Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Malicious"
- [*] MalScore: 10.0
- [*] File Name: "Exes_94bb3406.exe"
- [*] File Size: 649728
- [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
- [*] SHA256: "6dfaf59e3589a3b89789410c647f32ac899342e2b1314cb171357af07e1fb5af"
- [*] MD5: "7b82bae2fe9386bfb5c49243400df954"
- [*] SHA1: "f484ebedd8e68097bdcfe11373c958280e70d28b"
- [*] SHA512: "75e7fc908a5ab75192508819d455f4a70514d25edab6b571d9c9104f90c02f58eb09db6850186d13db12eb8fc7271886cae48297739777291a36b948298e16a5"
- [*] CRC32: "94BB3406"
- [*] SSDEEP: "12288:baSWtWx21Tr9tfrAOVZPBTzZrgMWa5eE3e9Ifnol5UUS/go22I/yr:iWxK9VUmZZZjuaneWUjD"
- [*] Process Execution: [
- "Exes_94bb3406.exe",
- "Exes_94bb3406.exe",
- "svchost.exe",
- "svchost.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "Exes_94bb3406.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .text, entropy: 7.89, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0009e000, virtual_size: 0x0009dec4"
- }
- ]
- },
- {
- "Description": "Attempts to remove evidence of file being downloaded from the Internet",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe:Zone.Identifier"
- }
- ]
- },
- {
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details": [
- {
- "Injection": "Exes_94bb3406.exe(2500) -> Exes_94bb3406.exe(2572)"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
- },
- {
- "data": "\"C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe\",explorer.exe"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe"
- }
- ]
- },
- {
- "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "GData": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Kaspersky": "HEUR:Trojan.MSIL.APosT.gen"
- },
- {
- "BitDefender": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Avast": "FileRepMetagen [Malware]"
- },
- {
- "Endgame": "malicious (moderate confidence)"
- },
- {
- "F-Secure": "Heuristic.HEUR/AGEN.1035809"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.jc"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "FireEye": "Generic.mg.7b82bae2fe9386bf"
- },
- {
- "Emsisoft": "Gen:Variant.MSILPerseus.189870 (B)"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "ESET-NOD32": "a variant of MSIL/Kryptik.QME"
- },
- {
- "Avira": "HEUR/AGEN.1035809"
- },
- {
- "Arcabit": "Trojan.MSILPerseus.D2E5AE"
- },
- {
- "ZoneAlarm": "HEUR:Trojan.MSIL.APosT.gen"
- },
- {
- "Microsoft": "Trojan:Win32/Fuerboos.C!cl"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "MAX": "malware (ai score=81)"
- },
- {
- "Ad-Aware": "Gen:Variant.MSILPerseus.189870"
- },
- {
- "Rising": "Trojan.Generic!8.C3 (TFE:dGZlOgxah/GKu8UsRQ)"
- },
- {
- "Webroot": "W32.Trojan.Gen"
- },
- {
- "AVG": "FileRepMetagen [Malware]"
- },
- {
- "Cybereason": "malicious.dd8e68"
- },
- {
- "Panda": "Trj/GdSda.A"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (D)"
- },
- {
- "Qihoo-360": "HEUR/QVM03.0.D6A1.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe\""
- ]
- [*] Mutexes: [
- "Global\\CLR_PerfMon_WrapMutex",
- "Global\\CLR_CASOFF_MUTEX"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
- "C:\\Users\\user\\AppData\\Roaming\\Z426sPaOxdzsYJQ6\\ITImek3mS6pQ.exe",
- "\\??\\PIPE\\samr",
- "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_94bb3406.exe:Zone.Identifier"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "1.0.0.0",
- "name": "NpmTaskRunner"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- }
- ],
- "typerefs": [
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.IContainer",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.ApplicationSettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.SettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Point",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.SizeF",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.AutoScaleMode",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Button",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ButtonBase",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.CommonDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ContainerControl",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control/ControlCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.DialogResult",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.FileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Form",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.GroupBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListViewItem",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.OpenFileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.TextBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Action`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentNullException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Array",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Attribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.BadImageFormatException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.DictionaryEntry",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerable`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerator`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.ICollection",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IDictionaryEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IList",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Delegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventArgs",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventHandler",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.MemoryStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.SeekOrigin",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Stream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.StreamReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.TextReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.NotSupportedException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Predicate`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Random",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCompanyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyConfigurationAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCopyrightAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyDescriptionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyFileVersionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyProductAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTitleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTrademarkAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceSet",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.GuidAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.UnverifiableCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Thread",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.ThreadStart",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0009eac2",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0009eac2",
- "icon_hash": null,
- "entrypoint": "0x0049febe",
- "timestamp": "2019-06-09 13:20:02",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x0009e000",
- "entropy": "7.89",
- "raw_address": "0x00000200",
- "virtual_size": "0x0009dec4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000a0000",
- "size_of_data": "0x00000600",
- "entropy": "4.16",
- "raw_address": "0x0009e200",
- "virtual_size": "0x000005e0",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000a2000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x0009e800",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0009fe68",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000053"
- },
- {
- "virtual_address": "0x000a0000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000005e0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000a2000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "kernel32.dll.QueryActCtxW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.IsProcessorFeaturePresent",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll._CorExeMain",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.UnregisterTraceGuids",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "shell32.dll.SHGetFolderPathW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "ole32.dll.CoInitializeEx",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "ole32.dll.CoGetContextToken",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.GetVersionExW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "mscoree.dll.GetMetaDataInternalInterface",
- "mscorwks.dll.GetMetaDataInternalInterface",
- "mscorjit.dll.getJit",
- "uxtheme.dll.IsAppThemed",
- "kernel32.dll.CreateActCtxA",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "user32.dll.RegisterWindowMessageW",
- "user32.dll.GetSystemMetrics",
- "user32.dll.AdjustWindowRectEx",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.DuplicateHandle",
- "kernel32.dll.GetCurrentThreadId",
- "kernel32.dll.GetCurrentActCtx",
- "kernel32.dll.ActivateActCtx",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.GetProcAddress",
- "user32.dll.DefWindowProcW",
- "gdi32.dll.GetStockObject",
- "kernel32.dll.GetUserDefaultUILanguage",
- "user32.dll.RegisterClassW",
- "user32.dll.CreateWindowExW",
- "user32.dll.SetWindowLongW",
- "user32.dll.GetWindowLongW",
- "user32.dll.CallWindowProcW",
- "user32.dll.GetClientRect",
- "user32.dll.GetWindowRect",
- "user32.dll.GetParent",
- "kernel32.dll.DeactivateActCtx",
- "kernel32.dll.GetSystemDefaultLCID",
- "gdi32.dll.GetObjectW",
- "user32.dll.GetDC",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.FindAtomW",
- "kernel32.dll.AddAtomW",
- "mscoree.dll.LoadLibraryShim",
- "gdiplus.dll.GdiplusStartup",
- "user32.dll.GetWindowInfo",
- "user32.dll.GetAncestor",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.EnumDisplayDevicesA",
- "gdi32.dll.ExtTextOutW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "gdiplus.dll.GdipCreateFontFromLogfontW",
- "kernel32.dll.RegOpenKeyExW",
- "kernel32.dll.RegQueryInfoKeyA",
- "kernel32.dll.RegCloseKey",
- "kernel32.dll.RegCreateKeyExW",
- "kernel32.dll.RegQueryValueExW",
- "kernel32.dll.RegEnumValueW",
- "kernel32.dll.RegQueryInfoKeyW",
- "mscoree.dll.ND_RI2",
- "mscoree.dll.ND_RU1",
- "gdiplus.dll.GdipGetFontUnit",
- "gdiplus.dll.GdipGetFontSize",
- "gdiplus.dll.GdipGetFontStyle",
- "gdiplus.dll.GdipGetFamily",
- "user32.dll.ReleaseDC",
- "gdiplus.dll.GdipCreateFromHDC",
- "gdiplus.dll.GdipGetDpiY",
- "gdiplus.dll.GdipGetFontHeight",
- "gdiplus.dll.GdipGetEmHeight",
- "gdiplus.dll.GdipGetLineSpacing",
- "gdiplus.dll.GdipDeleteGraphics",
- "gdiplus.dll.GdipCreateFont",
- "gdiplus.dll.GdipDeleteFont",
- "gdiplus.dll.GdipGetLogFontW",
- "mscoree.dll.ND_WU1",
- "gdi32.dll.CreateFontIndirectW",
- "user32.dll.GetProcessWindowStation",
- "user32.dll.GetUserObjectInformationA",
- "kernel32.dll.SetConsoleCtrlHandler",
- "user32.dll.GetClassInfoW",
- "user32.dll.GetSysColor",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.SelectObject",
- "gdi32.dll.GetTextMetricsW",
- "gdi32.dll.GetTextExtentPoint32W",
- "gdi32.dll.DeleteDC",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "user32.dll.SetWindowTextW",
- "kernel32.dll.GetStartupInfoW",
- "gdi32.dll.GetDeviceCaps",
- "user32.dll.CreateIconFromResourceEx",
- "user32.dll.SendMessageW",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "gdi32.dll.GetTextFaceAliasW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "user32.dll.GetSystemMenu",
- "user32.dll.GetWindowPlacement",
- "user32.dll.EnableMenuItem",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.GetWindowTextW",
- "user32.dll.SetWindowPos",
- "user32.dll.RedrawWindow",
- "user32.dll.ShowWindow",
- "comctl32.dll.InitCommonControlsEx",
- "uxtheme.dll.OpenThemeData",
- "uxtheme.dll.GetThemeBool",
- "uxtheme.dll.IsThemePartDefined",
- "comctl32.dll.RegisterClassNameW",
- "uxtheme.dll.GetThemeColor",
- "uxtheme.dll.GetThemeMargins",
- "uxtheme.dll.GetThemeFont",
- "user32.dll.GetWindow",
- "user32.dll.MapWindowPoints",
- "user32.dll.InvalidateRect",
- "imm32.dll.ImmIsIME",
- "uxtheme.dll.EnableThemeDialogTexture",
- "kernel32.dll.SwitchToThread",
- "ole32.dll.CoWaitForMultipleHandles",
- "ole32.dll.CoUninitialize",
- "sechost.dll.LookupAccountNameLocalW",
- "advapi32.dll.LookupAccountSidW",
- "sechost.dll.LookupAccountSidLocalW",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "culture.dll.ConvertLangIdToCultureName",
- "kernel32.dll.GlobalMemoryStatusEx",
- "bcrypt.dll.BCryptGetFipsAlgorithmMode",
- "kernel32.dll.CloseHandle",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "kernel32.dll.OpenProcess",
- "psapi.dll.EnumProcessModules",
- "psapi.dll.GetModuleInformation",
- "psapi.dll.GetModuleBaseNameW",
- "psapi.dll.GetModuleFileNameExW",
- "kernel32.dll.GetExitCodeProcess",
- "advapi32.dll.LookupPrivilegeValueA",
- "advapi32.dll.GetKernelObjectSecurity",
- "advapi32.dll.CreateWellKnownSid",
- "advapi32.dll.SetKernelObjectSecurity",
- "kernel32.dll.DeleteFileA",
- "kernel32.dll.QueryPerformanceFrequency",
- "kernel32.dll.QueryPerformanceCounter",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.CreateDirectoryW",
- "kernel32.dll.SetFileAttributesW",
- "kernel32.dll.CopyFileW",
- "advapi32.dll.RegSetValueExW",
- "kernel32.dll.CreateProcessA",
- "psapi.dll.EnumProcesses",
- "kernel32.dll.GetThreadContext",
- "kernel32.dll.ReadProcessMemory",
- "kernel32.dll.VirtualAllocEx",
- "kernel32.dll.WriteProcessMemory",
- "kernel32.dll.SetThreadContext",
- "kernel32.dll.ResumeThread",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetFileType",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.ReadFile",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.LoadLibraryW",
- "kernel32.dll.EnumResourceTypesW",
- "kernel32.dll.EnumResourceNamesW",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.RtlMoveMemory",
- "kernel32.dll.FindResourceW",
- "kernel32.dll.SizeofResource",
- "kernel32.dll.LoadResource",
- "kernel32.dll.LockResource",
- "kernel32.dll.FreeLibrary",
- "cryptsp.dll.CryptCreateHash",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptDestroyHash",
- "vssapi.dll.CreateWriter",
- "oleaut32.dll.#6",
- "oleaut32.dll.#2",
- "advapi32.dll.LookupAccountNameW",
- "samcli.dll.NetLocalGroupGetMembers",
- "samlib.dll.SamConnect",
- "rpcrt4.dll.NdrClientCall3",
- "rpcrt4.dll.RpcStringBindingComposeW",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcStringFreeW",
- "rpcrt4.dll.RpcBindingFree",
- "samlib.dll.SamOpenDomain",
- "samlib.dll.SamLookupNamesInDomain",
- "samlib.dll.SamOpenAlias",
- "samlib.dll.SamFreeMemory",
- "samlib.dll.SamCloseHandle",
- "samlib.dll.SamGetMembersInAlias",
- "netutils.dll.NetApiBufferFree",
- "ole32.dll.CoCreateGuid",
- "ole32.dll.StringFromCLSID",
- "oleaut32.dll.#4",
- "oleaut32.dll.#7",
- "propsys.dll.VariantToPropVariant",
- "wbemcore.dll.Reinitialize",
- "wbemsvc.dll.DllGetClassObject",
- "wbemsvc.dll.DllCanUnloadNow",
- "authz.dll.AuthzInitializeContextFromToken",
- "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
- "authz.dll.AuthzAccessCheck",
- "authz.dll.AuthzFreeAuditEvent",
- "authz.dll.AuthzFreeContext",
- "authz.dll.AuthzInitializeResourceManager",
- "authz.dll.AuthzFreeResourceManager",
- "rpcrt4.dll.RpcBindingCreateW",
- "rpcrt4.dll.RpcBindingBind",
- "rpcrt4.dll.I_RpcMapWin32Status",
- "advapi32.dll.EventRegister",
- "advapi32.dll.EventUnregister",
- "advapi32.dll.EventWrite",
- "kernel32.dll.RegSetValueExW",
- "wmisvc.dll.IsImproperShutdownDetected",
- "wevtapi.dll.EvtRender",
- "wevtapi.dll.EvtNext",
- "wevtapi.dll.EvtClose",
- "wevtapi.dll.EvtQuery",
- "wevtapi.dll.EvtCreateRenderContext",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.RpcBindingSetOption"
- ]
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "1.0.0.0",
- "name": "NpmTaskRunner"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- }
- ],
- "typerefs": [
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.IContainer",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.ApplicationSettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.SettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Point",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.SizeF",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.AutoScaleMode",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Button",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ButtonBase",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.CommonDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ContainerControl",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control/ControlCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.DialogResult",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.FileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Form",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.GroupBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ListViewItem",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.OpenFileDialog",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.TextBox",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Action`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentNullException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Array",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Attribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.BadImageFormatException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.DictionaryEntry",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.Dictionary`2",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerable`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.IEnumerator`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1/Enumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.ICollection",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IDictionaryEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IEnumerator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.IList",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Delegate",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Environment",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventArgs",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventHandler",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.MemoryStream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.SeekOrigin",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.Stream",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.StreamReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IO.TextReader",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.NotSupportedException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Predicate`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Random",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCompanyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyConfigurationAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCopyrightAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyDescriptionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyFileVersionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyProductAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTitleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTrademarkAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceSet",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.GuidAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.UnverifiableCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Thread",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.ThreadStart",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0009eac2",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0009eac2",
- "icon_hash": null,
- "entrypoint": "0x0049febe",
- "timestamp": "2019-06-09 13:20:02",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x0009e000",
- "entropy": "7.89",
- "raw_address": "0x00000200",
- "virtual_size": "0x0009dec4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000a0000",
- "size_of_data": "0x00000600",
- "entropy": "4.16",
- "raw_address": "0x0009e200",
- "virtual_size": "0x000005e0",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000a2000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x0009e800",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0009fe68",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000053"
- },
- {
- "virtual_address": "0x000a0000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000005e0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000a2000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement