Likely Meterpreter Executable";
                    w.write(date, e.FullPath, detect);
                }
                else if (f.Length == 15872 && f.Name.Contains(".exe"))
                {
                    detect = "Likely PSExec Executable";
                    w.write(date, e.FullPath, detect);
                }
                else if (f.Length == 148480 && f.Name.Equals("tior.exe"))
                {
                    detect = "BypassUAC Executable";
                    w.write(date, e.FullPath, detect);
                }
                else if (f.Length == 61440 && f.Name.Equals("metsvc.exe"))
                {
                    detect = "Metsvc Installation";
                    w.write(date, e.FullPath, detect);
                }
            }
            catch (Exception)
            {
                return;
            }
        }
FileWatchers
FileWatchers
exploitChanged
psexecChanged
systempChanged