API tools faq
paste
Advertisement
paladin316

Exes_94bb3406_exe.json

paladin316
Jun 17th, 2019
1,308
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 54.49 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_94bb3406.exe"
  7. [*] File Size: 649728
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "6dfaf59e3589a3b89789410c647f32ac899342e2b1314cb171357af07e1fb5af"
  10. [*] MD5: "7b82bae2fe9386bfb5c49243400df954"
  11. [*] SHA1: "f484ebedd8e68097bdcfe11373c958280e70d28b"
  12. [*] SHA512: "75e7fc908a5ab75192508819d455f4a70514d25edab6b571d9c9104f90c02f58eb09db6850186d13db12eb8fc7271886cae48297739777291a36b948298e16a5"
  13. [*] CRC32: "94BB3406"
  14. [*] SSDEEP: "12288:baSWtWx21Tr9tfrAOVZPBTzZrgMWa5eE3e9Ifnol5UUS/go22I/yr:iWxK9VUmZZZjuaneWUjD"
  15.  
  16. [*] Process Execution: [
  17. "Exes_94bb3406.exe",
  18. "Exes_94bb3406.exe",
  19. "svchost.exe",
  20. "svchost.exe"
  21. ]
  22.  
  23. [*] Signatures Detected: [
  24. {
  25. "Description": "Creates RWX memory",
  26. "Details": []
  27. },
  28. {
  29. "Description": "A process created a hidden window",
  30. "Details": [
  31. {
  32. "Process": "Exes_94bb3406.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe"
  33. }
  34. ]
  35. },
  36. {
  37. "Description": "Performs some HTTP requests",
  38. "Details": [
  39. {
  40. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  41. },
  42. {
  43. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  44. },
  45. {
  46. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  47. }
  48. ]
  49. },
  50. {
  51. "Description": "The binary likely contains encrypted or compressed data.",
  52. "Details": [
  53. {
  54. "section": "name: .text, entropy: 7.89, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0009e000, virtual_size: 0x0009dec4"
  55. }
  56. ]
  57. },
  58. {
  59. "Description": "Attempts to remove evidence of file being downloaded from the Internet",
  60. "Details": [
  61. {
  62. "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe:Zone.Identifier"
  63. }
  64. ]
  65. },
  66. {
  67. "Description": "Executed a process and injected code into it, probably while unpacking",
  68. "Details": [
  69. {
  70. "Injection": "Exes_94bb3406.exe(2500) -> Exes_94bb3406.exe(2572)"
  71. }
  72. ]
  73. },
  74. {
  75. "Description": "Installs itself for autorun at Windows startup",
  76. "Details": [
  77. {
  78. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
  79. },
  80. {
  81. "data": "\"C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe\",explorer.exe"
  82. }
  83. ]
  84. },
  85. {
  86. "Description": "Creates a hidden or system file",
  87. "Details": [
  88. {
  89. "file": "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6"
  90. },
  91. {
  92. "file": "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe"
  93. }
  94. ]
  95. },
  96. {
  97. "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
  98. "Details": [
  99. {
  100. "MicroWorld-eScan": "Gen:Variant.MSILPerseus.189870"
  101. },
  102. {
  103. "Cylance": "Unsafe"
  104. },
  105. {
  106. "Invincea": "heuristic"
  107. },
  108. {
  109. "APEX": "Malicious"
  110. },
  111. {
  112. "Paloalto": "generic.ml"
  113. },
  114. {
  115. "GData": "Gen:Variant.MSILPerseus.189870"
  116. },
  117. {
  118. "Kaspersky": "HEUR:Trojan.MSIL.APosT.gen"
  119. },
  120. {
  121. "BitDefender": "Gen:Variant.MSILPerseus.189870"
  122. },
  123. {
  124. "Avast": "FileRepMetagen [Malware]"
  125. },
  126. {
  127. "Endgame": "malicious (moderate confidence)"
  128. },
  129. {
  130. "F-Secure": "Heuristic.HEUR/AGEN.1035809"
  131. },
  132. {
  133. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.jc"
  134. },
  135. {
  136. "Trapmine": "malicious.high.ml.score"
  137. },
  138. {
  139. "FireEye": "Generic.mg.7b82bae2fe9386bf"
  140. },
  141. {
  142. "Emsisoft": "Gen:Variant.MSILPerseus.189870 (B)"
  143. },
  144. {
  145. "SentinelOne": "DFI - Malicious PE"
  146. },
  147. {
  148. "ESET-NOD32": "a variant of MSIL/Kryptik.QME"
  149. },
  150. {
  151. "Avira": "HEUR/AGEN.1035809"
  152. },
  153. {
  154. "Arcabit": "Trojan.MSILPerseus.D2E5AE"
  155. },
  156. {
  157. "ZoneAlarm": "HEUR:Trojan.MSIL.APosT.gen"
  158. },
  159. {
  160. "Microsoft": "Trojan:Win32/Fuerboos.C!cl"
  161. },
  162. {
  163. "Acronis": "suspicious"
  164. },
  165. {
  166. "MAX": "malware (ai score=81)"
  167. },
  168. {
  169. "Ad-Aware": "Gen:Variant.MSILPerseus.189870"
  170. },
  171. {
  172. "Rising": "Trojan.Generic!8.C3 (TFE:dGZlOgxah/GKu8UsRQ)"
  173. },
  174. {
  175. "Webroot": "W32.Trojan.Gen"
  176. },
  177. {
  178. "AVG": "FileRepMetagen [Malware]"
  179. },
  180. {
  181. "Cybereason": "malicious.dd8e68"
  182. },
  183. {
  184. "Panda": "Trj/GdSda.A"
  185. },
  186. {
  187. "CrowdStrike": "win/malicious_confidence_100% (D)"
  188. },
  189. {
  190. "Qihoo-360": "HEUR/QVM03.0.D6A1.Malware.Gen"
  191. }
  192. ]
  193. },
  194. {
  195. "Description": "Creates a copy of itself",
  196. "Details": [
  197. {
  198. "copy": "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe"
  199. }
  200. ]
  201. }
  202. ]
  203.  
  204. [*] Started Service: []
  205.  
  206. [*] Executed Commands: [
  207. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe\""
  208. ]
  209.  
  210. [*] Mutexes: [
  211. "Global\\CLR_PerfMon_WrapMutex",
  212. "Global\\CLR_CASOFF_MUTEX"
  213. ]
  214.  
  215. [*] Modified Files: [
  216. "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
  217. "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe",
  218. "\\??\\PIPE\\samr",
  219. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST"
  220. ]
  221.  
  222. [*] Deleted Files: [
  223. "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe:Zone.Identifier"
  224. ]
  225.  
  226. [*] Modified Registry Keys: [
  227. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
  228. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart"
  229. ]
  230.  
  231. [*] Deleted Registry Keys: []
  232.  
  233. [*] DNS Communications: []
  234.  
  235. [*] Domains: []
  236.  
  237. [*] Network Communication - ICMP: []
  238.  
  239. [*] Network Communication - HTTP: [
  240. {
  241. "count": 1,
  242. "body": "",
  243. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  244. "user-agent": "Microsoft-CryptoAPI/6.1",
  245. "method": "GET",
  246. "host": "ocsp.digicert.com",
  247. "version": "1.1",
  248. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  249. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  250. "port": 80
  251. },
  252. {
  253. "count": 1,
  254. "body": "",
  255. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  256. "user-agent": "Microsoft-CryptoAPI/6.1",
  257. "method": "GET",
  258. "host": "ocsp.digicert.com",
  259. "version": "1.1",
  260. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  261. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  262. "port": 80
  263. },
  264. {
  265. "count": 1,
  266. "body": "",
  267. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  268. "user-agent": "Microsoft-CryptoAPI/6.1",
  269. "method": "GET",
  270. "host": "ocsp.digicert.com",
  271. "version": "1.1",
  272. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  273. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  274. "port": 80
  275. }
  276. ]
  277.  
  278. [*] Network Communication - SMTP: []
  279.  
  280. [*] Network Communication - Hosts: []
  281.  
  282. [*] Network Communication - IRC: []
  283.  
  284. [*] Static Analysis: {
  285. "dotnet": {
  286. "customattrs": null,
  287. "assemblyinfo": {
  288. "version": "1.0.0.0",
  289. "name": "NpmTaskRunner"
  290. },
  291. "assemblyrefs": [
  292. {
  293. "version": "2.0.0.0",
  294. "name": "mscorlib"
  295. },
  296. {
  297. "version": "2.0.0.0",
  298. "name": "System.Windows.Forms"
  299. },
  300. {
  301. "version": "2.0.0.0",
  302. "name": "System"
  303. },
  304. {
  305. "version": "2.0.0.0",
  306. "name": "System.Drawing"
  307. }
  308. ],
  309. "typerefs": [
  310. {
  311. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  312. "assembly": "System"
  313. },
  314. {
  315. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  316. "assembly": "System"
  317. },
  318. {
  319. "typename": "System.ComponentModel.EditorBrowsableState",
  320. "assembly": "System"
  321. },
  322. {
  323. "typename": "System.ComponentModel.IContainer",
  324. "assembly": "System"
  325. },
  326. {
  327. "typename": "System.Configuration.ApplicationSettingsBase",
  328. "assembly": "System"
  329. },
  330. {
  331. "typename": "System.Configuration.SettingsBase",
  332. "assembly": "System"
  333. },
  334. {
  335. "typename": "System.Drawing.Point",
  336. "assembly": "System.Drawing"
  337. },
  338. {
  339. "typename": "System.Drawing.Size",
  340. "assembly": "System.Drawing"
  341. },
  342. {
  343. "typename": "System.Drawing.SizeF",
  344. "assembly": "System.Drawing"
  345. },
  346. {
  347. "typename": "System.Windows.Forms.Application",
  348. "assembly": "System.Windows.Forms"
  349. },
  350. {
  351. "typename": "System.Windows.Forms.AutoScaleMode",
  352. "assembly": "System.Windows.Forms"
  353. },
  354. {
  355. "typename": "System.Windows.Forms.Button",
  356. "assembly": "System.Windows.Forms"
  357. },
  358. {
  359. "typename": "System.Windows.Forms.ButtonBase",
  360. "assembly": "System.Windows.Forms"
  361. },
  362. {
  363. "typename": "System.Windows.Forms.CommonDialog",
  364. "assembly": "System.Windows.Forms"
  365. },
  366. {
  367. "typename": "System.Windows.Forms.ContainerControl",
  368. "assembly": "System.Windows.Forms"
  369. },
  370. {
  371. "typename": "System.Windows.Forms.Control",
  372. "assembly": "System.Windows.Forms"
  373. },
  374. {
  375. "typename": "System.Windows.Forms.Control/ControlCollection",
  376. "assembly": "System.Windows.Forms"
  377. },
  378. {
  379. "typename": "System.Windows.Forms.DialogResult",
  380. "assembly": "System.Windows.Forms"
  381. },
  382. {
  383. "typename": "System.Windows.Forms.FileDialog",
  384. "assembly": "System.Windows.Forms"
  385. },
  386. {
  387. "typename": "System.Windows.Forms.Form",
  388. "assembly": "System.Windows.Forms"
  389. },
  390. {
  391. "typename": "System.Windows.Forms.GroupBox",
  392. "assembly": "System.Windows.Forms"
  393. },
  394. {
  395. "typename": "System.Windows.Forms.ListView",
  396. "assembly": "System.Windows.Forms"
  397. },
  398. {
  399. "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
  400. "assembly": "System.Windows.Forms"
  401. },
  402. {
  403. "typename": "System.Windows.Forms.ListViewItem",
  404. "assembly": "System.Windows.Forms"
  405. },
  406. {
  407. "typename": "System.Windows.Forms.OpenFileDialog",
  408. "assembly": "System.Windows.Forms"
  409. },
  410. {
  411. "typename": "System.Windows.Forms.TextBox",
  412. "assembly": "System.Windows.Forms"
  413. },
  414. {
  415. "typename": "System.Action`1",
  416. "assembly": "mscorlib"
  417. },
  418. {
  419. "typename": "System.Activator",
  420. "assembly": "mscorlib"
  421. },
  422. {
  423. "typename": "System.ArgumentNullException",
  424. "assembly": "mscorlib"
  425. },
  426. {
  427. "typename": "System.Array",
  428. "assembly": "mscorlib"
  429. },
  430. {
  431. "typename": "System.Attribute",
  432. "assembly": "mscorlib"
  433. },
  434. {
  435. "typename": "System.BadImageFormatException",
  436. "assembly": "mscorlib"
  437. },
  438. {
  439. "typename": "System.Byte",
  440. "assembly": "mscorlib"
  441. },
  442. {
  443. "typename": "System.Collections.DictionaryEntry",
  444. "assembly": "mscorlib"
  445. },
  446. {
  447. "typename": "System.Collections.Generic.Dictionary`2",
  448. "assembly": "mscorlib"
  449. },
  450. {
  451. "typename": "System.Collections.Generic.IEnumerable`1",
  452. "assembly": "mscorlib"
  453. },
  454. {
  455. "typename": "System.Collections.Generic.IEnumerator`1",
  456. "assembly": "mscorlib"
  457. },
  458. {
  459. "typename": "System.Collections.Generic.List`1",
  460. "assembly": "mscorlib"
  461. },
  462. {
  463. "typename": "System.Collections.Generic.List`1/Enumerator",
  464. "assembly": "mscorlib"
  465. },
  466. {
  467. "typename": "System.Collections.ICollection",
  468. "assembly": "mscorlib"
  469. },
  470. {
  471. "typename": "System.Collections.IDictionaryEnumerator",
  472. "assembly": "mscorlib"
  473. },
  474. {
  475. "typename": "System.Collections.IEnumerable",
  476. "assembly": "mscorlib"
  477. },
  478. {
  479. "typename": "System.Collections.IEnumerator",
  480. "assembly": "mscorlib"
  481. },
  482. {
  483. "typename": "System.Collections.IList",
  484. "assembly": "mscorlib"
  485. },
  486. {
  487. "typename": "System.Delegate",
  488. "assembly": "mscorlib"
  489. },
  490. {
  491. "typename": "System.Diagnostics.DebuggableAttribute",
  492. "assembly": "mscorlib"
  493. },
  494. {
  495. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  496. "assembly": "mscorlib"
  497. },
  498. {
  499. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  500. "assembly": "mscorlib"
  501. },
  502. {
  503. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  504. "assembly": "mscorlib"
  505. },
  506. {
  507. "typename": "System.Environment",
  508. "assembly": "mscorlib"
  509. },
  510. {
  511. "typename": "System.EventArgs",
  512. "assembly": "mscorlib"
  513. },
  514. {
  515. "typename": "System.EventHandler",
  516. "assembly": "mscorlib"
  517. },
  518. {
  519. "typename": "System.Globalization.CultureInfo",
  520. "assembly": "mscorlib"
  521. },
  522. {
  523. "typename": "System.IDisposable",
  524. "assembly": "mscorlib"
  525. },
  526. {
  527. "typename": "System.IO.MemoryStream",
  528. "assembly": "mscorlib"
  529. },
  530. {
  531. "typename": "System.IO.SeekOrigin",
  532. "assembly": "mscorlib"
  533. },
  534. {
  535. "typename": "System.IO.Stream",
  536. "assembly": "mscorlib"
  537. },
  538. {
  539. "typename": "System.IO.StreamReader",
  540. "assembly": "mscorlib"
  541. },
  542. {
  543. "typename": "System.IO.TextReader",
  544. "assembly": "mscorlib"
  545. },
  546. {
  547. "typename": "System.NotSupportedException",
  548. "assembly": "mscorlib"
  549. },
  550. {
  551. "typename": "System.Object",
  552. "assembly": "mscorlib"
  553. },
  554. {
  555. "typename": "System.Predicate`1",
  556. "assembly": "mscorlib"
  557. },
  558. {
  559. "typename": "System.Random",
  560. "assembly": "mscorlib"
  561. },
  562. {
  563. "typename": "System.Reflection.Assembly",
  564. "assembly": "mscorlib"
  565. },
  566. {
  567. "typename": "System.Reflection.AssemblyCompanyAttribute",
  568. "assembly": "mscorlib"
  569. },
  570. {
  571. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  572. "assembly": "mscorlib"
  573. },
  574. {
  575. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  576. "assembly": "mscorlib"
  577. },
  578. {
  579. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  580. "assembly": "mscorlib"
  581. },
  582. {
  583. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  584. "assembly": "mscorlib"
  585. },
  586. {
  587. "typename": "System.Reflection.AssemblyProductAttribute",
  588. "assembly": "mscorlib"
  589. },
  590. {
  591. "typename": "System.Reflection.AssemblyTitleAttribute",
  592. "assembly": "mscorlib"
  593. },
  594. {
  595. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  596. "assembly": "mscorlib"
  597. },
  598. {
  599. "typename": "System.Resources.ResourceManager",
  600. "assembly": "mscorlib"
  601. },
  602. {
  603. "typename": "System.Resources.ResourceSet",
  604. "assembly": "mscorlib"
  605. },
  606. {
  607. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  608. "assembly": "mscorlib"
  609. },
  610. {
  611. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  612. "assembly": "mscorlib"
  613. },
  614. {
  615. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  616. "assembly": "mscorlib"
  617. },
  618. {
  619. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  620. "assembly": "mscorlib"
  621. },
  622. {
  623. "typename": "System.Runtime.InteropServices.GuidAttribute",
  624. "assembly": "mscorlib"
  625. },
  626. {
  627. "typename": "System.RuntimeTypeHandle",
  628. "assembly": "mscorlib"
  629. },
  630. {
  631. "typename": "System.STAThreadAttribute",
  632. "assembly": "mscorlib"
  633. },
  634. {
  635. "typename": "System.Security.UnverifiableCodeAttribute",
  636. "assembly": "mscorlib"
  637. },
  638. {
  639. "typename": "System.Threading.Monitor",
  640. "assembly": "mscorlib"
  641. },
  642. {
  643. "typename": "System.Threading.Thread",
  644. "assembly": "mscorlib"
  645. },
  646. {
  647. "typename": "System.Threading.ThreadStart",
  648. "assembly": "mscorlib"
  649. },
  650. {
  651. "typename": "System.Type",
  652. "assembly": "mscorlib"
  653. }
  654. ]
  655. },
  656. "pe": {
  657. "peid_signatures": null,
  658. "imports": [
  659. {
  660. "imports": [
  661. {
  662. "name": "_CorExeMain",
  663. "address": "0x402000"
  664. }
  665. ],
  666. "dll": "mscoree.dll"
  667. }
  668. ],
  669. "digital_signers": null,
  670. "exported_dll_name": null,
  671. "actual_checksum": "0x0009eac2",
  672. "overlay": null,
  673. "imagebase": "0x00400000",
  674. "reported_checksum": "0x0009eac2",
  675. "icon_hash": null,
  676. "entrypoint": "0x0049febe",
  677. "timestamp": "2019-06-09 13:20:02",
  678. "osversion": "4.0",
  679. "sections": [
  680. {
  681. "name": ".text",
  682. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  683. "virtual_address": "0x00002000",
  684. "size_of_data": "0x0009e000",
  685. "entropy": "7.89",
  686. "raw_address": "0x00000200",
  687. "virtual_size": "0x0009dec4",
  688. "characteristics_raw": "0x60000020"
  689. },
  690. {
  691. "name": ".rsrc",
  692. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  693. "virtual_address": "0x000a0000",
  694. "size_of_data": "0x00000600",
  695. "entropy": "4.16",
  696. "raw_address": "0x0009e200",
  697. "virtual_size": "0x000005e0",
  698. "characteristics_raw": "0x40000040"
  699. },
  700. {
  701. "name": ".reloc",
  702. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  703. "virtual_address": "0x000a2000",
  704. "size_of_data": "0x00000200",
  705. "entropy": "0.10",
  706. "raw_address": "0x0009e800",
  707. "virtual_size": "0x0000000c",
  708. "characteristics_raw": "0x42000040"
  709. }
  710. ],
  711. "resources": [],
  712. "dirents": [
  713. {
  714. "virtual_address": "0x00000000",
  715. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  716. "size": "0x00000000"
  717. },
  718. {
  719. "virtual_address": "0x0009fe68",
  720. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  721. "size": "0x00000053"
  722. },
  723. {
  724. "virtual_address": "0x000a0000",
  725. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  726. "size": "0x000005e0"
  727. },
  728. {
  729. "virtual_address": "0x00000000",
  730. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  731. "size": "0x00000000"
  732. },
  733. {
  734. "virtual_address": "0x00000000",
  735. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  736. "size": "0x00000000"
  737. },
  738. {
  739. "virtual_address": "0x000a2000",
  740. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  741. "size": "0x0000000c"
  742. },
  743. {
  744. "virtual_address": "0x00000000",
  745. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  746. "size": "0x00000000"
  747. },
  748. {
  749. "virtual_address": "0x00000000",
  750. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  751. "size": "0x00000000"
  752. },
  753. {
  754. "virtual_address": "0x00000000",
  755. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  756. "size": "0x00000000"
  757. },
  758. {
  759. "virtual_address": "0x00000000",
  760. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  761. "size": "0x00000000"
  762. },
  763. {
  764. "virtual_address": "0x00000000",
  765. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  766. "size": "0x00000000"
  767. },
  768. {
  769. "virtual_address": "0x00000000",
  770. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  771. "size": "0x00000000"
  772. },
  773. {
  774. "virtual_address": "0x00002000",
  775. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  776. "size": "0x00000008"
  777. },
  778. {
  779. "virtual_address": "0x00000000",
  780. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  781. "size": "0x00000000"
  782. },
  783. {
  784. "virtual_address": "0x00002008",
  785. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  786. "size": "0x00000048"
  787. },
  788. {
  789. "virtual_address": "0x00000000",
  790. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  791. "size": "0x00000000"
  792. }
  793. ],
  794. "exports": [],
  795. "guest_signers": {},
  796. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  797. "icon_fuzzy": null,
  798. "icon": null,
  799. "pdbpath": null,
  800. "imported_dll_count": 1,
  801. "versioninfo": []
  802. }
  803. }
  804.  
  805. [*] Resolved APIs: [
  806. "advapi32.dll.RegOpenKeyExW",
  807. "advapi32.dll.RegQueryInfoKeyW",
  808. "advapi32.dll.RegEnumKeyExW",
  809. "advapi32.dll.RegEnumValueW",
  810. "advapi32.dll.RegCloseKey",
  811. "advapi32.dll.RegQueryValueExW",
  812. "kernel32.dll.QueryActCtxW",
  813. "shlwapi.dll.UrlIsW",
  814. "kernel32.dll.FlsAlloc",
  815. "kernel32.dll.FlsGetValue",
  816. "kernel32.dll.FlsSetValue",
  817. "kernel32.dll.FlsFree",
  818. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
  819. "kernel32.dll.IsProcessorFeaturePresent",
  820. "msvcrt.dll._set_error_mode",
  821. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
  822. "kernel32.dll.FindActCtxSectionStringW",
  823. "kernel32.dll.GetSystemWindowsDirectoryW",
  824. "mscoree.dll.GetProcessExecutableHeap",
  825. "mscorwks.dll._CorExeMain",
  826. "mscorwks.dll.GetCLRFunction",
  827. "advapi32.dll.RegisterTraceGuidsW",
  828. "advapi32.dll.UnregisterTraceGuids",
  829. "advapi32.dll.GetTraceLoggerHandle",
  830. "advapi32.dll.GetTraceEnableLevel",
  831. "advapi32.dll.GetTraceEnableFlags",
  832. "advapi32.dll.TraceEvent",
  833. "mscoree.dll.IEE",
  834. "mscorwks.dll.IEE",
  835. "mscoree.dll.GetStartupFlags",
  836. "mscoree.dll.GetHostConfigurationFile",
  837. "mscoree.dll.GetCORSystemDirectory",
  838. "ntdll.dll.RtlUnwind",
  839. "kernel32.dll.IsWow64Process",
  840. "advapi32.dll.AllocateAndInitializeSid",
  841. "advapi32.dll.OpenProcessToken",
  842. "advapi32.dll.GetTokenInformation",
  843. "advapi32.dll.InitializeAcl",
  844. "advapi32.dll.AddAccessAllowedAce",
  845. "advapi32.dll.FreeSid",
  846. "kernel32.dll.SetThreadStackGuarantee",
  847. "kernel32.dll.AddVectoredContinueHandler",
  848. "kernel32.dll.RemoveVectoredContinueHandler",
  849. "advapi32.dll.ConvertSidToStringSidW",
  850. "shell32.dll.SHGetFolderPathW",
  851. "kernel32.dll.FlushProcessWriteBuffers",
  852. "kernel32.dll.GetWriteWatch",
  853. "kernel32.dll.ResetWriteWatch",
  854. "kernel32.dll.CreateMemoryResourceNotification",
  855. "kernel32.dll.QueryMemoryResourceNotification",
  856. "ole32.dll.CoInitializeEx",
  857. "cryptbase.dll.SystemFunction036",
  858. "uxtheme.dll.ThemeInitApiHook",
  859. "user32.dll.IsProcessDPIAware",
  860. "ole32.dll.CoGetContextToken",
  861. "kernel32.dll.GetFullPathNameW",
  862. "kernel32.dll.GetVersionExW",
  863. "advapi32.dll.CryptAcquireContextA",
  864. "advapi32.dll.CryptReleaseContext",
  865. "advapi32.dll.CryptCreateHash",
  866. "advapi32.dll.CryptDestroyHash",
  867. "advapi32.dll.CryptHashData",
  868. "advapi32.dll.CryptGetHashParam",
  869. "advapi32.dll.CryptImportKey",
  870. "advapi32.dll.CryptExportKey",
  871. "advapi32.dll.CryptGenKey",
  872. "advapi32.dll.CryptGetKeyParam",
  873. "advapi32.dll.CryptDestroyKey",
  874. "advapi32.dll.CryptVerifySignatureA",
  875. "advapi32.dll.CryptSignHashA",
  876. "advapi32.dll.CryptGetProvParam",
  877. "advapi32.dll.CryptGetUserKey",
  878. "advapi32.dll.CryptEnumProvidersA",
  879. "mscoree.dll.GetMetaDataInternalInterface",
  880. "mscorwks.dll.GetMetaDataInternalInterface",
  881. "mscorjit.dll.getJit",
  882. "uxtheme.dll.IsAppThemed",
  883. "kernel32.dll.CreateActCtxA",
  884. "ole32.dll.CoTaskMemAlloc",
  885. "ole32.dll.CoTaskMemFree",
  886. "user32.dll.RegisterWindowMessageW",
  887. "user32.dll.GetSystemMetrics",
  888. "user32.dll.AdjustWindowRectEx",
  889. "kernel32.dll.GetCurrentProcess",
  890. "kernel32.dll.GetCurrentThread",
  891. "kernel32.dll.DuplicateHandle",
  892. "kernel32.dll.GetCurrentThreadId",
  893. "kernel32.dll.GetCurrentActCtx",
  894. "kernel32.dll.ActivateActCtx",
  895. "kernel32.dll.lstrlen",
  896. "kernel32.dll.lstrlenW",
  897. "kernel32.dll.GetModuleHandleW",
  898. "kernel32.dll.GetProcAddress",
  899. "user32.dll.DefWindowProcW",
  900. "gdi32.dll.GetStockObject",
  901. "kernel32.dll.GetUserDefaultUILanguage",
  902. "user32.dll.RegisterClassW",
  903. "user32.dll.CreateWindowExW",
  904. "user32.dll.SetWindowLongW",
  905. "user32.dll.GetWindowLongW",
  906. "user32.dll.CallWindowProcW",
  907. "user32.dll.GetClientRect",
  908. "user32.dll.GetWindowRect",
  909. "user32.dll.GetParent",
  910. "kernel32.dll.DeactivateActCtx",
  911. "kernel32.dll.GetSystemDefaultLCID",
  912. "gdi32.dll.GetObjectW",
  913. "user32.dll.GetDC",
  914. "kernel32.dll.GetCurrentProcessId",
  915. "kernel32.dll.FindAtomW",
  916. "kernel32.dll.AddAtomW",
  917. "mscoree.dll.LoadLibraryShim",
  918. "gdiplus.dll.GdiplusStartup",
  919. "user32.dll.GetWindowInfo",
  920. "user32.dll.GetAncestor",
  921. "user32.dll.GetMonitorInfoA",
  922. "user32.dll.EnumDisplayMonitors",
  923. "user32.dll.EnumDisplayDevicesA",
  924. "gdi32.dll.ExtTextOutW",
  925. "gdi32.dll.GdiIsMetaPrintDC",
  926. "gdiplus.dll.GdipCreateFontFromLogfontW",
  927. "kernel32.dll.RegOpenKeyExW",
  928. "kernel32.dll.RegQueryInfoKeyA",
  929. "kernel32.dll.RegCloseKey",
  930. "kernel32.dll.RegCreateKeyExW",
  931. "kernel32.dll.RegQueryValueExW",
  932. "kernel32.dll.RegEnumValueW",
  933. "kernel32.dll.RegQueryInfoKeyW",
  934. "mscoree.dll.ND_RI2",
  935. "mscoree.dll.ND_RU1",
  936. "gdiplus.dll.GdipGetFontUnit",
  937. "gdiplus.dll.GdipGetFontSize",
  938. "gdiplus.dll.GdipGetFontStyle",
  939. "gdiplus.dll.GdipGetFamily",
  940. "user32.dll.ReleaseDC",
  941. "gdiplus.dll.GdipCreateFromHDC",
  942. "gdiplus.dll.GdipGetDpiY",
  943. "gdiplus.dll.GdipGetFontHeight",
  944. "gdiplus.dll.GdipGetEmHeight",
  945. "gdiplus.dll.GdipGetLineSpacing",
  946. "gdiplus.dll.GdipDeleteGraphics",
  947. "gdiplus.dll.GdipCreateFont",
  948. "gdiplus.dll.GdipDeleteFont",
  949. "gdiplus.dll.GdipGetLogFontW",
  950. "mscoree.dll.ND_WU1",
  951. "gdi32.dll.CreateFontIndirectW",
  952. "user32.dll.GetProcessWindowStation",
  953. "user32.dll.GetUserObjectInformationA",
  954. "kernel32.dll.SetConsoleCtrlHandler",
  955. "user32.dll.GetClassInfoW",
  956. "user32.dll.GetSysColor",
  957. "gdi32.dll.CreateCompatibleDC",
  958. "gdi32.dll.SelectObject",
  959. "gdi32.dll.GetTextMetricsW",
  960. "gdi32.dll.GetTextExtentPoint32W",
  961. "gdi32.dll.DeleteDC",
  962. "dwmapi.dll.DwmIsCompositionEnabled",
  963. "user32.dll.SetWindowTextW",
  964. "kernel32.dll.GetStartupInfoW",
  965. "gdi32.dll.GetDeviceCaps",
  966. "user32.dll.CreateIconFromResourceEx",
  967. "user32.dll.SendMessageW",
  968. "gdi32.dll.GetLayout",
  969. "gdi32.dll.GdiRealizationInfo",
  970. "gdi32.dll.FontIsLinked",
  971. "gdi32.dll.GetTextFaceAliasW",
  972. "gdi32.dll.GetFontAssocStatus",
  973. "advapi32.dll.RegQueryValueExA",
  974. "user32.dll.GetSystemMenu",
  975. "user32.dll.GetWindowPlacement",
  976. "user32.dll.EnableMenuItem",
  977. "user32.dll.GetWindowTextLengthW",
  978. "user32.dll.GetWindowTextW",
  979. "user32.dll.SetWindowPos",
  980. "user32.dll.RedrawWindow",
  981. "user32.dll.ShowWindow",
  982. "comctl32.dll.InitCommonControlsEx",
  983. "uxtheme.dll.OpenThemeData",
  984. "uxtheme.dll.GetThemeBool",
  985. "uxtheme.dll.IsThemePartDefined",
  986. "comctl32.dll.RegisterClassNameW",
  987. "uxtheme.dll.GetThemeColor",
  988. "uxtheme.dll.GetThemeMargins",
  989. "uxtheme.dll.GetThemeFont",
  990. "user32.dll.GetWindow",
  991. "user32.dll.MapWindowPoints",
  992. "user32.dll.InvalidateRect",
  993. "imm32.dll.ImmIsIME",
  994. "uxtheme.dll.EnableThemeDialogTexture",
  995. "kernel32.dll.SwitchToThread",
  996. "ole32.dll.CoWaitForMultipleHandles",
  997. "ole32.dll.CoUninitialize",
  998. "sechost.dll.LookupAccountNameLocalW",
  999. "advapi32.dll.LookupAccountSidW",
  1000. "sechost.dll.LookupAccountSidLocalW",
  1001. "cryptsp.dll.CryptAcquireContextW",
  1002. "cryptsp.dll.CryptGenRandom",
  1003. "ole32.dll.NdrOleInitializeExtension",
  1004. "ole32.dll.CoGetClassObject",
  1005. "ole32.dll.CoGetMarshalSizeMax",
  1006. "ole32.dll.CoMarshalInterface",
  1007. "ole32.dll.CoUnmarshalInterface",
  1008. "ole32.dll.StringFromIID",
  1009. "ole32.dll.CoGetPSClsid",
  1010. "ole32.dll.CoCreateInstance",
  1011. "ole32.dll.CoReleaseMarshalData",
  1012. "ole32.dll.DcomChannelSetHResult",
  1013. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
  1014. "kernel32.dll.SetErrorMode",
  1015. "kernel32.dll.GetFileAttributesExW",
  1016. "culture.dll.ConvertLangIdToCultureName",
  1017. "kernel32.dll.GlobalMemoryStatusEx",
  1018. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
  1019. "kernel32.dll.CloseHandle",
  1020. "advapi32.dll.LookupPrivilegeValueW",
  1021. "advapi32.dll.AdjustTokenPrivileges",
  1022. "kernel32.dll.OpenProcess",
  1023. "psapi.dll.EnumProcessModules",
  1024. "psapi.dll.GetModuleInformation",
  1025. "psapi.dll.GetModuleBaseNameW",
  1026. "psapi.dll.GetModuleFileNameExW",
  1027. "kernel32.dll.GetExitCodeProcess",
  1028. "advapi32.dll.LookupPrivilegeValueA",
  1029. "advapi32.dll.GetKernelObjectSecurity",
  1030. "advapi32.dll.CreateWellKnownSid",
  1031. "advapi32.dll.SetKernelObjectSecurity",
  1032. "kernel32.dll.DeleteFileA",
  1033. "kernel32.dll.QueryPerformanceFrequency",
  1034. "kernel32.dll.QueryPerformanceCounter",
  1035. "shfolder.dll.SHGetFolderPathW",
  1036. "kernel32.dll.CreateDirectoryW",
  1037. "kernel32.dll.SetFileAttributesW",
  1038. "kernel32.dll.CopyFileW",
  1039. "advapi32.dll.RegSetValueExW",
  1040. "kernel32.dll.CreateProcessA",
  1041. "psapi.dll.EnumProcesses",
  1042. "kernel32.dll.GetThreadContext",
  1043. "kernel32.dll.ReadProcessMemory",
  1044. "kernel32.dll.VirtualAllocEx",
  1045. "kernel32.dll.WriteProcessMemory",
  1046. "kernel32.dll.SetThreadContext",
  1047. "kernel32.dll.ResumeThread",
  1048. "kernel32.dll.CreateFileW",
  1049. "kernel32.dll.GetFileType",
  1050. "kernel32.dll.GetFileSize",
  1051. "kernel32.dll.ReadFile",
  1052. "kernel32.dll.GetEnvironmentVariableW",
  1053. "kernel32.dll.LoadLibraryW",
  1054. "kernel32.dll.EnumResourceTypesW",
  1055. "kernel32.dll.EnumResourceNamesW",
  1056. "kernel32.dll.GetModuleFileNameW",
  1057. "kernel32.dll.RtlMoveMemory",
  1058. "kernel32.dll.FindResourceW",
  1059. "kernel32.dll.SizeofResource",
  1060. "kernel32.dll.LoadResource",
  1061. "kernel32.dll.LockResource",
  1062. "kernel32.dll.FreeLibrary",
  1063. "cryptsp.dll.CryptCreateHash",
  1064. "cryptsp.dll.CryptHashData",
  1065. "cryptsp.dll.CryptGetHashParam",
  1066. "cryptsp.dll.CryptDestroyHash",
  1067. "vssapi.dll.CreateWriter",
  1068. "oleaut32.dll.#6",
  1069. "oleaut32.dll.#2",
  1070. "advapi32.dll.LookupAccountNameW",
  1071. "samcli.dll.NetLocalGroupGetMembers",
  1072. "samlib.dll.SamConnect",
  1073. "rpcrt4.dll.NdrClientCall3",
  1074. "rpcrt4.dll.RpcStringBindingComposeW",
  1075. "rpcrt4.dll.RpcBindingFromStringBindingW",
  1076. "rpcrt4.dll.RpcStringFreeW",
  1077. "rpcrt4.dll.RpcBindingFree",
  1078. "samlib.dll.SamOpenDomain",
  1079. "samlib.dll.SamLookupNamesInDomain",
  1080. "samlib.dll.SamOpenAlias",
  1081. "samlib.dll.SamFreeMemory",
  1082. "samlib.dll.SamCloseHandle",
  1083. "samlib.dll.SamGetMembersInAlias",
  1084. "netutils.dll.NetApiBufferFree",
  1085. "ole32.dll.CoCreateGuid",
  1086. "ole32.dll.StringFromCLSID",
  1087. "oleaut32.dll.#4",
  1088. "oleaut32.dll.#7",
  1089. "propsys.dll.VariantToPropVariant",
  1090. "wbemcore.dll.Reinitialize",
  1091. "wbemsvc.dll.DllGetClassObject",
  1092. "wbemsvc.dll.DllCanUnloadNow",
  1093. "authz.dll.AuthzInitializeContextFromToken",
  1094. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
  1095. "authz.dll.AuthzAccessCheck",
  1096. "authz.dll.AuthzFreeAuditEvent",
  1097. "authz.dll.AuthzFreeContext",
  1098. "authz.dll.AuthzInitializeResourceManager",
  1099. "authz.dll.AuthzFreeResourceManager",
  1100. "rpcrt4.dll.RpcBindingCreateW",
  1101. "rpcrt4.dll.RpcBindingBind",
  1102. "rpcrt4.dll.I_RpcMapWin32Status",
  1103. "advapi32.dll.EventRegister",
  1104. "advapi32.dll.EventUnregister",
  1105. "advapi32.dll.EventWrite",
  1106. "kernel32.dll.RegSetValueExW",
  1107. "wmisvc.dll.IsImproperShutdownDetected",
  1108. "wevtapi.dll.EvtRender",
  1109. "wevtapi.dll.EvtNext",
  1110. "wevtapi.dll.EvtClose",
  1111. "wevtapi.dll.EvtQuery",
  1112. "wevtapi.dll.EvtCreateRenderContext",
  1113. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
  1114. "rpcrt4.dll.RpcBindingSetOption"
  1115. ]
  1116.  
  1117. [*] Static Analysis: {
  1118. "dotnet": {
  1119. "customattrs": null,
  1120. "assemblyinfo": {
  1121. "version": "1.0.0.0",
  1122. "name": "NpmTaskRunner"
  1123. },
  1124. "assemblyrefs": [
  1125. {
  1126. "version": "2.0.0.0",
  1127. "name": "mscorlib"
  1128. },
  1129. {
  1130. "version": "2.0.0.0",
  1131. "name": "System.Windows.Forms"
  1132. },
  1133. {
  1134. "version": "2.0.0.0",
  1135. "name": "System"
  1136. },
  1137. {
  1138. "version": "2.0.0.0",
  1139. "name": "System.Drawing"
  1140. }
  1141. ],
  1142. "typerefs": [
  1143. {
  1144. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  1145. "assembly": "System"
  1146. },
  1147. {
  1148. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  1149. "assembly": "System"
  1150. },
  1151. {
  1152. "typename": "System.ComponentModel.EditorBrowsableState",
  1153. "assembly": "System"
  1154. },
  1155. {
  1156. "typename": "System.ComponentModel.IContainer",
  1157. "assembly": "System"
  1158. },
  1159. {
  1160. "typename": "System.Configuration.ApplicationSettingsBase",
  1161. "assembly": "System"
  1162. },
  1163. {
  1164. "typename": "System.Configuration.SettingsBase",
  1165. "assembly": "System"
  1166. },
  1167. {
  1168. "typename": "System.Drawing.Point",
  1169. "assembly": "System.Drawing"
  1170. },
  1171. {
  1172. "typename": "System.Drawing.Size",
  1173. "assembly": "System.Drawing"
  1174. },
  1175. {
  1176. "typename": "System.Drawing.SizeF",
  1177. "assembly": "System.Drawing"
  1178. },
  1179. {
  1180. "typename": "System.Windows.Forms.Application",
  1181. "assembly": "System.Windows.Forms"
  1182. },
  1183. {
  1184. "typename": "System.Windows.Forms.AutoScaleMode",
  1185. "assembly": "System.Windows.Forms"
  1186. },
  1187. {
  1188. "typename": "System.Windows.Forms.Button",
  1189. "assembly": "System.Windows.Forms"
  1190. },
  1191. {
  1192. "typename": "System.Windows.Forms.ButtonBase",
  1193. "assembly": "System.Windows.Forms"
  1194. },
  1195. {
  1196. "typename": "System.Windows.Forms.CommonDialog",
  1197. "assembly": "System.Windows.Forms"
  1198. },
  1199. {
  1200. "typename": "System.Windows.Forms.ContainerControl",
  1201. "assembly": "System.Windows.Forms"
  1202. },
  1203. {
  1204. "typename": "System.Windows.Forms.Control",
  1205. "assembly": "System.Windows.Forms"
  1206. },
  1207. {
  1208. "typename": "System.Windows.Forms.Control/ControlCollection",
  1209. "assembly": "System.Windows.Forms"
  1210. },
  1211. {
  1212. "typename": "System.Windows.Forms.DialogResult",
  1213. "assembly": "System.Windows.Forms"
  1214. },
  1215. {
  1216. "typename": "System.Windows.Forms.FileDialog",
  1217. "assembly": "System.Windows.Forms"
  1218. },
  1219. {
  1220. "typename": "System.Windows.Forms.Form",
  1221. "assembly": "System.Windows.Forms"
  1222. },
  1223. {
  1224. "typename": "System.Windows.Forms.GroupBox",
  1225. "assembly": "System.Windows.Forms"
  1226. },
  1227. {
  1228. "typename": "System.Windows.Forms.ListView",
  1229. "assembly": "System.Windows.Forms"
  1230. },
  1231. {
  1232. "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
  1233. "assembly": "System.Windows.Forms"
  1234. },
  1235. {
  1236. "typename": "System.Windows.Forms.ListViewItem",
  1237. "assembly": "System.Windows.Forms"
  1238. },
  1239. {
  1240. "typename": "System.Windows.Forms.OpenFileDialog",
  1241. "assembly": "System.Windows.Forms"
  1242. },
  1243. {
  1244. "typename": "System.Windows.Forms.TextBox",
  1245. "assembly": "System.Windows.Forms"
  1246. },
  1247. {
  1248. "typename": "System.Action`1",
  1249. "assembly": "mscorlib"
  1250. },
  1251. {
  1252. "typename": "System.Activator",
  1253. "assembly": "mscorlib"
  1254. },
  1255. {
  1256. "typename": "System.ArgumentNullException",
  1257. "assembly": "mscorlib"
  1258. },
  1259. {
  1260. "typename": "System.Array",
  1261. "assembly": "mscorlib"
  1262. },
  1263. {
  1264. "typename": "System.Attribute",
  1265. "assembly": "mscorlib"
  1266. },
  1267. {
  1268. "typename": "System.BadImageFormatException",
  1269. "assembly": "mscorlib"
  1270. },
  1271. {
  1272. "typename": "System.Byte",
  1273. "assembly": "mscorlib"
  1274. },
  1275. {
  1276. "typename": "System.Collections.DictionaryEntry",
  1277. "assembly": "mscorlib"
  1278. },
  1279. {
  1280. "typename": "System.Collections.Generic.Dictionary`2",
  1281. "assembly": "mscorlib"
  1282. },
  1283. {
  1284. "typename": "System.Collections.Generic.IEnumerable`1",
  1285. "assembly": "mscorlib"
  1286. },
  1287. {
  1288. "typename": "System.Collections.Generic.IEnumerator`1",
  1289. "assembly": "mscorlib"
  1290. },
  1291. {
  1292. "typename": "System.Collections.Generic.List`1",
  1293. "assembly": "mscorlib"
  1294. },
  1295. {
  1296. "typename": "System.Collections.Generic.List`1/Enumerator",
  1297. "assembly": "mscorlib"
  1298. },
  1299. {
  1300. "typename": "System.Collections.ICollection",
  1301. "assembly": "mscorlib"
  1302. },
  1303. {
  1304. "typename": "System.Collections.IDictionaryEnumerator",
  1305. "assembly": "mscorlib"
  1306. },
  1307. {
  1308. "typename": "System.Collections.IEnumerable",
  1309. "assembly": "mscorlib"
  1310. },
  1311. {
  1312. "typename": "System.Collections.IEnumerator",
  1313. "assembly": "mscorlib"
  1314. },
  1315. {
  1316. "typename": "System.Collections.IList",
  1317. "assembly": "mscorlib"
  1318. },
  1319. {
  1320. "typename": "System.Delegate",
  1321. "assembly": "mscorlib"
  1322. },
  1323. {
  1324. "typename": "System.Diagnostics.DebuggableAttribute",
  1325. "assembly": "mscorlib"
  1326. },
  1327. {
  1328. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  1329. "assembly": "mscorlib"
  1330. },
  1331. {
  1332. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  1333. "assembly": "mscorlib"
  1334. },
  1335. {
  1336. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  1337. "assembly": "mscorlib"
  1338. },
  1339. {
  1340. "typename": "System.Environment",
  1341. "assembly": "mscorlib"
  1342. },
  1343. {
  1344. "typename": "System.EventArgs",
  1345. "assembly": "mscorlib"
  1346. },
  1347. {
  1348. "typename": "System.EventHandler",
  1349. "assembly": "mscorlib"
  1350. },
  1351. {
  1352. "typename": "System.Globalization.CultureInfo",
  1353. "assembly": "mscorlib"
  1354. },
  1355. {
  1356. "typename": "System.IDisposable",
  1357. "assembly": "mscorlib"
  1358. },
  1359. {
  1360. "typename": "System.IO.MemoryStream",
  1361. "assembly": "mscorlib"
  1362. },
  1363. {
  1364. "typename": "System.IO.SeekOrigin",
  1365. "assembly": "mscorlib"
  1366. },
  1367. {
  1368. "typename": "System.IO.Stream",
  1369. "assembly": "mscorlib"
  1370. },
  1371. {
  1372. "typename": "System.IO.StreamReader",
  1373. "assembly": "mscorlib"
  1374. },
  1375. {
  1376. "typename": "System.IO.TextReader",
  1377. "assembly": "mscorlib"
  1378. },
  1379. {
  1380. "typename": "System.NotSupportedException",
  1381. "assembly": "mscorlib"
  1382. },
  1383. {
  1384. "typename": "System.Object",
  1385. "assembly": "mscorlib"
  1386. },
  1387. {
  1388. "typename": "System.Predicate`1",
  1389. "assembly": "mscorlib"
  1390. },
  1391. {
  1392. "typename": "System.Random",
  1393. "assembly": "mscorlib"
  1394. },
  1395. {
  1396. "typename": "System.Reflection.Assembly",
  1397. "assembly": "mscorlib"
  1398. },
  1399. {
  1400. "typename": "System.Reflection.AssemblyCompanyAttribute",
  1401. "assembly": "mscorlib"
  1402. },
  1403. {
  1404. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  1405. "assembly": "mscorlib"
  1406. },
  1407. {
  1408. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  1409. "assembly": "mscorlib"
  1410. },
  1411. {
  1412. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  1413. "assembly": "mscorlib"
  1414. },
  1415. {
  1416. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  1417. "assembly": "mscorlib"
  1418. },
  1419. {
  1420. "typename": "System.Reflection.AssemblyProductAttribute",
  1421. "assembly": "mscorlib"
  1422. },
  1423. {
  1424. "typename": "System.Reflection.AssemblyTitleAttribute",
  1425. "assembly": "mscorlib"
  1426. },
  1427. {
  1428. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  1429. "assembly": "mscorlib"
  1430. },
  1431. {
  1432. "typename": "System.Resources.ResourceManager",
  1433. "assembly": "mscorlib"
  1434. },
  1435. {
  1436. "typename": "System.Resources.ResourceSet",
  1437. "assembly": "mscorlib"
  1438. },
  1439. {
  1440. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1441. "assembly": "mscorlib"
  1442. },
  1443. {
  1444. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1445. "assembly": "mscorlib"
  1446. },
  1447. {
  1448. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1449. "assembly": "mscorlib"
  1450. },
  1451. {
  1452. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1453. "assembly": "mscorlib"
  1454. },
  1455. {
  1456. "typename": "System.Runtime.InteropServices.GuidAttribute",
  1457. "assembly": "mscorlib"
  1458. },
  1459. {
  1460. "typename": "System.RuntimeTypeHandle",
  1461. "assembly": "mscorlib"
  1462. },
  1463. {
  1464. "typename": "System.STAThreadAttribute",
  1465. "assembly": "mscorlib"
  1466. },
  1467. {
  1468. "typename": "System.Security.UnverifiableCodeAttribute",
  1469. "assembly": "mscorlib"
  1470. },
  1471. {
  1472. "typename": "System.Threading.Monitor",
  1473. "assembly": "mscorlib"
  1474. },
  1475. {
  1476. "typename": "System.Threading.Thread",
  1477. "assembly": "mscorlib"
  1478. },
  1479. {
  1480. "typename": "System.Threading.ThreadStart",
  1481. "assembly": "mscorlib"
  1482. },
  1483. {
  1484. "typename": "System.Type",
  1485. "assembly": "mscorlib"
  1486. }
  1487. ]
  1488. },
  1489. "pe": {
  1490. "peid_signatures": null,
  1491. "imports": [
  1492. {
  1493. "imports": [
  1494. {
  1495. "name": "_CorExeMain",
  1496. "address": "0x402000"
  1497. }
  1498. ],
  1499. "dll": "mscoree.dll"
  1500. }
  1501. ],
  1502. "digital_signers": null,
  1503. "exported_dll_name": null,
  1504. "actual_checksum": "0x0009eac2",
  1505. "overlay": null,
  1506. "imagebase": "0x00400000",
  1507. "reported_checksum": "0x0009eac2",
  1508. "icon_hash": null,
  1509. "entrypoint": "0x0049febe",
  1510. "timestamp": "2019-06-09 13:20:02",
  1511. "osversion": "4.0",
  1512. "sections": [
  1513. {
  1514. "name": ".text",
  1515. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1516. "virtual_address": "0x00002000",
  1517. "size_of_data": "0x0009e000",
  1518. "entropy": "7.89",
  1519. "raw_address": "0x00000200",
  1520. "virtual_size": "0x0009dec4",
  1521. "characteristics_raw": "0x60000020"
  1522. },
  1523. {
  1524. "name": ".rsrc",
  1525. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1526. "virtual_address": "0x000a0000",
  1527. "size_of_data": "0x00000600",
  1528. "entropy": "4.16",
  1529. "raw_address": "0x0009e200",
  1530. "virtual_size": "0x000005e0",
  1531. "characteristics_raw": "0x40000040"
  1532. },
  1533. {
  1534. "name": ".reloc",
  1535. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1536. "virtual_address": "0x000a2000",
  1537. "size_of_data": "0x00000200",
  1538. "entropy": "0.10",
  1539. "raw_address": "0x0009e800",
  1540. "virtual_size": "0x0000000c",
  1541. "characteristics_raw": "0x42000040"
  1542. }
  1543. ],
  1544. "resources": [],
  1545. "dirents": [
  1546. {
  1547. "virtual_address": "0x00000000",
  1548. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1549. "size": "0x00000000"
  1550. },
  1551. {
  1552. "virtual_address": "0x0009fe68",
  1553. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1554. "size": "0x00000053"
  1555. },
  1556. {
  1557. "virtual_address": "0x000a0000",
  1558. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1559. "size": "0x000005e0"
  1560. },
  1561. {
  1562. "virtual_address": "0x00000000",
  1563. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1564. "size": "0x00000000"
  1565. },
  1566. {
  1567. "virtual_address": "0x00000000",
  1568. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1569. "size": "0x00000000"
  1570. },
  1571. {
  1572. "virtual_address": "0x000a2000",
  1573. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1574. "size": "0x0000000c"
  1575. },
  1576. {
  1577. "virtual_address": "0x00000000",
  1578. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1579. "size": "0x00000000"
  1580. },
  1581. {
  1582. "virtual_address": "0x00000000",
  1583. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1584. "size": "0x00000000"
  1585. },
  1586. {
  1587. "virtual_address": "0x00000000",
  1588. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1589. "size": "0x00000000"
  1590. },
  1591. {
  1592. "virtual_address": "0x00000000",
  1593. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1594. "size": "0x00000000"
  1595. },
  1596. {
  1597. "virtual_address": "0x00000000",
  1598. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1599. "size": "0x00000000"
  1600. },
  1601. {
  1602. "virtual_address": "0x00000000",
  1603. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1604. "size": "0x00000000"
  1605. },
  1606. {
  1607. "virtual_address": "0x00002000",
  1608. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1609. "size": "0x00000008"
  1610. },
  1611. {
  1612. "virtual_address": "0x00000000",
  1613. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1614. "size": "0x00000000"
  1615. },
  1616. {
  1617. "virtual_address": "0x00002008",
  1618. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1619. "size": "0x00000048"
  1620. },
  1621. {
  1622. "virtual_address": "0x00000000",
  1623. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1624. "size": "0x00000000"
  1625. }
  1626. ],
  1627. "exports": [],
  1628. "guest_signers": {},
  1629. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1630. "icon_fuzzy": null,
  1631. "icon": null,
  1632. "pdbpath": null,
  1633. "imported_dll_count": 1,
  1634. "versioninfo": []
  1635. }
  1636. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!