AppID: Difference between revisions
Jump to navigation
Jump to search
(added info box) |
m (added "or later" to version) |
||
| Line 2: | Line 2: | ||
|SYNTAX = AppID | |SYNTAX = AppID | ||
|PENAME = SpybotSD.exe | |PENAME = SpybotSD.exe | ||
|PEVERSION = 1.3 | |PEVERSION = 1.3 or later | ||
|GROUP = Registry | |GROUP = Registry | ||
|MINUPDATE = n/a | |MINUPDATE = n/a | ||
Revision as of 13:42, 22 February 2008
| AppID | |
| Group | Registry |
| Main Application | Version 1.3 or later |
| Required Update | n/a |
| File Parameters | no |
| Registry Parameters | no |
| Build Parameters | no |
| Special Parameters | no |
Searches for an application ID inside the registry.
Usage
Format: AppID:<key name>,<value name>
Examples
AppID:"CNForm.EXE","CNForm"
This example detects the entries of the CommonName malware in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
Description
This is an outdated command used to detect application IDs.
- The name of the key to detect comes as first parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
- Additionally, for cases where the key might be random, all AppID keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
Scan Results
Flagged are only registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
- Any AppID key identified by key name.
- Any AppID key that has a default value identified by value name.