Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "hash": {
- "sha256": "ceed84d8d76ee27c92d48dd01c96e6345fb3981319151601f78f4e9ec754a73b",
- "sha1": "63f377989a84d65b372819992c95110318c6e7c9",
- "md5": "070e9a317ee53ac3814eb86bc7d5bf49"
- },
- "file_found": {
- "Library": [
- "mscoree.dll",
- "USER32.DLL",
- "kernel32.dll",
- "ADVAPI32.dll",
- "SHELL32.dll",
- "WINHTTP.dll"
- ],
- "Web Page": [
- "179.43.160.34/wp-content/temp/gate.php"
- ]
- },
- "file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",
- "file_name": "jucheck.exe",
- "ip_found": [
- "179.43.160.34"
- ],
- "file_size": 80896,
- "peframe_ver": "5.0",
- "virustotal": {},
- "pe_info": {
- "compile_time": "2014-10-19 09:14:39",
- "packer_info": [
- "Microsoft Visual C++ 8"
- ],
- "sections_number": 5,
- "resources_info": [
- {
- "name": "RT_MANIFEST",
- "language": "LANG_ENGLISH",
- "sublanguage": "SUBLANG_ENGLISH_US",
- "offset": "0x15060",
- "data": "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>\r\n<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>\r\n <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n <security>\r\n <requestedPrivileges>\r\n <requestedExecutionLevel level='asInvoker' uiAccess='false' />\r\n </requestedPrivileges>\r\n </security>\r\n </trustInfo>\r\n</assembly>\r\n",
- "size": 381
- }
- ],
- "sections_info": [
- {
- "hash_md5": "a199e5680aff35f607fa4db8adaeddfd",
- "suspicious": false,
- "name": ".text\u0000\u0000\u0000",
- "size_raw_data": 41472,
- "virtual_address": "0x1000",
- "hash_sha1": "f539df29e31d320d31901c7071a7233ed0436496",
- "virtual_size": "0xa1f6"
- },
- {
- "hash_md5": "53316fdbd997310f67295880e9b699c4",
- "suspicious": false,
- "name": ".rdata\u0000\u0000",
- "size_raw_data": 23040,
- "virtual_address": "0xc000",
- "hash_sha1": "5e9759dc19c767f25e87cee635ce68b461cdd196",
- "virtual_size": "0x5928"
- },
- {
- "hash_md5": "36bb06deb3fc9794f81b34ac445b6fe1",
- "suspicious": false,
- "name": ".data\u0000\u0000\u0000",
- "size_raw_data": 4608,
- "virtual_address": "0x12000",
- "hash_sha1": "169e11435d55b6a423c7e2027951fdb74cf0b4ed",
- "virtual_size": "0x2ee0"
- },
- {
- "hash_md5": "d1b97645795a058db19c32388b97fab2",
- "suspicious": false,
- "name": ".rsrc\u0000\u0000\u0000",
- "size_raw_data": 512,
- "virtual_address": "0x15000",
- "hash_sha1": "6e3cea57e7df02fd5858d49a5ae746e0e5df135d",
- "virtual_size": "0x1e0"
- },
- {
- "hash_md5": "a1fc31a10092cbcad2957072759efd76",
- "suspicious": false,
- "name": ".reloc\u0000\u0000",
- "size_raw_data": 10240,
- "virtual_address": "0x16000",
- "hash_sha1": "028ccdb28e2257e1dd9a2175aa154b37a0a39ab7",
- "virtual_size": "0x270a"
- }
- ],
- "import_function": {
- "ADVAPI32.dll": [
- {
- "function": "AdjustTokenPrivileges",
- "address": "0x40c000"
- },
- {
- "function": "RegOpenKeyExW",
- "address": "0x40c004"
- },
- {
- "function": "LookupPrivilegeValueW",
- "address": "0x40c008"
- },
- {
- "function": "RegQueryValueExW",
- "address": "0x40c00c"
- },
- {
- "function": "RegSetValueExA",
- "address": "0x40c010"
- },
- {
- "function": "OpenProcessToken",
- "address": "0x40c014"
- },
- {
- "function": "RegCloseKey",
- "address": "0x40c018"
- }
- ],
- "SHELL32.dll": [
- {
- "function": "SHGetFolderPathA",
- "address": "0x40c164"
- }
- ],
- "KERNEL32.dll": [
- {
- "function": "ReadProcessMemory",
- "address": "0x40c020"
- },
- {
- "function": "LeaveCriticalSection",
- "address": "0x40c024"
- },
- {
- "function": "CreateProcessA",
- "address": "0x40c028"
- },
- {
- "function": "CreateFileW",
- "address": "0x40c02c"
- },
- {
- "function": "CreateDirectoryA",
- "address": "0x40c030"
- },
- {
- "function": "CopyFileA",
- "address": "0x40c034"
- },
- {
- "function": "EnterCriticalSection",
- "address": "0x40c038"
- },
- {
- "function": "Process32FirstW",
- "address": "0x40c03c"
- },
- {
- "function": "DeviceIoControl",
- "address": "0x40c040"
- },
- {
- "function": "Module32FirstW",
- "address": "0x40c044"
- },
- {
- "function": "GetModuleFileNameA",
- "address": "0x40c048"
- },
- {
- "function": "Sleep",
- "address": "0x40c04c"
- },
- {
- "function": "CreateMutexA",
- "address": "0x40c050"
- },
- {
- "function": "CreateToolhelp32Snapshot",
- "address": "0x40c054"
- },
- {
- "function": "ReleaseMutex",
- "address": "0x40c058"
- },
- {
- "function": "CloseHandle",
- "address": "0x40c05c"
- },
- {
- "function": "GetCurrentProcessId",
- "address": "0x40c060"
- },
- {
- "function": "DeleteFileA",
- "address": "0x40c064"
- },
- {
- "function": "CreateThread",
- "address": "0x40c068"
- },
- {
- "function": "SetFilePointerEx",
- "address": "0x40c06c"
- },
- {
- "function": "SetStdHandle",
- "address": "0x40c070"
- },
- {
- "function": "GetConsoleMode",
- "address": "0x40c074"
- },
- {
- "function": "OpenProcess",
- "address": "0x40c078"
- },
- {
- "function": "InitializeCriticalSection",
- "address": "0x40c07c"
- },
- {
- "function": "VirtualQueryEx",
- "address": "0x40c080"
- },
- {
- "function": "OutputDebugStringW",
- "address": "0x40c084"
- },
- {
- "function": "WaitForSingleObject",
- "address": "0x40c088"
- },
- {
- "function": "GetCurrentProcess",
- "address": "0x40c08c"
- },
- {
- "function": "Process32NextW",
- "address": "0x40c090"
- },
- {
- "function": "ExitProcess",
- "address": "0x40c094"
- },
- {
- "function": "GetConsoleCP",
- "address": "0x40c098"
- },
- {
- "function": "FlushFileBuffers",
- "address": "0x40c09c"
- },
- {
- "function": "HeapSize",
- "address": "0x40c0a0"
- },
- {
- "function": "RtlUnwind",
- "address": "0x40c0a4"
- },
- {
- "function": "LoadLibraryW",
- "address": "0x40c0a8"
- },
- {
- "function": "LoadLibraryExW",
- "address": "0x40c0ac"
- },
- {
- "function": "LCMapStringW",
- "address": "0x40c0b0"
- },
- {
- "function": "GetLastError",
- "address": "0x40c0b4"
- },
- {
- "function": "MultiByteToWideChar",
- "address": "0x40c0b8"
- },
- {
- "function": "HeapFree",
- "address": "0x40c0bc"
- },
- {
- "function": "HeapAlloc",
- "address": "0x40c0c0"
- },
- {
- "function": "WideCharToMultiByte",
- "address": "0x40c0c4"
- },
- {
- "function": "HeapReAlloc",
- "address": "0x40c0c8"
- },
- {
- "function": "GetCommandLineA",
- "address": "0x40c0cc"
- },
- {
- "function": "IsDebuggerPresent",
- "address": "0x40c0d0"
- },
- {
- "function": "IsProcessorFeaturePresent",
- "address": "0x40c0d4"
- },
- {
- "function": "EncodePointer",
- "address": "0x40c0d8"
- },
- {
- "function": "DecodePointer",
- "address": "0x40c0dc"
- },
- {
- "function": "InterlockedIncrement",
- "address": "0x40c0e0"
- },
- {
- "function": "InterlockedDecrement",
- "address": "0x40c0e4"
- },
- {
- "function": "IsValidCodePage",
- "address": "0x40c0e8"
- },
- {
- "function": "GetACP",
- "address": "0x40c0ec"
- },
- {
- "function": "GetOEMCP",
- "address": "0x40c0f0"
- },
- {
- "function": "GetCPInfo",
- "address": "0x40c0f4"
- },
- {
- "function": "SetLastError",
- "address": "0x40c0f8"
- },
- {
- "function": "GetCurrentThreadId",
- "address": "0x40c0fc"
- },
- {
- "function": "GetProcessHeap",
- "address": "0x40c100"
- },
- {
- "function": "GetModuleHandleExW",
- "address": "0x40c104"
- },
- {
- "function": "GetProcAddress",
- "address": "0x40c108"
- },
- {
- "function": "GetStdHandle",
- "address": "0x40c10c"
- },
- {
- "function": "WriteFile",
- "address": "0x40c110"
- },
- {
- "function": "GetModuleFileNameW",
- "address": "0x40c114"
- },
- {
- "function": "GetFileType",
- "address": "0x40c118"
- },
- {
- "function": "InitializeCriticalSectionAndSpinCount",
- "address": "0x40c11c"
- },
- {
- "function": "DeleteCriticalSection",
- "address": "0x40c120"
- },
- {
- "function": "GetStartupInfoW",
- "address": "0x40c124"
- },
- {
- "function": "QueryPerformanceCounter",
- "address": "0x40c128"
- },
- {
- "function": "GetSystemTimeAsFileTime",
- "address": "0x40c12c"
- },
- {
- "function": "GetEnvironmentStringsW",
- "address": "0x40c130"
- },
- {
- "function": "FreeEnvironmentStringsW",
- "address": "0x40c134"
- },
- {
- "function": "UnhandledExceptionFilter",
- "address": "0x40c138"
- },
- {
- "function": "SetUnhandledExceptionFilter",
- "address": "0x40c13c"
- },
- {
- "function": "TerminateProcess",
- "address": "0x40c140"
- },
- {
- "function": "TlsAlloc",
- "address": "0x40c144"
- },
- {
- "function": "TlsGetValue",
- "address": "0x40c148"
- },
- {
- "function": "TlsSetValue",
- "address": "0x40c14c"
- },
- {
- "function": "TlsFree",
- "address": "0x40c150"
- },
- {
- "function": "GetModuleHandleW",
- "address": "0x40c154"
- },
- {
- "function": "GetStringTypeW",
- "address": "0x40c158"
- },
- {
- "function": "WriteConsoleW",
- "address": "0x40c15c"
- }
- ],
- "USER32.dll": [
- {
- "function": "MessageBoxA",
- "address": "0x40c16c"
- },
- {
- "function": "MessageBoxW",
- "address": "0x40c170"
- }
- ],
- "WINHTTP.dll": [
- {
- "function": "WinHttpCloseHandle",
- "address": "0x40c178"
- },
- {
- "function": "WinHttpQueryDataAvailable",
- "address": "0x40c17c"
- },
- {
- "function": "WinHttpSendRequest",
- "address": "0x40c180"
- },
- {
- "function": "WinHttpReceiveResponse",
- "address": "0x40c184"
- },
- {
- "function": "WinHttpOpen",
- "address": "0x40c188"
- },
- {
- "function": "WinHttpOpenRequest",
- "address": "0x40c18c"
- },
- {
- "function": "WinHttpReadData",
- "address": "0x40c190"
- },
- {
- "function": "WinHttpAddRequestHeaders",
- "address": "0x40c194"
- },
- {
- "function": "WinHttpConnect",
- "address": "0x40c198"
- }
- ]
- },
- "mutex_info": [
- "CreateMutexA",
- "ReleaseMutex",
- "WaitForSingleObject"
- ],
- "antivm_info": [],
- "directories": [
- "import",
- "resource",
- "debug",
- "relocation"
- ],
- "detected": [
- "packer",
- "mutex",
- "antidbg"
- ],
- "dll": false,
- "antidbg_info": [
- "GetLastError",
- "IsDebuggerPresent",
- "IsProcessorFeaturePresent",
- "OutputDebugStringW",
- "Process32FirstW",
- "Process32NextW",
- "TerminateProcess",
- "UnhandledExceptionFilter"
- ],
- "xor_info": {},
- "meta_info": {},
- "import_hash": "3e68822a115a7a54dd73bca4eb619c7d",
- "export_function": [],
- "apialert_info": [
- "CloseHandle",
- "CopyFileA",
- "CreateDirectoryA",
- "CreateFileW",
- "CreateMutexA",
- "CreateProcessA",
- "CreateThread",
- "CreateToolhelp32Snapshot",
- "DeleteCriticalSection",
- "DeleteFileA",
- "DeviceIoControl",
- "ExitProcess",
- "GetCommandLineA",
- "GetCurrentProcess",
- "GetCurrentProcessId",
- "GetModuleFileNameA",
- "GetModuleFileNameW",
- "GetModuleHandleExW",
- "GetModuleHandleW",
- "GetProcAddress",
- "GetStartupInfoW",
- "HeapAlloc",
- "InitializeCriticalSectionAndSpinCount",
- "IsDebuggerPresent",
- "LoadLibraryExW",
- "LoadLibraryW",
- "MessageBoxA",
- "MessageBoxW",
- "OpenProcess",
- "OpenProcessToken",
- "OutputDebugStringW",
- "Process32FirstW",
- "Process32NextW",
- "ReadProcessMemory",
- "RegCloseKey",
- "RegOpenKeyExW",
- "ReleaseMutex",
- "SetFilePointerEx",
- "Sleep",
- "TerminateProcess",
- "UnhandledExceptionFilter",
- "WaitForSingleObject",
- "WriteFile"
- ],
- "sign_info": {}
- },
- "url_found": [],
- "fuzzing": {
- "String too long": [
- "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
- ]
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement