Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "url_found": [],
- "hash": {
- "sha1": "6918c6166eb29c99ddfc8cc7653ff1999ae1e3e7",
- "md5": "a257837ce01b41654dc3a44b89a4fb97"
- },
- "file_found": {
- "Library": [
- "URLMON.DLL",
- "KERNEL32.DLL",
- "SHELL32.DLL"
- ]
- },
- "pe_info": {
- "compile_time": "2011-04-20 11:28:58",
- "packer_info": [
- "FASM v1.3x",
- "FASM v1.5x"
- ],
- "sections_number": 4,
- "resources_info": [
- {
- "name": "RT_RCDATA",
- "language": "LANG_NEUTRAL",
- "sublanguage": "SUBLANG_SYS_DEFAULT",
- "offset": "0x4064",
- "data": "http://is.gd/P4yyT2",
- "size": 19
- }
- ],
- "sections_info": [
- {
- "hash_md5": "f22c7df751aeb13310cc6588c03de539",
- "suspicious": true,
- "name": ".data\u0000\u0000\u0000",
- "size_raw_data": 512,
- "virtual_address": "0x1000",
- "hash_sha1": "5c9428db68364e3a9c2cdccc878eb8c0652c00cd",
- "virtual_size": "0x12e"
- },
- {
- "hash_md5": "9ab965158c396e39b44de63c660bab3a",
- "suspicious": false,
- "name": ".code\u0000\u0000\u0000",
- "size_raw_data": 512,
- "virtual_address": "0x2000",
- "hash_sha1": "e5d782ef60684d239dccbd84a27f8ddb781b4474",
- "virtual_size": "0xde"
- },
- {
- "hash_md5": "5b6a2c52b57520623dbfe5133eaf83b9",
- "suspicious": false,
- "name": ".idata\u0000\u0000",
- "size_raw_data": 512,
- "virtual_address": "0x3000",
- "hash_sha1": "bbbff958ef9fb47813970face458bdebdc536bda",
- "virtual_size": "0x1cc"
- },
- {
- "hash_md5": "9eb1fe1126345e3eba89f7960454a389",
- "suspicious": false,
- "name": ".rsrc\u0000\u0000\u0000",
- "size_raw_data": 512,
- "virtual_address": "0x4000",
- "hash_sha1": "11ea8644c57398072485ded13d5899275012cbc2",
- "virtual_size": "0x78"
- }
- ],
- "import_function": {
- "SHELL32.DLL": [
- {
- "function": "ShellExecuteA",
- "address": "0x4030a8"
- }
- ],
- "KERNEL32.DLL": [
- {
- "function": "GetModuleHandleA",
- "address": "0x4030f0"
- },
- {
- "function": "FindResourceA",
- "address": "0x4030f4"
- },
- {
- "function": "LoadResource",
- "address": "0x4030f8"
- },
- {
- "function": "SizeofResource",
- "address": "0x4030fc"
- },
- {
- "function": "LockResource",
- "address": "0x403100"
- },
- {
- "function": "ExitProcess",
- "address": "0x403104"
- },
- {
- "function": "RtlMoveMemory",
- "address": "0x403108"
- },
- {
- "function": "FreeResource",
- "address": "0x40310c"
- },
- {
- "function": "lstrcat",
- "address": "0x403110"
- },
- {
- "function": "GetTempPathA",
- "address": "0x403114"
- },
- {
- "function": "DeleteFileA",
- "address": "0x403118"
- }
- ],
- "URLMON.DLL": [
- {
- "function": "URLDownloadToFileA",
- "address": "0x403080"
- }
- ]
- },
- "antivm_info": [],
- "directories": [
- "import",
- "resource"
- ],
- "detected": [
- "packer"
- ],
- "dll": false,
- "antidbg_info": [],
- "xor_info": [],
- "meta_info": {},
- "import_hash": "995f27dd4007f938ee7feec5bdefed7d",
- "export_function": [],
- "apialert_info": [
- "DeleteFileA",
- "ExitProcess",
- "FindResourceA",
- "GetModuleHandleA",
- "GetTempPathA",
- "LockResource",
- "ShellExecuteA",
- "URLDownloadToFileA"
- ],
- "sign_info": {}
- },
- "file_name": "fb.exe",
- "file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",
- "peframe_ver": "5.0 Beta",
- "ip_found": [],
- "file_size": 3072,
- "fuzzing": []
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
