Does the VM running CIMA can execute .Net executables? Specifically c# framework 2.0?? As it is becoming a std on windows the .Net framework, new malware is coming out!
Shouldnt this create a suspicious file in CIMA?
using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Win32;
using System.IO;
namespace CAMAS
{
class Program
{
static void Main(string[] args)
{
RegistryKey r = Registry.LocalMachine.CreateSubKey(“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”);
if (r != null)
{
r.SetValue("testApp", "c:\\sample.exe"); //this creates a new key on a startup registry key
}
string f = Environment.GetFolderPath(Environment.SpecialFolder.System);
FileStream fs = new FileStream(f + "\\test.dll", FileMode.Create, FileAccess.Write); //This creates a dll file in system32
fs.Close();
fs.Dispose();
}
}
}