API tools faq
paste
Advertisement
paladin316

Exes_a7ccedee_exe.json

paladin316
Jun 17th, 2019
1,280
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.52 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_a7ccedee.exe"
  7. [*] File Size: 458752
  8. [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
  9. [*] SHA256: "3d6bc146d5338159005ae3d66c7fda67a6ada1dc1a66b4ab17301ef4ec1b665b"
  10. [*] MD5: "44a765fe57dea1ae7b642010c7209932"
  11. [*] SHA1: "3e97fc2183c9af4d8f71d0a546b6c2611495a46c"
  12. [*] SHA512: "6ecba354b1cd685588cf7aa44092d99e227a7e99bfd1c9b8811960a556e556b555853560271b1cc4f8744dbbd95c726b6ce183ae9fdd298efaf7bcd551d1edae"
  13. [*] CRC32: "A7CCEDEE"
  14. [*] SSDEEP: "6144:S8afWfuCiCEfwdciYYx8+W52q1BPf4/TsynXMPBc11Pw3ozkfRV4UszE7hvriHi:S6ueEMPvWTBPfMsBPCRzUMUszE7hvIi"
  15.  
  16. [*] Process Execution: [
  17. "Exes_a7ccedee.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. },
  25. {
  26. "Description": "The binary likely contains encrypted or compressed data.",
  27. "Details": [
  28. {
  29. "section": "name: .rsrc, entropy: 6.88, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0003de00, virtual_size: 0x0003dcb5"
  30. }
  31. ]
  32. },
  33. {
  34. "Description": "File has been identified by 44 Antiviruses on VirusTotal as malicious",
  35. "Details": [
  36. {
  37. "MicroWorld-eScan": "Gen:Variant.Ulise.38716"
  38. },
  39. {
  40. "ALYac": "Gen:Variant.Ser.Mikey.443"
  41. },
  42. {
  43. "Cylance": "Unsafe"
  44. },
  45. {
  46. "Alibaba": "Trojan:Win32/Kryptik.ed97f86e"
  47. },
  48. {
  49. "K7GW": "Trojan ( 0054ff161 )"
  50. },
  51. {
  52. "Arcabit": "Trojan.Ulise.D973C"
  53. },
  54. {
  55. "TrendMicro": "Trojan.Win32.FUERBOOS.USXVPFD19"
  56. },
  57. {
  58. "Cyren": "W32/Trojan.ZPHJ-2234"
  59. },
  60. {
  61. "Symantec": "ML.Attribute.HighConfidence"
  62. },
  63. {
  64. "APEX": "Malicious"
  65. },
  66. {
  67. "Avast": "Win32:PWSX-gen [Trj]"
  68. },
  69. {
  70. "Kaspersky": "Trojan.Win32.NetWire.fax"
  71. },
  72. {
  73. "BitDefender": "Gen:Variant.Ulise.38716"
  74. },
  75. {
  76. "NANO-Antivirus": "Trojan.Win32.Kryptik.frghxh"
  77. },
  78. {
  79. "Paloalto": "generic.ml"
  80. },
  81. {
  82. "AegisLab": "Trojan.Multi.Generic.4!c"
  83. },
  84. {
  85. "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
  86. },
  87. {
  88. "Ad-Aware": "Gen:Variant.Ulise.38716"
  89. },
  90. {
  91. "Emsisoft": "Gen:Variant.Ulise.38716 (B)"
  92. },
  93. {
  94. "F-Secure": "Trojan.TR/AD.NetWiredRc.joxan"
  95. },
  96. {
  97. "Invincea": "heuristic"
  98. },
  99. {
  100. "McAfee-GW-Edition": "BehavesLike.Win32.BadFile.gh"
  101. },
  102. {
  103. "Trapmine": "malicious.high.ml.score"
  104. },
  105. {
  106. "FireEye": "Generic.mg.44a765fe57dea1ae"
  107. },
  108. {
  109. "SentinelOne": "DFI - Suspicious PE"
  110. },
  111. {
  112. "ESET-NOD32": "a variant of Win32/Kryptik.GTXI"
  113. },
  114. {
  115. "Avira": "TR/AD.NetWiredRc.joxan"
  116. },
  117. {
  118. "Microsoft": "TrojanSpy:Win32/Loyeetro.B!bit"
  119. },
  120. {
  121. "Endgame": "malicious (high confidence)"
  122. },
  123. {
  124. "ViRobot": "Trojan.Win32.Z.Ulise.458752"
  125. },
  126. {
  127. "ZoneAlarm": "Trojan.Win32.NetWire.fax"
  128. },
  129. {
  130. "GData": "Gen:Variant.Ulise.38716"
  131. },
  132. {
  133. "Acronis": "suspicious"
  134. },
  135. {
  136. "McAfee": "GenericRXHT-XX!44A765FE57DE"
  137. },
  138. {
  139. "VBA32": "BScope.Trojan.Inject"
  140. },
  141. {
  142. "Malwarebytes": "Trojan.MalPack.RES"
  143. },
  144. {
  145. "TrendMicro-HouseCall": "TROJ_GEN.R002H0CFD19"
  146. },
  147. {
  148. "Ikarus": "Win32.Outbreak"
  149. },
  150. {
  151. "Fortinet": "W32/Kryptik.GTWJ!tr"
  152. },
  153. {
  154. "Webroot": "W32.Trojan.Gen"
  155. },
  156. {
  157. "AVG": "Win32:PWSX-gen [Trj]"
  158. },
  159. {
  160. "Panda": "Trj/CI.A"
  161. },
  162. {
  163. "CrowdStrike": "win/malicious_confidence_100% (W)"
  164. },
  165. {
  166. "Qihoo-360": "Win32/Trojan.0c6"
  167. }
  168. ]
  169. }
  170. ]
  171.  
  172. [*] Started Service: []
  173.  
  174. [*] Executed Commands: []
  175.  
  176. [*] Mutexes: [
  177. "DBWinMutex"
  178. ]
  179.  
  180. [*] Modified Files: []
  181.  
  182. [*] Deleted Files: []
  183.  
  184. [*] Modified Registry Keys: []
  185.  
  186. [*] Deleted Registry Keys: []
  187.  
  188. [*] DNS Communications: []
  189.  
  190. [*] Domains: []
  191.  
  192. [*] Network Communication - ICMP: []
  193.  
  194. [*] Network Communication - HTTP: []
  195.  
  196. [*] Network Communication - SMTP: []
  197.  
  198. [*] Network Communication - Hosts: []
  199.  
  200. [*] Network Communication - IRC: []
  201.  
  202. [*] Static Analysis: {
  203. "pe": {
  204. "peid_signatures": null,
  205. "imports": [
  206. {
  207. "imports": [
  208. {
  209. "name": "GetProcessHeap",
  210. "address": "0x41c078"
  211. },
  212. {
  213. "name": "FreeEnvironmentStringsW",
  214. "address": "0x41c07c"
  215. },
  216. {
  217. "name": "GetEnvironmentStringsW",
  218. "address": "0x41c080"
  219. },
  220. {
  221. "name": "GetCPInfo",
  222. "address": "0x41c084"
  223. },
  224. {
  225. "name": "GetOEMCP",
  226. "address": "0x41c088"
  227. },
  228. {
  229. "name": "IsValidCodePage",
  230. "address": "0x41c08c"
  231. },
  232. {
  233. "name": "GetConsoleCP",
  234. "address": "0x41c090"
  235. },
  236. {
  237. "name": "FindNextFileA",
  238. "address": "0x41c094"
  239. },
  240. {
  241. "name": "FindFirstFileExA",
  242. "address": "0x41c098"
  243. },
  244. {
  245. "name": "DecodePointer",
  246. "address": "0x41c09c"
  247. },
  248. {
  249. "name": "GetFileAttributesA",
  250. "address": "0x41c0a0"
  251. },
  252. {
  253. "name": "WriteConsoleW",
  254. "address": "0x41c0a4"
  255. },
  256. {
  257. "name": "HeapSize",
  258. "address": "0x41c0a8"
  259. },
  260. {
  261. "name": "HeapReAlloc",
  262. "address": "0x41c0ac"
  263. },
  264. {
  265. "name": "FlushFileBuffers",
  266. "address": "0x41c0b0"
  267. },
  268. {
  269. "name": "SetEndOfFile",
  270. "address": "0x41c0b4"
  271. },
  272. {
  273. "name": "ReadFile",
  274. "address": "0x41c0b8"
  275. },
  276. {
  277. "name": "LoadLibraryA",
  278. "address": "0x41c0bc"
  279. },
  280. {
  281. "name": "VirtualAlloc",
  282. "address": "0x41c0c0"
  283. },
  284. {
  285. "name": "VirtualFree",
  286. "address": "0x41c0c4"
  287. },
  288. {
  289. "name": "VirtualProtect",
  290. "address": "0x41c0c8"
  291. },
  292. {
  293. "name": "GetPrivateProfileStructA",
  294. "address": "0x41c0cc"
  295. },
  296. {
  297. "name": "GetEnvironmentVariableW",
  298. "address": "0x41c0d0"
  299. },
  300. {
  301. "name": "FindClose",
  302. "address": "0x41c0d4"
  303. },
  304. {
  305. "name": "GetConsoleAliasExesLengthW",
  306. "address": "0x41c0d8"
  307. },
  308. {
  309. "name": "SetComputerNameA",
  310. "address": "0x41c0dc"
  311. },
  312. {
  313. "name": "_hread",
  314. "address": "0x41c0e0"
  315. },
  316. {
  317. "name": "CopyFileExW",
  318. "address": "0x41c0e4"
  319. },
  320. {
  321. "name": "TlsFree",
  322. "address": "0x41c0e8"
  323. },
  324. {
  325. "name": "UnregisterWait",
  326. "address": "0x41c0ec"
  327. },
  328. {
  329. "name": "FillConsoleOutputCharacterW",
  330. "address": "0x41c0f0"
  331. },
  332. {
  333. "name": "SetConsoleTitleW",
  334. "address": "0x41c0f4"
  335. },
  336. {
  337. "name": "Process32First",
  338. "address": "0x41c0f8"
  339. },
  340. {
  341. "name": "RequestWakeupLatency",
  342. "address": "0x41c0fc"
  343. },
  344. {
  345. "name": "FindNextChangeNotification",
  346. "address": "0x41c100"
  347. },
  348. {
  349. "name": "SetLocaleInfoA",
  350. "address": "0x41c104"
  351. },
  352. {
  353. "name": "DisableThreadLibraryCalls",
  354. "address": "0x41c108"
  355. },
  356. {
  357. "name": "LCMapStringW",
  358. "address": "0x41c10c"
  359. },
  360. {
  361. "name": "CompareStringW",
  362. "address": "0x41c110"
  363. },
  364. {
  365. "name": "QueryPerformanceCounter",
  366. "address": "0x41c114"
  367. },
  368. {
  369. "name": "GetCurrentProcessId",
  370. "address": "0x41c118"
  371. },
  372. {
  373. "name": "GetCurrentThreadId",
  374. "address": "0x41c11c"
  375. },
  376. {
  377. "name": "GetSystemTimeAsFileTime",
  378. "address": "0x41c120"
  379. },
  380. {
  381. "name": "InitializeSListHead",
  382. "address": "0x41c124"
  383. },
  384. {
  385. "name": "IsDebuggerPresent",
  386. "address": "0x41c128"
  387. },
  388. {
  389. "name": "UnhandledExceptionFilter",
  390. "address": "0x41c12c"
  391. },
  392. {
  393. "name": "SetUnhandledExceptionFilter",
  394. "address": "0x41c130"
  395. },
  396. {
  397. "name": "GetStartupInfoW",
  398. "address": "0x41c134"
  399. },
  400. {
  401. "name": "IsProcessorFeaturePresent",
  402. "address": "0x41c138"
  403. },
  404. {
  405. "name": "GetModuleHandleW",
  406. "address": "0x41c13c"
  407. },
  408. {
  409. "name": "GetCurrentProcess",
  410. "address": "0x41c140"
  411. },
  412. {
  413. "name": "TerminateProcess",
  414. "address": "0x41c144"
  415. },
  416. {
  417. "name": "RtlUnwind",
  418. "address": "0x41c148"
  419. },
  420. {
  421. "name": "VirtualQuery",
  422. "address": "0x41c14c"
  423. },
  424. {
  425. "name": "GetLastError",
  426. "address": "0x41c150"
  427. },
  428. {
  429. "name": "SetLastError",
  430. "address": "0x41c154"
  431. },
  432. {
  433. "name": "EnterCriticalSection",
  434. "address": "0x41c158"
  435. },
  436. {
  437. "name": "LeaveCriticalSection",
  438. "address": "0x41c15c"
  439. },
  440. {
  441. "name": "DeleteCriticalSection",
  442. "address": "0x41c160"
  443. },
  444. {
  445. "name": "InitializeCriticalSectionAndSpinCount",
  446. "address": "0x41c164"
  447. },
  448. {
  449. "name": "TlsAlloc",
  450. "address": "0x41c168"
  451. },
  452. {
  453. "name": "TlsGetValue",
  454. "address": "0x41c16c"
  455. },
  456. {
  457. "name": "TlsSetValue",
  458. "address": "0x41c170"
  459. },
  460. {
  461. "name": "FreeLibrary",
  462. "address": "0x41c174"
  463. },
  464. {
  465. "name": "GetProcAddress",
  466. "address": "0x41c178"
  467. },
  468. {
  469. "name": "LoadLibraryExW",
  470. "address": "0x41c17c"
  471. },
  472. {
  473. "name": "SetEnvironmentVariableA",
  474. "address": "0x41c180"
  475. },
  476. {
  477. "name": "SetEnvironmentVariableW",
  478. "address": "0x41c184"
  479. },
  480. {
  481. "name": "SetCurrentDirectoryW",
  482. "address": "0x41c188"
  483. },
  484. {
  485. "name": "GetCurrentDirectoryW",
  486. "address": "0x41c18c"
  487. },
  488. {
  489. "name": "SetFilePointerEx",
  490. "address": "0x41c190"
  491. },
  492. {
  493. "name": "GetConsoleMode",
  494. "address": "0x41c194"
  495. },
  496. {
  497. "name": "ReadConsoleInputA",
  498. "address": "0x41c198"
  499. },
  500. {
  501. "name": "SetConsoleMode",
  502. "address": "0x41c19c"
  503. },
  504. {
  505. "name": "CloseHandle",
  506. "address": "0x41c1a0"
  507. },
  508. {
  509. "name": "WaitForSingleObject",
  510. "address": "0x41c1a4"
  511. },
  512. {
  513. "name": "GetExitCodeProcess",
  514. "address": "0x41c1a8"
  515. },
  516. {
  517. "name": "CreateProcessA",
  518. "address": "0x41c1ac"
  519. },
  520. {
  521. "name": "GetLocalTime",
  522. "address": "0x41c1b0"
  523. },
  524. {
  525. "name": "SetStdHandle",
  526. "address": "0x41c1b4"
  527. },
  528. {
  529. "name": "GetFileType",
  530. "address": "0x41c1b8"
  531. },
  532. {
  533. "name": "GetStdHandle",
  534. "address": "0x41c1bc"
  535. },
  536. {
  537. "name": "WriteFile",
  538. "address": "0x41c1c0"
  539. },
  540. {
  541. "name": "GetModuleFileNameA",
  542. "address": "0x41c1c4"
  543. },
  544. {
  545. "name": "MultiByteToWideChar",
  546. "address": "0x41c1c8"
  547. },
  548. {
  549. "name": "WideCharToMultiByte",
  550. "address": "0x41c1cc"
  551. },
  552. {
  553. "name": "ExitProcess",
  554. "address": "0x41c1d0"
  555. },
  556. {
  557. "name": "GetModuleHandleExW",
  558. "address": "0x41c1d4"
  559. },
  560. {
  561. "name": "GetCommandLineA",
  562. "address": "0x41c1d8"
  563. },
  564. {
  565. "name": "GetCommandLineW",
  566. "address": "0x41c1dc"
  567. },
  568. {
  569. "name": "GetACP",
  570. "address": "0x41c1e0"
  571. },
  572. {
  573. "name": "HeapFree",
  574. "address": "0x41c1e4"
  575. },
  576. {
  577. "name": "HeapAlloc",
  578. "address": "0x41c1e8"
  579. },
  580. {
  581. "name": "GetStringTypeW",
  582. "address": "0x41c1ec"
  583. },
  584. {
  585. "name": "RaiseException",
  586. "address": "0x41c1f0"
  587. },
  588. {
  589. "name": "CreateFileW",
  590. "address": "0x41c1f4"
  591. },
  592. {
  593. "name": "GetFileAttributesExW",
  594. "address": "0x41c1f8"
  595. },
  596. {
  597. "name": "ReadConsoleW",
  598. "address": "0x41c1fc"
  599. }
  600. ],
  601. "dll": "KERNEL32.dll"
  602. },
  603. {
  604. "imports": [
  605. {
  606. "name": "GetUpdateRect",
  607. "address": "0x41c204"
  608. },
  609. {
  610. "name": "GetSystemMenu",
  611. "address": "0x41c208"
  612. },
  613. {
  614. "name": "SetMenuItemBitmaps",
  615. "address": "0x41c20c"
  616. },
  617. {
  618. "name": "MoveWindow",
  619. "address": "0x41c210"
  620. },
  621. {
  622. "name": "CallNextHookEx",
  623. "address": "0x41c214"
  624. },
  625. {
  626. "name": "SetProcessWindowStation",
  627. "address": "0x41c218"
  628. },
  629. {
  630. "name": "PostThreadMessageW",
  631. "address": "0x41c21c"
  632. },
  633. {
  634. "name": "GetTabbedTextExtentW",
  635. "address": "0x41c220"
  636. },
  637. {
  638. "name": "DeleteMenu",
  639. "address": "0x41c224"
  640. },
  641. {
  642. "name": "RealGetWindowClass",
  643. "address": "0x41c228"
  644. },
  645. {
  646. "name": "BroadcastSystemMessageW",
  647. "address": "0x41c22c"
  648. },
  649. {
  650. "name": "GetClassInfoExW",
  651. "address": "0x41c230"
  652. },
  653. {
  654. "name": "WINNLSEnableIME",
  655. "address": "0x41c234"
  656. },
  657. {
  658. "name": "SetWindowsHookA",
  659. "address": "0x41c238"
  660. },
  661. {
  662. "name": "WaitForInputIdle",
  663. "address": "0x41c23c"
  664. },
  665. {
  666. "name": "DdeDisconnect",
  667. "address": "0x41c240"
  668. },
  669. {
  670. "name": "FlashWindowEx",
  671. "address": "0x41c244"
  672. },
  673. {
  674. "name": "InSendMessage",
  675. "address": "0x41c248"
  676. },
  677. {
  678. "name": "GetNextDlgTabItem",
  679. "address": "0x41c24c"
  680. }
  681. ],
  682. "dll": "USER32.dll"
  683. },
  684. {
  685. "imports": [
  686. {
  687. "name": "CreateFontIndirectExA",
  688. "address": "0x41c038"
  689. },
  690. {
  691. "name": "GetColorSpace",
  692. "address": "0x41c03c"
  693. },
  694. {
  695. "name": "UpdateColors",
  696. "address": "0x41c040"
  697. },
  698. {
  699. "name": "CreatePalette",
  700. "address": "0x41c044"
  701. },
  702. {
  703. "name": "EqualRgn",
  704. "address": "0x41c048"
  705. },
  706. {
  707. "name": "GetRgnBox",
  708. "address": "0x41c04c"
  709. },
  710. {
  711. "name": "SetPixel",
  712. "address": "0x41c050"
  713. },
  714. {
  715. "name": "RemoveFontResourceExW",
  716. "address": "0x41c054"
  717. },
  718. {
  719. "name": "GetTextFaceW",
  720. "address": "0x41c058"
  721. },
  722. {
  723. "name": "GetGraphicsMode",
  724. "address": "0x41c05c"
  725. },
  726. {
  727. "name": "SelectObject",
  728. "address": "0x41c060"
  729. },
  730. {
  731. "name": "GetGlyphOutlineA",
  732. "address": "0x41c064"
  733. },
  734. {
  735. "name": "SetWindowExtEx",
  736. "address": "0x41c068"
  737. },
  738. {
  739. "name": "GdiGetPageHandle",
  740. "address": "0x41c06c"
  741. },
  742. {
  743. "name": "GetFontLanguageInfo",
  744. "address": "0x41c070"
  745. }
  746. ],
  747. "dll": "GDI32.dll"
  748. },
  749. {
  750. "imports": [
  751. {
  752. "name": "SetPrinterW",
  753. "address": "0x41c254"
  754. },
  755. {
  756. "name": "GetPrinterDataExW",
  757. "address": "0x41c258"
  758. },
  759. {
  760. "name": "EnumPortsW",
  761. "address": "0x41c25c"
  762. }
  763. ],
  764. "dll": "WINSPOOL.DRV"
  765. },
  766. {
  767. "imports": [
  768. {
  769. "name": "GetOpenFileNameA",
  770. "address": "0x41c030"
  771. }
  772. ],
  773. "dll": "COMDLG32.dll"
  774. },
  775. {
  776. "imports": [
  777. {
  778. "name": "LsaOpenTrustedDomain",
  779. "address": "0x41c000"
  780. },
  781. {
  782. "name": "AreAnyAccessesGranted",
  783. "address": "0x41c004"
  784. },
  785. {
  786. "name": "LsaLookupPrivilegeName",
  787. "address": "0x41c008"
  788. },
  789. {
  790. "name": "QueryServiceConfigA",
  791. "address": "0x41c00c"
  792. },
  793. {
  794. "name": "LookupAccountNameW",
  795. "address": "0x41c010"
  796. },
  797. {
  798. "name": "SystemFunction031",
  799. "address": "0x41c014"
  800. },
  801. {
  802. "name": "AllocateAndInitializeSid",
  803. "address": "0x41c018"
  804. },
  805. {
  806. "name": "RegSaveKeyA",
  807. "address": "0x41c01c"
  808. },
  809. {
  810. "name": "BuildExplicitAccessWithNameW",
  811. "address": "0x41c020"
  812. },
  813. {
  814. "name": "CryptEnumProvidersA",
  815. "address": "0x41c024"
  816. },
  817. {
  818. "name": "AddUsersToEncryptedFile",
  819. "address": "0x41c028"
  820. }
  821. ],
  822. "dll": "ADVAPI32.dll"
  823. },
  824. {
  825. "imports": [
  826. {
  827. "name": "CLSIDFromString",
  828. "address": "0x41c264"
  829. },
  830. {
  831. "name": "HWND_UserUnmarshal",
  832. "address": "0x41c268"
  833. },
  834. {
  835. "name": "OleCreateFromData",
  836. "address": "0x41c26c"
  837. },
  838. {
  839. "name": "CoAddRefServerProcess",
  840. "address": "0x41c270"
  841. },
  842. {
  843. "name": "ReadClassStg",
  844. "address": "0x41c274"
  845. },
  846. {
  847. "name": "WriteClassStg",
  848. "address": "0x41c278"
  849. }
  850. ],
  851. "dll": "ole32.dll"
  852. }
  853. ],
  854. "digital_signers": null,
  855. "exported_dll_name": null,
  856. "actual_checksum": "0x0007566a",
  857. "overlay": null,
  858. "imagebase": "0x00400000",
  859. "reported_checksum": "0x00000000",
  860. "icon_hash": null,
  861. "entrypoint": "0x00403bf9",
  862. "timestamp": "2019-06-11 13:23:14",
  863. "osversion": "5.1",
  864. "sections": [
  865. {
  866. "name": ".text",
  867. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  868. "virtual_address": "0x00001000",
  869. "size_of_data": "0x0001b000",
  870. "entropy": "6.69",
  871. "raw_address": "0x00000400",
  872. "virtual_size": "0x0001af27",
  873. "characteristics_raw": "0x60000020"
  874. },
  875. {
  876. "name": ".rdata",
  877. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  878. "virtual_address": "0x0001c000",
  879. "size_of_data": "0x00008c00",
  880. "entropy": "5.16",
  881. "raw_address": "0x0001b400",
  882. "virtual_size": "0x00008b96",
  883. "characteristics_raw": "0x40000040"
  884. },
  885. {
  886. "name": ".data",
  887. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  888. "virtual_address": "0x00025000",
  889. "size_of_data": "0x0000b800",
  890. "entropy": "6.27",
  891. "raw_address": "0x00024000",
  892. "virtual_size": "0x0000c280",
  893. "characteristics_raw": "0xc0000040"
  894. },
  895. {
  896. "name": ".gfids",
  897. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  898. "virtual_address": "0x00032000",
  899. "size_of_data": "0x00000600",
  900. "entropy": "2.89",
  901. "raw_address": "0x0002f800",
  902. "virtual_size": "0x000004b0",
  903. "characteristics_raw": "0x40000040"
  904. },
  905. {
  906. "name": ".rsrc",
  907. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  908. "virtual_address": "0x00033000",
  909. "size_of_data": "0x0003de00",
  910. "entropy": "6.88",
  911. "raw_address": "0x0002fe00",
  912. "virtual_size": "0x0003dcb5",
  913. "characteristics_raw": "0x40000040"
  914. },
  915. {
  916. "name": ".reloc",
  917. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  918. "virtual_address": "0x00071000",
  919. "size_of_data": "0x00002400",
  920. "entropy": "6.62",
  921. "raw_address": "0x0006dc00",
  922. "virtual_size": "0x00002300",
  923. "characteristics_raw": "0x42000040"
  924. }
  925. ],
  926. "resources": [],
  927. "dirents": [
  928. {
  929. "virtual_address": "0x00000000",
  930. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  931. "size": "0x00000000"
  932. },
  933. {
  934. "virtual_address": "0x00023c9c",
  935. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  936. "size": "0x000000a0"
  937. },
  938. {
  939. "virtual_address": "0x00033000",
  940. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  941. "size": "0x0003dcb5"
  942. },
  943. {
  944. "virtual_address": "0x00000000",
  945. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  946. "size": "0x00000000"
  947. },
  948. {
  949. "virtual_address": "0x00000000",
  950. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  951. "size": "0x00000000"
  952. },
  953. {
  954. "virtual_address": "0x00071000",
  955. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  956. "size": "0x00002300"
  957. },
  958. {
  959. "virtual_address": "0x00023410",
  960. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  961. "size": "0x0000001c"
  962. },
  963. {
  964. "virtual_address": "0x00000000",
  965. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  966. "size": "0x00000000"
  967. },
  968. {
  969. "virtual_address": "0x00000000",
  970. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  971. "size": "0x00000000"
  972. },
  973. {
  974. "virtual_address": "0x00000000",
  975. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  976. "size": "0x00000000"
  977. },
  978. {
  979. "virtual_address": "0x00023430",
  980. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  981. "size": "0x00000040"
  982. },
  983. {
  984. "virtual_address": "0x00000000",
  985. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  986. "size": "0x00000000"
  987. },
  988. {
  989. "virtual_address": "0x0001c000",
  990. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  991. "size": "0x00000280"
  992. },
  993. {
  994. "virtual_address": "0x00000000",
  995. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  996. "size": "0x00000000"
  997. },
  998. {
  999. "virtual_address": "0x00000000",
  1000. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1001. "size": "0x00000000"
  1002. },
  1003. {
  1004. "virtual_address": "0x00000000",
  1005. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1006. "size": "0x00000000"
  1007. }
  1008. ],
  1009. "exports": [],
  1010. "guest_signers": {},
  1011. "imphash": "f9828a7115467336fc1f5ae8124ddad0",
  1012. "icon_fuzzy": null,
  1013. "icon": null,
  1014. "pdbpath": null,
  1015. "imported_dll_count": 7,
  1016. "versioninfo": []
  1017. }
  1018. }
  1019.  
  1020. [*] Resolved APIs: [
  1021. "kernel32.dll.FlsAlloc",
  1022. "kernel32.dll.FlsSetValue",
  1023. "kernel32.dll.FlsGetValue",
  1024. "kernel32.dll.LCMapStringEx"
  1025. ]
  1026.  
  1027. [*] Static Analysis: {
  1028. "pe": {
  1029. "peid_signatures": null,
  1030. "imports": [
  1031. {
  1032. "imports": [
  1033. {
  1034. "name": "GetProcessHeap",
  1035. "address": "0x41c078"
  1036. },
  1037. {
  1038. "name": "FreeEnvironmentStringsW",
  1039. "address": "0x41c07c"
  1040. },
  1041. {
  1042. "name": "GetEnvironmentStringsW",
  1043. "address": "0x41c080"
  1044. },
  1045. {
  1046. "name": "GetCPInfo",
  1047. "address": "0x41c084"
  1048. },
  1049. {
  1050. "name": "GetOEMCP",
  1051. "address": "0x41c088"
  1052. },
  1053. {
  1054. "name": "IsValidCodePage",
  1055. "address": "0x41c08c"
  1056. },
  1057. {
  1058. "name": "GetConsoleCP",
  1059. "address": "0x41c090"
  1060. },
  1061. {
  1062. "name": "FindNextFileA",
  1063. "address": "0x41c094"
  1064. },
  1065. {
  1066. "name": "FindFirstFileExA",
  1067. "address": "0x41c098"
  1068. },
  1069. {
  1070. "name": "DecodePointer",
  1071. "address": "0x41c09c"
  1072. },
  1073. {
  1074. "name": "GetFileAttributesA",
  1075. "address": "0x41c0a0"
  1076. },
  1077. {
  1078. "name": "WriteConsoleW",
  1079. "address": "0x41c0a4"
  1080. },
  1081. {
  1082. "name": "HeapSize",
  1083. "address": "0x41c0a8"
  1084. },
  1085. {
  1086. "name": "HeapReAlloc",
  1087. "address": "0x41c0ac"
  1088. },
  1089. {
  1090. "name": "FlushFileBuffers",
  1091. "address": "0x41c0b0"
  1092. },
  1093. {
  1094. "name": "SetEndOfFile",
  1095. "address": "0x41c0b4"
  1096. },
  1097. {
  1098. "name": "ReadFile",
  1099. "address": "0x41c0b8"
  1100. },
  1101. {
  1102. "name": "LoadLibraryA",
  1103. "address": "0x41c0bc"
  1104. },
  1105. {
  1106. "name": "VirtualAlloc",
  1107. "address": "0x41c0c0"
  1108. },
  1109. {
  1110. "name": "VirtualFree",
  1111. "address": "0x41c0c4"
  1112. },
  1113. {
  1114. "name": "VirtualProtect",
  1115. "address": "0x41c0c8"
  1116. },
  1117. {
  1118. "name": "GetPrivateProfileStructA",
  1119. "address": "0x41c0cc"
  1120. },
  1121. {
  1122. "name": "GetEnvironmentVariableW",
  1123. "address": "0x41c0d0"
  1124. },
  1125. {
  1126. "name": "FindClose",
  1127. "address": "0x41c0d4"
  1128. },
  1129. {
  1130. "name": "GetConsoleAliasExesLengthW",
  1131. "address": "0x41c0d8"
  1132. },
  1133. {
  1134. "name": "SetComputerNameA",
  1135. "address": "0x41c0dc"
  1136. },
  1137. {
  1138. "name": "_hread",
  1139. "address": "0x41c0e0"
  1140. },
  1141. {
  1142. "name": "CopyFileExW",
  1143. "address": "0x41c0e4"
  1144. },
  1145. {
  1146. "name": "TlsFree",
  1147. "address": "0x41c0e8"
  1148. },
  1149. {
  1150. "name": "UnregisterWait",
  1151. "address": "0x41c0ec"
  1152. },
  1153. {
  1154. "name": "FillConsoleOutputCharacterW",
  1155. "address": "0x41c0f0"
  1156. },
  1157. {
  1158. "name": "SetConsoleTitleW",
  1159. "address": "0x41c0f4"
  1160. },
  1161. {
  1162. "name": "Process32First",
  1163. "address": "0x41c0f8"
  1164. },
  1165. {
  1166. "name": "RequestWakeupLatency",
  1167. "address": "0x41c0fc"
  1168. },
  1169. {
  1170. "name": "FindNextChangeNotification",
  1171. "address": "0x41c100"
  1172. },
  1173. {
  1174. "name": "SetLocaleInfoA",
  1175. "address": "0x41c104"
  1176. },
  1177. {
  1178. "name": "DisableThreadLibraryCalls",
  1179. "address": "0x41c108"
  1180. },
  1181. {
  1182. "name": "LCMapStringW",
  1183. "address": "0x41c10c"
  1184. },
  1185. {
  1186. "name": "CompareStringW",
  1187. "address": "0x41c110"
  1188. },
  1189. {
  1190. "name": "QueryPerformanceCounter",
  1191. "address": "0x41c114"
  1192. },
  1193. {
  1194. "name": "GetCurrentProcessId",
  1195. "address": "0x41c118"
  1196. },
  1197. {
  1198. "name": "GetCurrentThreadId",
  1199. "address": "0x41c11c"
  1200. },
  1201. {
  1202. "name": "GetSystemTimeAsFileTime",
  1203. "address": "0x41c120"
  1204. },
  1205. {
  1206. "name": "InitializeSListHead",
  1207. "address": "0x41c124"
  1208. },
  1209. {
  1210. "name": "IsDebuggerPresent",
  1211. "address": "0x41c128"
  1212. },
  1213. {
  1214. "name": "UnhandledExceptionFilter",
  1215. "address": "0x41c12c"
  1216. },
  1217. {
  1218. "name": "SetUnhandledExceptionFilter",
  1219. "address": "0x41c130"
  1220. },
  1221. {
  1222. "name": "GetStartupInfoW",
  1223. "address": "0x41c134"
  1224. },
  1225. {
  1226. "name": "IsProcessorFeaturePresent",
  1227. "address": "0x41c138"
  1228. },
  1229. {
  1230. "name": "GetModuleHandleW",
  1231. "address": "0x41c13c"
  1232. },
  1233. {
  1234. "name": "GetCurrentProcess",
  1235. "address": "0x41c140"
  1236. },
  1237. {
  1238. "name": "TerminateProcess",
  1239. "address": "0x41c144"
  1240. },
  1241. {
  1242. "name": "RtlUnwind",
  1243. "address": "0x41c148"
  1244. },
  1245. {
  1246. "name": "VirtualQuery",
  1247. "address": "0x41c14c"
  1248. },
  1249. {
  1250. "name": "GetLastError",
  1251. "address": "0x41c150"
  1252. },
  1253. {
  1254. "name": "SetLastError",
  1255. "address": "0x41c154"
  1256. },
  1257. {
  1258. "name": "EnterCriticalSection",
  1259. "address": "0x41c158"
  1260. },
  1261. {
  1262. "name": "LeaveCriticalSection",
  1263. "address": "0x41c15c"
  1264. },
  1265. {
  1266. "name": "DeleteCriticalSection",
  1267. "address": "0x41c160"
  1268. },
  1269. {
  1270. "name": "InitializeCriticalSectionAndSpinCount",
  1271. "address": "0x41c164"
  1272. },
  1273. {
  1274. "name": "TlsAlloc",
  1275. "address": "0x41c168"
  1276. },
  1277. {
  1278. "name": "TlsGetValue",
  1279. "address": "0x41c16c"
  1280. },
  1281. {
  1282. "name": "TlsSetValue",
  1283. "address": "0x41c170"
  1284. },
  1285. {
  1286. "name": "FreeLibrary",
  1287. "address": "0x41c174"
  1288. },
  1289. {
  1290. "name": "GetProcAddress",
  1291. "address": "0x41c178"
  1292. },
  1293. {
  1294. "name": "LoadLibraryExW",
  1295. "address": "0x41c17c"
  1296. },
  1297. {
  1298. "name": "SetEnvironmentVariableA",
  1299. "address": "0x41c180"
  1300. },
  1301. {
  1302. "name": "SetEnvironmentVariableW",
  1303. "address": "0x41c184"
  1304. },
  1305. {
  1306. "name": "SetCurrentDirectoryW",
  1307. "address": "0x41c188"
  1308. },
  1309. {
  1310. "name": "GetCurrentDirectoryW",
  1311. "address": "0x41c18c"
  1312. },
  1313. {
  1314. "name": "SetFilePointerEx",
  1315. "address": "0x41c190"
  1316. },
  1317. {
  1318. "name": "GetConsoleMode",
  1319. "address": "0x41c194"
  1320. },
  1321. {
  1322. "name": "ReadConsoleInputA",
  1323. "address": "0x41c198"
  1324. },
  1325. {
  1326. "name": "SetConsoleMode",
  1327. "address": "0x41c19c"
  1328. },
  1329. {
  1330. "name": "CloseHandle",
  1331. "address": "0x41c1a0"
  1332. },
  1333. {
  1334. "name": "WaitForSingleObject",
  1335. "address": "0x41c1a4"
  1336. },
  1337. {
  1338. "name": "GetExitCodeProcess",
  1339. "address": "0x41c1a8"
  1340. },
  1341. {
  1342. "name": "CreateProcessA",
  1343. "address": "0x41c1ac"
  1344. },
  1345. {
  1346. "name": "GetLocalTime",
  1347. "address": "0x41c1b0"
  1348. },
  1349. {
  1350. "name": "SetStdHandle",
  1351. "address": "0x41c1b4"
  1352. },
  1353. {
  1354. "name": "GetFileType",
  1355. "address": "0x41c1b8"
  1356. },
  1357. {
  1358. "name": "GetStdHandle",
  1359. "address": "0x41c1bc"
  1360. },
  1361. {
  1362. "name": "WriteFile",
  1363. "address": "0x41c1c0"
  1364. },
  1365. {
  1366. "name": "GetModuleFileNameA",
  1367. "address": "0x41c1c4"
  1368. },
  1369. {
  1370. "name": "MultiByteToWideChar",
  1371. "address": "0x41c1c8"
  1372. },
  1373. {
  1374. "name": "WideCharToMultiByte",
  1375. "address": "0x41c1cc"
  1376. },
  1377. {
  1378. "name": "ExitProcess",
  1379. "address": "0x41c1d0"
  1380. },
  1381. {
  1382. "name": "GetModuleHandleExW",
  1383. "address": "0x41c1d4"
  1384. },
  1385. {
  1386. "name": "GetCommandLineA",
  1387. "address": "0x41c1d8"
  1388. },
  1389. {
  1390. "name": "GetCommandLineW",
  1391. "address": "0x41c1dc"
  1392. },
  1393. {
  1394. "name": "GetACP",
  1395. "address": "0x41c1e0"
  1396. },
  1397. {
  1398. "name": "HeapFree",
  1399. "address": "0x41c1e4"
  1400. },
  1401. {
  1402. "name": "HeapAlloc",
  1403. "address": "0x41c1e8"
  1404. },
  1405. {
  1406. "name": "GetStringTypeW",
  1407. "address": "0x41c1ec"
  1408. },
  1409. {
  1410. "name": "RaiseException",
  1411. "address": "0x41c1f0"
  1412. },
  1413. {
  1414. "name": "CreateFileW",
  1415. "address": "0x41c1f4"
  1416. },
  1417. {
  1418. "name": "GetFileAttributesExW",
  1419. "address": "0x41c1f8"
  1420. },
  1421. {
  1422. "name": "ReadConsoleW",
  1423. "address": "0x41c1fc"
  1424. }
  1425. ],
  1426. "dll": "KERNEL32.dll"
  1427. },
  1428. {
  1429. "imports": [
  1430. {
  1431. "name": "GetUpdateRect",
  1432. "address": "0x41c204"
  1433. },
  1434. {
  1435. "name": "GetSystemMenu",
  1436. "address": "0x41c208"
  1437. },
  1438. {
  1439. "name": "SetMenuItemBitmaps",
  1440. "address": "0x41c20c"
  1441. },
  1442. {
  1443. "name": "MoveWindow",
  1444. "address": "0x41c210"
  1445. },
  1446. {
  1447. "name": "CallNextHookEx",
  1448. "address": "0x41c214"
  1449. },
  1450. {
  1451. "name": "SetProcessWindowStation",
  1452. "address": "0x41c218"
  1453. },
  1454. {
  1455. "name": "PostThreadMessageW",
  1456. "address": "0x41c21c"
  1457. },
  1458. {
  1459. "name": "GetTabbedTextExtentW",
  1460. "address": "0x41c220"
  1461. },
  1462. {
  1463. "name": "DeleteMenu",
  1464. "address": "0x41c224"
  1465. },
  1466. {
  1467. "name": "RealGetWindowClass",
  1468. "address": "0x41c228"
  1469. },
  1470. {
  1471. "name": "BroadcastSystemMessageW",
  1472. "address": "0x41c22c"
  1473. },
  1474. {
  1475. "name": "GetClassInfoExW",
  1476. "address": "0x41c230"
  1477. },
  1478. {
  1479. "name": "WINNLSEnableIME",
  1480. "address": "0x41c234"
  1481. },
  1482. {
  1483. "name": "SetWindowsHookA",
  1484. "address": "0x41c238"
  1485. },
  1486. {
  1487. "name": "WaitForInputIdle",
  1488. "address": "0x41c23c"
  1489. },
  1490. {
  1491. "name": "DdeDisconnect",
  1492. "address": "0x41c240"
  1493. },
  1494. {
  1495. "name": "FlashWindowEx",
  1496. "address": "0x41c244"
  1497. },
  1498. {
  1499. "name": "InSendMessage",
  1500. "address": "0x41c248"
  1501. },
  1502. {
  1503. "name": "GetNextDlgTabItem",
  1504. "address": "0x41c24c"
  1505. }
  1506. ],
  1507. "dll": "USER32.dll"
  1508. },
  1509. {
  1510. "imports": [
  1511. {
  1512. "name": "CreateFontIndirectExA",
  1513. "address": "0x41c038"
  1514. },
  1515. {
  1516. "name": "GetColorSpace",
  1517. "address": "0x41c03c"
  1518. },
  1519. {
  1520. "name": "UpdateColors",
  1521. "address": "0x41c040"
  1522. },
  1523. {
  1524. "name": "CreatePalette",
  1525. "address": "0x41c044"
  1526. },
  1527. {
  1528. "name": "EqualRgn",
  1529. "address": "0x41c048"
  1530. },
  1531. {
  1532. "name": "GetRgnBox",
  1533. "address": "0x41c04c"
  1534. },
  1535. {
  1536. "name": "SetPixel",
  1537. "address": "0x41c050"
  1538. },
  1539. {
  1540. "name": "RemoveFontResourceExW",
  1541. "address": "0x41c054"
  1542. },
  1543. {
  1544. "name": "GetTextFaceW",
  1545. "address": "0x41c058"
  1546. },
  1547. {
  1548. "name": "GetGraphicsMode",
  1549. "address": "0x41c05c"
  1550. },
  1551. {
  1552. "name": "SelectObject",
  1553. "address": "0x41c060"
  1554. },
  1555. {
  1556. "name": "GetGlyphOutlineA",
  1557. "address": "0x41c064"
  1558. },
  1559. {
  1560. "name": "SetWindowExtEx",
  1561. "address": "0x41c068"
  1562. },
  1563. {
  1564. "name": "GdiGetPageHandle",
  1565. "address": "0x41c06c"
  1566. },
  1567. {
  1568. "name": "GetFontLanguageInfo",
  1569. "address": "0x41c070"
  1570. }
  1571. ],
  1572. "dll": "GDI32.dll"
  1573. },
  1574. {
  1575. "imports": [
  1576. {
  1577. "name": "SetPrinterW",
  1578. "address": "0x41c254"
  1579. },
  1580. {
  1581. "name": "GetPrinterDataExW",
  1582. "address": "0x41c258"
  1583. },
  1584. {
  1585. "name": "EnumPortsW",
  1586. "address": "0x41c25c"
  1587. }
  1588. ],
  1589. "dll": "WINSPOOL.DRV"
  1590. },
  1591. {
  1592. "imports": [
  1593. {
  1594. "name": "GetOpenFileNameA",
  1595. "address": "0x41c030"
  1596. }
  1597. ],
  1598. "dll": "COMDLG32.dll"
  1599. },
  1600. {
  1601. "imports": [
  1602. {
  1603. "name": "LsaOpenTrustedDomain",
  1604. "address": "0x41c000"
  1605. },
  1606. {
  1607. "name": "AreAnyAccessesGranted",
  1608. "address": "0x41c004"
  1609. },
  1610. {
  1611. "name": "LsaLookupPrivilegeName",
  1612. "address": "0x41c008"
  1613. },
  1614. {
  1615. "name": "QueryServiceConfigA",
  1616. "address": "0x41c00c"
  1617. },
  1618. {
  1619. "name": "LookupAccountNameW",
  1620. "address": "0x41c010"
  1621. },
  1622. {
  1623. "name": "SystemFunction031",
  1624. "address": "0x41c014"
  1625. },
  1626. {
  1627. "name": "AllocateAndInitializeSid",
  1628. "address": "0x41c018"
  1629. },
  1630. {
  1631. "name": "RegSaveKeyA",
  1632. "address": "0x41c01c"
  1633. },
  1634. {
  1635. "name": "BuildExplicitAccessWithNameW",
  1636. "address": "0x41c020"
  1637. },
  1638. {
  1639. "name": "CryptEnumProvidersA",
  1640. "address": "0x41c024"
  1641. },
  1642. {
  1643. "name": "AddUsersToEncryptedFile",
  1644. "address": "0x41c028"
  1645. }
  1646. ],
  1647. "dll": "ADVAPI32.dll"
  1648. },
  1649. {
  1650. "imports": [
  1651. {
  1652. "name": "CLSIDFromString",
  1653. "address": "0x41c264"
  1654. },
  1655. {
  1656. "name": "HWND_UserUnmarshal",
  1657. "address": "0x41c268"
  1658. },
  1659. {
  1660. "name": "OleCreateFromData",
  1661. "address": "0x41c26c"
  1662. },
  1663. {
  1664. "name": "CoAddRefServerProcess",
  1665. "address": "0x41c270"
  1666. },
  1667. {
  1668. "name": "ReadClassStg",
  1669. "address": "0x41c274"
  1670. },
  1671. {
  1672. "name": "WriteClassStg",
  1673. "address": "0x41c278"
  1674. }
  1675. ],
  1676. "dll": "ole32.dll"
  1677. }
  1678. ],
  1679. "digital_signers": null,
  1680. "exported_dll_name": null,
  1681. "actual_checksum": "0x0007566a",
  1682. "overlay": null,
  1683. "imagebase": "0x00400000",
  1684. "reported_checksum": "0x00000000",
  1685. "icon_hash": null,
  1686. "entrypoint": "0x00403bf9",
  1687. "timestamp": "2019-06-11 13:23:14",
  1688. "osversion": "5.1",
  1689. "sections": [
  1690. {
  1691. "name": ".text",
  1692. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1693. "virtual_address": "0x00001000",
  1694. "size_of_data": "0x0001b000",
  1695. "entropy": "6.69",
  1696. "raw_address": "0x00000400",
  1697. "virtual_size": "0x0001af27",
  1698. "characteristics_raw": "0x60000020"
  1699. },
  1700. {
  1701. "name": ".rdata",
  1702. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1703. "virtual_address": "0x0001c000",
  1704. "size_of_data": "0x00008c00",
  1705. "entropy": "5.16",
  1706. "raw_address": "0x0001b400",
  1707. "virtual_size": "0x00008b96",
  1708. "characteristics_raw": "0x40000040"
  1709. },
  1710. {
  1711. "name": ".data",
  1712. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1713. "virtual_address": "0x00025000",
  1714. "size_of_data": "0x0000b800",
  1715. "entropy": "6.27",
  1716. "raw_address": "0x00024000",
  1717. "virtual_size": "0x0000c280",
  1718. "characteristics_raw": "0xc0000040"
  1719. },
  1720. {
  1721. "name": ".gfids",
  1722. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1723. "virtual_address": "0x00032000",
  1724. "size_of_data": "0x00000600",
  1725. "entropy": "2.89",
  1726. "raw_address": "0x0002f800",
  1727. "virtual_size": "0x000004b0",
  1728. "characteristics_raw": "0x40000040"
  1729. },
  1730. {
  1731. "name": ".rsrc",
  1732. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1733. "virtual_address": "0x00033000",
  1734. "size_of_data": "0x0003de00",
  1735. "entropy": "6.88",
  1736. "raw_address": "0x0002fe00",
  1737. "virtual_size": "0x0003dcb5",
  1738. "characteristics_raw": "0x40000040"
  1739. },
  1740. {
  1741. "name": ".reloc",
  1742. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1743. "virtual_address": "0x00071000",
  1744. "size_of_data": "0x00002400",
  1745. "entropy": "6.62",
  1746. "raw_address": "0x0006dc00",
  1747. "virtual_size": "0x00002300",
  1748. "characteristics_raw": "0x42000040"
  1749. }
  1750. ],
  1751. "resources": [],
  1752. "dirents": [
  1753. {
  1754. "virtual_address": "0x00000000",
  1755. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1756. "size": "0x00000000"
  1757. },
  1758. {
  1759. "virtual_address": "0x00023c9c",
  1760. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1761. "size": "0x000000a0"
  1762. },
  1763. {
  1764. "virtual_address": "0x00033000",
  1765. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1766. "size": "0x0003dcb5"
  1767. },
  1768. {
  1769. "virtual_address": "0x00000000",
  1770. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1771. "size": "0x00000000"
  1772. },
  1773. {
  1774. "virtual_address": "0x00000000",
  1775. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1776. "size": "0x00000000"
  1777. },
  1778. {
  1779. "virtual_address": "0x00071000",
  1780. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1781. "size": "0x00002300"
  1782. },
  1783. {
  1784. "virtual_address": "0x00023410",
  1785. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1786. "size": "0x0000001c"
  1787. },
  1788. {
  1789. "virtual_address": "0x00000000",
  1790. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1791. "size": "0x00000000"
  1792. },
  1793. {
  1794. "virtual_address": "0x00000000",
  1795. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1796. "size": "0x00000000"
  1797. },
  1798. {
  1799. "virtual_address": "0x00000000",
  1800. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1801. "size": "0x00000000"
  1802. },
  1803. {
  1804. "virtual_address": "0x00023430",
  1805. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1806. "size": "0x00000040"
  1807. },
  1808. {
  1809. "virtual_address": "0x00000000",
  1810. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1811. "size": "0x00000000"
  1812. },
  1813. {
  1814. "virtual_address": "0x0001c000",
  1815. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1816. "size": "0x00000280"
  1817. },
  1818. {
  1819. "virtual_address": "0x00000000",
  1820. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1821. "size": "0x00000000"
  1822. },
  1823. {
  1824. "virtual_address": "0x00000000",
  1825. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1826. "size": "0x00000000"
  1827. },
  1828. {
  1829. "virtual_address": "0x00000000",
  1830. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1831. "size": "0x00000000"
  1832. }
  1833. ],
  1834. "exports": [],
  1835. "guest_signers": {},
  1836. "imphash": "f9828a7115467336fc1f5ae8124ddad0",
  1837. "icon_fuzzy": null,
  1838. "icon": null,
  1839. "pdbpath": null,
  1840. "imported_dll_count": 7,
  1841. "versioninfo": []
  1842. }
  1843. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!