Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "hash": {
- "sha256": "c294ff1ae5df3c9cb12e3d2730db0af2c5b8539f6ec3107b1f26ed2c6e2767f8",
- "sha1": "d553d160d859f368f04c16444d03328e02d7433c",
- "md5": "9c1cbc6a6794067ab6f82d31f484e47c"
- },
- "file_found": {
- "Library": [
- "WUSER32.DLL",
- "mscoree.dll",
- "nKERNEL32.DLL",
- "ADVAPI32.dll",
- "OLEAUT32.dll",
- "VERSION.dll",
- "WSOCK32.dll",
- "SHELL32.dll",
- "uxtheme.dll",
- "ICMP.DLL",
- "PSAPI.DLL",
- "COMCTL32.dll",
- "ole32.dll",
- "WININET.dll",
- "USER32.dll",
- "USERENV.dll",
- "WINMM.dll",
- "GDI32.dll",
- "MPR.dll",
- "KERNEL32.dll",
- "COMDLG32.dll"
- ]
- },
- "file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",
- "file_name": "c294ff1ae5df3c9cb12e3d2730db0af2c5b8539f6ec3107b1f26ed2c6e2767f8",
- "ip_found": [
- "255.255.255.255"
- ],
- "file_size": 1514576,
- "peframe_ver": "5.0 Beta",
- "virustotal": {
- "total": 53,
- "positives": 9,
- "permalink": "https://www.virustotal.com/file/c294ff1ae5df3c9cb12e3d2730db0af2c5b8539f6ec3107b1f26ed2c6e2767f8/analysis/1449741034/",
- "scan_date": "2015-12-10 09:50:34"
- },
- "pe_info": {
- "compile_time": "2012-01-29 22:32:28",
- "packer_info": [
- "Microsoft Visual C++ 8",
- "VC8 -> Microsoft Corporation"
- ],
- "sections_number": 4,
- "resources_info": [
- {
- "name": "RT_ICON",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "offset": "0xe4f58",
- "data": "( @\tb\r\f\f/ ^rqpz>\rcDDDPLLPOODDD$$$\t\t\t.-.MLM?:;MLLTTTlllooo;;;P999><=@<<QPPnmmfffWWW...+++755GCD{xqpp333.\r\r\r422OKKyqk###\f\f\f$!\"UQPlaVYSNGFEKKKSSS,,,\n\n\ndcbE-$ !NLM'$ ...XXXrrr555)))AAAYExvuhgg///eee<<<%%%\t\t\t\tWVVnD\t\t\t000vvvDDD###\r\r\r)K\t\t\t333QQQ M---[VVVzzzMMM {NNN|/./PPPIHI>=>:::989878878222%%%poooqqq]]]CCC///$#$\"!\" f\n\n\n...[QQQZYZWWWNMN999\u000b\u000b\u000bs\t\t\t$0",
- "size": 1128
- },
- {
- "name": "RT_MENU",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "offset": "0xe53c0",
- "data": "Context1Script &PausedE&xit",
- "size": 80
- },
- {
- "name": "RT_DIALOG",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "offset": "0xe5410",
- "data": "L\n_AutoIt Input BoxMS Shell DlgP,PromptP8\fPI2OKPWI2Cancel",
- "size": 252
- },
- {
- "name": "RT_STRING",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_US",
- "offset": "0xe7588",
- "data": "Unable to parse line.Unable to open the script file.String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.",
- "size": 344
- },
- {
- "name": "RT_GROUP_ICON",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "offset": "0xe77a8",
- "data": "(",
- "size": 20
- },
- {
- "name": "RT_VERSION",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_UK",
- "offset": "0xe77c0",
- "data": "4VS_VERSION_INFOStringFileInfo080904b0(FileDescription6\u000bFileVersion3, 3, 8, 1^CompiledScriptAutoIt v3 Script: 3, 3, 8, 1DVarFileInfo$Translation\t",
- "size": 412
- },
- {
- "name": "RT_MANIFEST",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_US",
- "offset": "0xe7960",
- "data": "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n <security>\r\n <requestedPrivileges>\r\n <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n </requestedPrivileges>\r\n </security>\r\n </trustInfo>\r\n <dependency>\r\n <dependentAssembly>\r\n <assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" language=\"*\" processorArchitecture=\"*\" publicKeyToken=\"6595b64144ccf1df\"></assemblyIdentity>\r\n </dependentAssembly>\r\n </dependency>\r\n</assembly>",
- "size": 620
- }
- ],
- "sections_info": [
- {
- "hash_md5": "61ffce4768976fa0dd2a8f6a97b1417a",
- "suspicious": false,
- "name": ".text\u0000\u0000\u0000",
- "size_raw_data": 526336,
- "virtual_address": "0x1000",
- "hash_sha1": "1a4a6e903ba8481730da89043acebb85caaecabf",
- "virtual_size": "0x8061c"
- },
- {
- "hash_md5": "0354bc5f2376b5e9a4a3ba38b682dff1",
- "suspicious": false,
- "name": ".rdata\u0000\u0000",
- "size_raw_data": 57344,
- "virtual_address": "0x82000",
- "hash_sha1": "e70510edd94f414dcc71e0a8ed797f2ebcb61897",
- "virtual_size": "0xdfc0"
- },
- {
- "hash_md5": "8033f5a38941b4685bc2299e78f31221",
- "suspicious": false,
- "name": ".data\u0000\u0000\u0000",
- "size_raw_data": 26624,
- "virtual_address": "0x90000",
- "hash_sha1": "e525097f0c6a472b209669ddf8c3d82ba5a8dfb4",
- "virtual_size": "0x1a758"
- },
- {
- "hash_md5": "e153b17617825cd3077a3484ac549888",
- "suspicious": false,
- "name": ".rsrc\u0000\u0000\u0000",
- "size_raw_data": 248832,
- "virtual_address": "0xab000",
- "hash_sha1": "cc90bc3fae9be5a237420ae2170de3de1de231b7",
- "virtual_size": "0x3cbd0"
- }
- ],
- "import_function": {
- "MPR.dll": [
- {
- "function": "WNetCancelConnection2W",
- "address": "0x4823d8"
- },
- {
- "function": "WNetGetConnectionW",
- "address": "0x4823dc"
- },
- {
- "function": "WNetAddConnection2W",
- "address": "0x4823e0"
- },
- {
- "function": "WNetUseConnectionW",
- "address": "0x4823e4"
- }
- ],
- "COMDLG32.dll": [
- {
- "function": "GetSaveFileNameW",
- "address": "0x4820bc"
- },
- {
- "function": "GetOpenFileNameW",
- "address": "0x4820c0"
- }
- ],
- "VERSION.dll": [
- {
- "function": "VerQueryValueW",
- "address": "0x482738"
- },
- {
- "function": "GetFileVersionInfoW",
- "address": "0x48273c"
- },
- {
- "function": "GetFileVersionInfoSizeW",
- "address": "0x482740"
- }
- ],
- "OLEAUT32.dll": [
- {
- "function": "VariantChangeType",
- "address": "0x4823ec"
- },
- {
- "function": "VariantCopyInd",
- "address": "0x4823f0"
- },
- {
- "function": "DispCallFunc",
- "address": "0x4823f4"
- },
- {
- "function": "CreateStdDispatch",
- "address": "0x4823f8"
- },
- {
- "function": "CreateDispTypeInfo",
- "address": "0x4823fc"
- },
- {
- "function": "SysFreeString",
- "address": "0x482400"
- },
- {
- "function": "SafeArrayDestroyDescriptor",
- "address": "0x482404"
- },
- {
- "function": "SafeArrayDestroyData",
- "address": "0x482408"
- },
- {
- "function": "SafeArrayUnaccessData",
- "address": "0x48240c"
- },
- {
- "function": "SysStringLen",
- "address": "0x482410"
- },
- {
- "function": "SafeArrayAllocData",
- "address": "0x482414"
- },
- {
- "function": "GetActiveObject",
- "address": "0x482418"
- },
- {
- "function": "QueryPathOfRegTypeLib",
- "address": "0x48241c"
- },
- {
- "function": "SafeArrayAllocDescriptorEx",
- "address": "0x482420"
- },
- {
- "function": "SafeArrayCreateVector",
- "address": "0x482424"
- },
- {
- "function": "SysAllocString",
- "address": "0x482428"
- },
- {
- "function": "VariantCopy",
- "address": "0x48242c"
- },
- {
- "function": "VariantClear",
- "address": "0x482430"
- },
- {
- "function": "VariantTimeToSystemTime",
- "address": "0x482434"
- },
- {
- "function": "VarR8FromDec",
- "address": "0x482438"
- },
- {
- "function": "SafeArrayGetVartype",
- "address": "0x48243c"
- },
- {
- "function": "OleLoadPicture",
- "address": "0x482440"
- },
- {
- "function": "SafeArrayAccessData",
- "address": "0x482444"
- },
- {
- "function": "VariantInit",
- "address": "0x482448"
- }
- ],
- "WINMM.dll": [
- {
- "function": "timeGetTime",
- "address": "0x482784"
- },
- {
- "function": "waveOutSetVolume",
- "address": "0x482788"
- },
- {
- "function": "mciSendStringW",
- "address": "0x48278c"
- }
- ],
- "WININET.dll": [
- {
- "function": "InternetReadFile",
- "address": "0x482748"
- },
- {
- "function": "InternetCloseHandle",
- "address": "0x48274c"
- },
- {
- "function": "InternetOpenW",
- "address": "0x482750"
- },
- {
- "function": "InternetSetOptionW",
- "address": "0x482754"
- },
- {
- "function": "InternetCrackUrlW",
- "address": "0x482758"
- },
- {
- "function": "HttpQueryInfoW",
- "address": "0x48275c"
- },
- {
- "function": "InternetConnectW",
- "address": "0x482760"
- },
- {
- "function": "HttpOpenRequestW",
- "address": "0x482764"
- },
- {
- "function": "HttpSendRequestW",
- "address": "0x482768"
- },
- {
- "function": "FtpOpenFileW",
- "address": "0x48276c"
- },
- {
- "function": "FtpGetFileSize",
- "address": "0x482770"
- },
- {
- "function": "InternetOpenUrlW",
- "address": "0x482774"
- },
- {
- "function": "InternetQueryOptionW",
- "address": "0x482778"
- },
- {
- "function": "InternetQueryDataAvailable",
- "address": "0x48277c"
- }
- ],
- "GDI32.dll": [
- {
- "function": "DeleteObject",
- "address": "0x4820c8"
- },
- {
- "function": "AngleArc",
- "address": "0x4820cc"
- },
- {
- "function": "GetTextExtentPoint32W",
- "address": "0x4820d0"
- },
- {
- "function": "ExtCreatePen",
- "address": "0x4820d4"
- },
- {
- "function": "StrokeAndFillPath",
- "address": "0x4820d8"
- },
- {
- "function": "StrokePath",
- "address": "0x4820dc"
- },
- {
- "function": "EndPath",
- "address": "0x4820e0"
- },
- {
- "function": "SetPixel",
- "address": "0x4820e4"
- },
- {
- "function": "CloseFigure",
- "address": "0x4820e8"
- },
- {
- "function": "CreateCompatibleBitmap",
- "address": "0x4820ec"
- },
- {
- "function": "CreateCompatibleDC",
- "address": "0x4820f0"
- },
- {
- "function": "SelectObject",
- "address": "0x4820f4"
- },
- {
- "function": "StretchBlt",
- "address": "0x4820f8"
- },
- {
- "function": "GetDIBits",
- "address": "0x4820fc"
- },
- {
- "function": "GetDeviceCaps",
- "address": "0x482100"
- },
- {
- "function": "MoveToEx",
- "address": "0x482104"
- },
- {
- "function": "DeleteDC",
- "address": "0x482108"
- },
- {
- "function": "GetPixel",
- "address": "0x48210c"
- },
- {
- "function": "CreateDCW",
- "address": "0x482110"
- },
- {
- "function": "Ellipse",
- "address": "0x482114"
- },
- {
- "function": "PolyDraw",
- "address": "0x482118"
- },
- {
- "function": "BeginPath",
- "address": "0x48211c"
- },
- {
- "function": "Rectangle",
- "address": "0x482120"
- },
- {
- "function": "SetViewportOrgEx",
- "address": "0x482124"
- },
- {
- "function": "GetObjectW",
- "address": "0x482128"
- },
- {
- "function": "SetBkMode",
- "address": "0x48212c"
- },
- {
- "function": "RoundRect",
- "address": "0x482130"
- },
- {
- "function": "SetBkColor",
- "address": "0x482134"
- },
- {
- "function": "CreatePen",
- "address": "0x482138"
- },
- {
- "function": "CreateSolidBrush",
- "address": "0x48213c"
- },
- {
- "function": "SetTextColor",
- "address": "0x482140"
- },
- {
- "function": "CreateFontW",
- "address": "0x482144"
- },
- {
- "function": "GetTextFaceW",
- "address": "0x482148"
- },
- {
- "function": "GetStockObject",
- "address": "0x48214c"
- },
- {
- "function": "LineTo",
- "address": "0x482150"
- }
- ],
- "SHELL32.dll": [
- {
- "function": "DragQueryPoint",
- "address": "0x482464"
- },
- {
- "function": "ShellExecuteExW",
- "address": "0x482468"
- },
- {
- "function": "SHGetFolderPathW",
- "address": "0x48246c"
- },
- {
- "function": "DragQueryFileW",
- "address": "0x482470"
- },
- {
- "function": "SHEmptyRecycleBinW",
- "address": "0x482474"
- },
- {
- "function": "SHBrowseForFolderW",
- "address": "0x482478"
- },
- {
- "function": "SHFileOperationW",
- "address": "0x48247c"
- },
- {
- "function": "SHGetPathFromIDListW",
- "address": "0x482480"
- },
- {
- "function": "SHGetDesktopFolder",
- "address": "0x482484"
- },
- {
- "function": "SHGetMalloc",
- "address": "0x482488"
- },
- {
- "function": "ExtractIconExW",
- "address": "0x48248c"
- },
- {
- "function": "Shell_NotifyIconW",
- "address": "0x482490"
- },
- {
- "function": "ShellExecuteW",
- "address": "0x482494"
- },
- {
- "function": "DragFinish",
- "address": "0x482498"
- }
- ],
- "KERNEL32.dll": [
- {
- "function": "HeapAlloc",
- "address": "0x482158"
- },
- {
- "function": "Sleep",
- "address": "0x48215c"
- },
- {
- "function": "GetCurrentThreadId",
- "address": "0x482160"
- },
- {
- "function": "RaiseException",
- "address": "0x482164"
- },
- {
- "function": "MulDiv",
- "address": "0x482168"
- },
- {
- "function": "GetVersionExW",
- "address": "0x48216c"
- },
- {
- "function": "GetSystemInfo",
- "address": "0x482170"
- },
- {
- "function": "InterlockedIncrement",
- "address": "0x482174"
- },
- {
- "function": "InterlockedDecrement",
- "address": "0x482178"
- },
- {
- "function": "WideCharToMultiByte",
- "address": "0x48217c"
- },
- {
- "function": "lstrcpyW",
- "address": "0x482180"
- },
- {
- "function": "MultiByteToWideChar",
- "address": "0x482184"
- },
- {
- "function": "lstrlenW",
- "address": "0x482188"
- },
- {
- "function": "lstrcmpiW",
- "address": "0x48218c"
- },
- {
- "function": "GetModuleHandleW",
- "address": "0x482190"
- },
- {
- "function": "QueryPerformanceCounter",
- "address": "0x482194"
- },
- {
- "function": "VirtualFreeEx",
- "address": "0x482198"
- },
- {
- "function": "OpenProcess",
- "address": "0x48219c"
- },
- {
- "function": "VirtualAllocEx",
- "address": "0x4821a0"
- },
- {
- "function": "WriteProcessMemory",
- "address": "0x4821a4"
- },
- {
- "function": "ReadProcessMemory",
- "address": "0x4821a8"
- },
- {
- "function": "CreateFileW",
- "address": "0x4821ac"
- },
- {
- "function": "SetFilePointerEx",
- "address": "0x4821b0"
- },
- {
- "function": "ReadFile",
- "address": "0x4821b4"
- },
- {
- "function": "WriteFile",
- "address": "0x4821b8"
- },
- {
- "function": "FlushFileBuffers",
- "address": "0x4821bc"
- },
- {
- "function": "TerminateProcess",
- "address": "0x4821c0"
- },
- {
- "function": "CreateToolhelp32Snapshot",
- "address": "0x4821c4"
- },
- {
- "function": "Process32FirstW",
- "address": "0x4821c8"
- },
- {
- "function": "Process32NextW",
- "address": "0x4821cc"
- },
- {
- "function": "SetFileTime",
- "address": "0x4821d0"
- },
- {
- "function": "GetFileAttributesW",
- "address": "0x4821d4"
- },
- {
- "function": "FindFirstFileW",
- "address": "0x4821d8"
- },
- {
- "function": "FindClose",
- "address": "0x4821dc"
- },
- {
- "function": "DeleteFileW",
- "address": "0x4821e0"
- },
- {
- "function": "FindNextFileW",
- "address": "0x4821e4"
- },
- {
- "function": "MoveFileW",
- "address": "0x4821e8"
- },
- {
- "function": "CopyFileW",
- "address": "0x4821ec"
- },
- {
- "function": "CreateDirectoryW",
- "address": "0x4821f0"
- },
- {
- "function": "RemoveDirectoryW",
- "address": "0x4821f4"
- },
- {
- "function": "GetProcessHeap",
- "address": "0x4821f8"
- },
- {
- "function": "QueryPerformanceFrequency",
- "address": "0x4821fc"
- },
- {
- "function": "FindResourceW",
- "address": "0x482200"
- },
- {
- "function": "LoadResource",
- "address": "0x482204"
- },
- {
- "function": "LockResource",
- "address": "0x482208"
- },
- {
- "function": "SizeofResource",
- "address": "0x48220c"
- },
- {
- "function": "EnumResourceNamesW",
- "address": "0x482210"
- },
- {
- "function": "OutputDebugStringW",
- "address": "0x482214"
- },
- {
- "function": "GetLocalTime",
- "address": "0x482218"
- },
- {
- "function": "CompareStringW",
- "address": "0x48221c"
- },
- {
- "function": "DeleteCriticalSection",
- "address": "0x482220"
- },
- {
- "function": "EnterCriticalSection",
- "address": "0x482224"
- },
- {
- "function": "LeaveCriticalSection",
- "address": "0x482228"
- },
- {
- "function": "InitializeCriticalSectionAndSpinCount",
- "address": "0x48222c"
- },
- {
- "function": "GetStdHandle",
- "address": "0x482230"
- },
- {
- "function": "CreatePipe",
- "address": "0x482234"
- },
- {
- "function": "InterlockedExchange",
- "address": "0x482238"
- },
- {
- "function": "TerminateThread",
- "address": "0x48223c"
- },
- {
- "function": "GetTempPathW",
- "address": "0x482240"
- },
- {
- "function": "GetTempFileNameW",
- "address": "0x482244"
- },
- {
- "function": "VirtualFree",
- "address": "0x482248"
- },
- {
- "function": "FormatMessageW",
- "address": "0x48224c"
- },
- {
- "function": "GetExitCodeProcess",
- "address": "0x482250"
- },
- {
- "function": "SetErrorMode",
- "address": "0x482254"
- },
- {
- "function": "GetPrivateProfileStringW",
- "address": "0x482258"
- },
- {
- "function": "WritePrivateProfileStringW",
- "address": "0x48225c"
- },
- {
- "function": "GetPrivateProfileSectionW",
- "address": "0x482260"
- },
- {
- "function": "WritePrivateProfileSectionW",
- "address": "0x482264"
- },
- {
- "function": "GetPrivateProfileSectionNamesW",
- "address": "0x482268"
- },
- {
- "function": "FileTimeToLocalFileTime",
- "address": "0x48226c"
- },
- {
- "function": "FileTimeToSystemTime",
- "address": "0x482270"
- },
- {
- "function": "SystemTimeToFileTime",
- "address": "0x482274"
- },
- {
- "function": "LocalFileTimeToFileTime",
- "address": "0x482278"
- },
- {
- "function": "GetDriveTypeW",
- "address": "0x48227c"
- },
- {
- "function": "GetDiskFreeSpaceExW",
- "address": "0x482280"
- },
- {
- "function": "GetDiskFreeSpaceW",
- "address": "0x482284"
- },
- {
- "function": "GetVolumeInformationW",
- "address": "0x482288"
- },
- {
- "function": "SetVolumeLabelW",
- "address": "0x48228c"
- },
- {
- "function": "CreateHardLinkW",
- "address": "0x482290"
- },
- {
- "function": "DeviceIoControl",
- "address": "0x482294"
- },
- {
- "function": "SetFileAttributesW",
- "address": "0x482298"
- },
- {
- "function": "GetShortPathNameW",
- "address": "0x48229c"
- },
- {
- "function": "CreateEventW",
- "address": "0x4822a0"
- },
- {
- "function": "SetEvent",
- "address": "0x4822a4"
- },
- {
- "function": "GetEnvironmentVariableW",
- "address": "0x4822a8"
- },
- {
- "function": "SetEnvironmentVariableW",
- "address": "0x4822ac"
- },
- {
- "function": "GlobalLock",
- "address": "0x4822b0"
- },
- {
- "function": "GlobalUnlock",
- "address": "0x4822b4"
- },
- {
- "function": "GlobalAlloc",
- "address": "0x4822b8"
- },
- {
- "function": "GetFileSize",
- "address": "0x4822bc"
- },
- {
- "function": "GlobalFree",
- "address": "0x4822c0"
- },
- {
- "function": "GlobalMemoryStatusEx",
- "address": "0x4822c4"
- },
- {
- "function": "Beep",
- "address": "0x4822c8"
- },
- {
- "function": "GetSystemDirectoryW",
- "address": "0x4822cc"
- },
- {
- "function": "GetComputerNameW",
- "address": "0x4822d0"
- },
- {
- "function": "GetWindowsDirectoryW",
- "address": "0x4822d4"
- },
- {
- "function": "GetCurrentProcessId",
- "address": "0x4822d8"
- },
- {
- "function": "GetCurrentThread",
- "address": "0x4822dc"
- },
- {
- "function": "GetProcessIoCounters",
- "address": "0x4822e0"
- },
- {
- "function": "CreateProcessW",
- "address": "0x4822e4"
- },
- {
- "function": "SetPriorityClass",
- "address": "0x4822e8"
- },
- {
- "function": "LoadLibraryW",
- "address": "0x4822ec"
- },
- {
- "function": "VirtualAlloc",
- "address": "0x4822f0"
- },
- {
- "function": "LoadLibraryExW",
- "address": "0x4822f4"
- },
- {
- "function": "HeapFree",
- "address": "0x4822f8"
- },
- {
- "function": "WaitForSingleObject",
- "address": "0x4822fc"
- },
- {
- "function": "CreateThread",
- "address": "0x482300"
- },
- {
- "function": "DuplicateHandle",
- "address": "0x482304"
- },
- {
- "function": "GetLastError",
- "address": "0x482308"
- },
- {
- "function": "CloseHandle",
- "address": "0x48230c"
- },
- {
- "function": "GetCurrentProcess",
- "address": "0x482310"
- },
- {
- "function": "GetProcAddress",
- "address": "0x482314"
- },
- {
- "function": "LoadLibraryA",
- "address": "0x482318"
- },
- {
- "function": "FreeLibrary",
- "address": "0x48231c"
- },
- {
- "function": "GetModuleFileNameW",
- "address": "0x482320"
- },
- {
- "function": "GetFullPathNameW",
- "address": "0x482324"
- },
- {
- "function": "SetCurrentDirectoryW",
- "address": "0x482328"
- },
- {
- "function": "IsDebuggerPresent",
- "address": "0x48232c"
- },
- {
- "function": "GetCurrentDirectoryW",
- "address": "0x482330"
- },
- {
- "function": "ExitProcess",
- "address": "0x482334"
- },
- {
- "function": "ExitThread",
- "address": "0x482338"
- },
- {
- "function": "GetSystemTimeAsFileTime",
- "address": "0x48233c"
- },
- {
- "function": "ResumeThread",
- "address": "0x482340"
- },
- {
- "function": "GetTimeFormatW",
- "address": "0x482344"
- },
- {
- "function": "GetDateFormatW",
- "address": "0x482348"
- },
- {
- "function": "GetCommandLineW",
- "address": "0x48234c"
- },
- {
- "function": "GetStartupInfoW",
- "address": "0x482350"
- },
- {
- "function": "IsProcessorFeaturePresent",
- "address": "0x482354"
- },
- {
- "function": "HeapSize",
- "address": "0x482358"
- },
- {
- "function": "GetCPInfo",
- "address": "0x48235c"
- },
- {
- "function": "GetACP",
- "address": "0x482360"
- },
- {
- "function": "GetOEMCP",
- "address": "0x482364"
- },
- {
- "function": "IsValidCodePage",
- "address": "0x482368"
- },
- {
- "function": "TlsAlloc",
- "address": "0x48236c"
- },
- {
- "function": "TlsGetValue",
- "address": "0x482370"
- },
- {
- "function": "TlsSetValue",
- "address": "0x482374"
- },
- {
- "function": "TlsFree",
- "address": "0x482378"
- },
- {
- "function": "SetLastError",
- "address": "0x48237c"
- },
- {
- "function": "UnhandledExceptionFilter",
- "address": "0x482380"
- },
- {
- "function": "SetUnhandledExceptionFilter",
- "address": "0x482384"
- },
- {
- "function": "GetStringTypeW",
- "address": "0x482388"
- },
- {
- "function": "HeapCreate",
- "address": "0x48238c"
- },
- {
- "function": "SetHandleCount",
- "address": "0x482390"
- },
- {
- "function": "GetFileType",
- "address": "0x482394"
- },
- {
- "function": "SetStdHandle",
- "address": "0x482398"
- },
- {
- "function": "GetConsoleCP",
- "address": "0x48239c"
- },
- {
- "function": "GetConsoleMode",
- "address": "0x4823a0"
- },
- {
- "function": "LCMapStringW",
- "address": "0x4823a4"
- },
- {
- "function": "RtlUnwind",
- "address": "0x4823a8"
- },
- {
- "function": "SetFilePointer",
- "address": "0x4823ac"
- },
- {
- "function": "GetTimeZoneInformation",
- "address": "0x4823b0"
- },
- {
- "function": "FreeEnvironmentStringsW",
- "address": "0x4823b4"
- },
- {
- "function": "GetEnvironmentStringsW",
- "address": "0x4823b8"
- },
- {
- "function": "GetTickCount",
- "address": "0x4823bc"
- },
- {
- "function": "HeapReAlloc",
- "address": "0x4823c0"
- },
- {
- "function": "WriteConsoleW",
- "address": "0x4823c4"
- },
- {
- "function": "SetEndOfFile",
- "address": "0x4823c8"
- },
- {
- "function": "SetSystemPowerState",
- "address": "0x4823cc"
- },
- {
- "function": "SetEnvironmentVariableA",
- "address": "0x4823d0"
- }
- ],
- "WSOCK32.dll": [
- {
- "function": "__WSAFDIsSet",
- "address": "0x482794"
- },
- {
- "function": "setsockopt",
- "address": "0x482798"
- },
- {
- "function": "ntohs",
- "address": "0x48279c"
- },
- {
- "function": "recvfrom",
- "address": "0x4827a0"
- },
- {
- "function": "sendto",
- "address": "0x4827a4"
- },
- {
- "function": "htons",
- "address": "0x4827a8"
- },
- {
- "function": "select",
- "address": "0x4827ac"
- },
- {
- "function": "listen",
- "address": "0x4827b0"
- },
- {
- "function": "WSAStartup",
- "address": "0x4827b4"
- },
- {
- "function": "bind",
- "address": "0x4827b8"
- },
- {
- "function": "closesocket",
- "address": "0x4827bc"
- },
- {
- "function": "connect",
- "address": "0x4827c0"
- },
- {
- "function": "socket",
- "address": "0x4827c4"
- },
- {
- "function": "send",
- "address": "0x4827c8"
- },
- {
- "function": "WSACleanup",
- "address": "0x4827cc"
- },
- {
- "function": "ioctlsocket",
- "address": "0x4827d0"
- },
- {
- "function": "accept",
- "address": "0x4827d4"
- },
- {
- "function": "WSAGetLastError",
- "address": "0x4827d8"
- },
- {
- "function": "inet_addr",
- "address": "0x4827dc"
- },
- {
- "function": "gethostbyname",
- "address": "0x4827e0"
- },
- {
- "function": "gethostname",
- "address": "0x4827e4"
- },
- {
- "function": "recv",
- "address": "0x4827e8"
- }
- ],
- "ADVAPI32.dll": [
- {
- "function": "RegEnumValueW",
- "address": "0x482000"
- },
- {
- "function": "RegDeleteValueW",
- "address": "0x482004"
- },
- {
- "function": "RegDeleteKeyW",
- "address": "0x482008"
- },
- {
- "function": "RegEnumKeyExW",
- "address": "0x48200c"
- },
- {
- "function": "RegSetValueExW",
- "address": "0x482010"
- },
- {
- "function": "RegCreateKeyExW",
- "address": "0x482014"
- },
- {
- "function": "GetUserNameW",
- "address": "0x482018"
- },
- {
- "function": "RegConnectRegistryW",
- "address": "0x48201c"
- },
- {
- "function": "CloseServiceHandle",
- "address": "0x482020"
- },
- {
- "function": "UnlockServiceDatabase",
- "address": "0x482024"
- },
- {
- "function": "OpenThreadToken",
- "address": "0x482028"
- },
- {
- "function": "OpenProcessToken",
- "address": "0x48202c"
- },
- {
- "function": "LookupPrivilegeValueW",
- "address": "0x482030"
- },
- {
- "function": "DuplicateTokenEx",
- "address": "0x482034"
- },
- {
- "function": "CreateProcessAsUserW",
- "address": "0x482038"
- },
- {
- "function": "CreateProcessWithLogonW",
- "address": "0x48203c"
- },
- {
- "function": "InitializeSecurityDescriptor",
- "address": "0x482040"
- },
- {
- "function": "InitializeAcl",
- "address": "0x482044"
- },
- {
- "function": "GetLengthSid",
- "address": "0x482048"
- },
- {
- "function": "CopySid",
- "address": "0x48204c"
- },
- {
- "function": "LogonUserW",
- "address": "0x482050"
- },
- {
- "function": "LockServiceDatabase",
- "address": "0x482054"
- },
- {
- "function": "GetTokenInformation",
- "address": "0x482058"
- },
- {
- "function": "GetSecurityDescriptorDacl",
- "address": "0x48205c"
- },
- {
- "function": "GetAclInformation",
- "address": "0x482060"
- },
- {
- "function": "GetAce",
- "address": "0x482064"
- },
- {
- "function": "AddAce",
- "address": "0x482068"
- },
- {
- "function": "SetSecurityDescriptorDacl",
- "address": "0x48206c"
- },
- {
- "function": "RegOpenKeyExW",
- "address": "0x482070"
- },
- {
- "function": "RegQueryValueExW",
- "address": "0x482074"
- },
- {
- "function": "AdjustTokenPrivileges",
- "address": "0x482078"
- },
- {
- "function": "InitiateSystemShutdownExW",
- "address": "0x48207c"
- },
- {
- "function": "OpenSCManagerW",
- "address": "0x482080"
- },
- {
- "function": "RegCloseKey",
- "address": "0x482084"
- }
- ],
- "PSAPI.DLL": [
- {
- "function": "EnumProcesses",
- "address": "0x482450"
- },
- {
- "function": "GetModuleBaseNameW",
- "address": "0x482454"
- },
- {
- "function": "GetProcessMemoryInfo",
- "address": "0x482458"
- },
- {
- "function": "EnumProcessModules",
- "address": "0x48245c"
- }
- ],
- "USERENV.dll": [
- {
- "function": "CreateEnvironmentBlock",
- "address": "0x482724"
- },
- {
- "function": "DestroyEnvironmentBlock",
- "address": "0x482728"
- },
- {
- "function": "UnloadUserProfile",
- "address": "0x48272c"
- },
- {
- "function": "LoadUserProfileW",
- "address": "0x482730"
- }
- ],
- "ole32.dll": [
- {
- "function": "OleSetMenuDescriptor",
- "address": "0x4827f0"
- },
- {
- "function": "MkParseDisplayName",
- "address": "0x4827f4"
- },
- {
- "function": "OleSetContainedObject",
- "address": "0x4827f8"
- },
- {
- "function": "CLSIDFromString",
- "address": "0x4827fc"
- },
- {
- "function": "StringFromGUID2",
- "address": "0x482800"
- },
- {
- "function": "CoInitialize",
- "address": "0x482804"
- },
- {
- "function": "CoUninitialize",
- "address": "0x482808"
- },
- {
- "function": "CoCreateInstance",
- "address": "0x48280c"
- },
- {
- "function": "CreateStreamOnHGlobal",
- "address": "0x482810"
- },
- {
- "function": "CoTaskMemAlloc",
- "address": "0x482814"
- },
- {
- "function": "CoTaskMemFree",
- "address": "0x482818"
- },
- {
- "function": "ProgIDFromCLSID",
- "address": "0x48281c"
- },
- {
- "function": "OleInitialize",
- "address": "0x482820"
- },
- {
- "function": "CreateBindCtx",
- "address": "0x482824"
- },
- {
- "function": "CLSIDFromProgID",
- "address": "0x482828"
- },
- {
- "function": "CoInitializeSecurity",
- "address": "0x48282c"
- },
- {
- "function": "CoCreateInstanceEx",
- "address": "0x482830"
- },
- {
- "function": "CoSetProxyBlanket",
- "address": "0x482834"
- },
- {
- "function": "OleUninitialize",
- "address": "0x482838"
- },
- {
- "function": "IIDFromString",
- "address": "0x48283c"
- }
- ],
- "USER32.dll": [
- {
- "function": "GetCursorInfo",
- "address": "0x4824a0"
- },
- {
- "function": "RegisterHotKey",
- "address": "0x4824a4"
- },
- {
- "function": "ClientToScreen",
- "address": "0x4824a8"
- },
- {
- "function": "GetKeyboardLayoutNameW",
- "address": "0x4824ac"
- },
- {
- "function": "IsCharAlphaW",
- "address": "0x4824b0"
- },
- {
- "function": "IsCharAlphaNumericW",
- "address": "0x4824b4"
- },
- {
- "function": "IsCharLowerW",
- "address": "0x4824b8"
- },
- {
- "function": "IsCharUpperW",
- "address": "0x4824bc"
- },
- {
- "function": "GetMenuStringW",
- "address": "0x4824c0"
- },
- {
- "function": "GetSubMenu",
- "address": "0x4824c4"
- },
- {
- "function": "GetCaretPos",
- "address": "0x4824c8"
- },
- {
- "function": "IsZoomed",
- "address": "0x4824cc"
- },
- {
- "function": "MonitorFromPoint",
- "address": "0x4824d0"
- },
- {
- "function": "GetMonitorInfoW",
- "address": "0x4824d4"
- },
- {
- "function": "SetWindowLongW",
- "address": "0x4824d8"
- },
- {
- "function": "SetLayeredWindowAttributes",
- "address": "0x4824dc"
- },
- {
- "function": "FlashWindow",
- "address": "0x4824e0"
- },
- {
- "function": "GetClassLongW",
- "address": "0x4824e4"
- },
- {
- "function": "TranslateAcceleratorW",
- "address": "0x4824e8"
- },
- {
- "function": "IsDialogMessageW",
- "address": "0x4824ec"
- },
- {
- "function": "GetSysColor",
- "address": "0x4824f0"
- },
- {
- "function": "InflateRect",
- "address": "0x4824f4"
- },
- {
- "function": "DrawFocusRect",
- "address": "0x4824f8"
- },
- {
- "function": "DrawTextW",
- "address": "0x4824fc"
- },
- {
- "function": "FrameRect",
- "address": "0x482500"
- },
- {
- "function": "DrawFrameControl",
- "address": "0x482504"
- },
- {
- "function": "FillRect",
- "address": "0x482508"
- },
- {
- "function": "PtInRect",
- "address": "0x48250c"
- },
- {
- "function": "DestroyAcceleratorTable",
- "address": "0x482510"
- },
- {
- "function": "CreateAcceleratorTableW",
- "address": "0x482514"
- },
- {
- "function": "SetCursor",
- "address": "0x482518"
- },
- {
- "function": "GetWindowDC",
- "address": "0x48251c"
- },
- {
- "function": "GetSystemMetrics",
- "address": "0x482520"
- },
- {
- "function": "GetActiveWindow",
- "address": "0x482524"
- },
- {
- "function": "CharNextW",
- "address": "0x482528"
- },
- {
- "function": "wsprintfW",
- "address": "0x48252c"
- },
- {
- "function": "RedrawWindow",
- "address": "0x482530"
- },
- {
- "function": "DrawMenuBar",
- "address": "0x482534"
- },
- {
- "function": "DestroyMenu",
- "address": "0x482538"
- },
- {
- "function": "SetMenu",
- "address": "0x48253c"
- },
- {
- "function": "GetWindowTextLengthW",
- "address": "0x482540"
- },
- {
- "function": "CreateMenu",
- "address": "0x482544"
- },
- {
- "function": "IsDlgButtonChecked",
- "address": "0x482548"
- },
- {
- "function": "DefDlgProcW",
- "address": "0x48254c"
- },
- {
- "function": "ReleaseCapture",
- "address": "0x482550"
- },
- {
- "function": "SetCapture",
- "address": "0x482554"
- },
- {
- "function": "WindowFromPoint",
- "address": "0x482558"
- },
- {
- "function": "LoadImageW",
- "address": "0x48255c"
- },
- {
- "function": "CreateIconFromResourceEx",
- "address": "0x482560"
- },
- {
- "function": "mouse_event",
- "address": "0x482564"
- },
- {
- "function": "ExitWindowsEx",
- "address": "0x482568"
- },
- {
- "function": "SetActiveWindow",
- "address": "0x48256c"
- },
- {
- "function": "FindWindowExW",
- "address": "0x482570"
- },
- {
- "function": "EnumThreadWindows",
- "address": "0x482574"
- },
- {
- "function": "SetMenuDefaultItem",
- "address": "0x482578"
- },
- {
- "function": "InsertMenuItemW",
- "address": "0x48257c"
- },
- {
- "function": "IsMenu",
- "address": "0x482580"
- },
- {
- "function": "TrackPopupMenuEx",
- "address": "0x482584"
- },
- {
- "function": "GetCursorPos",
- "address": "0x482588"
- },
- {
- "function": "DeleteMenu",
- "address": "0x48258c"
- },
- {
- "function": "CheckMenuRadioItem",
- "address": "0x482590"
- },
- {
- "function": "SetWindowPos",
- "address": "0x482594"
- },
- {
- "function": "GetMenuItemCount",
- "address": "0x482598"
- },
- {
- "function": "SetMenuItemInfoW",
- "address": "0x48259c"
- },
- {
- "function": "GetMenuItemInfoW",
- "address": "0x4825a0"
- },
- {
- "function": "SetForegroundWindow",
- "address": "0x4825a4"
- },
- {
- "function": "IsIconic",
- "address": "0x4825a8"
- },
- {
- "function": "FindWindowW",
- "address": "0x4825ac"
- },
- {
- "function": "SystemParametersInfoW",
- "address": "0x4825b0"
- },
- {
- "function": "TranslateMessage",
- "address": "0x4825b4"
- },
- {
- "function": "SendInput",
- "address": "0x4825b8"
- },
- {
- "function": "GetAsyncKeyState",
- "address": "0x4825bc"
- },
- {
- "function": "SetKeyboardState",
- "address": "0x4825c0"
- },
- {
- "function": "GetKeyboardState",
- "address": "0x4825c4"
- },
- {
- "function": "GetKeyState",
- "address": "0x4825c8"
- },
- {
- "function": "VkKeyScanW",
- "address": "0x4825cc"
- },
- {
- "function": "LoadStringW",
- "address": "0x4825d0"
- },
- {
- "function": "DialogBoxParamW",
- "address": "0x4825d4"
- },
- {
- "function": "MessageBeep",
- "address": "0x4825d8"
- },
- {
- "function": "EndDialog",
- "address": "0x4825dc"
- },
- {
- "function": "SendDlgItemMessageW",
- "address": "0x4825e0"
- },
- {
- "function": "GetDlgItem",
- "address": "0x4825e4"
- },
- {
- "function": "SetWindowTextW",
- "address": "0x4825e8"
- },
- {
- "function": "CopyRect",
- "address": "0x4825ec"
- },
- {
- "function": "ReleaseDC",
- "address": "0x4825f0"
- },
- {
- "function": "GetDC",
- "address": "0x4825f4"
- },
- {
- "function": "EndPaint",
- "address": "0x4825f8"
- },
- {
- "function": "BeginPaint",
- "address": "0x4825fc"
- },
- {
- "function": "GetClientRect",
- "address": "0x482600"
- },
- {
- "function": "GetMenu",
- "address": "0x482604"
- },
- {
- "function": "DestroyWindow",
- "address": "0x482608"
- },
- {
- "function": "EnumWindows",
- "address": "0x48260c"
- },
- {
- "function": "GetDesktopWindow",
- "address": "0x482610"
- },
- {
- "function": "IsWindow",
- "address": "0x482614"
- },
- {
- "function": "IsWindowEnabled",
- "address": "0x482618"
- },
- {
- "function": "IsWindowVisible",
- "address": "0x48261c"
- },
- {
- "function": "EnableWindow",
- "address": "0x482620"
- },
- {
- "function": "InvalidateRect",
- "address": "0x482624"
- },
- {
- "function": "GetWindowLongW",
- "address": "0x482628"
- },
- {
- "function": "AttachThreadInput",
- "address": "0x48262c"
- },
- {
- "function": "GetFocus",
- "address": "0x482630"
- },
- {
- "function": "GetWindowTextW",
- "address": "0x482634"
- },
- {
- "function": "ScreenToClient",
- "address": "0x482638"
- },
- {
- "function": "SendMessageTimeoutW",
- "address": "0x48263c"
- },
- {
- "function": "EnumChildWindows",
- "address": "0x482640"
- },
- {
- "function": "CharUpperBuffW",
- "address": "0x482644"
- },
- {
- "function": "GetClassNameW",
- "address": "0x482648"
- },
- {
- "function": "GetParent",
- "address": "0x48264c"
- },
- {
- "function": "GetDlgCtrlID",
- "address": "0x482650"
- },
- {
- "function": "SendMessageW",
- "address": "0x482654"
- },
- {
- "function": "MapVirtualKeyW",
- "address": "0x482658"
- },
- {
- "function": "PostMessageW",
- "address": "0x48265c"
- },
- {
- "function": "GetWindowRect",
- "address": "0x482660"
- },
- {
- "function": "SetUserObjectSecurity",
- "address": "0x482664"
- },
- {
- "function": "GetUserObjectSecurity",
- "address": "0x482668"
- },
- {
- "function": "CloseDesktop",
- "address": "0x48266c"
- },
- {
- "function": "CloseWindowStation",
- "address": "0x482670"
- },
- {
- "function": "OpenDesktopW",
- "address": "0x482674"
- },
- {
- "function": "SetProcessWindowStation",
- "address": "0x482678"
- },
- {
- "function": "GetProcessWindowStation",
- "address": "0x48267c"
- },
- {
- "function": "OpenWindowStationW",
- "address": "0x482680"
- },
- {
- "function": "MessageBoxW",
- "address": "0x482684"
- },
- {
- "function": "DefWindowProcW",
- "address": "0x482688"
- },
- {
- "function": "CopyImage",
- "address": "0x48268c"
- },
- {
- "function": "AdjustWindowRectEx",
- "address": "0x482690"
- },
- {
- "function": "SetRect",
- "address": "0x482694"
- },
- {
- "function": "SetClipboardData",
- "address": "0x482698"
- },
- {
- "function": "EmptyClipboard",
- "address": "0x48269c"
- },
- {
- "function": "CountClipboardFormats",
- "address": "0x4826a0"
- },
- {
- "function": "CloseClipboard",
- "address": "0x4826a4"
- },
- {
- "function": "GetClipboardData",
- "address": "0x4826a8"
- },
- {
- "function": "IsClipboardFormatAvailable",
- "address": "0x4826ac"
- },
- {
- "function": "OpenClipboard",
- "address": "0x4826b0"
- },
- {
- "function": "BlockInput",
- "address": "0x4826b4"
- },
- {
- "function": "GetMessageW",
- "address": "0x4826b8"
- },
- {
- "function": "LockWindowUpdate",
- "address": "0x4826bc"
- },
- {
- "function": "GetMenuItemID",
- "address": "0x4826c0"
- },
- {
- "function": "DispatchMessageW",
- "address": "0x4826c4"
- },
- {
- "function": "MoveWindow",
- "address": "0x4826c8"
- },
- {
- "function": "SetFocus",
- "address": "0x4826cc"
- },
- {
- "function": "PostQuitMessage",
- "address": "0x4826d0"
- },
- {
- "function": "KillTimer",
- "address": "0x4826d4"
- },
- {
- "function": "CreatePopupMenu",
- "address": "0x4826d8"
- },
- {
- "function": "RegisterWindowMessageW",
- "address": "0x4826dc"
- },
- {
- "function": "SetTimer",
- "address": "0x4826e0"
- },
- {
- "function": "ShowWindow",
- "address": "0x4826e4"
- },
- {
- "function": "CreateWindowExW",
- "address": "0x4826e8"
- },
- {
- "function": "RegisterClassExW",
- "address": "0x4826ec"
- },
- {
- "function": "LoadIconW",
- "address": "0x4826f0"
- },
- {
- "function": "LoadCursorW",
- "address": "0x4826f4"
- },
- {
- "function": "GetSysColorBrush",
- "address": "0x4826f8"
- },
- {
- "function": "GetForegroundWindow",
- "address": "0x4826fc"
- },
- {
- "function": "MessageBoxA",
- "address": "0x482700"
- },
- {
- "function": "DestroyIcon",
- "address": "0x482704"
- },
- {
- "function": "PeekMessageW",
- "address": "0x482708"
- },
- {
- "function": "UnregisterHotKey",
- "address": "0x48270c"
- },
- {
- "function": "CharLowerBuffW",
- "address": "0x482710"
- },
- {
- "function": "keybd_event",
- "address": "0x482714"
- },
- {
- "function": "MonitorFromRect",
- "address": "0x482718"
- },
- {
- "function": "GetWindowThreadProcessId",
- "address": "0x48271c"
- }
- ],
- "COMCTL32.dll": [
- {
- "function": "ImageList_Remove",
- "address": "0x48208c"
- },
- {
- "function": "ImageList_SetDragCursorImage",
- "address": "0x482090"
- },
- {
- "function": "ImageList_BeginDrag",
- "address": "0x482094"
- },
- {
- "function": "ImageList_DragEnter",
- "address": "0x482098"
- },
- {
- "function": "ImageList_DragLeave",
- "address": "0x48209c"
- },
- {
- "function": "ImageList_EndDrag",
- "address": "0x4820a0"
- },
- {
- "function": "ImageList_DragMove",
- "address": "0x4820a4"
- },
- {
- "function": "ImageList_ReplaceIcon",
- "address": "0x4820a8"
- },
- {
- "function": "ImageList_Create",
- "address": "0x4820ac"
- },
- {
- "function": "InitCommonControlsEx",
- "address": "0x4820b0"
- },
- {
- "function": "ImageList_Destroy",
- "address": "0x4820b4"
- }
- ]
- },
- "antivm_info": [],
- "directories": [
- "import",
- "resource",
- "security"
- ],
- "detected": [
- "sign",
- "packer",
- "antidbg"
- ],
- "dll": false,
- "antidbg_info": [
- "FindWindowExW",
- "FindWindowW",
- "GetLastError",
- "GetWindowThreadProcessId",
- "IsDebuggerPresent",
- "IsProcessorFeaturePresent",
- "OutputDebugStringW",
- "Process32FirstW",
- "Process32NextW",
- "RaiseException",
- "TerminateProcess",
- "UnhandledExceptionFilter"
- ],
- "xor_info": {},
- "meta_info": {
- "CompiledScript": "AutoIt v3 Script: 3, 3, 8, 1",
- "Translation": "0x0809 0x04b0",
- "FileVersion": "3, 3, 8, 1",
- "FileDescription": ""
- },
- "import_hash": "d3bf8a7746a8d1ee8f6e5960c3f69378",
- "export_function": [],
- "apialert_info": [
- "CloseHandle",
- "CopyFileW",
- "CreateDirectoryW",
- "CreateFileW",
- "CreateProcessAsUserW",
- "CreateProcessW",
- "CreateProcessWithLogonW",
- "CreateThread",
- "CreateToolhelp32Snapshot",
- "DeleteCriticalSection",
- "DeleteFileW",
- "DeviceIoControl",
- "EnumProcesses",
- "ExitProcess",
- "ExitThread",
- "FindFirstFileW",
- "FindNextFileW",
- "FindResourceW",
- "FindWindowExW",
- "FindWindowW",
- "FtpGetFileSize",
- "FtpOpenFileW",
- "GetCommandLineW",
- "GetComputerNameW",
- "GetCurrentProcess",
- "GetCurrentProcessId",
- "GetDriveTypeW",
- "GetFileAttributesW",
- "GetFileSize",
- "GetModuleFileNameW",
- "GetModuleHandleW",
- "GetProcAddress",
- "GetStartupInfoW",
- "GetSystemDirectoryW",
- "GetTempFileNameW",
- "GetTempPathW",
- "GetTickCount",
- "GetVersionExW",
- "GetWindowThreadProcessId",
- "GetWindowsDirectoryW",
- "HeapAlloc",
- "HttpQueryInfoW",
- "HttpSendRequestW",
- "InitializeCriticalSectionAndSpinCount",
- "InternetCloseHandle",
- "InternetConnectW",
- "InternetCrackUrlW",
- "InternetOpenUrlW",
- "InternetOpenW",
- "InternetQueryDataAvailable",
- "InternetQueryOptionW",
- "InternetReadFile",
- "IsDebuggerPresent",
- "LoadLibraryA",
- "LoadLibraryExW",
- "LoadLibraryW",
- "LockResource",
- "MessageBoxA",
- "MessageBoxW",
- "OpenProcess",
- "OpenProcessToken",
- "OutputDebugStringW",
- "Process32FirstW",
- "Process32NextW",
- "ReadFile",
- "ReadProcessMemory",
- "RegCloseKey",
- "RegCreateKeyExW",
- "RegDeleteKeyW",
- "RegDeleteValueW",
- "RegEnumKeyExW",
- "RegOpenKeyExW",
- "RemoveDirectoryW",
- "SetFilePointer",
- "SetFilePointerEx",
- "SetKeyboardState",
- "ShellExecuteExW",
- "ShellExecuteW",
- "Sleep",
- "TerminateProcess",
- "UnhandledExceptionFilter",
- "VirtualAlloc",
- "VirtualAllocEx",
- "VirtualFree",
- "VirtualFreeEx",
- "WSAStartup",
- "WriteFile",
- "WriteProcessMemory",
- "accept",
- "bind",
- "closesocket",
- "connect",
- "listen",
- "lstrcmpiW",
- "recv",
- "recvfrom",
- "send",
- "sendto",
- "socket"
- ],
- "sign_info": {
- "block_size": 1136,
- "hash_md5": "1094249565663af7c426f8ac7043bb71",
- "virtual_address": 1513440,
- "hash_sha1": "ea4b72f986fdfc5ec59b2d803f9c09bf80351c43"
- }
- },
- "url_found": [],
- "fuzzing": {}
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
