Exes_f9dd4bbd_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_f9dd4bbd.exe"
7. [*] File Size: 3734809
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "7f5fbfd053d1e45a40c306a9ad0e0f06fa0ad05aeced3ad33fd89cc475058a48"
10. [*] MD5: "90e441e430c784a46042cb8c28381e74"
11. [*] SHA1: "216e0b067ddfc972e123f8fcf8b68131fd78e7c9"
12. [*] SHA512: "25715201381a050f1aa20cfb3888dfc94248ecc8a5102eaec066b9bd4cfbc3493ba7c2e2fc9f3806f784a2d3c09ad4508c6ab1600c9f3e1bf3b2c992b4ffc03f"
13. [*] CRC32: "F9DD4BBD"
14. [*] SSDEEP: "98304:fF7UNnfsY111sidcvSLhLDWRGiGONeChvh78//17r:0fsY1ruoW4UA//17r"
15.  
16. [*] Process Execution: [
17. "Exes_f9dd4bbd.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Reads data out of its own binary image",
27. "Details": [
28. {
29. "self_read": "process: Exes_f9dd4bbd.exe, pid: 612, offset: 0x0002c000, length: 0x000001ef"
30. },
31. {
32. "self_read": "process: Exes_f9dd4bbd.exe, pid: 612, offset: 0x0002c216, length: 0x000000af"
33. },
34. {
35. "self_read": "process: Exes_f9dd4bbd.exe, pid: 612, offset: 0x0002c31c, length: 0x00000365"
36. },
37. {
38. "self_read": "process: Exes_f9dd4bbd.exe, pid: 612, offset: 0x000387fe, length: 0x00000409"
39. },
40. {
41. "self_read": "process: Exes_f9dd4bbd.exe, pid: 612, offset: 0x00038db9, length: 0x00356f60"
42. }
43. ]
44. },
45. {
46. "Description": "Performs some HTTP requests",
47. "Details": [
48. {
49. "url": "http://xss777.free.fr/inv_dom/inv_dom_suppr.php?sn_c=-1044007345"
50. },
51. {
52. "url": "http://xss777.free.fr/inv_dom/inv_dom_log.php?sn_c=-1044007345&Session=user&Action=SUPPR"
53. }
54. ]
55. },
56. {
57. "Description": "File has been identified by 36 Antiviruses on VirusTotal as malicious",
58. "Details": [
59. {
60. "MicroWorld-eScan": "Trojan.Generic.1566286"
61. },
62. {
63. "CMC": "Trojan-Downloader.Win32.Agent!O"
64. },
65. {
66. "McAfee": "Artemis!90E441E430C7"
67. },
68. {
69. "Cylance": "Unsafe"
70. },
71. {
72. "BitDefender": "Trojan.Generic.1566286"
73. },
74. {
75. "K7GW": "Riskware ( 0040eff71 )"
76. },
77. {
78. "K7AntiVirus": "Riskware ( 0040eff71 )"
79. },
80. {
81. "NANO-Antivirus": "Trojan.Win32.Agent.cvtmgu"
82. },
83. {
84. "F-Prot": "W32/DldrX.CSNE"
85. },
86. {
87. "Paloalto": "generic.ml"
88. },
89. {
90. "GData": "Trojan.Generic.1566286"
91. },
92. {
93. "Alibaba": "Trojan:Application/Generic.a45b7fa1"
94. },
95. {
96. "AegisLab": "Trojan.Win32.Agent.a!c"
97. },
98. {
99. "Avast": "FileRepMetagen [Malware]"
100. },
101. {
102. "Comodo": "Malware@#18hpag33g5kqa"
103. },
104. {
105. "F-Secure": "Trojan.TR/Dldr.Agent.bijt"
106. },
107. {
108. "DrWeb": "Trojan.DownLoad1.10204"
109. },
110. {
111. "Qihoo-360": "Win32/Trojan.Downloader.545"
112. },
113. {
114. "McAfee-GW-Edition": "Artemis!Trojan"
115. },
116. {
117. "Emsisoft": "Trojan.Generic.1566286 (B)"
118. },
119. {
120. "Cyren": "W32/Downloader.SXPC-0365"
121. },
122. {
123. "Webroot": "W32.Malware.Gen"
124. },
125. {
126. "Avira": "TR/Dldr.Agent.bijt"
127. },
128. {
129. "Microsoft": "Trojan:Win32/Vigorf.A"
130. },
131. {
132. "Arcabit": "Trojan.Generic.D17E64E"
133. },
134. {
135. "VBA32": "TrojanDownloader.Agent"
136. },
137. {
138. "ALYac": "Trojan.Generic.1566286"
139. },
140. {
141. "MAX": "malware (ai score=99)"
142. },
143. {
144. "Ad-Aware": "Trojan.Generic.1566286"
145. },
146. {
147. "Yandex": "Trojan.DL.Troxen!fIUPQXZLRR4"
148. },
149. {
150. "eGambit": "Generic.Downloader"
151. },
152. {
153. "Fortinet": "W32/Agent.BIJT!tr.dldr"
154. },
155. {
156. "AVG": "FileRepMetagen [Malware]"
157. },
158. {
159. "Cybereason": "malicious.430c78"
160. },
161. {
162. "Panda": "Generic Malware"
163. },
164. {
165. "MaxSecure": "Trojan.Malware.11581628.susgen"
166. }
167. ]
168. }
169. ]
170.  
171. [*] Started Service: []
172.  
173. [*] Created Services: []
174.  
175. [*] Mutexes: [
176. "WD_EXTERN_DBG_EXES_F9DD4BBD_Mutex"
177. ]
178.  
179. [*] Modified Files: [
180. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120VM.DLL",
181. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120COM.DLL",
182. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120STD.DLL",
183. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120CPL.DLL",
184. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120IMG.DLL",
185. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120IMG2.DLL",
186. "C:\\Users\\user\\AppData\\Local\\Temp\\WD120TEST.DLL"
187. ]
188.  
189. [*] Deleted Files: [
190. "C:\\Windows\\spoolsv.exe"
191. ]
192.  
193. [*] Modified Registry Keys: []
194.  
195. [*] Deleted Registry Keys: []
196.  
197. [*] DNS Communications: [
198. {
199. "type": "A",
200. "request": "xss777.free.fr",
201. "answers": [
202. {
203. "data": "perso136-g5.free.fr",
204. "type": "CNAME"
205. },
206. {
207. "data": "212.27.63.136",
208. "type": "A"
209. }
210. ]
211. }
212. ]
213.  
214. [*] Domains: [
215. {
216. "ip": "212.27.63.136",
217. "domain": "xss777.free.fr"
218. }
219. ]
220.  
221. [*] Network Communication - ICMP: []
222.  
223. [*] Network Communication - HTTP: [
224. {
225. "count": 1,
226. "body": "",
227. "uri": "http://xss777.free.fr/inv_dom/inv_dom_suppr.php?sn_c=-1044007345",
228. "user-agent": "PC SOFT Framework",
229. "method": "GET",
230. "host": "xss777.free.fr",
231. "version": "1.1",
232. "path": "/inv_dom/inv_dom_suppr.php?sn_c=-1044007345",
233. "data": "GET /inv_dom/inv_dom_suppr.php?sn_c=-1044007345 HTTP/1.1\r\nUser-Agent: PC SOFT Framework\r\nHost: xss777.free.fr\r\nAccept: */*\r\nConnection: close\r\n\r\n\r\n",
234. "port": 80
235. },
236. {
237. "count": 1,
238. "body": "",
239. "uri": "http://xss777.free.fr/inv_dom/inv_dom_log.php?sn_c=-1044007345&Session=user&Action=SUPPR",
240. "user-agent": "1.00Ab",
241. "method": "GET",
242. "host": "xss777.free.fr",
243. "version": "1.1",
244. "path": "/inv_dom/inv_dom_log.php?sn_c=-1044007345&Session=user&Action=SUPPR",
245. "data": "GET /inv_dom/inv_dom_log.php?sn_c=-1044007345&Session=user&Action=SUPPR HTTP/1.1\r\nUser-Agent: 1.00Ab\r\nHost: xss777.free.fr\r\nAccept: */*\r\nConnection: close\r\n\r\n\r\n",
246. "port": 80
247. }
248. ]
249.  
250. [*] Network Communication - SMTP: []
251.  
252. [*] Network Communication - Hosts: []
253.  
254. [*] Network Communication - IRC: []
255.  
256. [*] Static Analysis: {
257. "pe": {
258. "peid_signatures": null,
259. "imports": [
260. {
261. "imports": [
262. {
263. "name": "_controlfp",
264. "address": "0x411168"
265. },
266. {
267. "name": "_except_handler3",
268. "address": "0x41116c"
269. },
270. {
271. "name": "__set_app_type",
272. "address": "0x411170"
273. },
274. {
275. "name": "__p__fmode",
276. "address": "0x411174"
277. },
278. {
279. "name": "__p__commode",
280. "address": "0x411178"
281. },
282. {
283. "name": "_adjust_fdiv",
284. "address": "0x41117c"
285. },
286. {
287. "name": "__setusermatherr",
288. "address": "0x411180"
289. },
290. {
291. "name": "_initterm",
292. "address": "0x411184"
293. },
294. {
295. "name": "__getmainargs",
296. "address": "0x411188"
297. },
298. {
299. "name": "_acmdln",
300. "address": "0x41118c"
301. },
302. {
303. "name": "exit",
304. "address": "0x411190"
305. },
306. {
307. "name": "_XcptFilter",
308. "address": "0x411194"
309. },
310. {
311. "name": "_exit",
312. "address": "0x411198"
313. },
314. {
315. "name": "??1type_info@@UAE@XZ",
316. "address": "0x41119c"
317. },
318. {
319. "name": "_onexit",
320. "address": "0x4111a0"
321. },
322. {
323. "name": "__dllonexit",
324. "address": "0x4111a4"
325. },
326. {
327. "name": "isdigit",
328. "address": "0x4111a8"
329. },
330. {
331. "name": "vsprintf",
332. "address": "0x4111ac"
333. },
334. {
335. "name": "_mbclen",
336. "address": "0x4111b0"
337. },
338. {
339. "name": "_mbsinc",
340. "address": "0x4111b4"
341. },
342. {
343. "name": "_ismbcspace",
344. "address": "0x4111b8"
345. },
346. {
347. "name": "atoi",
348. "address": "0x4111bc"
349. },
350. {
351. "name": "realloc",
352. "address": "0x4111c0"
353. },
354. {
355. "name": "_mbctoupper",
356. "address": "0x4111c4"
357. },
358. {
359. "name": "_mbspbrk",
360. "address": "0x4111c8"
361. },
362. {
363. "name": "_mbsrchr",
364. "address": "0x4111cc"
365. },
366. {
367. "name": "_makepath",
368. "address": "0x4111d0"
369. },
370. {
371. "name": "_stati64",
372. "address": "0x4111d4"
373. },
374. {
375. "name": "memmove",
376. "address": "0x4111d8"
377. },
378. {
379. "name": "_mbsstr",
380. "address": "0x4111dc"
381. },
382. {
383. "name": "wcscat",
384. "address": "0x4111e0"
385. },
386. {
387. "name": "wcschr",
388. "address": "0x4111e4"
389. },
390. {
391. "name": "_mbschr",
392. "address": "0x4111e8"
393. },
394. {
395. "name": "memchr",
396. "address": "0x4111ec"
397. },
398. {
399. "name": "_vsnprintf",
400. "address": "0x4111f0"
401. },
402. {
403. "name": "wcslen",
404. "address": "0x4111f4"
405. },
406. {
407. "name": "_stricmp",
408. "address": "0x4111f8"
409. },
410. {
411. "name": "_mbscmp",
412. "address": "0x4111fc"
413. },
414. {
415. "name": "gmtime",
416. "address": "0x411200"
417. },
418. {
419. "name": "time",
420. "address": "0x411204"
421. },
422. {
423. "name": "free",
424. "address": "0x411208"
425. },
426. {
427. "name": "malloc",
428. "address": "0x41120c"
429. },
430. {
431. "name": "_mbsnbicmp",
432. "address": "0x411210"
433. },
434. {
435. "name": "_mbsnbcpy",
436. "address": "0x411214"
437. },
438. {
439. "name": "sprintf",
440. "address": "0x411218"
441. },
442. {
443. "name": "memset",
444. "address": "0x41121c"
445. },
446. {
447. "name": "strlen",
448. "address": "0x411220"
449. },
450. {
451. "name": "strncmp",
452. "address": "0x411224"
453. },
454. {
455. "name": "memcpy",
456. "address": "0x411228"
457. },
458. {
459. "name": "_mbsicmp",
460. "address": "0x41122c"
461. },
462. {
463. "name": "strcat",
464. "address": "0x411230"
465. },
466. {
467. "name": "strcpy",
468. "address": "0x411234"
469. },
470. {
471. "name": "??3@YAXPAX@Z",
472. "address": "0x411238"
473. },
474. {
475. "name": "??2@YAPAXI@Z",
476. "address": "0x41123c"
477. },
478. {
479. "name": "__CxxFrameHandler",
480. "address": "0x411240"
481. },
482. {
483. "name": "_CxxThrowException",
484. "address": "0x411244"
485. }
486. ],
487. "dll": "MSVCRT.dll"
488. },
489. {
490. "imports": [
491. {
492. "name": "UnmapViewOfFile",
493. "address": "0x411000"
494. },
495. {
496. "name": "RaiseException",
497. "address": "0x411004"
498. },
499. {
500. "name": "CreateThread",
501. "address": "0x411008"
502. },
503. {
504. "name": "TerminateThread",
505. "address": "0x41100c"
506. },
507. {
508. "name": "ResumeThread",
509. "address": "0x411010"
510. },
511. {
512. "name": "CreateProcessA",
513. "address": "0x411014"
514. },
515. {
516. "name": "InterlockedExchange",
517. "address": "0x411018"
518. },
519. {
520. "name": "MultiByteToWideChar",
521. "address": "0x41101c"
522. },
523. {
524. "name": "CompareStringA",
525. "address": "0x411020"
526. },
527. {
528. "name": "GetCurrentThreadId",
529. "address": "0x411024"
530. },
531. {
532. "name": "TlsFree",
533. "address": "0x411028"
534. },
535. {
536. "name": "TlsAlloc",
537. "address": "0x41102c"
538. },
539. {
540. "name": "VirtualProtect",
541. "address": "0x411030"
542. },
543. {
544. "name": "VirtualQuery",
545. "address": "0x411034"
546. },
547. {
548. "name": "TlsGetValue",
549. "address": "0x411038"
550. },
551. {
552. "name": "TlsSetValue",
553. "address": "0x41103c"
554. },
555. {
556. "name": "GetFullPathNameA",
557. "address": "0x411040"
558. },
559. {
560. "name": "FileTimeToSystemTime",
561. "address": "0x411044"
562. },
563. {
564. "name": "FileTimeToLocalFileTime",
565. "address": "0x411048"
566. },
567. {
568. "name": "FindNextFileA",
569. "address": "0x41104c"
570. },
571. {
572. "name": "SetFileAttributesA",
573. "address": "0x411050"
574. },
575. {
576. "name": "GetFileAttributesA",
577. "address": "0x411054"
578. },
579. {
580. "name": "FindClose",
581. "address": "0x411058"
582. },
583. {
584. "name": "FindFirstFileA",
585. "address": "0x41105c"
586. },
587. {
588. "name": "CreateDirectoryA",
589. "address": "0x411060"
590. },
591. {
592. "name": "CopyFileA",
593. "address": "0x411064"
594. },
595. {
596. "name": "MoveFileA",
597. "address": "0x411068"
598. },
599. {
600. "name": "DeleteFileA",
601. "address": "0x41106c"
602. },
603. {
604. "name": "GetVersion",
605. "address": "0x411070"
606. },
607. {
608. "name": "SetEndOfFile",
609. "address": "0x411074"
610. },
611. {
612. "name": "FlushFileBuffers",
613. "address": "0x411078"
614. },
615. {
616. "name": "UnlockFile",
617. "address": "0x41107c"
618. },
619. {
620. "name": "LockFile",
621. "address": "0x411080"
622. },
623. {
624. "name": "SetFilePointer",
625. "address": "0x411084"
626. },
627. {
628. "name": "WriteFile",
629. "address": "0x411088"
630. },
631. {
632. "name": "SetLastError",
633. "address": "0x41108c"
634. },
635. {
636. "name": "CreateFileA",
637. "address": "0x411090"
638. },
639. {
640. "name": "SetErrorMode",
641. "address": "0x411094"
642. },
643. {
644. "name": "WideCharToMultiByte",
645. "address": "0x411098"
646. },
647. {
648. "name": "GetDriveTypeA",
649. "address": "0x41109c"
650. },
651. {
652. "name": "GetVolumeInformationA",
653. "address": "0x4110a0"
654. },
655. {
656. "name": "GetLogicalDriveStringsA",
657. "address": "0x4110a4"
658. },
659. {
660. "name": "GetFileInformationByHandle",
661. "address": "0x4110a8"
662. },
663. {
664. "name": "lstrlenA",
665. "address": "0x4110ac"
666. },
667. {
668. "name": "LocalAlloc",
669. "address": "0x4110b0"
670. },
671. {
672. "name": "LeaveCriticalSection",
673. "address": "0x4110b4"
674. },
675. {
676. "name": "EnterCriticalSection",
677. "address": "0x4110b8"
678. },
679. {
680. "name": "DeleteCriticalSection",
681. "address": "0x4110bc"
682. },
683. {
684. "name": "InitializeCriticalSection",
685. "address": "0x4110c0"
686. },
687. {
688. "name": "CreateMailslotA",
689. "address": "0x4110c4"
690. },
691. {
692. "name": "ExpandEnvironmentStringsA",
693. "address": "0x4110c8"
694. },
695. {
696. "name": "GetLocalTime",
697. "address": "0x4110cc"
698. },
699. {
700. "name": "GetComputerNameA",
701. "address": "0x4110d0"
702. },
703. {
704. "name": "ReadFile",
705. "address": "0x4110d4"
706. },
707. {
708. "name": "GetMailslotInfo",
709. "address": "0x4110d8"
710. },
711. {
712. "name": "GetCommandLineA",
713. "address": "0x4110dc"
714. },
715. {
716. "name": "GetPrivateProfileStringA",
717. "address": "0x4110e0"
718. },
719. {
720. "name": "GetPrivateProfileIntA",
721. "address": "0x4110e4"
722. },
723. {
724. "name": "LocalFree",
725. "address": "0x4110e8"
726. },
727. {
728. "name": "FormatMessageA",
729. "address": "0x4110ec"
730. },
731. {
732. "name": "LoadLibraryA",
733. "address": "0x4110f0"
734. },
735. {
736. "name": "GetModuleFileNameA",
737. "address": "0x4110f4"
738. },
739. {
740. "name": "GetProcAddress",
741. "address": "0x4110f8"
742. },
743. {
744. "name": "FreeLibrary",
745. "address": "0x4110fc"
746. },
747. {
748. "name": "GetSystemDefaultLangID",
749. "address": "0x411100"
750. },
751. {
752. "name": "FindResourceA",
753. "address": "0x411104"
754. },
755. {
756. "name": "LoadResource",
757. "address": "0x411108"
758. },
759. {
760. "name": "LockResource",
761. "address": "0x41110c"
762. },
763. {
764. "name": "FreeResource",
765. "address": "0x411110"
766. },
767. {
768. "name": "GetProfileStringA",
769. "address": "0x411114"
770. },
771. {
772. "name": "Sleep",
773. "address": "0x411118"
774. },
775. {
776. "name": "GetExitCodeProcess",
777. "address": "0x41111c"
778. },
779. {
780. "name": "CloseHandle",
781. "address": "0x411120"
782. },
783. {
784. "name": "CreateFileMappingA",
785. "address": "0x411124"
786. },
787. {
788. "name": "GetLastError",
789. "address": "0x411128"
790. },
791. {
792. "name": "MapViewOfFile",
793. "address": "0x41112c"
794. },
795. {
796. "name": "OpenFileMappingA",
797. "address": "0x411130"
798. },
799. {
800. "name": "GetVersionExA",
801. "address": "0x411134"
802. },
803. {
804. "name": "GetModuleHandleA",
805. "address": "0x411138"
806. },
807. {
808. "name": "CreateEventA",
809. "address": "0x41113c"
810. },
811. {
812. "name": "GetStartupInfoA",
813. "address": "0x411140"
814. },
815. {
816. "name": "MulDiv",
817. "address": "0x411144"
818. },
819. {
820. "name": "SetEvent",
821. "address": "0x411148"
822. },
823. {
824. "name": "CreateMutexA",
825. "address": "0x41114c"
826. },
827. {
828. "name": "WaitForSingleObject",
829. "address": "0x411150"
830. },
831. {
832. "name": "ReleaseMutex",
833. "address": "0x411154"
834. },
835. {
836. "name": "GetCurrentProcessId",
837. "address": "0x411158"
838. },
839. {
840. "name": "GetTempPathA",
841. "address": "0x41115c"
842. },
843. {
844. "name": "GetTempFileNameA",
845. "address": "0x411160"
846. }
847. ],
848. "dll": "KERNEL32.dll"
849. }
850. ],
851. "digital_signers": null,
852. "exported_dll_name": "WDExe.exe",
853. "actual_checksum": "0x00391286",
854. "overlay": {
855. "size": "0x00363d19",
856. "offset": "0x0002c000"
857. },
858. "imagebase": "0x00400000",
859. "reported_checksum": "0x00000000",
860. "icon_hash": null,
861. "entrypoint": "0x0040f626",
862. "timestamp": "2008-05-15 13:50:19",
863. "osversion": "4.0",
864. "sections": [
865. {
866. "name": ".text",
867. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
868. "virtual_address": "0x00001000",
869. "size_of_data": "0x00010000",
870. "entropy": "6.25",
871. "raw_address": "0x00001000",
872. "virtual_size": "0x0000f47a",
873. "characteristics_raw": "0x60000020"
874. },
875. {
876. "name": ".rdata",
877. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
878. "virtual_address": "0x00011000",
879. "size_of_data": "0x00006000",
880. "entropy": "5.28",
881. "raw_address": "0x00011000",
882. "virtual_size": "0x0000568c",
883. "characteristics_raw": "0x40000040"
884. },
885. {
886. "name": ".data",
887. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
888. "virtual_address": "0x00017000",
889. "size_of_data": "0x00001000",
890. "entropy": "4.73",
891. "raw_address": "0x00017000",
892. "virtual_size": "0x00001278",
893. "characteristics_raw": "0xc0000040"
894. },
895. {
896. "name": ".rsrc",
897. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
898. "virtual_address": "0x00019000",
899. "size_of_data": "0x00014000",
900. "entropy": "4.66",
901. "raw_address": "0x00018000",
902. "virtual_size": "0x000137d0",
903. "characteristics_raw": "0x40000040"
904. }
905. ],
906. "resources": [],
907. "dirents": [
908. {
909. "virtual_address": "0x00016610",
910. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
911. "size": "0x0000007c"
912. },
913. {
914. "virtual_address": "0x00015a74",
915. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
916. "size": "0x0000003c"
917. },
918. {
919. "virtual_address": "0x00019000",
920. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
921. "size": "0x000137d0"
922. },
923. {
924. "virtual_address": "0x00000000",
925. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
926. "size": "0x00000000"
927. },
928. {
929. "virtual_address": "0x00000000",
930. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
931. "size": "0x00000000"
932. },
933. {
934. "virtual_address": "0x00000000",
935. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
936. "size": "0x00000000"
937. },
938. {
939. "virtual_address": "0x00011250",
940. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
941. "size": "0x0000001c"
942. },
943. {
944. "virtual_address": "0x00000000",
945. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
946. "size": "0x00000000"
947. },
948. {
949. "virtual_address": "0x00000000",
950. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
951. "size": "0x00000000"
952. },
953. {
954. "virtual_address": "0x00000000",
955. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
956. "size": "0x00000000"
957. },
958. {
959. "virtual_address": "0x00000000",
960. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
961. "size": "0x00000000"
962. },
963. {
964. "virtual_address": "0x00000000",
965. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
966. "size": "0x00000000"
967. },
968. {
969. "virtual_address": "0x00011000",
970. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
971. "size": "0x0000024c"
972. },
973. {
974. "virtual_address": "0x00015074",
975. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
976. "size": "0x000000e0"
977. },
978. {
979. "virtual_address": "0x00000000",
980. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
981. "size": "0x00000000"
982. },
983. {
984. "virtual_address": "0x00000000",
985. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
986. "size": "0x00000000"
987. }
988. ],
989. "exports": [
990. {
991. "ordinal": 1,
992. "name": "CommandeComposante",
993. "address": "0x4050c2"
994. },
995. {
996. "ordinal": 2,
997. "name": "DeclareProxy",
998. "address": "0x40949b"
999. },
1000. {
1001. "ordinal": 3,
1002. "name": "LibereMutex",
1003. "address": "0x401085"
1004. }
1005. ],
1006. "guest_signers": {},
1007. "imphash": "59c7376aa79c0751a723274e8861dd12",
1008. "icon_fuzzy": null,
1009. "icon": null,
1010. "pdbpath": "b:\\source\\source.IC\\11758\\Release_WDExe_74\\Release\\WDExe.pdb",
1011. "imported_dll_count": 2,
1012. "versioninfo": []
1013. }
1014. }
1015.  
1016. [*] Resolved APIs: [
1017. "user32.dll.CharUpperA",
1018. "user32.dll.PeekMessageA",
1019. "version.dll.GetFileVersionInfoSizeA",
1020. "version.dll.GetFileVersionInfoA",
1021. "version.dll.VerQueryValueA",
1022. "kernel32.dll.SortGetHandle",
1023. "kernel32.dll.SortCloseHandle",
1024. "wd120vm.dll.WL_Run_Res",
1025. "wd120vm.dll.WL_Run_Service",
1026. "wd120vm.dll.WL_Term_Service",
1027. "wd120vm.dll.WL_TestEx",
1028. "wd120vm.dll.WL_ListeDLL",
1029. "wd120vm.dll.WL_DonneWDL",
1030. "wd120vm.dll.WL_DonneREP",
1031. "wd120vm.dll.WL_DonneGPU",
1032. "wd120vm.dll.WL_DonneFinInit",
1033. "wd120vm.dll.WL_InitGoRequete",
1034. "wd120vm.dll.WL_ListeWDL",
1035. "wd120vm.dll.WL_SetParam",
1036. "wd120vm.dll.CommandeComposante",
1037. "user32.dll.SetWindowsHookExA",
1038. "wd120std.dll.pQueryProxy",
1039. "wd120std.dll.DeclareProxy",
1040. "wd120std.dll.CommandeComposante",
1041. "wd120std.dll.Execution",
1042. "wd120vm.dll.Execution",
1043. "wd120std.dll.bInitWLConvFromVM",
1044. "wd120vm.dll.nConversionDepassement",
1045. "wd120vm.dll.nConversionDepassementEx",
1046. "wd120vm.dll.FinConversion",
1047. "wd120vm.dll.pQueryProxy",
1048. "wd120std.dll.GeneralParam",
1049. "wd120std.dll.InfoComposante",
1050. "advapi32.dll.RegOpenKeyExA",
1051. "advapi32.dll.RegQueryValueExA",
1052. "advapi32.dll.RegCloseKey",
1053. "bthprops.cpl.BluetoothFindFirstRadio",
1054. "bthprops.cpl.BluetoothFindNextRadio",
1055. "bthprops.cpl.BluetoothFindRadioClose",
1056. "bthprops.cpl.BluetoothIsDiscoverable",
1057. "bthprops.cpl.BluetoothEnableDiscovery",
1058. "bthprops.cpl.BluetoothEnableIncomingConnections",
1059. "bthprops.cpl.BluetoothIsConnectable",
1060. "bthprops.cpl.BluetoothFindFirstDevice",
1061. "bthprops.cpl.BluetoothFindNextDevice",
1062. "bthprops.cpl.BluetoothFindDeviceClose",
1063. "bthprops.cpl.BluetoothUpdateDeviceRecord",
1064. "bthprops.cpl.BluetoothGetDeviceInfo",
1065. "bthprops.cpl.BluetoothRegisterForAuthentication",
1066. "bthprops.cpl.BluetoothUnregisterAuthentication",
1067. "bthprops.cpl.BluetoothSendAuthenticationResponse",
1068. "bthprops.cpl.BluetoothAuthenticateDevice",
1069. "bthprops.cpl.BluetoothRemoveDevice",
1070. "bthprops.cpl.BluetoothSelectDevices",
1071. "bthprops.cpl.BluetoothSelectDevicesFree",
1072. "bthprops.cpl.BluetoothSetServiceState",
1073. "bthprops.cpl.BluetoothEnumerateInstalledServices",
1074. "bthprops.cpl.BluetoothGetRadioInfo",
1075. "wd120com.dll.pQueryProxy",
1076. "wd120com.dll.CommandeComposante",
1077. "wd120com.dll.Execution",
1078. "wd120com.dll.bInitWLConvFromVM",
1079. "wd120com.dll.GeneralParam",
1080. "wd120com.dll.InfoComposante",
1081. "rasapi32.dll.RasDialA",
1082. "rasapi32.dll.RasHangUpA",
1083. "rasapi32.dll.RasGetEntryDialParamsA",
1084. "rasapi32.dll.RasGetLinkStatistics",
1085. "rasapi32.dll.RasGetConnectionStatistics",
1086. "rasapi32.dll.RasEnumEntriesA",
1087. "rasapi32.dll.RasEnumConnectionsA",
1088. "rasapi32.dll.RasGetErrorStringA",
1089. "ws2_32.dll.accept",
1090. "ws2_32.dll.bind",
1091. "ws2_32.dll.closesocket",
1092. "ws2_32.dll.connect",
1093. "ws2_32.dll.ioctlsocket",
1094. "ws2_32.dll.getpeername",
1095. "ws2_32.dll.getsockname",
1096. "ws2_32.dll.getsockopt",
1097. "ws2_32.dll.htonl",
1098. "ws2_32.dll.htons",
1099. "ws2_32.dll.inet_addr",
1100. "ws2_32.dll.inet_ntoa",
1101. "ws2_32.dll.listen",
1102. "ws2_32.dll.ntohl",
1103. "ws2_32.dll.ntohs",
1104. "ws2_32.dll.recv",
1105. "ws2_32.dll.recvfrom",
1106. "ws2_32.dll.select",
1107. "ws2_32.dll.send",
1108. "ws2_32.dll.sendto",
1109. "ws2_32.dll.setsockopt",
1110. "ws2_32.dll.shutdown",
1111. "ws2_32.dll.socket",
1112. "ws2_32.dll.gethostbyaddr",
1113. "ws2_32.dll.gethostbyname",
1114. "ws2_32.dll.gethostname",
1115. "ws2_32.dll.getservbyport",
1116. "ws2_32.dll.getservbyname",
1117. "ws2_32.dll.getprotobynumber",
1118. "ws2_32.dll.getprotobyname",
1119. "ws2_32.dll.WSAStartup",
1120. "ws2_32.dll.WSACleanup",
1121. "ws2_32.dll.WSASetLastError",
1122. "ws2_32.dll.WSAGetLastError",
1123. "ws2_32.dll.WSAIsBlocking",
1124. "ws2_32.dll.WSAUnhookBlockingHook",
1125. "ws2_32.dll.WSASetBlockingHook",
1126. "ws2_32.dll.WSACancelBlockingCall",
1127. "ws2_32.dll.WSAAsyncGetServByName",
1128. "ws2_32.dll.WSAAsyncGetServByPort",
1129. "ws2_32.dll.WSAAsyncGetProtoByName",
1130. "ws2_32.dll.WSAAsyncGetProtoByNumber",
1131. "ws2_32.dll.WSAAsyncGetHostByName",
1132. "ws2_32.dll.WSAAsyncGetHostByAddr",
1133. "ws2_32.dll.WSACancelAsyncRequest",
1134. "ws2_32.dll.WSAAsyncSelect",
1135. "ws2_32.dll.WSAAccept",
1136. "ws2_32.dll.WSACloseEvent",
1137. "ws2_32.dll.WSAConnect",
1138. "ws2_32.dll.WSACreateEvent",
1139. "ws2_32.dll.WSAEnumNetworkEvents",
1140. "ws2_32.dll.WSAEnumProtocolsW",
1141. "ws2_32.dll.WSAEventSelect",
1142. "ws2_32.dll.WSAGetOverlappedResult",
1143. "ws2_32.dll.WSAHtonl",
1144. "ws2_32.dll.WSAHtons",
1145. "ws2_32.dll.WSAIoctl",
1146. "ws2_32.dll.WSAJoinLeaf",
1147. "ws2_32.dll.WSANtohl",
1148. "ws2_32.dll.WSANtohs",
1149. "ws2_32.dll.WSARecv",
1150. "ws2_32.dll.WSARecvFrom",
1151. "ws2_32.dll.WSAResetEvent",
1152. "ws2_32.dll.WSASend",
1153. "ws2_32.dll.WSASendTo",
1154. "ws2_32.dll.WSASetEvent",
1155. "ws2_32.dll.WSASocketW",
1156. "ws2_32.dll.WSAAddressToStringW",
1157. "ws2_32.dll.WSAStringToAddressW",
1158. "ws2_32.dll.WSALookupServiceBeginW",
1159. "ws2_32.dll.WSALookupServiceNextW",
1160. "ws2_32.dll.WSALookupServiceEnd",
1161. "ws2_32.dll.WSASetServiceW",
1162. "ws2_32.dll.WSAEnumNameSpaceProvidersW",
1163. "ws2_32.dll.WSADuplicateSocketA",
1164. "ws2_32.dll.WSADuplicateSocketW",
1165. "ws2_32.dll.WSAGetQOSByName",
1166. "ws2_32.dll.WSASendDisconnect",
1167. "ws2_32.dll.WSARecvDisconnect",
1168. "ws2_32.dll.WSAWaitForMultipleEvents",
1169. "ws2_32.dll.WSAEnumProtocolsA",
1170. "ws2_32.dll.WSASetServiceA",
1171. "ws2_32.dll.WSAAddressToStringA",
1172. "ws2_32.dll.WSAStringToAddressA",
1173. "ws2_32.dll.WSALookupServiceBeginA",
1174. "ws2_32.dll.WSALookupServiceNextA",
1175. "ws2_32.dll.WSAEnumNameSpaceProvidersA",
1176. "ws2_32.dll.WSAInstallServiceClassA",
1177. "ws2_32.dll.WSAInstallServiceClassW",
1178. "ws2_32.dll.WSARemoveServiceClass",
1179. "ws2_32.dll.WSAGetServiceClassInfoA",
1180. "ws2_32.dll.WSAGetServiceClassInfoW",
1181. "ws2_32.dll.WSAGetServiceClassNameByClassIdA",
1182. "ws2_32.dll.WSAGetServiceClassNameByClassIdW",
1183. "ws2_32.dll.WSAProviderConfigChange",
1184. "ws2_32.dll.WSASocketA",
1185. "ws2_32.dll.__WSAFDIsSet",
1186. "ws2_32.dll.#3",
1187. "user32.dll.UnhookWindowsHookEx",
1188. "user32.dll.IsWindow",
1189. "user32.dll.CreateWindowExA",
1190. "uxtheme.dll.ThemeInitApiHook",
1191. "user32.dll.IsProcessDPIAware"
1192. ]
1193.  
1194. [*] Static Analysis: {
1195. "pe": {
1196. "peid_signatures": null,
1197. "imports": [
1198. {
1199. "imports": [
1200. {
1201. "name": "_controlfp",
1202. "address": "0x411168"
1203. },
1204. {
1205. "name": "_except_handler3",
1206. "address": "0x41116c"
1207. },
1208. {
1209. "name": "__set_app_type",
1210. "address": "0x411170"
1211. },
1212. {
1213. "name": "__p__fmode",
1214. "address": "0x411174"
1215. },
1216. {
1217. "name": "__p__commode",
1218. "address": "0x411178"
1219. },
1220. {
1221. "name": "_adjust_fdiv",
1222. "address": "0x41117c"
1223. },
1224. {
1225. "name": "__setusermatherr",
1226. "address": "0x411180"
1227. },
1228. {
1229. "name": "_initterm",
1230. "address": "0x411184"
1231. },
1232. {
1233. "name": "__getmainargs",
1234. "address": "0x411188"
1235. },
1236. {
1237. "name": "_acmdln",
1238. "address": "0x41118c"
1239. },
1240. {
1241. "name": "exit",
1242. "address": "0x411190"
1243. },
1244. {
1245. "name": "_XcptFilter",
1246. "address": "0x411194"
1247. },
1248. {
1249. "name": "_exit",
1250. "address": "0x411198"
1251. },
1252. {
1253. "name": "??1type_info@@UAE@XZ",
1254. "address": "0x41119c"
1255. },
1256. {
1257. "name": "_onexit",
1258. "address": "0x4111a0"
1259. },
1260. {
1261. "name": "__dllonexit",
1262. "address": "0x4111a4"
1263. },
1264. {
1265. "name": "isdigit",
1266. "address": "0x4111a8"
1267. },
1268. {
1269. "name": "vsprintf",
1270. "address": "0x4111ac"
1271. },
1272. {
1273. "name": "_mbclen",
1274. "address": "0x4111b0"
1275. },
1276. {
1277. "name": "_mbsinc",
1278. "address": "0x4111b4"
1279. },
1280. {
1281. "name": "_ismbcspace",
1282. "address": "0x4111b8"
1283. },
1284. {
1285. "name": "atoi",
1286. "address": "0x4111bc"
1287. },
1288. {
1289. "name": "realloc",
1290. "address": "0x4111c0"
1291. },
1292. {
1293. "name": "_mbctoupper",
1294. "address": "0x4111c4"
1295. },
1296. {
1297. "name": "_mbspbrk",
1298. "address": "0x4111c8"
1299. },
1300. {
1301. "name": "_mbsrchr",
1302. "address": "0x4111cc"
1303. },
1304. {
1305. "name": "_makepath",
1306. "address": "0x4111d0"
1307. },
1308. {
1309. "name": "_stati64",
1310. "address": "0x4111d4"
1311. },
1312. {
1313. "name": "memmove",
1314. "address": "0x4111d8"
1315. },
1316. {
1317. "name": "_mbsstr",
1318. "address": "0x4111dc"
1319. },
1320. {
1321. "name": "wcscat",
1322. "address": "0x4111e0"
1323. },
1324. {
1325. "name": "wcschr",
1326. "address": "0x4111e4"
1327. },
1328. {
1329. "name": "_mbschr",
1330. "address": "0x4111e8"
1331. },
1332. {
1333. "name": "memchr",
1334. "address": "0x4111ec"
1335. },
1336. {
1337. "name": "_vsnprintf",
1338. "address": "0x4111f0"
1339. },
1340. {
1341. "name": "wcslen",
1342. "address": "0x4111f4"
1343. },
1344. {
1345. "name": "_stricmp",
1346. "address": "0x4111f8"
1347. },
1348. {
1349. "name": "_mbscmp",
1350. "address": "0x4111fc"
1351. },
1352. {
1353. "name": "gmtime",
1354. "address": "0x411200"
1355. },
1356. {
1357. "name": "time",
1358. "address": "0x411204"
1359. },
1360. {
1361. "name": "free",
1362. "address": "0x411208"
1363. },
1364. {
1365. "name": "malloc",
1366. "address": "0x41120c"
1367. },
1368. {
1369. "name": "_mbsnbicmp",
1370. "address": "0x411210"
1371. },
1372. {
1373. "name": "_mbsnbcpy",
1374. "address": "0x411214"
1375. },
1376. {
1377. "name": "sprintf",
1378. "address": "0x411218"
1379. },
1380. {
1381. "name": "memset",
1382. "address": "0x41121c"
1383. },
1384. {
1385. "name": "strlen",
1386. "address": "0x411220"
1387. },
1388. {
1389. "name": "strncmp",
1390. "address": "0x411224"
1391. },
1392. {
1393. "name": "memcpy",
1394. "address": "0x411228"
1395. },
1396. {
1397. "name": "_mbsicmp",
1398. "address": "0x41122c"
1399. },
1400. {
1401. "name": "strcat",
1402. "address": "0x411230"
1403. },
1404. {
1405. "name": "strcpy",
1406. "address": "0x411234"
1407. },
1408. {
1409. "name": "??3@YAXPAX@Z",
1410. "address": "0x411238"
1411. },
1412. {
1413. "name": "??2@YAPAXI@Z",
1414. "address": "0x41123c"
1415. },
1416. {
1417. "name": "__CxxFrameHandler",
1418. "address": "0x411240"
1419. },
1420. {
1421. "name": "_CxxThrowException",
1422. "address": "0x411244"
1423. }
1424. ],
1425. "dll": "MSVCRT.dll"
1426. },
1427. {
1428. "imports": [
1429. {
1430. "name": "UnmapViewOfFile",
1431. "address": "0x411000"
1432. },
1433. {
1434. "name": "RaiseException",
1435. "address": "0x411004"
1436. },
1437. {
1438. "name": "CreateThread",
1439. "address": "0x411008"
1440. },
1441. {
1442. "name": "TerminateThread",
1443. "address": "0x41100c"
1444. },
1445. {
1446. "name": "ResumeThread",
1447. "address": "0x411010"
1448. },
1449. {
1450. "name": "CreateProcessA",
1451. "address": "0x411014"
1452. },
1453. {
1454. "name": "InterlockedExchange",
1455. "address": "0x411018"
1456. },
1457. {
1458. "name": "MultiByteToWideChar",
1459. "address": "0x41101c"
1460. },
1461. {
1462. "name": "CompareStringA",
1463. "address": "0x411020"
1464. },
1465. {
1466. "name": "GetCurrentThreadId",
1467. "address": "0x411024"
1468. },
1469. {
1470. "name": "TlsFree",
1471. "address": "0x411028"
1472. },
1473. {
1474. "name": "TlsAlloc",
1475. "address": "0x41102c"
1476. },
1477. {
1478. "name": "VirtualProtect",
1479. "address": "0x411030"
1480. },
1481. {
1482. "name": "VirtualQuery",
1483. "address": "0x411034"
1484. },
1485. {
1486. "name": "TlsGetValue",
1487. "address": "0x411038"
1488. },
1489. {
1490. "name": "TlsSetValue",
1491. "address": "0x41103c"
1492. },
1493. {
1494. "name": "GetFullPathNameA",
1495. "address": "0x411040"
1496. },
1497. {
1498. "name": "FileTimeToSystemTime",
1499. "address": "0x411044"
1500. },
1501. {
1502. "name": "FileTimeToLocalFileTime",
1503. "address": "0x411048"
1504. },
1505. {
1506. "name": "FindNextFileA",
1507. "address": "0x41104c"
1508. },
1509. {
1510. "name": "SetFileAttributesA",
1511. "address": "0x411050"
1512. },
1513. {
1514. "name": "GetFileAttributesA",
1515. "address": "0x411054"
1516. },
1517. {
1518. "name": "FindClose",
1519. "address": "0x411058"
1520. },
1521. {
1522. "name": "FindFirstFileA",
1523. "address": "0x41105c"
1524. },
1525. {
1526. "name": "CreateDirectoryA",
1527. "address": "0x411060"
1528. },
1529. {
1530. "name": "CopyFileA",
1531. "address": "0x411064"
1532. },
1533. {
1534. "name": "MoveFileA",
1535. "address": "0x411068"
1536. },
1537. {
1538. "name": "DeleteFileA",
1539. "address": "0x41106c"
1540. },
1541. {
1542. "name": "GetVersion",
1543. "address": "0x411070"
1544. },
1545. {
1546. "name": "SetEndOfFile",
1547. "address": "0x411074"
1548. },
1549. {
1550. "name": "FlushFileBuffers",
1551. "address": "0x411078"
1552. },
1553. {
1554. "name": "UnlockFile",
1555. "address": "0x41107c"
1556. },
1557. {
1558. "name": "LockFile",
1559. "address": "0x411080"
1560. },
1561. {
1562. "name": "SetFilePointer",
1563. "address": "0x411084"
1564. },
1565. {
1566. "name": "WriteFile",
1567. "address": "0x411088"
1568. },
1569. {
1570. "name": "SetLastError",
1571. "address": "0x41108c"
1572. },
1573. {
1574. "name": "CreateFileA",
1575. "address": "0x411090"
1576. },
1577. {
1578. "name": "SetErrorMode",
1579. "address": "0x411094"
1580. },
1581. {
1582. "name": "WideCharToMultiByte",
1583. "address": "0x411098"
1584. },
1585. {
1586. "name": "GetDriveTypeA",
1587. "address": "0x41109c"
1588. },
1589. {
1590. "name": "GetVolumeInformationA",
1591. "address": "0x4110a0"
1592. },
1593. {
1594. "name": "GetLogicalDriveStringsA",
1595. "address": "0x4110a4"
1596. },
1597. {
1598. "name": "GetFileInformationByHandle",
1599. "address": "0x4110a8"
1600. },
1601. {
1602. "name": "lstrlenA",
1603. "address": "0x4110ac"
1604. },
1605. {
1606. "name": "LocalAlloc",
1607. "address": "0x4110b0"
1608. },
1609. {
1610. "name": "LeaveCriticalSection",
1611. "address": "0x4110b4"
1612. },
1613. {
1614. "name": "EnterCriticalSection",
1615. "address": "0x4110b8"
1616. },
1617. {
1618. "name": "DeleteCriticalSection",
1619. "address": "0x4110bc"
1620. },
1621. {
1622. "name": "InitializeCriticalSection",
1623. "address": "0x4110c0"
1624. },
1625. {
1626. "name": "CreateMailslotA",
1627. "address": "0x4110c4"
1628. },
1629. {
1630. "name": "ExpandEnvironmentStringsA",
1631. "address": "0x4110c8"
1632. },
1633. {
1634. "name": "GetLocalTime",
1635. "address": "0x4110cc"
1636. },
1637. {
1638. "name": "GetComputerNameA",
1639. "address": "0x4110d0"
1640. },
1641. {
1642. "name": "ReadFile",
1643. "address": "0x4110d4"
1644. },
1645. {
1646. "name": "GetMailslotInfo",
1647. "address": "0x4110d8"
1648. },
1649. {
1650. "name": "GetCommandLineA",
1651. "address": "0x4110dc"
1652. },
1653. {
1654. "name": "GetPrivateProfileStringA",
1655. "address": "0x4110e0"
1656. },
1657. {
1658. "name": "GetPrivateProfileIntA",
1659. "address": "0x4110e4"
1660. },
1661. {
1662. "name": "LocalFree",
1663. "address": "0x4110e8"
1664. },
1665. {
1666. "name": "FormatMessageA",
1667. "address": "0x4110ec"
1668. },
1669. {
1670. "name": "LoadLibraryA",
1671. "address": "0x4110f0"
1672. },
1673. {
1674. "name": "GetModuleFileNameA",
1675. "address": "0x4110f4"
1676. },
1677. {
1678. "name": "GetProcAddress",
1679. "address": "0x4110f8"
1680. },
1681. {
1682. "name": "FreeLibrary",
1683. "address": "0x4110fc"
1684. },
1685. {
1686. "name": "GetSystemDefaultLangID",
1687. "address": "0x411100"
1688. },
1689. {
1690. "name": "FindResourceA",
1691. "address": "0x411104"
1692. },
1693. {
1694. "name": "LoadResource",
1695. "address": "0x411108"
1696. },
1697. {
1698. "name": "LockResource",
1699. "address": "0x41110c"
1700. },
1701. {
1702. "name": "FreeResource",
1703. "address": "0x411110"
1704. },
1705. {
1706. "name": "GetProfileStringA",
1707. "address": "0x411114"
1708. },
1709. {
1710. "name": "Sleep",
1711. "address": "0x411118"
1712. },
1713. {
1714. "name": "GetExitCodeProcess",
1715. "address": "0x41111c"
1716. },
1717. {
1718. "name": "CloseHandle",
1719. "address": "0x411120"
1720. },
1721. {
1722. "name": "CreateFileMappingA",
1723. "address": "0x411124"
1724. },
1725. {
1726. "name": "GetLastError",
1727. "address": "0x411128"
1728. },
1729. {
1730. "name": "MapViewOfFile",
1731. "address": "0x41112c"
1732. },
1733. {
1734. "name": "OpenFileMappingA",
1735. "address": "0x411130"
1736. },
1737. {
1738. "name": "GetVersionExA",
1739. "address": "0x411134"
1740. },
1741. {
1742. "name": "GetModuleHandleA",
1743. "address": "0x411138"
1744. },
1745. {
1746. "name": "CreateEventA",
1747. "address": "0x41113c"
1748. },
1749. {
1750. "name": "GetStartupInfoA",
1751. "address": "0x411140"
1752. },
1753. {
1754. "name": "MulDiv",
1755. "address": "0x411144"
1756. },
1757. {
1758. "name": "SetEvent",
1759. "address": "0x411148"
1760. },
1761. {
1762. "name": "CreateMutexA",
1763. "address": "0x41114c"
1764. },
1765. {
1766. "name": "WaitForSingleObject",
1767. "address": "0x411150"
1768. },
1769. {
1770. "name": "ReleaseMutex",
1771. "address": "0x411154"
1772. },
1773. {
1774. "name": "GetCurrentProcessId",
1775. "address": "0x411158"
1776. },
1777. {
1778. "name": "GetTempPathA",
1779. "address": "0x41115c"
1780. },
1781. {
1782. "name": "GetTempFileNameA",
1783. "address": "0x411160"
1784. }
1785. ],
1786. "dll": "KERNEL32.dll"
1787. }
1788. ],
1789. "digital_signers": null,
1790. "exported_dll_name": "WDExe.exe",
1791. "actual_checksum": "0x00391286",
1792. "overlay": {
1793. "size": "0x00363d19",
1794. "offset": "0x0002c000"
1795. },
1796. "imagebase": "0x00400000",
1797. "reported_checksum": "0x00000000",
1798. "icon_hash": null,
1799. "entrypoint": "0x0040f626",
1800. "timestamp": "2008-05-15 13:50:19",
1801. "osversion": "4.0",
1802. "sections": [
1803. {
1804. "name": ".text",
1805. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1806. "virtual_address": "0x00001000",
1807. "size_of_data": "0x00010000",
1808. "entropy": "6.25",
1809. "raw_address": "0x00001000",
1810. "virtual_size": "0x0000f47a",
1811. "characteristics_raw": "0x60000020"
1812. },
1813. {
1814. "name": ".rdata",
1815. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1816. "virtual_address": "0x00011000",
1817. "size_of_data": "0x00006000",
1818. "entropy": "5.28",
1819. "raw_address": "0x00011000",
1820. "virtual_size": "0x0000568c",
1821. "characteristics_raw": "0x40000040"
1822. },
1823. {
1824. "name": ".data",
1825. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1826. "virtual_address": "0x00017000",
1827. "size_of_data": "0x00001000",
1828. "entropy": "4.73",
1829. "raw_address": "0x00017000",
1830. "virtual_size": "0x00001278",
1831. "characteristics_raw": "0xc0000040"
1832. },
1833. {
1834. "name": ".rsrc",
1835. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1836. "virtual_address": "0x00019000",
1837. "size_of_data": "0x00014000",
1838. "entropy": "4.66",
1839. "raw_address": "0x00018000",
1840. "virtual_size": "0x000137d0",
1841. "characteristics_raw": "0x40000040"
1842. }
1843. ],
1844. "resources": [],
1845. "dirents": [
1846. {
1847. "virtual_address": "0x00016610",
1848. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1849. "size": "0x0000007c"
1850. },
1851. {
1852. "virtual_address": "0x00015a74",
1853. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1854. "size": "0x0000003c"
1855. },
1856. {
1857. "virtual_address": "0x00019000",
1858. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1859. "size": "0x000137d0"
1860. },
1861. {
1862. "virtual_address": "0x00000000",
1863. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1864. "size": "0x00000000"
1865. },
1866. {
1867. "virtual_address": "0x00000000",
1868. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1869. "size": "0x00000000"
1870. },
1871. {
1872. "virtual_address": "0x00000000",
1873. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1874. "size": "0x00000000"
1875. },
1876. {
1877. "virtual_address": "0x00011250",
1878. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1879. "size": "0x0000001c"
1880. },
1881. {
1882. "virtual_address": "0x00000000",
1883. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1884. "size": "0x00000000"
1885. },
1886. {
1887. "virtual_address": "0x00000000",
1888. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1889. "size": "0x00000000"
1890. },
1891. {
1892. "virtual_address": "0x00000000",
1893. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1894. "size": "0x00000000"
1895. },
1896. {
1897. "virtual_address": "0x00000000",
1898. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1899. "size": "0x00000000"
1900. },
1901. {
1902. "virtual_address": "0x00000000",
1903. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1904. "size": "0x00000000"
1905. },
1906. {
1907. "virtual_address": "0x00011000",
1908. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1909. "size": "0x0000024c"
1910. },
1911. {
1912. "virtual_address": "0x00015074",
1913. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1914. "size": "0x000000e0"
1915. },
1916. {
1917. "virtual_address": "0x00000000",
1918. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1919. "size": "0x00000000"
1920. },
1921. {
1922. "virtual_address": "0x00000000",
1923. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1924. "size": "0x00000000"
1925. }
1926. ],
1927. "exports": [
1928. {
1929. "ordinal": 1,
1930. "name": "CommandeComposante",
1931. "address": "0x4050c2"
1932. },
1933. {
1934. "ordinal": 2,
1935. "name": "DeclareProxy",
1936. "address": "0x40949b"
1937. },
1938. {
1939. "ordinal": 3,
1940. "name": "LibereMutex",
1941. "address": "0x401085"
1942. }
1943. ],
1944. "guest_signers": {},
1945. "imphash": "59c7376aa79c0751a723274e8861dd12",
1946. "icon_fuzzy": null,
1947. "icon": null,
1948. "pdbpath": "b:\\source\\source.IC\\11758\\Release_WDExe_74\\Release\\WDExe.pdb",
1949. "imported_dll_count": 2,
1950. "versioninfo": []
1951. }
1952. }