API tools faq
paste
Advertisement
paladin316

Exes_9c65361abadc326a285a0dc8f3a66279_exe_2019-06-24_20_30.json

paladin316
Jun 24th, 2019
1,324
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.32 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 3.0
  5.  
  6. [*] File Name: "Exes_9c65361abadc326a285a0dc8f3a66279.exe"
  7. [*] File Size: 638976
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "49e2e88932d2cbe0d4649922e64e0a3bc053d9bceef42017fdc46d44abd211d9"
  10. [*] MD5: "9c65361abadc326a285a0dc8f3a66279"
  11. [*] SHA1: "11229221946d83ac3a7e93ebc3402454c8598061"
  12. [*] SHA512: "0712e859f8822f5cc8d483e3d4bf569c42ef42ef1a3af43dbbb05a4a759d3c9a4df999bdba6eef60f421cc0b44018364860724c53fb4e7c05103024abfc488bd"
  13. [*] CRC32: "F966556B"
  14. [*] SSDEEP: "12288:a2Yx55YZvZ5YZvZ5YZvZ5YmehOYmehOYmehOYmehOYmehOYmexI++YRYJI++YRYT:OqfPMRgh1nZy/zqR"
  15.  
  16. [*] Process Execution: []
  17.  
  18. [*] Signatures Detected: [
  19. {
  20. "Description": "File has been identified by 8 Antiviruses on VirusTotal as malicious",
  21. "Details": [
  22. {
  23. "FireEye": "Generic.mg.9c65361abadc326a"
  24. },
  25. {
  26. "McAfee": "Fareit-FPH!9C65361ABADC"
  27. },
  28. {
  29. "APEX": "Malicious"
  30. },
  31. {
  32. "Invincea": "heuristic"
  33. },
  34. {
  35. "McAfee-GW-Edition": "BehavesLike.Win32.VBObfus.jm"
  36. },
  37. {
  38. "Microsoft": "Trojan:Win32/Wacatac.B!ml"
  39. },
  40. {
  41. "Cybereason": "malicious.1946d8"
  42. },
  43. {
  44. "CrowdStrike": "win/malicious_confidence_70% (D)"
  45. }
  46. ]
  47. }
  48. ]
  49.  
  50. [*] Started Service: []
  51.  
  52. [*] Executed Commands: []
  53.  
  54. [*] Mutexes: []
  55.  
  56. [*] Modified Files: []
  57.  
  58. [*] Deleted Files: []
  59.  
  60. [*] Modified Registry Keys: []
  61.  
  62. [*] Deleted Registry Keys: []
  63.  
  64. [*] DNS Communications: []
  65.  
  66. [*] Domains: []
  67.  
  68. [*] Network Communication - ICMP: []
  69.  
  70. [*] Network Communication - HTTP: []
  71.  
  72. [*] Network Communication - SMTP: []
  73.  
  74. [*] Network Communication - Hosts: []
  75.  
  76. [*] Network Communication - IRC: []
  77.  
  78. [*] Static Analysis: {
  79. "pe": {
  80. "peid_signatures": null,
  81. "imports": [
  82. {
  83. "imports": [
  84. {
  85. "name": null,
  86. "address": "0x401000"
  87. },
  88. {
  89. "name": null,
  90. "address": "0x401004"
  91. },
  92. {
  93. "name": null,
  94. "address": "0x401008"
  95. },
  96. {
  97. "name": "MethCallEngine",
  98. "address": "0x40100c"
  99. },
  100. {
  101. "name": null,
  102. "address": "0x401010"
  103. },
  104. {
  105. "name": null,
  106. "address": "0x401014"
  107. },
  108. {
  109. "name": null,
  110. "address": "0x401018"
  111. },
  112. {
  113. "name": null,
  114. "address": "0x40101c"
  115. },
  116. {
  117. "name": null,
  118. "address": "0x401020"
  119. },
  120. {
  121. "name": null,
  122. "address": "0x401024"
  123. },
  124. {
  125. "name": null,
  126. "address": "0x401028"
  127. },
  128. {
  129. "name": null,
  130. "address": "0x40102c"
  131. },
  132. {
  133. "name": null,
  134. "address": "0x401030"
  135. },
  136. {
  137. "name": null,
  138. "address": "0x401034"
  139. },
  140. {
  141. "name": null,
  142. "address": "0x401038"
  143. },
  144. {
  145. "name": null,
  146. "address": "0x40103c"
  147. },
  148. {
  149. "name": null,
  150. "address": "0x401040"
  151. },
  152. {
  153. "name": "EVENT_SINK_AddRef",
  154. "address": "0x401044"
  155. },
  156. {
  157. "name": null,
  158. "address": "0x401048"
  159. },
  160. {
  161. "name": null,
  162. "address": "0x40104c"
  163. },
  164. {
  165. "name": null,
  166. "address": "0x401050"
  167. },
  168. {
  169. "name": "EVENT_SINK_Release",
  170. "address": "0x401054"
  171. },
  172. {
  173. "name": null,
  174. "address": "0x401058"
  175. },
  176. {
  177. "name": "EVENT_SINK_QueryInterface",
  178. "address": "0x40105c"
  179. },
  180. {
  181. "name": "__vbaExceptHandler",
  182. "address": "0x401060"
  183. },
  184. {
  185. "name": null,
  186. "address": "0x401064"
  187. },
  188. {
  189. "name": null,
  190. "address": "0x401068"
  191. },
  192. {
  193. "name": null,
  194. "address": "0x40106c"
  195. },
  196. {
  197. "name": null,
  198. "address": "0x401070"
  199. },
  200. {
  201. "name": null,
  202. "address": "0x401074"
  203. },
  204. {
  205. "name": null,
  206. "address": "0x401078"
  207. },
  208. {
  209. "name": null,
  210. "address": "0x40107c"
  211. },
  212. {
  213. "name": null,
  214. "address": "0x401080"
  215. },
  216. {
  217. "name": null,
  218. "address": "0x401084"
  219. },
  220. {
  221. "name": null,
  222. "address": "0x401088"
  223. },
  224. {
  225. "name": null,
  226. "address": "0x40108c"
  227. },
  228. {
  229. "name": null,
  230. "address": "0x401090"
  231. },
  232. {
  233. "name": null,
  234. "address": "0x401094"
  235. },
  236. {
  237. "name": null,
  238. "address": "0x401098"
  239. },
  240. {
  241. "name": null,
  242. "address": "0x40109c"
  243. },
  244. {
  245. "name": null,
  246. "address": "0x4010a0"
  247. },
  248. {
  249. "name": null,
  250. "address": "0x4010a4"
  251. }
  252. ],
  253. "dll": "MSVBVM60.DLL"
  254. }
  255. ],
  256. "digital_signers": null,
  257. "exported_dll_name": null,
  258. "actual_checksum": "0x000a25ed",
  259. "overlay": null,
  260. "imagebase": "0x00400000",
  261. "reported_checksum": "0x000a25ed",
  262. "icon_hash": null,
  263. "entrypoint": "0x004011ac",
  264. "timestamp": "2007-06-17 13:22:49",
  265. "osversion": "4.0",
  266. "sections": [
  267. {
  268. "name": ".text",
  269. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  270. "virtual_address": "0x00001000",
  271. "size_of_data": "0x00093000",
  272. "entropy": "5.90",
  273. "raw_address": "0x00001000",
  274. "virtual_size": "0x000928b4",
  275. "characteristics_raw": "0x60000020"
  276. },
  277. {
  278. "name": ".data",
  279. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  280. "virtual_address": "0x00094000",
  281. "size_of_data": "0x00000000",
  282. "entropy": "0.00",
  283. "raw_address": "0x00000000",
  284. "virtual_size": "0x00004558",
  285. "characteristics_raw": "0xc0000040"
  286. },
  287. {
  288. "name": ".rsrc",
  289. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  290. "virtual_address": "0x00099000",
  291. "size_of_data": "0x00008000",
  292. "entropy": "4.49",
  293. "raw_address": "0x00094000",
  294. "virtual_size": "0x000072ec",
  295. "characteristics_raw": "0x40000040"
  296. }
  297. ],
  298. "resources": [],
  299. "dirents": [
  300. {
  301. "virtual_address": "0x00000000",
  302. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  303. "size": "0x00000000"
  304. },
  305. {
  306. "virtual_address": "0x00093764",
  307. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  308. "size": "0x00000028"
  309. },
  310. {
  311. "virtual_address": "0x00099000",
  312. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  313. "size": "0x000072ec"
  314. },
  315. {
  316. "virtual_address": "0x00000000",
  317. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  318. "size": "0x00000000"
  319. },
  320. {
  321. "virtual_address": "0x00000000",
  322. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  323. "size": "0x00000000"
  324. },
  325. {
  326. "virtual_address": "0x00000000",
  327. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  328. "size": "0x00000000"
  329. },
  330. {
  331. "virtual_address": "0x00000000",
  332. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  333. "size": "0x00000000"
  334. },
  335. {
  336. "virtual_address": "0x00000000",
  337. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  338. "size": "0x00000000"
  339. },
  340. {
  341. "virtual_address": "0x00000000",
  342. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  343. "size": "0x00000000"
  344. },
  345. {
  346. "virtual_address": "0x00000000",
  347. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  348. "size": "0x00000000"
  349. },
  350. {
  351. "virtual_address": "0x00000000",
  352. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  353. "size": "0x00000000"
  354. },
  355. {
  356. "virtual_address": "0x00000220",
  357. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  358. "size": "0x00000020"
  359. },
  360. {
  361. "virtual_address": "0x00001000",
  362. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  363. "size": "0x000000ac"
  364. },
  365. {
  366. "virtual_address": "0x00000000",
  367. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  368. "size": "0x00000000"
  369. },
  370. {
  371. "virtual_address": "0x00000000",
  372. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  373. "size": "0x00000000"
  374. },
  375. {
  376. "virtual_address": "0x00000000",
  377. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  378. "size": "0x00000000"
  379. }
  380. ],
  381. "exports": [],
  382. "guest_signers": {},
  383. "imphash": "2bd819ed45f6d184d7331821bbd5e0c7",
  384. "icon_fuzzy": null,
  385. "icon": null,
  386. "pdbpath": null,
  387. "imported_dll_count": 1,
  388. "versioninfo": []
  389. }
  390. }
  391.  
  392. [*] Resolved APIs: []
  393.  
  394. [*] Static Analysis: {
  395. "pe": {
  396. "peid_signatures": null,
  397. "imports": [
  398. {
  399. "imports": [
  400. {
  401. "name": null,
  402. "address": "0x401000"
  403. },
  404. {
  405. "name": null,
  406. "address": "0x401004"
  407. },
  408. {
  409. "name": null,
  410. "address": "0x401008"
  411. },
  412. {
  413. "name": "MethCallEngine",
  414. "address": "0x40100c"
  415. },
  416. {
  417. "name": null,
  418. "address": "0x401010"
  419. },
  420. {
  421. "name": null,
  422. "address": "0x401014"
  423. },
  424. {
  425. "name": null,
  426. "address": "0x401018"
  427. },
  428. {
  429. "name": null,
  430. "address": "0x40101c"
  431. },
  432. {
  433. "name": null,
  434. "address": "0x401020"
  435. },
  436. {
  437. "name": null,
  438. "address": "0x401024"
  439. },
  440. {
  441. "name": null,
  442. "address": "0x401028"
  443. },
  444. {
  445. "name": null,
  446. "address": "0x40102c"
  447. },
  448. {
  449. "name": null,
  450. "address": "0x401030"
  451. },
  452. {
  453. "name": null,
  454. "address": "0x401034"
  455. },
  456. {
  457. "name": null,
  458. "address": "0x401038"
  459. },
  460. {
  461. "name": null,
  462. "address": "0x40103c"
  463. },
  464. {
  465. "name": null,
  466. "address": "0x401040"
  467. },
  468. {
  469. "name": "EVENT_SINK_AddRef",
  470. "address": "0x401044"
  471. },
  472. {
  473. "name": null,
  474. "address": "0x401048"
  475. },
  476. {
  477. "name": null,
  478. "address": "0x40104c"
  479. },
  480. {
  481. "name": null,
  482. "address": "0x401050"
  483. },
  484. {
  485. "name": "EVENT_SINK_Release",
  486. "address": "0x401054"
  487. },
  488. {
  489. "name": null,
  490. "address": "0x401058"
  491. },
  492. {
  493. "name": "EVENT_SINK_QueryInterface",
  494. "address": "0x40105c"
  495. },
  496. {
  497. "name": "__vbaExceptHandler",
  498. "address": "0x401060"
  499. },
  500. {
  501. "name": null,
  502. "address": "0x401064"
  503. },
  504. {
  505. "name": null,
  506. "address": "0x401068"
  507. },
  508. {
  509. "name": null,
  510. "address": "0x40106c"
  511. },
  512. {
  513. "name": null,
  514. "address": "0x401070"
  515. },
  516. {
  517. "name": null,
  518. "address": "0x401074"
  519. },
  520. {
  521. "name": null,
  522. "address": "0x401078"
  523. },
  524. {
  525. "name": null,
  526. "address": "0x40107c"
  527. },
  528. {
  529. "name": null,
  530. "address": "0x401080"
  531. },
  532. {
  533. "name": null,
  534. "address": "0x401084"
  535. },
  536. {
  537. "name": null,
  538. "address": "0x401088"
  539. },
  540. {
  541. "name": null,
  542. "address": "0x40108c"
  543. },
  544. {
  545. "name": null,
  546. "address": "0x401090"
  547. },
  548. {
  549. "name": null,
  550. "address": "0x401094"
  551. },
  552. {
  553. "name": null,
  554. "address": "0x401098"
  555. },
  556. {
  557. "name": null,
  558. "address": "0x40109c"
  559. },
  560. {
  561. "name": null,
  562. "address": "0x4010a0"
  563. },
  564. {
  565. "name": null,
  566. "address": "0x4010a4"
  567. }
  568. ],
  569. "dll": "MSVBVM60.DLL"
  570. }
  571. ],
  572. "digital_signers": null,
  573. "exported_dll_name": null,
  574. "actual_checksum": "0x000a25ed",
  575. "overlay": null,
  576. "imagebase": "0x00400000",
  577. "reported_checksum": "0x000a25ed",
  578. "icon_hash": null,
  579. "entrypoint": "0x004011ac",
  580. "timestamp": "2007-06-17 13:22:49",
  581. "osversion": "4.0",
  582. "sections": [
  583. {
  584. "name": ".text",
  585. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  586. "virtual_address": "0x00001000",
  587. "size_of_data": "0x00093000",
  588. "entropy": "5.90",
  589. "raw_address": "0x00001000",
  590. "virtual_size": "0x000928b4",
  591. "characteristics_raw": "0x60000020"
  592. },
  593. {
  594. "name": ".data",
  595. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  596. "virtual_address": "0x00094000",
  597. "size_of_data": "0x00000000",
  598. "entropy": "0.00",
  599. "raw_address": "0x00000000",
  600. "virtual_size": "0x00004558",
  601. "characteristics_raw": "0xc0000040"
  602. },
  603. {
  604. "name": ".rsrc",
  605. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  606. "virtual_address": "0x00099000",
  607. "size_of_data": "0x00008000",
  608. "entropy": "4.49",
  609. "raw_address": "0x00094000",
  610. "virtual_size": "0x000072ec",
  611. "characteristics_raw": "0x40000040"
  612. }
  613. ],
  614. "resources": [],
  615. "dirents": [
  616. {
  617. "virtual_address": "0x00000000",
  618. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  619. "size": "0x00000000"
  620. },
  621. {
  622. "virtual_address": "0x00093764",
  623. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  624. "size": "0x00000028"
  625. },
  626. {
  627. "virtual_address": "0x00099000",
  628. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  629. "size": "0x000072ec"
  630. },
  631. {
  632. "virtual_address": "0x00000000",
  633. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  634. "size": "0x00000000"
  635. },
  636. {
  637. "virtual_address": "0x00000000",
  638. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  639. "size": "0x00000000"
  640. },
  641. {
  642. "virtual_address": "0x00000000",
  643. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  644. "size": "0x00000000"
  645. },
  646. {
  647. "virtual_address": "0x00000000",
  648. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  649. "size": "0x00000000"
  650. },
  651. {
  652. "virtual_address": "0x00000000",
  653. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  654. "size": "0x00000000"
  655. },
  656. {
  657. "virtual_address": "0x00000000",
  658. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  659. "size": "0x00000000"
  660. },
  661. {
  662. "virtual_address": "0x00000000",
  663. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  664. "size": "0x00000000"
  665. },
  666. {
  667. "virtual_address": "0x00000000",
  668. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  669. "size": "0x00000000"
  670. },
  671. {
  672. "virtual_address": "0x00000220",
  673. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  674. "size": "0x00000020"
  675. },
  676. {
  677. "virtual_address": "0x00001000",
  678. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  679. "size": "0x000000ac"
  680. },
  681. {
  682. "virtual_address": "0x00000000",
  683. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  684. "size": "0x00000000"
  685. },
  686. {
  687. "virtual_address": "0x00000000",
  688. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  689. "size": "0x00000000"
  690. },
  691. {
  692. "virtual_address": "0x00000000",
  693. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  694. "size": "0x00000000"
  695. }
  696. ],
  697. "exports": [],
  698. "guest_signers": {},
  699. "imphash": "2bd819ed45f6d184d7331821bbd5e0c7",
  700. "icon_fuzzy": null,
  701. "icon": null,
  702. "pdbpath": null,
  703. "imported_dll_count": 1,
  704. "versioninfo": []
  705. }
  706. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!