AppID: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (→Usage: shortened names) |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{SbiCmdInfo | ||
|SYNTAX = AppID | |||
Searches for an application ID inside the registry. | |PENAME = SpybotSD.exe | ||
|PEVERSION = 1.3 or later | |||
|GROUP = Registry | |||
|MINUPDATE = n/a | |||
|ADVFILEPARAMS = no | |||
|ADVREGPARAMS = no | |||
|ADVBUILDPARAMS = no | |||
|ADVSPECIALPARAMS = no | |||
}}Searches for an application ID inside the registry. | |||
==Usage== | ==Usage== | ||
AppID:<key(string)>,<value(string)> | |||
===Examples=== | ===Examples=== | ||
AppID:"CNForm.EXE","CNForm" | AppID:"CNForm.EXE","CNForm" | ||
This example detects the entries of the ''CommonName'' malware in | This example detects the entries of the ''CommonName'' malware in ''HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\''. | ||
===Description=== | ===Description=== | ||
This is an outdated command used to detect application IDs. | This is an outdated command used to detect application IDs. | ||
# The name of the key to detect comes as first parameter. [[AlgoPrefix|Algo-Prefixes]] are available in versions later than 1.5.2. {{AlgoPrefix}} | |||
# Additionally, for cases where the key might be random, all ''AppID'' keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. [[AlgoPrefix|Algo-Prefixes]] are available in versions later than 1.5.2. {{AlgoPrefix}} | |||
===Scan Results=== | |||
Flagged are only registry keys in ''HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\''. | |||
* Any ''AppID'' key identified by ''key name''. | |||
* Any ''AppID'' key that has a default value identified by ''value name''. | |||
==See also== | ==See also== | ||
* [[Advanced registry parameters]] | * [[Advanced registry parameters]] | ||
* [[AlgoPrefix]] | |||
===Similar commands=== | ===Similar commands=== | ||
Latest revision as of 15:52, 22 February 2008
| AppID | |
| Group | Registry |
| Main Application | Version 1.3 or later |
| Required Update | n/a |
| File Parameters | no |
| Registry Parameters | no |
| Build Parameters | no |
| Special Parameters | no |
Searches for an application ID inside the registry.
Usage
AppID:<key(string)>,<value(string)>
Examples
AppID:"CNForm.EXE","CNForm"
This example detects the entries of the CommonName malware in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
Description
This is an outdated command used to detect application IDs.
- The name of the key to detect comes as first parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
- Additionally, for cases where the key might be random, all AppID keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
Scan Results
Flagged are only registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
- Any AppID key identified by key name.
- Any AppID key that has a default value identified by value name.