There aren’t many useful strings in the malware other than import functions and the
When you run this malware, it appears to do nothing other than terminate.
You must rename the malware to peo.exe for it to run properly.
This malware uses three different anti-debugging timing techniques:
QueryPerformanceCounter check is successful, the
malware modifies the string needed for the program to run properly. If the
GetTickCount check is successful, the malware causes an unhandled exception that crashes
the program. If the
rdtsc check is successful, the malware will
attempt to delete itself from disk.
The anti-debugging timing checks are successful ...