joel_exe.json

1.  
2. [*] MalFamily: "Malicious"
3.  
4. [*] MalScore: 5.3
5.  
6. [*] File Name: "joel.exe"
7. [*] File Size: 338272
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive"
9. [*] SHA256: "9534524f48021e31f90508029f74de03acec92238f0b32bc6566c2efc4d1328b"
10. [*] MD5: "9a9a0c697bcb4522331c9be1c82b629c"
11. [*] SHA1: "495c53cf4b67f27300fb0acebe7d3d2d60a6ffde"
12. [*] SHA512: "4a020bceaa37c4cf86414de9b1e80f9ca7f2de19ed08dbc09754381fe795db71213a14a8c49e3d028ac90604a19477007cf7f3cd669949aea432d42eca159584"
13. [*] CRC32: "7EDDDD3F"
14. [*] SSDEEP: "6144:r56Z2Cuc64g1BtQW71cKTUADARX7HY+bFHyBoWOVvc+GiRznjeIifXRoR:044g1QWRTUCARM+bJ7WOFBtjzifo"
15.  
16. [*] Process Execution: []
17.  
18. [*] Signatures Detected: [
19. {
20. "Description": "File has been identified by 8 Antiviruses on VirusTotal as malicious",
21. "Details": [
22. {
23. "Bkav": "HW32.Packed."
24. },
25. {
26. "FireEye": "Generic.mg.9a9a0c697bcb4522"
27. },
28. {
29. "APEX": "Malicious"
30. },
31. {
32. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.fc"
33. },
34. {
35. "Malwarebytes": "Trojan.Injector"
36. },
37. {
38. "Cybereason": "malicious.f4b67f"
39. },
40. {
41. "CrowdStrike": "win/malicious_confidence_70% (W)"
42. },
43. {
44. "Qihoo-360": "HEUR/QVM20.1.011E.Malware.Gen"
45. }
46. ]
47. },
48. {
49. "Description": "Performs some HTTP requests",
50. "Details": [
51. {
52. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
53. },
54. {
55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
56. },
57. {
58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
59. }
60. ]
61. },
62. {
63. "Description": "Installs itself for autorun at Windows startup",
64. "Details": [
65. {
66. "file": "C:\\Windows\\win.ini"
67. }
68. ]
69. }
70. ]
71.  
72. [*] Started Service: []
73.  
74. [*] Executed Commands: []
75.  
76. [*] Mutexes: []
77.  
78. [*] Modified Files: []
79.  
80. [*] Deleted Files: []
81.  
82. [*] Modified Registry Keys: []
83.  
84. [*] Deleted Registry Keys: []
85.  
86. [*] DNS Communications: []
87.  
88. [*] Domains: []
89.  
90. [*] Network Communication - ICMP: []
91.  
92. [*] Network Communication - HTTP: [
93. {
94. "count": 1,
95. "body": "",
96. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
97. "user-agent": "Microsoft-CryptoAPI/6.1",
98. "method": "GET",
99. "host": "ocsp.digicert.com",
100. "version": "1.1",
101. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
102. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
103. "port": 80
104. },
105. {
106. "count": 1,
107. "body": "",
108. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
109. "user-agent": "Microsoft-CryptoAPI/6.1",
110. "method": "GET",
111. "host": "ocsp.digicert.com",
112. "version": "1.1",
113. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
114. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
115. "port": 80
116. },
117. {
118. "count": 1,
119. "body": "",
120. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
121. "user-agent": "Microsoft-CryptoAPI/6.1",
122. "method": "GET",
123. "host": "ocsp.digicert.com",
124. "version": "1.1",
125. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
126. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
127. "port": 80
128. }
129. ]
130.  
131. [*] Network Communication - SMTP: []
132.  
133. [*] Network Communication - Hosts: []
134.  
135. [*] Network Communication - IRC: []
136.  
137. [*] Static Analysis: {
138. "pe": {
139. "peid_signatures": null,
140. "imports": [
141. {
142. "imports": [
143. {
144. "name": "SetEnvironmentVariableA",
145. "address": "0x408070"
146. },
147. {
148. "name": "CreateFileA",
149. "address": "0x408074"
150. },
151. {
152. "name": "GetFileSize",
153. "address": "0x408078"
154. },
155. {
156. "name": "GetModuleFileNameA",
157. "address": "0x40807c"
158. },
159. {
160. "name": "ReadFile",
161. "address": "0x408080"
162. },
163. {
164. "name": "GetCurrentProcess",
165. "address": "0x408084"
166. },
167. {
168. "name": "CopyFileA",
169. "address": "0x408088"
170. },
171. {
172. "name": "Sleep",
173. "address": "0x40808c"
174. },
175. {
176. "name": "GetTickCount",
177. "address": "0x408090"
178. },
179. {
180. "name": "GetWindowsDirectoryA",
181. "address": "0x408094"
182. },
183. {
184. "name": "GetTempPathA",
185. "address": "0x408098"
186. },
187. {
188. "name": "GetCommandLineA",
189. "address": "0x40809c"
190. },
191. {
192. "name": "lstrlenA",
193. "address": "0x4080a0"
194. },
195. {
196. "name": "GetVersion",
197. "address": "0x4080a4"
198. },
199. {
200. "name": "SetErrorMode",
201. "address": "0x4080a8"
202. },
203. {
204. "name": "lstrcpynA",
205. "address": "0x4080ac"
206. },
207. {
208. "name": "ExitProcess",
209. "address": "0x4080b0"
210. },
211. {
212. "name": "SetCurrentDirectoryA",
213. "address": "0x4080b4"
214. },
215. {
216. "name": "GlobalLock",
217. "address": "0x4080b8"
218. },
219. {
220. "name": "CreateThread",
221. "address": "0x4080bc"
222. },
223. {
224. "name": "GetLastError",
225. "address": "0x4080c0"
226. },
227. {
228. "name": "CreateDirectoryA",
229. "address": "0x4080c4"
230. },
231. {
232. "name": "CreateProcessA",
233. "address": "0x4080c8"
234. },
235. {
236. "name": "RemoveDirectoryA",
237. "address": "0x4080cc"
238. },
239. {
240. "name": "GetTempFileNameA",
241. "address": "0x4080d0"
242. },
243. {
244. "name": "WriteFile",
245. "address": "0x4080d4"
246. },
247. {
248. "name": "lstrcpyA",
249. "address": "0x4080d8"
250. },
251. {
252. "name": "MoveFileExA",
253. "address": "0x4080dc"
254. },
255. {
256. "name": "lstrcatA",
257. "address": "0x4080e0"
258. },
259. {
260. "name": "GetSystemDirectoryA",
261. "address": "0x4080e4"
262. },
263. {
264. "name": "GetProcAddress",
265. "address": "0x4080e8"
266. },
267. {
268. "name": "GetExitCodeProcess",
269. "address": "0x4080ec"
270. },
271. {
272. "name": "WaitForSingleObject",
273. "address": "0x4080f0"
274. },
275. {
276. "name": "CompareFileTime",
277. "address": "0x4080f4"
278. },
279. {
280. "name": "SetFileAttributesA",
281. "address": "0x4080f8"
282. },
283. {
284. "name": "GetFileAttributesA",
285. "address": "0x4080fc"
286. },
287. {
288. "name": "GetShortPathNameA",
289. "address": "0x408100"
290. },
291. {
292. "name": "MoveFileA",
293. "address": "0x408104"
294. },
295. {
296. "name": "GetFullPathNameA",
297. "address": "0x408108"
298. },
299. {
300. "name": "SetFileTime",
301. "address": "0x40810c"
302. },
303. {
304. "name": "SearchPathA",
305. "address": "0x408110"
306. },
307. {
308. "name": "CloseHandle",
309. "address": "0x408114"
310. },
311. {
312. "name": "lstrcmpiA",
313. "address": "0x408118"
314. },
315. {
316. "name": "GlobalUnlock",
317. "address": "0x40811c"
318. },
319. {
320. "name": "GetDiskFreeSpaceA",
321. "address": "0x408120"
322. },
323. {
324. "name": "lstrcmpA",
325. "address": "0x408124"
326. },
327. {
328. "name": "FindFirstFileA",
329. "address": "0x408128"
330. },
331. {
332. "name": "FindNextFileA",
333. "address": "0x40812c"
334. },
335. {
336. "name": "DeleteFileA",
337. "address": "0x408130"
338. },
339. {
340. "name": "SetFilePointer",
341. "address": "0x408134"
342. },
343. {
344. "name": "GetPrivateProfileStringA",
345. "address": "0x408138"
346. },
347. {
348. "name": "FindClose",
349. "address": "0x40813c"
350. },
351. {
352. "name": "MultiByteToWideChar",
353. "address": "0x408140"
354. },
355. {
356. "name": "FreeLibrary",
357. "address": "0x408144"
358. },
359. {
360. "name": "MulDiv",
361. "address": "0x408148"
362. },
363. {
364. "name": "WritePrivateProfileStringA",
365. "address": "0x40814c"
366. },
367. {
368. "name": "LoadLibraryExA",
369. "address": "0x408150"
370. },
371. {
372. "name": "GetModuleHandleA",
373. "address": "0x408154"
374. },
375. {
376. "name": "GlobalAlloc",
377. "address": "0x408158"
378. },
379. {
380. "name": "GlobalFree",
381. "address": "0x40815c"
382. },
383. {
384. "name": "ExpandEnvironmentStringsA",
385. "address": "0x408160"
386. }
387. ],
388. "dll": "KERNEL32.dll"
389. },
390. {
391. "imports": [
392. {
393. "name": "ScreenToClient",
394. "address": "0x408184"
395. },
396. {
397. "name": "GetSystemMenu",
398. "address": "0x408188"
399. },
400. {
401. "name": "SetClassLongA",
402. "address": "0x40818c"
403. },
404. {
405. "name": "IsWindowEnabled",
406. "address": "0x408190"
407. },
408. {
409. "name": "SetWindowPos",
410. "address": "0x408194"
411. },
412. {
413. "name": "GetSysColor",
414. "address": "0x408198"
415. },
416. {
417. "name": "GetWindowLongA",
418. "address": "0x40819c"
419. },
420. {
421. "name": "SetCursor",
422. "address": "0x4081a0"
423. },
424. {
425. "name": "LoadCursorA",
426. "address": "0x4081a4"
427. },
428. {
429. "name": "CheckDlgButton",
430. "address": "0x4081a8"
431. },
432. {
433. "name": "GetMessagePos",
434. "address": "0x4081ac"
435. },
436. {
437. "name": "LoadBitmapA",
438. "address": "0x4081b0"
439. },
440. {
441. "name": "CallWindowProcA",
442. "address": "0x4081b4"
443. },
444. {
445. "name": "IsWindowVisible",
446. "address": "0x4081b8"
447. },
448. {
449. "name": "CloseClipboard",
450. "address": "0x4081bc"
451. },
452. {
453. "name": "SetClipboardData",
454. "address": "0x4081c0"
455. },
456. {
457. "name": "EmptyClipboard",
458. "address": "0x4081c4"
459. },
460. {
461. "name": "PostQuitMessage",
462. "address": "0x4081c8"
463. },
464. {
465. "name": "GetWindowRect",
466. "address": "0x4081cc"
467. },
468. {
469. "name": "EnableMenuItem",
470. "address": "0x4081d0"
471. },
472. {
473. "name": "CreatePopupMenu",
474. "address": "0x4081d4"
475. },
476. {
477. "name": "GetSystemMetrics",
478. "address": "0x4081d8"
479. },
480. {
481. "name": "SetDlgItemTextA",
482. "address": "0x4081dc"
483. },
484. {
485. "name": "GetDlgItemTextA",
486. "address": "0x4081e0"
487. },
488. {
489. "name": "MessageBoxIndirectA",
490. "address": "0x4081e4"
491. },
492. {
493. "name": "CharPrevA",
494. "address": "0x4081e8"
495. },
496. {
497. "name": "DispatchMessageA",
498. "address": "0x4081ec"
499. },
500. {
501. "name": "PeekMessageA",
502. "address": "0x4081f0"
503. },
504. {
505. "name": "ReleaseDC",
506. "address": "0x4081f4"
507. },
508. {
509. "name": "EnableWindow",
510. "address": "0x4081f8"
511. },
512. {
513. "name": "InvalidateRect",
514. "address": "0x4081fc"
515. },
516. {
517. "name": "SendMessageA",
518. "address": "0x408200"
519. },
520. {
521. "name": "DefWindowProcA",
522. "address": "0x408204"
523. },
524. {
525. "name": "BeginPaint",
526. "address": "0x408208"
527. },
528. {
529. "name": "GetClientRect",
530. "address": "0x40820c"
531. },
532. {
533. "name": "FillRect",
534. "address": "0x408210"
535. },
536. {
537. "name": "DrawTextA",
538. "address": "0x408214"
539. },
540. {
541. "name": "EndDialog",
542. "address": "0x408218"
543. },
544. {
545. "name": "RegisterClassA",
546. "address": "0x40821c"
547. },
548. {
549. "name": "SystemParametersInfoA",
550. "address": "0x408220"
551. },
552. {
553. "name": "CreateWindowExA",
554. "address": "0x408224"
555. },
556. {
557. "name": "GetClassInfoA",
558. "address": "0x408228"
559. },
560. {
561. "name": "DialogBoxParamA",
562. "address": "0x40822c"
563. },
564. {
565. "name": "CharNextA",
566. "address": "0x408230"
567. },
568. {
569. "name": "ExitWindowsEx",
570. "address": "0x408234"
571. },
572. {
573. "name": "GetDC",
574. "address": "0x408238"
575. },
576. {
577. "name": "CreateDialogParamA",
578. "address": "0x40823c"
579. },
580. {
581. "name": "SetTimer",
582. "address": "0x408240"
583. },
584. {
585. "name": "GetDlgItem",
586. "address": "0x408244"
587. },
588. {
589. "name": "SetWindowLongA",
590. "address": "0x408248"
591. },
592. {
593. "name": "SetForegroundWindow",
594. "address": "0x40824c"
595. },
596. {
597. "name": "LoadImageA",
598. "address": "0x408250"
599. },
600. {
601. "name": "IsWindow",
602. "address": "0x408254"
603. },
604. {
605. "name": "SendMessageTimeoutA",
606. "address": "0x408258"
607. },
608. {
609. "name": "FindWindowExA",
610. "address": "0x40825c"
611. },
612. {
613. "name": "OpenClipboard",
614. "address": "0x408260"
615. },
616. {
617. "name": "TrackPopupMenu",
618. "address": "0x408264"
619. },
620. {
621. "name": "AppendMenuA",
622. "address": "0x408268"
623. },
624. {
625. "name": "EndPaint",
626. "address": "0x40826c"
627. },
628. {
629. "name": "DestroyWindow",
630. "address": "0x408270"
631. },
632. {
633. "name": "wsprintfA",
634. "address": "0x408274"
635. },
636. {
637. "name": "ShowWindow",
638. "address": "0x408278"
639. },
640. {
641. "name": "SetWindowTextA",
642. "address": "0x40827c"
643. }
644. ],
645. "dll": "USER32.dll"
646. },
647. {
648. "imports": [
649. {
650. "name": "SelectObject",
651. "address": "0x40804c"
652. },
653. {
654. "name": "SetBkMode",
655. "address": "0x408050"
656. },
657. {
658. "name": "CreateFontIndirectA",
659. "address": "0x408054"
660. },
661. {
662. "name": "SetTextColor",
663. "address": "0x408058"
664. },
665. {
666. "name": "DeleteObject",
667. "address": "0x40805c"
668. },
669. {
670. "name": "GetDeviceCaps",
671. "address": "0x408060"
672. },
673. {
674. "name": "CreateBrushIndirect",
675. "address": "0x408064"
676. },
677. {
678. "name": "SetBkColor",
679. "address": "0x408068"
680. }
681. ],
682. "dll": "GDI32.dll"
683. },
684. {
685. "imports": [
686. {
687. "name": "SHGetSpecialFolderLocation",
688. "address": "0x408168"
689. },
690. {
691. "name": "ShellExecuteExA",
692. "address": "0x40816c"
693. },
694. {
695. "name": "SHGetPathFromIDListA",
696. "address": "0x408170"
697. },
698. {
699. "name": "SHBrowseForFolderA",
700. "address": "0x408174"
701. },
702. {
703. "name": "SHGetFileInfoA",
704. "address": "0x408178"
705. },
706. {
707. "name": "SHFileOperationA",
708. "address": "0x40817c"
709. }
710. ],
711. "dll": "SHELL32.dll"
712. },
713. {
714. "imports": [
715. {
716. "name": "AdjustTokenPrivileges",
717. "address": "0x408000"
718. },
719. {
720. "name": "RegCreateKeyExA",
721. "address": "0x408004"
722. },
723. {
724. "name": "RegOpenKeyExA",
725. "address": "0x408008"
726. },
727. {
728. "name": "SetFileSecurityA",
729. "address": "0x40800c"
730. },
731. {
732. "name": "OpenProcessToken",
733. "address": "0x408010"
734. },
735. {
736. "name": "LookupPrivilegeValueA",
737. "address": "0x408014"
738. },
739. {
740. "name": "RegEnumValueA",
741. "address": "0x408018"
742. },
743. {
744. "name": "RegDeleteKeyA",
745. "address": "0x40801c"
746. },
747. {
748. "name": "RegDeleteValueA",
749. "address": "0x408020"
750. },
751. {
752. "name": "RegCloseKey",
753. "address": "0x408024"
754. },
755. {
756. "name": "RegSetValueExA",
757. "address": "0x408028"
758. },
759. {
760. "name": "RegQueryValueExA",
761. "address": "0x40802c"
762. },
763. {
764. "name": "RegEnumKeyA",
765. "address": "0x408030"
766. }
767. ],
768. "dll": "ADVAPI32.dll"
769. },
770. {
771. "imports": [
772. {
773. "name": "ImageList_Create",
774. "address": "0x408038"
775. },
776. {
777. "name": "ImageList_AddMasked",
778. "address": "0x40803c"
779. },
780. {
781. "name": "ImageList_Destroy",
782. "address": "0x408040"
783. },
784. {
785. "name": null,
786. "address": "0x408044"
787. }
788. ],
789. "dll": "COMCTL32.dll"
790. },
791. {
792. "imports": [
793. {
794. "name": "OleUninitialize",
795. "address": "0x408284"
796. },
797. {
798. "name": "OleInitialize",
799. "address": "0x408288"
800. },
801. {
802. "name": "CoTaskMemFree",
803. "address": "0x40828c"
804. },
805. {
806. "name": "CoCreateInstance",
807. "address": "0x408290"
808. }
809. ],
810. "dll": "ole32.dll"
811. }
812. ],
813. "digital_signers": null,
814. "exported_dll_name": null,
815. "actual_checksum": "0x00056d56",
816. "overlay": {
817. "size": "0x00049d60",
818. "offset": "0x00008c00"
819. },
820. "imagebase": "0x00400000",
821. "reported_checksum": "0x00000000",
822. "icon_hash": null,
823. "entrypoint": "0x00403328",
824. "timestamp": "2018-12-15 22:24:32",
825. "osversion": "4.0",
826. "sections": [
827. {
828. "name": ".text",
829. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
830. "virtual_address": "0x00001000",
831. "size_of_data": "0x00006200",
832. "entropy": "6.40",
833. "raw_address": "0x00000400",
834. "virtual_size": "0x00006077",
835. "characteristics_raw": "0x60000020"
836. },
837. {
838. "name": ".rdata",
839. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
840. "virtual_address": "0x00008000",
841. "size_of_data": "0x00001400",
842. "entropy": "5.04",
843. "raw_address": "0x00006600",
844. "virtual_size": "0x00001250",
845. "characteristics_raw": "0x40000040"
846. },
847. {
848. "name": ".data",
849. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
850. "virtual_address": "0x0000a000",
851. "size_of_data": "0x00000400",
852. "entropy": "5.22",
853. "raw_address": "0x00007a00",
854. "virtual_size": "0x0001a838",
855. "characteristics_raw": "0xc0000040"
856. },
857. {
858. "name": ".ndata",
859. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
860. "virtual_address": "0x00025000",
861. "size_of_data": "0x00000000",
862. "entropy": "0.00",
863. "raw_address": "0x00000000",
864. "virtual_size": "0x00008000",
865. "characteristics_raw": "0xc0000080"
866. },
867. {
868. "name": ".rsrc",
869. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
870. "virtual_address": "0x0002d000",
871. "size_of_data": "0x00000e00",
872. "entropy": "4.13",
873. "raw_address": "0x00007e00",
874. "virtual_size": "0x00000cb0",
875. "characteristics_raw": "0x40000040"
876. }
877. ],
878. "resources": [],
879. "dirents": [
880. {
881. "virtual_address": "0x00000000",
882. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
883. "size": "0x00000000"
884. },
885. {
886. "virtual_address": "0x00008430",
887. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
888. "size": "0x000000a0"
889. },
890. {
891. "virtual_address": "0x0002d000",
892. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
893. "size": "0x00000cb0"
894. },
895. {
896. "virtual_address": "0x00000000",
897. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
898. "size": "0x00000000"
899. },
900. {
901. "virtual_address": "0x00000000",
902. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
903. "size": "0x00000000"
904. },
905. {
906. "virtual_address": "0x00000000",
907. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
908. "size": "0x00000000"
909. },
910. {
911. "virtual_address": "0x00000000",
912. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
913. "size": "0x00000000"
914. },
915. {
916. "virtual_address": "0x00000000",
917. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
918. "size": "0x00000000"
919. },
920. {
921. "virtual_address": "0x00000000",
922. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
923. "size": "0x00000000"
924. },
925. {
926. "virtual_address": "0x00000000",
927. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
928. "size": "0x00000000"
929. },
930. {
931. "virtual_address": "0x00000000",
932. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
933. "size": "0x00000000"
934. },
935. {
936. "virtual_address": "0x00000000",
937. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
938. "size": "0x00000000"
939. },
940. {
941. "virtual_address": "0x00008000",
942. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
943. "size": "0x00000298"
944. },
945. {
946. "virtual_address": "0x00000000",
947. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
948. "size": "0x00000000"
949. },
950. {
951. "virtual_address": "0x00000000",
952. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
953. "size": "0x00000000"
954. },
955. {
956. "virtual_address": "0x00000000",
957. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
958. "size": "0x00000000"
959. }
960. ],
961. "exports": [],
962. "guest_signers": {},
963. "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
964. "icon_fuzzy": null,
965. "icon": null,
966. "pdbpath": null,
967. "imported_dll_count": 7,
968. "versioninfo": []
969. }
970. }
971.  
972. [*] Resolved APIs: []
973.  
974. [*] Static Analysis: {
975. "pe": {
976. "peid_signatures": null,
977. "imports": [
978. {
979. "imports": [
980. {
981. "name": "SetEnvironmentVariableA",
982. "address": "0x408070"
983. },
984. {
985. "name": "CreateFileA",
986. "address": "0x408074"
987. },
988. {
989. "name": "GetFileSize",
990. "address": "0x408078"
991. },
992. {
993. "name": "GetModuleFileNameA",
994. "address": "0x40807c"
995. },
996. {
997. "name": "ReadFile",
998. "address": "0x408080"
999. },
1000. {
1001. "name": "GetCurrentProcess",
1002. "address": "0x408084"
1003. },
1004. {
1005. "name": "CopyFileA",
1006. "address": "0x408088"
1007. },
1008. {
1009. "name": "Sleep",
1010. "address": "0x40808c"
1011. },
1012. {
1013. "name": "GetTickCount",
1014. "address": "0x408090"
1015. },
1016. {
1017. "name": "GetWindowsDirectoryA",
1018. "address": "0x408094"
1019. },
1020. {
1021. "name": "GetTempPathA",
1022. "address": "0x408098"
1023. },
1024. {
1025. "name": "GetCommandLineA",
1026. "address": "0x40809c"
1027. },
1028. {
1029. "name": "lstrlenA",
1030. "address": "0x4080a0"
1031. },
1032. {
1033. "name": "GetVersion",
1034. "address": "0x4080a4"
1035. },
1036. {
1037. "name": "SetErrorMode",
1038. "address": "0x4080a8"
1039. },
1040. {
1041. "name": "lstrcpynA",
1042. "address": "0x4080ac"
1043. },
1044. {
1045. "name": "ExitProcess",
1046. "address": "0x4080b0"
1047. },
1048. {
1049. "name": "SetCurrentDirectoryA",
1050. "address": "0x4080b4"
1051. },
1052. {
1053. "name": "GlobalLock",
1054. "address": "0x4080b8"
1055. },
1056. {
1057. "name": "CreateThread",
1058. "address": "0x4080bc"
1059. },
1060. {
1061. "name": "GetLastError",
1062. "address": "0x4080c0"
1063. },
1064. {
1065. "name": "CreateDirectoryA",
1066. "address": "0x4080c4"
1067. },
1068. {
1069. "name": "CreateProcessA",
1070. "address": "0x4080c8"
1071. },
1072. {
1073. "name": "RemoveDirectoryA",
1074. "address": "0x4080cc"
1075. },
1076. {
1077. "name": "GetTempFileNameA",
1078. "address": "0x4080d0"
1079. },
1080. {
1081. "name": "WriteFile",
1082. "address": "0x4080d4"
1083. },
1084. {
1085. "name": "lstrcpyA",
1086. "address": "0x4080d8"
1087. },
1088. {
1089. "name": "MoveFileExA",
1090. "address": "0x4080dc"
1091. },
1092. {
1093. "name": "lstrcatA",
1094. "address": "0x4080e0"
1095. },
1096. {
1097. "name": "GetSystemDirectoryA",
1098. "address": "0x4080e4"
1099. },
1100. {
1101. "name": "GetProcAddress",
1102. "address": "0x4080e8"
1103. },
1104. {
1105. "name": "GetExitCodeProcess",
1106. "address": "0x4080ec"
1107. },
1108. {
1109. "name": "WaitForSingleObject",
1110. "address": "0x4080f0"
1111. },
1112. {
1113. "name": "CompareFileTime",
1114. "address": "0x4080f4"
1115. },
1116. {
1117. "name": "SetFileAttributesA",
1118. "address": "0x4080f8"
1119. },
1120. {
1121. "name": "GetFileAttributesA",
1122. "address": "0x4080fc"
1123. },
1124. {
1125. "name": "GetShortPathNameA",
1126. "address": "0x408100"
1127. },
1128. {
1129. "name": "MoveFileA",
1130. "address": "0x408104"
1131. },
1132. {
1133. "name": "GetFullPathNameA",
1134. "address": "0x408108"
1135. },
1136. {
1137. "name": "SetFileTime",
1138. "address": "0x40810c"
1139. },
1140. {
1141. "name": "SearchPathA",
1142. "address": "0x408110"
1143. },
1144. {
1145. "name": "CloseHandle",
1146. "address": "0x408114"
1147. },
1148. {
1149. "name": "lstrcmpiA",
1150. "address": "0x408118"
1151. },
1152. {
1153. "name": "GlobalUnlock",
1154. "address": "0x40811c"
1155. },
1156. {
1157. "name": "GetDiskFreeSpaceA",
1158. "address": "0x408120"
1159. },
1160. {
1161. "name": "lstrcmpA",
1162. "address": "0x408124"
1163. },
1164. {
1165. "name": "FindFirstFileA",
1166. "address": "0x408128"
1167. },
1168. {
1169. "name": "FindNextFileA",
1170. "address": "0x40812c"
1171. },
1172. {
1173. "name": "DeleteFileA",
1174. "address": "0x408130"
1175. },
1176. {
1177. "name": "SetFilePointer",
1178. "address": "0x408134"
1179. },
1180. {
1181. "name": "GetPrivateProfileStringA",
1182. "address": "0x408138"
1183. },
1184. {
1185. "name": "FindClose",
1186. "address": "0x40813c"
1187. },
1188. {
1189. "name": "MultiByteToWideChar",
1190. "address": "0x408140"
1191. },
1192. {
1193. "name": "FreeLibrary",
1194. "address": "0x408144"
1195. },
1196. {
1197. "name": "MulDiv",
1198. "address": "0x408148"
1199. },
1200. {
1201. "name": "WritePrivateProfileStringA",
1202. "address": "0x40814c"
1203. },
1204. {
1205. "name": "LoadLibraryExA",
1206. "address": "0x408150"
1207. },
1208. {
1209. "name": "GetModuleHandleA",
1210. "address": "0x408154"
1211. },
1212. {
1213. "name": "GlobalAlloc",
1214. "address": "0x408158"
1215. },
1216. {
1217. "name": "GlobalFree",
1218. "address": "0x40815c"
1219. },
1220. {
1221. "name": "ExpandEnvironmentStringsA",
1222. "address": "0x408160"
1223. }
1224. ],
1225. "dll": "KERNEL32.dll"
1226. },
1227. {
1228. "imports": [
1229. {
1230. "name": "ScreenToClient",
1231. "address": "0x408184"
1232. },
1233. {
1234. "name": "GetSystemMenu",
1235. "address": "0x408188"
1236. },
1237. {
1238. "name": "SetClassLongA",
1239. "address": "0x40818c"
1240. },
1241. {
1242. "name": "IsWindowEnabled",
1243. "address": "0x408190"
1244. },
1245. {
1246. "name": "SetWindowPos",
1247. "address": "0x408194"
1248. },
1249. {
1250. "name": "GetSysColor",
1251. "address": "0x408198"
1252. },
1253. {
1254. "name": "GetWindowLongA",
1255. "address": "0x40819c"
1256. },
1257. {
1258. "name": "SetCursor",
1259. "address": "0x4081a0"
1260. },
1261. {
1262. "name": "LoadCursorA",
1263. "address": "0x4081a4"
1264. },
1265. {
1266. "name": "CheckDlgButton",
1267. "address": "0x4081a8"
1268. },
1269. {
1270. "name": "GetMessagePos",
1271. "address": "0x4081ac"
1272. },
1273. {
1274. "name": "LoadBitmapA",
1275. "address": "0x4081b0"
1276. },
1277. {
1278. "name": "CallWindowProcA",
1279. "address": "0x4081b4"
1280. },
1281. {
1282. "name": "IsWindowVisible",
1283. "address": "0x4081b8"
1284. },
1285. {
1286. "name": "CloseClipboard",
1287. "address": "0x4081bc"
1288. },
1289. {
1290. "name": "SetClipboardData",
1291. "address": "0x4081c0"
1292. },
1293. {
1294. "name": "EmptyClipboard",
1295. "address": "0x4081c4"
1296. },
1297. {
1298. "name": "PostQuitMessage",
1299. "address": "0x4081c8"
1300. },
1301. {
1302. "name": "GetWindowRect",
1303. "address": "0x4081cc"
1304. },
1305. {
1306. "name": "EnableMenuItem",
1307. "address": "0x4081d0"
1308. },
1309. {
1310. "name": "CreatePopupMenu",
1311. "address": "0x4081d4"
1312. },
1313. {
1314. "name": "GetSystemMetrics",
1315. "address": "0x4081d8"
1316. },
1317. {
1318. "name": "SetDlgItemTextA",
1319. "address": "0x4081dc"
1320. },
1321. {
1322. "name": "GetDlgItemTextA",
1323. "address": "0x4081e0"
1324. },
1325. {
1326. "name": "MessageBoxIndirectA",
1327. "address": "0x4081e4"
1328. },
1329. {
1330. "name": "CharPrevA",
1331. "address": "0x4081e8"
1332. },
1333. {
1334. "name": "DispatchMessageA",
1335. "address": "0x4081ec"
1336. },
1337. {
1338. "name": "PeekMessageA",
1339. "address": "0x4081f0"
1340. },
1341. {
1342. "name": "ReleaseDC",
1343. "address": "0x4081f4"
1344. },
1345. {
1346. "name": "EnableWindow",
1347. "address": "0x4081f8"
1348. },
1349. {
1350. "name": "InvalidateRect",
1351. "address": "0x4081fc"
1352. },
1353. {
1354. "name": "SendMessageA",
1355. "address": "0x408200"
1356. },
1357. {
1358. "name": "DefWindowProcA",
1359. "address": "0x408204"
1360. },
1361. {
1362. "name": "BeginPaint",
1363. "address": "0x408208"
1364. },
1365. {
1366. "name": "GetClientRect",
1367. "address": "0x40820c"
1368. },
1369. {
1370. "name": "FillRect",
1371. "address": "0x408210"
1372. },
1373. {
1374. "name": "DrawTextA",
1375. "address": "0x408214"
1376. },
1377. {
1378. "name": "EndDialog",
1379. "address": "0x408218"
1380. },
1381. {
1382. "name": "RegisterClassA",
1383. "address": "0x40821c"
1384. },
1385. {
1386. "name": "SystemParametersInfoA",
1387. "address": "0x408220"
1388. },
1389. {
1390. "name": "CreateWindowExA",
1391. "address": "0x408224"
1392. },
1393. {
1394. "name": "GetClassInfoA",
1395. "address": "0x408228"
1396. },
1397. {
1398. "name": "DialogBoxParamA",
1399. "address": "0x40822c"
1400. },
1401. {
1402. "name": "CharNextA",
1403. "address": "0x408230"
1404. },
1405. {
1406. "name": "ExitWindowsEx",
1407. "address": "0x408234"
1408. },
1409. {
1410. "name": "GetDC",
1411. "address": "0x408238"
1412. },
1413. {
1414. "name": "CreateDialogParamA",
1415. "address": "0x40823c"
1416. },
1417. {
1418. "name": "SetTimer",
1419. "address": "0x408240"
1420. },
1421. {
1422. "name": "GetDlgItem",
1423. "address": "0x408244"
1424. },
1425. {
1426. "name": "SetWindowLongA",
1427. "address": "0x408248"
1428. },
1429. {
1430. "name": "SetForegroundWindow",
1431. "address": "0x40824c"
1432. },
1433. {
1434. "name": "LoadImageA",
1435. "address": "0x408250"
1436. },
1437. {
1438. "name": "IsWindow",
1439. "address": "0x408254"
1440. },
1441. {
1442. "name": "SendMessageTimeoutA",
1443. "address": "0x408258"
1444. },
1445. {
1446. "name": "FindWindowExA",
1447. "address": "0x40825c"
1448. },
1449. {
1450. "name": "OpenClipboard",
1451. "address": "0x408260"
1452. },
1453. {
1454. "name": "TrackPopupMenu",
1455. "address": "0x408264"
1456. },
1457. {
1458. "name": "AppendMenuA",
1459. "address": "0x408268"
1460. },
1461. {
1462. "name": "EndPaint",
1463. "address": "0x40826c"
1464. },
1465. {
1466. "name": "DestroyWindow",
1467. "address": "0x408270"
1468. },
1469. {
1470. "name": "wsprintfA",
1471. "address": "0x408274"
1472. },
1473. {
1474. "name": "ShowWindow",
1475. "address": "0x408278"
1476. },
1477. {
1478. "name": "SetWindowTextA",
1479. "address": "0x40827c"
1480. }
1481. ],
1482. "dll": "USER32.dll"
1483. },
1484. {
1485. "imports": [
1486. {
1487. "name": "SelectObject",
1488. "address": "0x40804c"
1489. },
1490. {
1491. "name": "SetBkMode",
1492. "address": "0x408050"
1493. },
1494. {
1495. "name": "CreateFontIndirectA",
1496. "address": "0x408054"
1497. },
1498. {
1499. "name": "SetTextColor",
1500. "address": "0x408058"
1501. },
1502. {
1503. "name": "DeleteObject",
1504. "address": "0x40805c"
1505. },
1506. {
1507. "name": "GetDeviceCaps",
1508. "address": "0x408060"
1509. },
1510. {
1511. "name": "CreateBrushIndirect",
1512. "address": "0x408064"
1513. },
1514. {
1515. "name": "SetBkColor",
1516. "address": "0x408068"
1517. }
1518. ],
1519. "dll": "GDI32.dll"
1520. },
1521. {
1522. "imports": [
1523. {
1524. "name": "SHGetSpecialFolderLocation",
1525. "address": "0x408168"
1526. },
1527. {
1528. "name": "ShellExecuteExA",
1529. "address": "0x40816c"
1530. },
1531. {
1532. "name": "SHGetPathFromIDListA",
1533. "address": "0x408170"
1534. },
1535. {
1536. "name": "SHBrowseForFolderA",
1537. "address": "0x408174"
1538. },
1539. {
1540. "name": "SHGetFileInfoA",
1541. "address": "0x408178"
1542. },
1543. {
1544. "name": "SHFileOperationA",
1545. "address": "0x40817c"
1546. }
1547. ],
1548. "dll": "SHELL32.dll"
1549. },
1550. {
1551. "imports": [
1552. {
1553. "name": "AdjustTokenPrivileges",
1554. "address": "0x408000"
1555. },
1556. {
1557. "name": "RegCreateKeyExA",
1558. "address": "0x408004"
1559. },
1560. {
1561. "name": "RegOpenKeyExA",
1562. "address": "0x408008"
1563. },
1564. {
1565. "name": "SetFileSecurityA",
1566. "address": "0x40800c"
1567. },
1568. {
1569. "name": "OpenProcessToken",
1570. "address": "0x408010"
1571. },
1572. {
1573. "name": "LookupPrivilegeValueA",
1574. "address": "0x408014"
1575. },
1576. {
1577. "name": "RegEnumValueA",
1578. "address": "0x408018"
1579. },
1580. {
1581. "name": "RegDeleteKeyA",
1582. "address": "0x40801c"
1583. },
1584. {
1585. "name": "RegDeleteValueA",
1586. "address": "0x408020"
1587. },
1588. {
1589. "name": "RegCloseKey",
1590. "address": "0x408024"
1591. },
1592. {
1593. "name": "RegSetValueExA",
1594. "address": "0x408028"
1595. },
1596. {
1597. "name": "RegQueryValueExA",
1598. "address": "0x40802c"
1599. },
1600. {
1601. "name": "RegEnumKeyA",
1602. "address": "0x408030"
1603. }
1604. ],
1605. "dll": "ADVAPI32.dll"
1606. },
1607. {
1608. "imports": [
1609. {
1610. "name": "ImageList_Create",
1611. "address": "0x408038"
1612. },
1613. {
1614. "name": "ImageList_AddMasked",
1615. "address": "0x40803c"
1616. },
1617. {
1618. "name": "ImageList_Destroy",
1619. "address": "0x408040"
1620. },
1621. {
1622. "name": null,
1623. "address": "0x408044"
1624. }
1625. ],
1626. "dll": "COMCTL32.dll"
1627. },
1628. {
1629. "imports": [
1630. {
1631. "name": "OleUninitialize",
1632. "address": "0x408284"
1633. },
1634. {
1635. "name": "OleInitialize",
1636. "address": "0x408288"
1637. },
1638. {
1639. "name": "CoTaskMemFree",
1640. "address": "0x40828c"
1641. },
1642. {
1643. "name": "CoCreateInstance",
1644. "address": "0x408290"
1645. }
1646. ],
1647. "dll": "ole32.dll"
1648. }
1649. ],
1650. "digital_signers": null,
1651. "exported_dll_name": null,
1652. "actual_checksum": "0x00056d56",
1653. "overlay": {
1654. "size": "0x00049d60",
1655. "offset": "0x00008c00"
1656. },
1657. "imagebase": "0x00400000",
1658. "reported_checksum": "0x00000000",
1659. "icon_hash": null,
1660. "entrypoint": "0x00403328",
1661. "timestamp": "2018-12-15 22:24:32",
1662. "osversion": "4.0",
1663. "sections": [
1664. {
1665. "name": ".text",
1666. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1667. "virtual_address": "0x00001000",
1668. "size_of_data": "0x00006200",
1669. "entropy": "6.40",
1670. "raw_address": "0x00000400",
1671. "virtual_size": "0x00006077",
1672. "characteristics_raw": "0x60000020"
1673. },
1674. {
1675. "name": ".rdata",
1676. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1677. "virtual_address": "0x00008000",
1678. "size_of_data": "0x00001400",
1679. "entropy": "5.04",
1680. "raw_address": "0x00006600",
1681. "virtual_size": "0x00001250",
1682. "characteristics_raw": "0x40000040"
1683. },
1684. {
1685. "name": ".data",
1686. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1687. "virtual_address": "0x0000a000",
1688. "size_of_data": "0x00000400",
1689. "entropy": "5.22",
1690. "raw_address": "0x00007a00",
1691. "virtual_size": "0x0001a838",
1692. "characteristics_raw": "0xc0000040"
1693. },
1694. {
1695. "name": ".ndata",
1696. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1697. "virtual_address": "0x00025000",
1698. "size_of_data": "0x00000000",
1699. "entropy": "0.00",
1700. "raw_address": "0x00000000",
1701. "virtual_size": "0x00008000",
1702. "characteristics_raw": "0xc0000080"
1703. },
1704. {
1705. "name": ".rsrc",
1706. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1707. "virtual_address": "0x0002d000",
1708. "size_of_data": "0x00000e00",
1709. "entropy": "4.13",
1710. "raw_address": "0x00007e00",
1711. "virtual_size": "0x00000cb0",
1712. "characteristics_raw": "0x40000040"
1713. }
1714. ],
1715. "resources": [],
1716. "dirents": [
1717. {
1718. "virtual_address": "0x00000000",
1719. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1720. "size": "0x00000000"
1721. },
1722. {
1723. "virtual_address": "0x00008430",
1724. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1725. "size": "0x000000a0"
1726. },
1727. {
1728. "virtual_address": "0x0002d000",
1729. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1730. "size": "0x00000cb0"
1731. },
1732. {
1733. "virtual_address": "0x00000000",
1734. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1735. "size": "0x00000000"
1736. },
1737. {
1738. "virtual_address": "0x00000000",
1739. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1740. "size": "0x00000000"
1741. },
1742. {
1743. "virtual_address": "0x00000000",
1744. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1745. "size": "0x00000000"
1746. },
1747. {
1748. "virtual_address": "0x00000000",
1749. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1750. "size": "0x00000000"
1751. },
1752. {
1753. "virtual_address": "0x00000000",
1754. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1755. "size": "0x00000000"
1756. },
1757. {
1758. "virtual_address": "0x00000000",
1759. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1760. "size": "0x00000000"
1761. },
1762. {
1763. "virtual_address": "0x00000000",
1764. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1765. "size": "0x00000000"
1766. },
1767. {
1768. "virtual_address": "0x00000000",
1769. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1770. "size": "0x00000000"
1771. },
1772. {
1773. "virtual_address": "0x00000000",
1774. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1775. "size": "0x00000000"
1776. },
1777. {
1778. "virtual_address": "0x00008000",
1779. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1780. "size": "0x00000298"
1781. },
1782. {
1783. "virtual_address": "0x00000000",
1784. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1785. "size": "0x00000000"
1786. },
1787. {
1788. "virtual_address": "0x00000000",
1789. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1790. "size": "0x00000000"
1791. },
1792. {
1793. "virtual_address": "0x00000000",
1794. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1795. "size": "0x00000000"
1796. }
1797. ],
1798. "exports": [],
1799. "guest_signers": {},
1800. "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
1801. "icon_fuzzy": null,
1802. "icon": null,
1803. "pdbpath": null,
1804. "imported_dll_count": 7,
1805. "versioninfo": []
1806. }
1807. }