Hey guys, have you seen anything like this? What are these AVexception, AVtype_info, AVbad_alloc strings? I was not able to come up with a explanation with Google, a few malware analyiser site also have these strings at specific executables, but no specific answer for these.
asked 10 Sep '15, 03:42  albi edited 10 Sep '15, 03:43 |
One Answer:
My guess is that it's a "mangled" symbol name in an executable image; see these linker error messages, for example. "bad_alloc", "type_info", and "exception" are all names in C++'s standard library. If this is a packet capture, it's probably an executable image file being downloaded, and that's part of the image file's symbol table. If this isn't a packet capture, it's not really a Wireshark question.... answered 10 Sep '15, 17:37  Guy Harris ♦♦ |
Is this a Wireshark question? We'd normally expect to see some packets rather than a hexdump.
Can you share a capture in a publicly accessible spot, e.g. CloudShark?