Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ ./peframe.py 842E903B955E134AE281D09A467E420A.bin
- Short information
- ------------------------------------------------------------
- File Name 842E903B955E134AE281D09A467E420A.bin
- File Size 32256 byte
- Compile Time 2014-03-28 16:21:40
- DLL False
- Sections 5
- Hash MD5 842e903b955e134ae281d09a467e420a
- Hash SHA-1 b169758a8c605d1de310811b93390e206d2ab980
- Imphash 20d312c40b57fdae2e35b5936593696c
- Detected Anti Debug
- Directory Import
- Anti Debug discovered [2]
- ------------------------------------------------------------
- Function Process32First
- Function Process32Next
- Suspicious API discovered [44]
- ------------------------------------------------------------
- Function CopyFileA
- Function CreateDirectoryA
- Function CreateFileA
- Function CreateProcessA
- Function CreateRemoteThread
- Function CreateThread
- Function CreateToolhelp32Snapshot
- Function DeleteFileA
- Function GetCommandLineA
- Function GetComputerNameA
- Function GetCurrentProcess
- Function GetCurrentProcessId
- Function GetFileAttributesA
- Function GetFileSize
- Function GetModuleFileNameA
- Function GetProcAddress
- Function GetTempPathA
- Function GetTickCount
- Function GetUserNameA
- Function GetVersionExA
- Function LoadLibraryA
- Function OpenProcess
- Function OpenProcessToken
- Function Process32First
- Function Process32Next
- Function ReadProcessMemory
- Function RegCloseKey
- Function RegCreateKeyExA
- Function RegDeleteValueA
- Function RegOpenKeyExA
- Function Sleep
- Function VirtualAlloc
- Function VirtualAllocEx
- Function VirtualFree
- Function WSAStartup
- Function WriteFile
- Function WriteProcessMemory
- Function closesocket
- Function connect
- Function recv
- Function recvfrom
- Function send
- Function sendto
- Function socket
- Suspicious Sections discovered [1]
- ------------------------------------------------------------
- Section .bss
- Hash MD5 d41d8cd98f00b204e9800998ecf8427e
- Hash SHA-1 da39a3ee5e6b4b0d3255bfef95601890afd80709
- File name discovered [28]
- ------------------------------------------------------------
- Text \AdobeFlashPlayer\Log.txt
- Executable LogonUI.exe
- Executable \AdobeFlashPlayer\mswinhost.exe
- Executable \winserv.exe
- Executable alg.exe
- Executable chrome.exe
- Executable csrss.exe
- Executable devenv.exe
- Executable explorer.exe
- Executable firefox.exe
- Executable iexplore.exe
- Executable lsass.exe
- Executable mysqld.exe
- Executable services.exe
- Executable smss.exe
- Executable spoolsv.exe
- Executable taskhost.exe
- Executable winlogon.exe
- Executable wmiprvse.exe
- Executable wuauclt.exe
- Web Page /aero3/fly.php
- Data \AdobeFlashPlayer\Local.dat
- Library advapi32.dll
- Library kernel32.dll
- Library msvcrt.dll
- Library shell32.dll
- Library user32.dll
- Library ws2_32.dll
- Url discovered [3]
- ------------------------------------------------------------
- Url msoffice365net.com
- Url pop3smtp5imap3.com
- Url pop3smtp5imap4.ru
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement