Difference between revisions of "AppID"
m (added "or later" to version)
m (→Usage: removed copy'n'paste prefix leftover)
|Line 12:||Line 12:|
AppID:<key name>,<value name>
Revision as of 15:45, 22 February 2008
|Main Application||Version 1.3 or later|
Searches for an application ID inside the registry.
AppID:<key name(string)>,<value name(string)>
This example detects the entries of the CommonName malware in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
This is an outdated command used to detect application IDs.
- The name of the key to detect comes as first parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
- Additionally, for cases where the key might be random, all AppID keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
Flagged are only registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
- Any AppID key identified by key name.
- Any AppID key that has a default value identified by value name.