API tools faq
paste
Advertisement
paladin316

NetWire_2e7fb3fa2ab2b15c301c7317775c9768_exe_2019-06-24_20_30.json

paladin316
Jun 24th, 2019
1,298
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.45 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "NetWire_2e7fb3fa2ab2b15c301c7317775c9768.exe"
  7. [*] File Size: 174080
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "ca5fabbc12530df1f80de91524306c853b76300398169da124ad80e756993eb5"
  10. [*] MD5: "2e7fb3fa2ab2b15c301c7317775c9768"
  11. [*] SHA1: "4562720dfedc51e2d0dffee31262a11fa0cc2c38"
  12. [*] SHA512: "d2494adf3309f9db58e194f40efb52c7f9b73b4f5943876aaf9ff626f98b7283e504c4362a07ffebf39b1bc8b4471665cf791e0a7443e97c1f04ce6bc464e31d"
  13. [*] CRC32: "7DE86739"
  14. [*] SSDEEP: "3072:mjc/2QVfrRY41zB2niK+qbj053rCxxv2GDp5ZchWF5GvGt/MCM8s:mU2QBrRY4Cnd0+j/ZIypMCMP"
  15.  
  16. [*] Process Execution: [
  17. "NetWire_2e7fb3fa2ab2b15c301c7317775c9768.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "The binary likely contains encrypted or compressed data.",
  23. "Details": [
  24. {
  25. "section": "name: .text, entropy: 7.74, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00029200, virtual_size: 0x00029044"
  26. }
  27. ]
  28. },
  29. {
  30. "Description": "Anomalous .NET characteristics",
  31. "Details": [
  32. {
  33. "anomalous_version": "Assembly version is set to 0"
  34. }
  35. ]
  36. },
  37. {
  38. "Description": "File has been identified by 14 Antiviruses on VirusTotal as malicious",
  39. "Details": [
  40. {
  41. "FireEye": "Generic.mg.2e7fb3fa2ab2b15c"
  42. },
  43. {
  44. "Cylance": "Unsafe"
  45. },
  46. {
  47. "Symantec": "ML.Attribute.HighConfidence"
  48. },
  49. {
  50. "APEX": "Malicious"
  51. },
  52. {
  53. "Kaspersky": "HEUR:Trojan.Win32.Generic"
  54. },
  55. {
  56. "Endgame": "malicious (high confidence)"
  57. },
  58. {
  59. "Invincea": "heuristic"
  60. },
  61. {
  62. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.cc"
  63. },
  64. {
  65. "Trapmine": "malicious.high.ml.score"
  66. },
  67. {
  68. "SentinelOne": "DFI - Suspicious PE"
  69. },
  70. {
  71. "ZoneAlarm": "HEUR:Trojan.Win32.Generic"
  72. },
  73. {
  74. "AhnLab-V3": "Trojan/Win32.RL_Generic.R277346"
  75. },
  76. {
  77. "Cybereason": "malicious.dfedc5"
  78. },
  79. {
  80. "Qihoo-360": "HEUR/QVM03.0.1591.Malware.Gen"
  81. }
  82. ]
  83. }
  84. ]
  85.  
  86. [*] Started Service: []
  87.  
  88. [*] Executed Commands: []
  89.  
  90. [*] Mutexes: []
  91.  
  92. [*] Modified Files: []
  93.  
  94. [*] Deleted Files: []
  95.  
  96. [*] Modified Registry Keys: []
  97.  
  98. [*] Deleted Registry Keys: []
  99.  
  100. [*] DNS Communications: []
  101.  
  102. [*] Domains: []
  103.  
  104. [*] Network Communication - ICMP: []
  105.  
  106. [*] Network Communication - HTTP: []
  107.  
  108. [*] Network Communication - SMTP: []
  109.  
  110. [*] Network Communication - Hosts: []
  111.  
  112. [*] Network Communication - IRC: []
  113.  
  114. [*] Static Analysis: {
  115. "dotnet": {
  116. "customattrs": [],
  117. "assemblyinfo": {
  118. "version": "0.0.0.0",
  119. "name": "XCkghoVkEa_repack"
  120. },
  121. "assemblyrefs": [
  122. {
  123. "version": "4.0.0.0",
  124. "name": "mscorlib"
  125. },
  126. {
  127. "version": "4.0.0.0",
  128. "name": "System"
  129. },
  130. {
  131. "version": "2.0.0.0",
  132. "name": "netstandard"
  133. },
  134. {
  135. "version": "0.0.0.0",
  136. "name": "XQuTpvyQwz"
  137. }
  138. ],
  139. "typerefs": [
  140. {
  141. "typename": "System.Diagnostics.Trace",
  142. "assembly": "System"
  143. },
  144. {
  145. "typename": "System.IO.Compression.CompressionMode",
  146. "assembly": "System"
  147. },
  148. {
  149. "typename": "System.IO.Compression.DeflateStream",
  150. "assembly": "System"
  151. },
  152. {
  153. "typename": "System.Text.RegularExpressions.Capture",
  154. "assembly": "System"
  155. },
  156. {
  157. "typename": "System.Text.RegularExpressions.Group",
  158. "assembly": "System"
  159. },
  160. {
  161. "typename": "System.Text.RegularExpressions.GroupCollection",
  162. "assembly": "System"
  163. },
  164. {
  165. "typename": "System.Text.RegularExpressions.Match",
  166. "assembly": "System"
  167. },
  168. {
  169. "typename": "System.Text.RegularExpressions.Regex",
  170. "assembly": "System"
  171. },
  172. {
  173. "typename": "System.Text.RegularExpressions.RegexOptions",
  174. "assembly": "System"
  175. },
  176. {
  177. "typename": "StubSite.get_HmacKey",
  178. "assembly": "XQuTpvyQwz"
  179. },
  180. {
  181. "typename": "Microsoft.Win32.Registry",
  182. "assembly": "mscorlib"
  183. },
  184. {
  185. "typename": "Microsoft.Win32.RegistryKey",
  186. "assembly": "mscorlib"
  187. },
  188. {
  189. "typename": "System.AppDomain",
  190. "assembly": "mscorlib"
  191. },
  192. {
  193. "typename": "System.Byte",
  194. "assembly": "mscorlib"
  195. },
  196. {
  197. "typename": "System.Collections.Generic.Dictionary`2",
  198. "assembly": "mscorlib"
  199. },
  200. {
  201. "typename": "System.Convert",
  202. "assembly": "mscorlib"
  203. },
  204. {
  205. "typename": "System.Exception",
  206. "assembly": "mscorlib"
  207. },
  208. {
  209. "typename": "System.Guid",
  210. "assembly": "mscorlib"
  211. },
  212. {
  213. "typename": "System.IDisposable",
  214. "assembly": "mscorlib"
  215. },
  216. {
  217. "typename": "System.IO.Directory",
  218. "assembly": "mscorlib"
  219. },
  220. {
  221. "typename": "System.IO.DirectoryInfo",
  222. "assembly": "mscorlib"
  223. },
  224. {
  225. "typename": "System.IO.File",
  226. "assembly": "mscorlib"
  227. },
  228. {
  229. "typename": "System.IO.FileInfo",
  230. "assembly": "mscorlib"
  231. },
  232. {
  233. "typename": "System.IO.FileSystemInfo",
  234. "assembly": "mscorlib"
  235. },
  236. {
  237. "typename": "System.IO.Path",
  238. "assembly": "mscorlib"
  239. },
  240. {
  241. "typename": "System.IO.Stream",
  242. "assembly": "mscorlib"
  243. },
  244. {
  245. "typename": "System.Int32",
  246. "assembly": "mscorlib"
  247. },
  248. {
  249. "typename": "System.IntPtr",
  250. "assembly": "mscorlib"
  251. },
  252. {
  253. "typename": "System.Nullable`1",
  254. "assembly": "mscorlib"
  255. },
  256. {
  257. "typename": "System.Object",
  258. "assembly": "mscorlib"
  259. },
  260. {
  261. "typename": "System.Reflection.Assembly",
  262. "assembly": "mscorlib"
  263. },
  264. {
  265. "typename": "System.Reflection.AssemblyName",
  266. "assembly": "mscorlib"
  267. },
  268. {
  269. "typename": "System.Reflection.MemberInfo",
  270. "assembly": "mscorlib"
  271. },
  272. {
  273. "typename": "System.ResolveEventArgs",
  274. "assembly": "mscorlib"
  275. },
  276. {
  277. "typename": "System.ResolveEventHandler",
  278. "assembly": "mscorlib"
  279. },
  280. {
  281. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  282. "assembly": "mscorlib"
  283. },
  284. {
  285. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  286. "assembly": "mscorlib"
  287. },
  288. {
  289. "typename": "System.RuntimeTypeHandle",
  290. "assembly": "mscorlib"
  291. },
  292. {
  293. "typename": "System.STAThreadAttribute",
  294. "assembly": "mscorlib"
  295. },
  296. {
  297. "typename": "System.Security.Cryptography.HashAlgorithm",
  298. "assembly": "mscorlib"
  299. },
  300. {
  301. "typename": "System.Security.Cryptography.MD5",
  302. "assembly": "mscorlib"
  303. },
  304. {
  305. "typename": "System.String",
  306. "assembly": "mscorlib"
  307. },
  308. {
  309. "typename": "System.Text.Encoding",
  310. "assembly": "mscorlib"
  311. },
  312. {
  313. "typename": "System.Threading.Interlocked",
  314. "assembly": "mscorlib"
  315. },
  316. {
  317. "typename": "System.Threading.Monitor",
  318. "assembly": "mscorlib"
  319. },
  320. {
  321. "typename": "System.Type",
  322. "assembly": "mscorlib"
  323. },
  324. {
  325. "typename": "System.Action`1",
  326. "assembly": "netstandard"
  327. },
  328. {
  329. "typename": "System.Array",
  330. "assembly": "netstandard"
  331. },
  332. {
  333. "typename": "System.BitConverter",
  334. "assembly": "netstandard"
  335. },
  336. {
  337. "typename": "System.Byte",
  338. "assembly": "netstandard"
  339. },
  340. {
  341. "typename": "System.Char",
  342. "assembly": "netstandard"
  343. },
  344. {
  345. "typename": "System.Collections.Generic.Dictionary`2",
  346. "assembly": "netstandard"
  347. },
  348. {
  349. "typename": "System.Collections.Generic.Dictionary`2/Enumerator",
  350. "assembly": "netstandard"
  351. },
  352. {
  353. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
  354. "assembly": "netstandard"
  355. },
  356. {
  357. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
  358. "assembly": "netstandard"
  359. },
  360. {
  361. "typename": "System.Collections.Generic.EqualityComparer`1",
  362. "assembly": "netstandard"
  363. },
  364. {
  365. "typename": "System.Collections.Generic.HashSet`1",
  366. "assembly": "netstandard"
  367. },
  368. {
  369. "typename": "System.Collections.Generic.HashSet`1/Enumerator",
  370. "assembly": "netstandard"
  371. },
  372. {
  373. "typename": "System.Collections.Generic.IEnumerable`1",
  374. "assembly": "netstandard"
  375. },
  376. {
  377. "typename": "System.Collections.Generic.IEnumerator`1",
  378. "assembly": "netstandard"
  379. },
  380. {
  381. "typename": "System.Collections.Generic.IReadOnlyCollection`1",
  382. "assembly": "netstandard"
  383. },
  384. {
  385. "typename": "System.Collections.Generic.IReadOnlyDictionary`2",
  386. "assembly": "netstandard"
  387. },
  388. {
  389. "typename": "System.Collections.Generic.IReadOnlyList`1",
  390. "assembly": "netstandard"
  391. },
  392. {
  393. "typename": "System.Collections.Generic.KeyValuePair`2",
  394. "assembly": "netstandard"
  395. },
  396. {
  397. "typename": "System.Collections.Generic.List`1",
  398. "assembly": "netstandard"
  399. },
  400. {
  401. "typename": "System.Collections.Generic.List`1/Enumerator",
  402. "assembly": "netstandard"
  403. },
  404. {
  405. "typename": "System.Collections.Generic.Queue`1",
  406. "assembly": "netstandard"
  407. },
  408. {
  409. "typename": "System.Collections.IEnumerable",
  410. "assembly": "netstandard"
  411. },
  412. {
  413. "typename": "System.Collections.IEnumerator",
  414. "assembly": "netstandard"
  415. },
  416. {
  417. "typename": "System.Console",
  418. "assembly": "netstandard"
  419. },
  420. {
  421. "typename": "System.Convert",
  422. "assembly": "netstandard"
  423. },
  424. {
  425. "typename": "System.DateTime",
  426. "assembly": "netstandard"
  427. },
  428. {
  429. "typename": "System.DateTimeOffset",
  430. "assembly": "netstandard"
  431. },
  432. {
  433. "typename": "System.Diagnostics.DebuggerBrowsableAttribute",
  434. "assembly": "netstandard"
  435. },
  436. {
  437. "typename": "System.Diagnostics.DebuggerBrowsableState",
  438. "assembly": "netstandard"
  439. },
  440. {
  441. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  442. "assembly": "netstandard"
  443. },
  444. {
  445. "typename": "System.Enum",
  446. "assembly": "netstandard"
  447. },
  448. {
  449. "typename": "System.Environment",
  450. "assembly": "netstandard"
  451. },
  452. {
  453. "typename": "System.Exception",
  454. "assembly": "netstandard"
  455. },
  456. {
  457. "typename": "System.Func`2",
  458. "assembly": "netstandard"
  459. },
  460. {
  461. "typename": "System.Func`3",
  462. "assembly": "netstandard"
  463. },
  464. {
  465. "typename": "System.Func`4",
  466. "assembly": "netstandard"
  467. },
  468. {
  469. "typename": "System.IDisposable",
  470. "assembly": "netstandard"
  471. },
  472. {
  473. "typename": "System.IFormatProvider",
  474. "assembly": "netstandard"
  475. },
  476. {
  477. "typename": "System.IO.Compression.CompressionMode",
  478. "assembly": "netstandard"
  479. },
  480. {
  481. "typename": "System.IO.Compression.DeflateStream",
  482. "assembly": "netstandard"
  483. },
  484. {
  485. "typename": "System.IO.Directory",
  486. "assembly": "netstandard"
  487. },
  488. {
  489. "typename": "System.IO.File",
  490. "assembly": "netstandard"
  491. },
  492. {
  493. "typename": "System.IO.FileStream",
  494. "assembly": "netstandard"
  495. },
  496. {
  497. "typename": "System.IO.MemoryStream",
  498. "assembly": "netstandard"
  499. },
  500. {
  501. "typename": "System.IO.Path",
  502. "assembly": "netstandard"
  503. },
  504. {
  505. "typename": "System.IO.SeekOrigin",
  506. "assembly": "netstandard"
  507. },
  508. {
  509. "typename": "System.IO.Stream",
  510. "assembly": "netstandard"
  511. },
  512. {
  513. "typename": "System.IO.StreamReader",
  514. "assembly": "netstandard"
  515. },
  516. {
  517. "typename": "System.IO.TextReader",
  518. "assembly": "netstandard"
  519. },
  520. {
  521. "typename": "System.Int32",
  522. "assembly": "netstandard"
  523. },
  524. {
  525. "typename": "System.Int64",
  526. "assembly": "netstandard"
  527. },
  528. {
  529. "typename": "System.Linq.Enumerable",
  530. "assembly": "netstandard"
  531. },
  532. {
  533. "typename": "System.Linq.IGrouping`2",
  534. "assembly": "netstandard"
  535. },
  536. {
  537. "typename": "System.Linq.IOrderedEnumerable`1",
  538. "assembly": "netstandard"
  539. },
  540. {
  541. "typename": "System.Math",
  542. "assembly": "netstandard"
  543. },
  544. {
  545. "typename": "System.NotSupportedException",
  546. "assembly": "netstandard"
  547. },
  548. {
  549. "typename": "System.Nullable`1",
  550. "assembly": "netstandard"
  551. },
  552. {
  553. "typename": "System.Object",
  554. "assembly": "netstandard"
  555. },
  556. {
  557. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  558. "assembly": "netstandard"
  559. },
  560. {
  561. "typename": "System.Runtime.CompilerServices.IteratorStateMachineAttribute",
  562. "assembly": "netstandard"
  563. },
  564. {
  565. "typename": "System.Runtime.CompilerServices.TupleElementNamesAttribute",
  566. "assembly": "netstandard"
  567. },
  568. {
  569. "typename": "System.String",
  570. "assembly": "netstandard"
  571. },
  572. {
  573. "typename": "System.Text.Encoding",
  574. "assembly": "netstandard"
  575. },
  576. {
  577. "typename": "System.Text.RegularExpressions.Capture",
  578. "assembly": "netstandard"
  579. },
  580. {
  581. "typename": "System.Text.RegularExpressions.Group",
  582. "assembly": "netstandard"
  583. },
  584. {
  585. "typename": "System.Text.RegularExpressions.GroupCollection",
  586. "assembly": "netstandard"
  587. },
  588. {
  589. "typename": "System.Text.RegularExpressions.Match",
  590. "assembly": "netstandard"
  591. },
  592. {
  593. "typename": "System.Text.RegularExpressions.Regex",
  594. "assembly": "netstandard"
  595. },
  596. {
  597. "typename": "System.Text.RegularExpressions.RegexOptions",
  598. "assembly": "netstandard"
  599. },
  600. {
  601. "typename": "System.Text.StringBuilder",
  602. "assembly": "netstandard"
  603. },
  604. {
  605. "typename": "System.Type",
  606. "assembly": "netstandard"
  607. },
  608. {
  609. "typename": "System.UInt32",
  610. "assembly": "netstandard"
  611. },
  612. {
  613. "typename": "System.ValueTuple`2",
  614. "assembly": "netstandard"
  615. }
  616. ]
  617. },
  618. "pe": {
  619. "peid_signatures": null,
  620. "imports": [
  621. {
  622. "imports": [
  623. {
  624. "name": "_CorExeMain",
  625. "address": "0x402000"
  626. }
  627. ],
  628. "dll": "mscoree.dll"
  629. }
  630. ],
  631. "digital_signers": null,
  632. "exported_dll_name": null,
  633. "actual_checksum": "0x00032488",
  634. "overlay": null,
  635. "imagebase": "0x00400000",
  636. "reported_checksum": "0x00000000",
  637. "icon_hash": null,
  638. "entrypoint": "0x0042b03e",
  639. "timestamp": "2019-06-24 18:24:33",
  640. "osversion": "4.0",
  641. "sections": [
  642. {
  643. "name": ".text",
  644. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  645. "virtual_address": "0x00002000",
  646. "size_of_data": "0x00029200",
  647. "entropy": "7.74",
  648. "raw_address": "0x00000200",
  649. "virtual_size": "0x00029044",
  650. "characteristics_raw": "0x60000020"
  651. },
  652. {
  653. "name": ".rsrc",
  654. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  655. "virtual_address": "0x0002c000",
  656. "size_of_data": "0x00001200",
  657. "entropy": "4.52",
  658. "raw_address": "0x00029400",
  659. "virtual_size": "0x00001184",
  660. "characteristics_raw": "0x40000040"
  661. },
  662. {
  663. "name": ".reloc",
  664. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  665. "virtual_address": "0x0002e000",
  666. "size_of_data": "0x00000200",
  667. "entropy": "0.10",
  668. "raw_address": "0x0002a600",
  669. "virtual_size": "0x0000000c",
  670. "characteristics_raw": "0x42000040"
  671. }
  672. ],
  673. "resources": [],
  674. "dirents": [
  675. {
  676. "virtual_address": "0x00000000",
  677. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  678. "size": "0x00000000"
  679. },
  680. {
  681. "virtual_address": "0x0002aff0",
  682. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  683. "size": "0x0000004b"
  684. },
  685. {
  686. "virtual_address": "0x0002c000",
  687. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  688. "size": "0x00001184"
  689. },
  690. {
  691. "virtual_address": "0x00000000",
  692. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  693. "size": "0x00000000"
  694. },
  695. {
  696. "virtual_address": "0x00000000",
  697. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  698. "size": "0x00000000"
  699. },
  700. {
  701. "virtual_address": "0x0002e000",
  702. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  703. "size": "0x0000000c"
  704. },
  705. {
  706. "virtual_address": "0x00000000",
  707. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  708. "size": "0x00000000"
  709. },
  710. {
  711. "virtual_address": "0x00000000",
  712. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  713. "size": "0x00000000"
  714. },
  715. {
  716. "virtual_address": "0x00000000",
  717. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  718. "size": "0x00000000"
  719. },
  720. {
  721. "virtual_address": "0x00000000",
  722. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  723. "size": "0x00000000"
  724. },
  725. {
  726. "virtual_address": "0x00000000",
  727. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  728. "size": "0x00000000"
  729. },
  730. {
  731. "virtual_address": "0x00000000",
  732. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  733. "size": "0x00000000"
  734. },
  735. {
  736. "virtual_address": "0x00002000",
  737. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  738. "size": "0x00000008"
  739. },
  740. {
  741. "virtual_address": "0x00000000",
  742. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  743. "size": "0x00000000"
  744. },
  745. {
  746. "virtual_address": "0x00002008",
  747. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  748. "size": "0x00000048"
  749. },
  750. {
  751. "virtual_address": "0x00000000",
  752. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  753. "size": "0x00000000"
  754. }
  755. ],
  756. "exports": [],
  757. "guest_signers": {},
  758. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  759. "icon_fuzzy": null,
  760. "icon": null,
  761. "pdbpath": null,
  762. "imported_dll_count": 1,
  763. "versioninfo": []
  764. }
  765. }
  766.  
  767. [*] Resolved APIs: [
  768. "advapi32.dll.RegOpenKeyExW",
  769. "advapi32.dll.RegQueryInfoKeyW",
  770. "advapi32.dll.RegEnumKeyExW",
  771. "advapi32.dll.RegEnumValueW",
  772. "advapi32.dll.RegCloseKey",
  773. "advapi32.dll.RegQueryValueExW",
  774. "kernel32.dll.QueryActCtxW",
  775. "shlwapi.dll.UrlIsW"
  776. ]
  777.  
  778. [*] Static Analysis: {
  779. "dotnet": {
  780. "customattrs": [],
  781. "assemblyinfo": {
  782. "version": "0.0.0.0",
  783. "name": "XCkghoVkEa_repack"
  784. },
  785. "assemblyrefs": [
  786. {
  787. "version": "4.0.0.0",
  788. "name": "mscorlib"
  789. },
  790. {
  791. "version": "4.0.0.0",
  792. "name": "System"
  793. },
  794. {
  795. "version": "2.0.0.0",
  796. "name": "netstandard"
  797. },
  798. {
  799. "version": "0.0.0.0",
  800. "name": "XQuTpvyQwz"
  801. }
  802. ],
  803. "typerefs": [
  804. {
  805. "typename": "System.Diagnostics.Trace",
  806. "assembly": "System"
  807. },
  808. {
  809. "typename": "System.IO.Compression.CompressionMode",
  810. "assembly": "System"
  811. },
  812. {
  813. "typename": "System.IO.Compression.DeflateStream",
  814. "assembly": "System"
  815. },
  816. {
  817. "typename": "System.Text.RegularExpressions.Capture",
  818. "assembly": "System"
  819. },
  820. {
  821. "typename": "System.Text.RegularExpressions.Group",
  822. "assembly": "System"
  823. },
  824. {
  825. "typename": "System.Text.RegularExpressions.GroupCollection",
  826. "assembly": "System"
  827. },
  828. {
  829. "typename": "System.Text.RegularExpressions.Match",
  830. "assembly": "System"
  831. },
  832. {
  833. "typename": "System.Text.RegularExpressions.Regex",
  834. "assembly": "System"
  835. },
  836. {
  837. "typename": "System.Text.RegularExpressions.RegexOptions",
  838. "assembly": "System"
  839. },
  840. {
  841. "typename": "StubSite.get_HmacKey",
  842. "assembly": "XQuTpvyQwz"
  843. },
  844. {
  845. "typename": "Microsoft.Win32.Registry",
  846. "assembly": "mscorlib"
  847. },
  848. {
  849. "typename": "Microsoft.Win32.RegistryKey",
  850. "assembly": "mscorlib"
  851. },
  852. {
  853. "typename": "System.AppDomain",
  854. "assembly": "mscorlib"
  855. },
  856. {
  857. "typename": "System.Byte",
  858. "assembly": "mscorlib"
  859. },
  860. {
  861. "typename": "System.Collections.Generic.Dictionary`2",
  862. "assembly": "mscorlib"
  863. },
  864. {
  865. "typename": "System.Convert",
  866. "assembly": "mscorlib"
  867. },
  868. {
  869. "typename": "System.Exception",
  870. "assembly": "mscorlib"
  871. },
  872. {
  873. "typename": "System.Guid",
  874. "assembly": "mscorlib"
  875. },
  876. {
  877. "typename": "System.IDisposable",
  878. "assembly": "mscorlib"
  879. },
  880. {
  881. "typename": "System.IO.Directory",
  882. "assembly": "mscorlib"
  883. },
  884. {
  885. "typename": "System.IO.DirectoryInfo",
  886. "assembly": "mscorlib"
  887. },
  888. {
  889. "typename": "System.IO.File",
  890. "assembly": "mscorlib"
  891. },
  892. {
  893. "typename": "System.IO.FileInfo",
  894. "assembly": "mscorlib"
  895. },
  896. {
  897. "typename": "System.IO.FileSystemInfo",
  898. "assembly": "mscorlib"
  899. },
  900. {
  901. "typename": "System.IO.Path",
  902. "assembly": "mscorlib"
  903. },
  904. {
  905. "typename": "System.IO.Stream",
  906. "assembly": "mscorlib"
  907. },
  908. {
  909. "typename": "System.Int32",
  910. "assembly": "mscorlib"
  911. },
  912. {
  913. "typename": "System.IntPtr",
  914. "assembly": "mscorlib"
  915. },
  916. {
  917. "typename": "System.Nullable`1",
  918. "assembly": "mscorlib"
  919. },
  920. {
  921. "typename": "System.Object",
  922. "assembly": "mscorlib"
  923. },
  924. {
  925. "typename": "System.Reflection.Assembly",
  926. "assembly": "mscorlib"
  927. },
  928. {
  929. "typename": "System.Reflection.AssemblyName",
  930. "assembly": "mscorlib"
  931. },
  932. {
  933. "typename": "System.Reflection.MemberInfo",
  934. "assembly": "mscorlib"
  935. },
  936. {
  937. "typename": "System.ResolveEventArgs",
  938. "assembly": "mscorlib"
  939. },
  940. {
  941. "typename": "System.ResolveEventHandler",
  942. "assembly": "mscorlib"
  943. },
  944. {
  945. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  946. "assembly": "mscorlib"
  947. },
  948. {
  949. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  950. "assembly": "mscorlib"
  951. },
  952. {
  953. "typename": "System.RuntimeTypeHandle",
  954. "assembly": "mscorlib"
  955. },
  956. {
  957. "typename": "System.STAThreadAttribute",
  958. "assembly": "mscorlib"
  959. },
  960. {
  961. "typename": "System.Security.Cryptography.HashAlgorithm",
  962. "assembly": "mscorlib"
  963. },
  964. {
  965. "typename": "System.Security.Cryptography.MD5",
  966. "assembly": "mscorlib"
  967. },
  968. {
  969. "typename": "System.String",
  970. "assembly": "mscorlib"
  971. },
  972. {
  973. "typename": "System.Text.Encoding",
  974. "assembly": "mscorlib"
  975. },
  976. {
  977. "typename": "System.Threading.Interlocked",
  978. "assembly": "mscorlib"
  979. },
  980. {
  981. "typename": "System.Threading.Monitor",
  982. "assembly": "mscorlib"
  983. },
  984. {
  985. "typename": "System.Type",
  986. "assembly": "mscorlib"
  987. },
  988. {
  989. "typename": "System.Action`1",
  990. "assembly": "netstandard"
  991. },
  992. {
  993. "typename": "System.Array",
  994. "assembly": "netstandard"
  995. },
  996. {
  997. "typename": "System.BitConverter",
  998. "assembly": "netstandard"
  999. },
  1000. {
  1001. "typename": "System.Byte",
  1002. "assembly": "netstandard"
  1003. },
  1004. {
  1005. "typename": "System.Char",
  1006. "assembly": "netstandard"
  1007. },
  1008. {
  1009. "typename": "System.Collections.Generic.Dictionary`2",
  1010. "assembly": "netstandard"
  1011. },
  1012. {
  1013. "typename": "System.Collections.Generic.Dictionary`2/Enumerator",
  1014. "assembly": "netstandard"
  1015. },
  1016. {
  1017. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection",
  1018. "assembly": "netstandard"
  1019. },
  1020. {
  1021. "typename": "System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator",
  1022. "assembly": "netstandard"
  1023. },
  1024. {
  1025. "typename": "System.Collections.Generic.EqualityComparer`1",
  1026. "assembly": "netstandard"
  1027. },
  1028. {
  1029. "typename": "System.Collections.Generic.HashSet`1",
  1030. "assembly": "netstandard"
  1031. },
  1032. {
  1033. "typename": "System.Collections.Generic.HashSet`1/Enumerator",
  1034. "assembly": "netstandard"
  1035. },
  1036. {
  1037. "typename": "System.Collections.Generic.IEnumerable`1",
  1038. "assembly": "netstandard"
  1039. },
  1040. {
  1041. "typename": "System.Collections.Generic.IEnumerator`1",
  1042. "assembly": "netstandard"
  1043. },
  1044. {
  1045. "typename": "System.Collections.Generic.IReadOnlyCollection`1",
  1046. "assembly": "netstandard"
  1047. },
  1048. {
  1049. "typename": "System.Collections.Generic.IReadOnlyDictionary`2",
  1050. "assembly": "netstandard"
  1051. },
  1052. {
  1053. "typename": "System.Collections.Generic.IReadOnlyList`1",
  1054. "assembly": "netstandard"
  1055. },
  1056. {
  1057. "typename": "System.Collections.Generic.KeyValuePair`2",
  1058. "assembly": "netstandard"
  1059. },
  1060. {
  1061. "typename": "System.Collections.Generic.List`1",
  1062. "assembly": "netstandard"
  1063. },
  1064. {
  1065. "typename": "System.Collections.Generic.List`1/Enumerator",
  1066. "assembly": "netstandard"
  1067. },
  1068. {
  1069. "typename": "System.Collections.Generic.Queue`1",
  1070. "assembly": "netstandard"
  1071. },
  1072. {
  1073. "typename": "System.Collections.IEnumerable",
  1074. "assembly": "netstandard"
  1075. },
  1076. {
  1077. "typename": "System.Collections.IEnumerator",
  1078. "assembly": "netstandard"
  1079. },
  1080. {
  1081. "typename": "System.Console",
  1082. "assembly": "netstandard"
  1083. },
  1084. {
  1085. "typename": "System.Convert",
  1086. "assembly": "netstandard"
  1087. },
  1088. {
  1089. "typename": "System.DateTime",
  1090. "assembly": "netstandard"
  1091. },
  1092. {
  1093. "typename": "System.DateTimeOffset",
  1094. "assembly": "netstandard"
  1095. },
  1096. {
  1097. "typename": "System.Diagnostics.DebuggerBrowsableAttribute",
  1098. "assembly": "netstandard"
  1099. },
  1100. {
  1101. "typename": "System.Diagnostics.DebuggerBrowsableState",
  1102. "assembly": "netstandard"
  1103. },
  1104. {
  1105. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  1106. "assembly": "netstandard"
  1107. },
  1108. {
  1109. "typename": "System.Enum",
  1110. "assembly": "netstandard"
  1111. },
  1112. {
  1113. "typename": "System.Environment",
  1114. "assembly": "netstandard"
  1115. },
  1116. {
  1117. "typename": "System.Exception",
  1118. "assembly": "netstandard"
  1119. },
  1120. {
  1121. "typename": "System.Func`2",
  1122. "assembly": "netstandard"
  1123. },
  1124. {
  1125. "typename": "System.Func`3",
  1126. "assembly": "netstandard"
  1127. },
  1128. {
  1129. "typename": "System.Func`4",
  1130. "assembly": "netstandard"
  1131. },
  1132. {
  1133. "typename": "System.IDisposable",
  1134. "assembly": "netstandard"
  1135. },
  1136. {
  1137. "typename": "System.IFormatProvider",
  1138. "assembly": "netstandard"
  1139. },
  1140. {
  1141. "typename": "System.IO.Compression.CompressionMode",
  1142. "assembly": "netstandard"
  1143. },
  1144. {
  1145. "typename": "System.IO.Compression.DeflateStream",
  1146. "assembly": "netstandard"
  1147. },
  1148. {
  1149. "typename": "System.IO.Directory",
  1150. "assembly": "netstandard"
  1151. },
  1152. {
  1153. "typename": "System.IO.File",
  1154. "assembly": "netstandard"
  1155. },
  1156. {
  1157. "typename": "System.IO.FileStream",
  1158. "assembly": "netstandard"
  1159. },
  1160. {
  1161. "typename": "System.IO.MemoryStream",
  1162. "assembly": "netstandard"
  1163. },
  1164. {
  1165. "typename": "System.IO.Path",
  1166. "assembly": "netstandard"
  1167. },
  1168. {
  1169. "typename": "System.IO.SeekOrigin",
  1170. "assembly": "netstandard"
  1171. },
  1172. {
  1173. "typename": "System.IO.Stream",
  1174. "assembly": "netstandard"
  1175. },
  1176. {
  1177. "typename": "System.IO.StreamReader",
  1178. "assembly": "netstandard"
  1179. },
  1180. {
  1181. "typename": "System.IO.TextReader",
  1182. "assembly": "netstandard"
  1183. },
  1184. {
  1185. "typename": "System.Int32",
  1186. "assembly": "netstandard"
  1187. },
  1188. {
  1189. "typename": "System.Int64",
  1190. "assembly": "netstandard"
  1191. },
  1192. {
  1193. "typename": "System.Linq.Enumerable",
  1194. "assembly": "netstandard"
  1195. },
  1196. {
  1197. "typename": "System.Linq.IGrouping`2",
  1198. "assembly": "netstandard"
  1199. },
  1200. {
  1201. "typename": "System.Linq.IOrderedEnumerable`1",
  1202. "assembly": "netstandard"
  1203. },
  1204. {
  1205. "typename": "System.Math",
  1206. "assembly": "netstandard"
  1207. },
  1208. {
  1209. "typename": "System.NotSupportedException",
  1210. "assembly": "netstandard"
  1211. },
  1212. {
  1213. "typename": "System.Nullable`1",
  1214. "assembly": "netstandard"
  1215. },
  1216. {
  1217. "typename": "System.Object",
  1218. "assembly": "netstandard"
  1219. },
  1220. {
  1221. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1222. "assembly": "netstandard"
  1223. },
  1224. {
  1225. "typename": "System.Runtime.CompilerServices.IteratorStateMachineAttribute",
  1226. "assembly": "netstandard"
  1227. },
  1228. {
  1229. "typename": "System.Runtime.CompilerServices.TupleElementNamesAttribute",
  1230. "assembly": "netstandard"
  1231. },
  1232. {
  1233. "typename": "System.String",
  1234. "assembly": "netstandard"
  1235. },
  1236. {
  1237. "typename": "System.Text.Encoding",
  1238. "assembly": "netstandard"
  1239. },
  1240. {
  1241. "typename": "System.Text.RegularExpressions.Capture",
  1242. "assembly": "netstandard"
  1243. },
  1244. {
  1245. "typename": "System.Text.RegularExpressions.Group",
  1246. "assembly": "netstandard"
  1247. },
  1248. {
  1249. "typename": "System.Text.RegularExpressions.GroupCollection",
  1250. "assembly": "netstandard"
  1251. },
  1252. {
  1253. "typename": "System.Text.RegularExpressions.Match",
  1254. "assembly": "netstandard"
  1255. },
  1256. {
  1257. "typename": "System.Text.RegularExpressions.Regex",
  1258. "assembly": "netstandard"
  1259. },
  1260. {
  1261. "typename": "System.Text.RegularExpressions.RegexOptions",
  1262. "assembly": "netstandard"
  1263. },
  1264. {
  1265. "typename": "System.Text.StringBuilder",
  1266. "assembly": "netstandard"
  1267. },
  1268. {
  1269. "typename": "System.Type",
  1270. "assembly": "netstandard"
  1271. },
  1272. {
  1273. "typename": "System.UInt32",
  1274. "assembly": "netstandard"
  1275. },
  1276. {
  1277. "typename": "System.ValueTuple`2",
  1278. "assembly": "netstandard"
  1279. }
  1280. ]
  1281. },
  1282. "pe": {
  1283. "peid_signatures": null,
  1284. "imports": [
  1285. {
  1286. "imports": [
  1287. {
  1288. "name": "_CorExeMain",
  1289. "address": "0x402000"
  1290. }
  1291. ],
  1292. "dll": "mscoree.dll"
  1293. }
  1294. ],
  1295. "digital_signers": null,
  1296. "exported_dll_name": null,
  1297. "actual_checksum": "0x00032488",
  1298. "overlay": null,
  1299. "imagebase": "0x00400000",
  1300. "reported_checksum": "0x00000000",
  1301. "icon_hash": null,
  1302. "entrypoint": "0x0042b03e",
  1303. "timestamp": "2019-06-24 18:24:33",
  1304. "osversion": "4.0",
  1305. "sections": [
  1306. {
  1307. "name": ".text",
  1308. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1309. "virtual_address": "0x00002000",
  1310. "size_of_data": "0x00029200",
  1311. "entropy": "7.74",
  1312. "raw_address": "0x00000200",
  1313. "virtual_size": "0x00029044",
  1314. "characteristics_raw": "0x60000020"
  1315. },
  1316. {
  1317. "name": ".rsrc",
  1318. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1319. "virtual_address": "0x0002c000",
  1320. "size_of_data": "0x00001200",
  1321. "entropy": "4.52",
  1322. "raw_address": "0x00029400",
  1323. "virtual_size": "0x00001184",
  1324. "characteristics_raw": "0x40000040"
  1325. },
  1326. {
  1327. "name": ".reloc",
  1328. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1329. "virtual_address": "0x0002e000",
  1330. "size_of_data": "0x00000200",
  1331. "entropy": "0.10",
  1332. "raw_address": "0x0002a600",
  1333. "virtual_size": "0x0000000c",
  1334. "characteristics_raw": "0x42000040"
  1335. }
  1336. ],
  1337. "resources": [],
  1338. "dirents": [
  1339. {
  1340. "virtual_address": "0x00000000",
  1341. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1342. "size": "0x00000000"
  1343. },
  1344. {
  1345. "virtual_address": "0x0002aff0",
  1346. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1347. "size": "0x0000004b"
  1348. },
  1349. {
  1350. "virtual_address": "0x0002c000",
  1351. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1352. "size": "0x00001184"
  1353. },
  1354. {
  1355. "virtual_address": "0x00000000",
  1356. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1357. "size": "0x00000000"
  1358. },
  1359. {
  1360. "virtual_address": "0x00000000",
  1361. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1362. "size": "0x00000000"
  1363. },
  1364. {
  1365. "virtual_address": "0x0002e000",
  1366. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1367. "size": "0x0000000c"
  1368. },
  1369. {
  1370. "virtual_address": "0x00000000",
  1371. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1372. "size": "0x00000000"
  1373. },
  1374. {
  1375. "virtual_address": "0x00000000",
  1376. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1377. "size": "0x00000000"
  1378. },
  1379. {
  1380. "virtual_address": "0x00000000",
  1381. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1382. "size": "0x00000000"
  1383. },
  1384. {
  1385. "virtual_address": "0x00000000",
  1386. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1387. "size": "0x00000000"
  1388. },
  1389. {
  1390. "virtual_address": "0x00000000",
  1391. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1392. "size": "0x00000000"
  1393. },
  1394. {
  1395. "virtual_address": "0x00000000",
  1396. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1397. "size": "0x00000000"
  1398. },
  1399. {
  1400. "virtual_address": "0x00002000",
  1401. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1402. "size": "0x00000008"
  1403. },
  1404. {
  1405. "virtual_address": "0x00000000",
  1406. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1407. "size": "0x00000000"
  1408. },
  1409. {
  1410. "virtual_address": "0x00002008",
  1411. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1412. "size": "0x00000048"
  1413. },
  1414. {
  1415. "virtual_address": "0x00000000",
  1416. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1417. "size": "0x00000000"
  1418. }
  1419. ],
  1420. "exports": [],
  1421. "guest_signers": {},
  1422. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1423. "icon_fuzzy": null,
  1424. "icon": null,
  1425. "pdbpath": null,
  1426. "imported_dll_count": 1,
  1427. "versioninfo": []
  1428. }
  1429. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!