API tools faq
paste
Advertisement
paladin316

Exes_7daba3c46a14107fc59e865d654fefe9_exe_2019-06-24_20_30.json

paladin316
Jun 24th, 2019
1,339
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.12 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_7daba3c46a14107fc59e865d654fefe9.exe"
  7. [*] File Size: 294912
  8. [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
  9. [*] SHA256: "1e97c62a80461efb9f6e9220ec22b29552b6bc63bc9e8ad6244d26519aaf914d"
  10. [*] MD5: "7daba3c46a14107fc59e865d654fefe9"
  11. [*] SHA1: "fbe1cf8f3d312495408e6c6d51244dc5cbecf1d7"
  12. [*] SHA512: "a5c8bd4f4fa6e74574c0fc1ee8a34fdd71c1e7d38bf00f4a23271b8d46d73948b7cb991f7f683b4657a129f36f7f06fd9aaebaf39967e13b386b27eab650804f"
  13. [*] CRC32: "AB7BEC67"
  14. [*] SSDEEP: "6144:5ny47oa7kv1TOveImZNoh+ch7mXIT893fat6+b5edXvzWyBEwjMINH5h:5yKkv1jBYAcRmX393fat5edXv7ewAIhb"
  15.  
  16. [*] Process Execution: [
  17. "Exes_7daba3c46a14107fc59e865d654fefe9.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "File has been identified by 32 Antiviruses on VirusTotal as malicious",
  23. "Details": [
  24. {
  25. "FireEye": "Generic.mg.7daba3c46a14107f"
  26. },
  27. {
  28. "Qihoo-360": "HEUR/Malware.QVM19.Gen"
  29. },
  30. {
  31. "Zillya": "Trojan.Agent.Win32.122908"
  32. },
  33. {
  34. "Alibaba": "Trojan:Win32/Hiclas.8a3d8020"
  35. },
  36. {
  37. "K7GW": "Trojan ( 004f51791 )"
  38. },
  39. {
  40. "K7AntiVirus": "Trojan ( 004f51791 )"
  41. },
  42. {
  43. "Cyren": "W32/Risk.HCYV-4193"
  44. },
  45. {
  46. "Symantec": "ML.Attribute.HighConfidence"
  47. },
  48. {
  49. "ESET-NOD32": "Win32/Agent.OPA"
  50. },
  51. {
  52. "APEX": "Malicious"
  53. },
  54. {
  55. "NANO-Antivirus": "Virus.Win32.Gen.ccmw"
  56. },
  57. {
  58. "Rising": "Trojan.Win32.Generic.12773DD9 (C64:YzY0Ogy0oz2YJuVF)"
  59. },
  60. {
  61. "Comodo": "Malware@#a4b4fogahile"
  62. },
  63. {
  64. "F-Secure": "Trojan.TR/Crypt.XPACK.Gen"
  65. },
  66. {
  67. "Invincea": "heuristic"
  68. },
  69. {
  70. "Trapmine": "malicious.high.ml.score"
  71. },
  72. {
  73. "SentinelOne": "DFI - Suspicious PE"
  74. },
  75. {
  76. "F-Prot": "W32/MalwareF.ADCMN"
  77. },
  78. {
  79. "Webroot": "W32.Trojan.Trojan-Agent.Gen.X"
  80. },
  81. {
  82. "Avira": "TR/Crypt.XPACK.Gen"
  83. },
  84. {
  85. "MAX": "malware (ai score=100)"
  86. },
  87. {
  88. "Antiy-AVL": "Trojan/Win32.SGeneric"
  89. },
  90. {
  91. "Microsoft": "Trojan:Win32/Hiclas!gfc"
  92. },
  93. {
  94. "Endgame": "malicious (high confidence)"
  95. },
  96. {
  97. "AegisLab": "Trojan.Win32.Generic.4!c"
  98. },
  99. {
  100. "Acronis": "suspicious"
  101. },
  102. {
  103. "Cylance": "Unsafe"
  104. },
  105. {
  106. "Yandex": "Trojan.Agent!c++y5y1J4nM"
  107. },
  108. {
  109. "Ikarus": "Trojan.Crypt.AIQ"
  110. },
  111. {
  112. "eGambit": "Generic.Malware"
  113. },
  114. {
  115. "CrowdStrike": "win/malicious_confidence_100% (W)"
  116. },
  117. {
  118. "MaxSecure": "Virus.PECorrupt"
  119. }
  120. ]
  121. },
  122. {
  123. "Description": "Anomalous binary characteristics",
  124. "Details": [
  125. {
  126. "anomaly": "Minimum OS version is older than NT4 yet the PE timestamp year is newer than 2000"
  127. },
  128. {
  129. "anomaly": "Entrypoint of binary points to a non-executable code section"
  130. }
  131. ]
  132. }
  133. ]
  134.  
  135. [*] Started Service: []
  136.  
  137. [*] Executed Commands: []
  138.  
  139. [*] Mutexes: []
  140.  
  141. [*] Modified Files: []
  142.  
  143. [*] Deleted Files: []
  144.  
  145. [*] Modified Registry Keys: []
  146.  
  147. [*] Deleted Registry Keys: []
  148.  
  149. [*] DNS Communications: []
  150.  
  151. [*] Domains: []
  152.  
  153. [*] Network Communication - ICMP: []
  154.  
  155. [*] Network Communication - HTTP: []
  156.  
  157. [*] Network Communication - SMTP: []
  158.  
  159. [*] Network Communication - Hosts: []
  160.  
  161. [*] Network Communication - IRC: []
  162.  
  163. [*] Static Analysis: {
  164. "pe": {
  165. "peid_signatures": null,
  166. "imports": [
  167. {
  168. "imports": [
  169. {
  170. "name": "printf",
  171. "address": "0xe28054"
  172. }
  173. ],
  174. "dll": "msvcrt.dll"
  175. },
  176. {
  177. "imports": [
  178. {
  179. "name": "GetTickCount",
  180. "address": "0xe2805c"
  181. },
  182. {
  183. "name": "GetCommandLineA",
  184. "address": "0xe28060"
  185. },
  186. {
  187. "name": "ExitProcess",
  188. "address": "0xe28064"
  189. }
  190. ],
  191. "dll": "KERNEL32.dll"
  192. }
  193. ],
  194. "digital_signers": null,
  195. "exported_dll_name": null,
  196. "actual_checksum": "0x00055515",
  197. "overlay": null,
  198. "imagebase": "0x00de0000",
  199. "reported_checksum": "0x00000000",
  200. "icon_hash": null,
  201. "entrypoint": "0x00de2000",
  202. "timestamp": "2040-10-07 10:09:39",
  203. "osversion": "1.0",
  204. "sections": [
  205. {
  206. "name": "CODE",
  207. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  208. "virtual_address": "0x00001000",
  209. "size_of_data": "0x00001000",
  210. "entropy": "0.06",
  211. "raw_address": "0x00001000",
  212. "virtual_size": "0x00001000",
  213. "characteristics_raw": "0xe0000020"
  214. },
  215. {
  216. "name": "DATA",
  217. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  218. "virtual_address": "0x00002000",
  219. "size_of_data": "0x00045000",
  220. "entropy": "7.98",
  221. "raw_address": "0x00002000",
  222. "virtual_size": "0x00045000",
  223. "characteristics_raw": "0xc0000040"
  224. },
  225. {
  226. "name": "NicolasB",
  227. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  228. "virtual_address": "0x00047000",
  229. "size_of_data": "0xefefadff",
  230. "entropy": "0.61",
  231. "raw_address": "0x00047000",
  232. "virtual_size": "0x00001000",
  233. "characteristics_raw": "0xc0000040"
  234. },
  235. {
  236. "name": ".idata",
  237. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  238. "virtual_address": "0x00048000",
  239. "size_of_data": "0x00001000",
  240. "entropy": "0.61",
  241. "raw_address": "0x00047000",
  242. "virtual_size": "0x00001000",
  243. "characteristics_raw": "0xc0000040"
  244. }
  245. ],
  246. "resources": [],
  247. "dirents": [
  248. {
  249. "virtual_address": "0x00000000",
  250. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  251. "size": "0x00000000"
  252. },
  253. {
  254. "virtual_address": "0x00048000",
  255. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  256. "size": "0x000000be"
  257. },
  258. {
  259. "virtual_address": "0x00000000",
  260. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  261. "size": "0x00000000"
  262. },
  263. {
  264. "virtual_address": "0x00000000",
  265. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  266. "size": "0x00000000"
  267. },
  268. {
  269. "virtual_address": "0x00000000",
  270. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  271. "size": "0x00000000"
  272. },
  273. {
  274. "virtual_address": "0x00000000",
  275. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  276. "size": "0x00000000"
  277. },
  278. {
  279. "virtual_address": "0x00000000",
  280. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  281. "size": "0x00000000"
  282. },
  283. {
  284. "virtual_address": "0x00000000",
  285. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  286. "size": "0x00000000"
  287. },
  288. {
  289. "virtual_address": "0x00000000",
  290. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  291. "size": "0x00000000"
  292. },
  293. {
  294. "virtual_address": "0x00000000",
  295. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  296. "size": "0x00000000"
  297. },
  298. {
  299. "virtual_address": "0x00000000",
  300. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  301. "size": "0x00000000"
  302. },
  303. {
  304. "virtual_address": "0x00000000",
  305. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  306. "size": "0x00000000"
  307. },
  308. {
  309. "virtual_address": "0x00000000",
  310. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  311. "size": "0x00000000"
  312. },
  313. {
  314. "virtual_address": "0x00000000",
  315. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  316. "size": "0x00000000"
  317. },
  318. {
  319. "virtual_address": "0x00000000",
  320. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  321. "size": "0x00000000"
  322. },
  323. {
  324. "virtual_address": "0x00000000",
  325. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  326. "size": "0x00000000"
  327. }
  328. ],
  329. "exports": [],
  330. "guest_signers": {},
  331. "imphash": "64f37a9561ff77b2cfcfe4eb061d8d45",
  332. "icon_fuzzy": null,
  333. "icon": null,
  334. "pdbpath": null,
  335. "imported_dll_count": 2,
  336. "versioninfo": []
  337. }
  338. }
  339.  
  340. [*] Resolved APIs: []
  341.  
  342. [*] Static Analysis: {
  343. "pe": {
  344. "peid_signatures": null,
  345. "imports": [
  346. {
  347. "imports": [
  348. {
  349. "name": "printf",
  350. "address": "0xe28054"
  351. }
  352. ],
  353. "dll": "msvcrt.dll"
  354. },
  355. {
  356. "imports": [
  357. {
  358. "name": "GetTickCount",
  359. "address": "0xe2805c"
  360. },
  361. {
  362. "name": "GetCommandLineA",
  363. "address": "0xe28060"
  364. },
  365. {
  366. "name": "ExitProcess",
  367. "address": "0xe28064"
  368. }
  369. ],
  370. "dll": "KERNEL32.dll"
  371. }
  372. ],
  373. "digital_signers": null,
  374. "exported_dll_name": null,
  375. "actual_checksum": "0x00055515",
  376. "overlay": null,
  377. "imagebase": "0x00de0000",
  378. "reported_checksum": "0x00000000",
  379. "icon_hash": null,
  380. "entrypoint": "0x00de2000",
  381. "timestamp": "2040-10-07 10:09:39",
  382. "osversion": "1.0",
  383. "sections": [
  384. {
  385. "name": "CODE",
  386. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  387. "virtual_address": "0x00001000",
  388. "size_of_data": "0x00001000",
  389. "entropy": "0.06",
  390. "raw_address": "0x00001000",
  391. "virtual_size": "0x00001000",
  392. "characteristics_raw": "0xe0000020"
  393. },
  394. {
  395. "name": "DATA",
  396. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  397. "virtual_address": "0x00002000",
  398. "size_of_data": "0x00045000",
  399. "entropy": "7.98",
  400. "raw_address": "0x00002000",
  401. "virtual_size": "0x00045000",
  402. "characteristics_raw": "0xc0000040"
  403. },
  404. {
  405. "name": "NicolasB",
  406. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  407. "virtual_address": "0x00047000",
  408. "size_of_data": "0xefefadff",
  409. "entropy": "0.61",
  410. "raw_address": "0x00047000",
  411. "virtual_size": "0x00001000",
  412. "characteristics_raw": "0xc0000040"
  413. },
  414. {
  415. "name": ".idata",
  416. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  417. "virtual_address": "0x00048000",
  418. "size_of_data": "0x00001000",
  419. "entropy": "0.61",
  420. "raw_address": "0x00047000",
  421. "virtual_size": "0x00001000",
  422. "characteristics_raw": "0xc0000040"
  423. }
  424. ],
  425. "resources": [],
  426. "dirents": [
  427. {
  428. "virtual_address": "0x00000000",
  429. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  430. "size": "0x00000000"
  431. },
  432. {
  433. "virtual_address": "0x00048000",
  434. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  435. "size": "0x000000be"
  436. },
  437. {
  438. "virtual_address": "0x00000000",
  439. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  440. "size": "0x00000000"
  441. },
  442. {
  443. "virtual_address": "0x00000000",
  444. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  445. "size": "0x00000000"
  446. },
  447. {
  448. "virtual_address": "0x00000000",
  449. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  450. "size": "0x00000000"
  451. },
  452. {
  453. "virtual_address": "0x00000000",
  454. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  455. "size": "0x00000000"
  456. },
  457. {
  458. "virtual_address": "0x00000000",
  459. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  460. "size": "0x00000000"
  461. },
  462. {
  463. "virtual_address": "0x00000000",
  464. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  465. "size": "0x00000000"
  466. },
  467. {
  468. "virtual_address": "0x00000000",
  469. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  470. "size": "0x00000000"
  471. },
  472. {
  473. "virtual_address": "0x00000000",
  474. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  475. "size": "0x00000000"
  476. },
  477. {
  478. "virtual_address": "0x00000000",
  479. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  480. "size": "0x00000000"
  481. },
  482. {
  483. "virtual_address": "0x00000000",
  484. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  485. "size": "0x00000000"
  486. },
  487. {
  488. "virtual_address": "0x00000000",
  489. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  490. "size": "0x00000000"
  491. },
  492. {
  493. "virtual_address": "0x00000000",
  494. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  495. "size": "0x00000000"
  496. },
  497. {
  498. "virtual_address": "0x00000000",
  499. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  500. "size": "0x00000000"
  501. },
  502. {
  503. "virtual_address": "0x00000000",
  504. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  505. "size": "0x00000000"
  506. }
  507. ],
  508. "exports": [],
  509. "guest_signers": {},
  510. "imphash": "64f37a9561ff77b2cfcfe4eb061d8d45",
  511. "icon_fuzzy": null,
  512. "icon": null,
  513. "pdbpath": null,
  514. "imported_dll_count": 2,
  515. "versioninfo": []
  516. }
  517. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!