Administrator.<\/p>\n
Many malware samples contain debug strings that include paths often directly pointing to a location where the source code is stored and so it happens that often it’s also a location under the USERPROFILE. For the fun of it, I extracted the strings from a large batch of samples and came up with the following statistics (showing top 50):<\/p>\n
3893 Administrator\n 2963 JUANJO\n 1121 ryanch\n 928 Boy\n 617 UserXP\n 612 user\n 519 1337\n 502 User\n 465 Admin\n 435 root\n 422 bld4act\n 418 Owner\n 347 nosferatus\n 305 Administrateur\n 300 M4x\n 296 ismael\n 277 goga\n 277 Kyle\n 255 Mirko\n 247 1134\n 244 kdglkrkjdfhslej\n 241 FEDERIKO\n 234 t0fx\n 231 rstephens\n 219 DarkCoderSc\n 218 gcc\n 205 icyheart\n 200 Dave\n 197 michael\n 197 Roshan\n 197 James\n 195 Ben\n 182 John\n 178 admin\n 173 Dev\n 161 box1\n 157 nonadmin\n 153 FELIPE\n 152 Familie\n 151 Timothy\n 137 Dhivin\n 133 Vortex\n 131 Robert\n 130 dabdoub\n 129 USER\n 127 dr zinou\n 125 packar\n 122 David\n 116 nathu\n 116 Daniel<\/pre>\nIt’s obviously biased.<\/p>\n
Other interesting names include:<\/p>\n
There are over 7000 account names on the list. If you want the full list, please contact me offline.<\/p>\n","protected":false},"excerpt":{"rendered":"
Administrator. Many malware samples contain debug strings that include paths often directly pointing to a location where the source code is stored and so it happens that often it’s also a location under the USERPROFILE. For the fun of it, … Continue reading