API tools faq
paste
Advertisement
paladin316

Exes_3deaf3fbac14a4f44fd9df75c4fe0051_exe_2019-06-24_14_30.json

paladin316
Jun 24th, 2019
1,325
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.57 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Fuery"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_3deaf3fbac14a4f44fd9df75c4fe0051.exe"
  7. [*] File Size: 103936
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "f8399e2a4097db23a10dcef7935f4c81160b440063c994b8b8b0b2a4ec1c07a7"
  10. [*] MD5: "3deaf3fbac14a4f44fd9df75c4fe0051"
  11. [*] SHA1: "96b9e8a65e24d84903b57015d1f845603a519ce4"
  12. [*] SHA512: "7cbaea05b1f1016005e01241351e97e39a053ef1164bbe935446f912cf72496bbb58708c8a1f4123c022ae2c82b1d7dbae49135ff138d588cea891332ee7dd3e"
  13. [*] CRC32: "125082BF"
  14. [*] SSDEEP: "3072:pHjawvSu4VtScvzmXAuZzXJHhnFn4ZePd:pHjaGAJohnFnTd"
  15.  
  16. [*] Process Execution: [
  17. "Exes_3deaf3fbac14a4f44fd9df75c4fe0051.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
  23. "Details": [
  24. {
  25. "IP": "151.139.128.14:80"
  26. }
  27. ]
  28. },
  29. {
  30. "Description": "Performs some HTTP requests",
  31. "Details": [
  32. {
  33. "url": "http://iplogger.org/14r757"
  34. },
  35. {
  36. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  37. },
  38. {
  39. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D"
  40. },
  41. {
  42. "url": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg"
  43. }
  44. ]
  45. },
  46. {
  47. "Description": "File has been identified by 20 Antiviruses on VirusTotal as malicious",
  48. "Details": [
  49. {
  50. "MicroWorld-eScan": "Trojan.GenericKD.32076907"
  51. },
  52. {
  53. "FireEye": "Trojan.GenericKD.32076907"
  54. },
  55. {
  56. "ALYac": "Trojan.GenericKD.32076907"
  57. },
  58. {
  59. "Arcabit": "Trojan.Generic.D1E9746B"
  60. },
  61. {
  62. "Symantec": "Trojan.Gen.2"
  63. },
  64. {
  65. "Paloalto": "generic.ml"
  66. },
  67. {
  68. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
  69. },
  70. {
  71. "BitDefender": "Trojan.GenericKD.32076907"
  72. },
  73. {
  74. "AegisLab": "Trojan.Multi.Generic.4!c"
  75. },
  76. {
  77. "Ad-Aware": "Trojan.GenericKD.32076907"
  78. },
  79. {
  80. "Emsisoft": "Trojan.GenericKD.32076907 (B)"
  81. },
  82. {
  83. "McAfee-GW-Edition": "Artemis!Trojan"
  84. },
  85. {
  86. "Microsoft": "Trojan:Win32/Fuery.A!cl"
  87. },
  88. {
  89. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
  90. },
  91. {
  92. "GData": "Trojan.GenericKD.32076907"
  93. },
  94. {
  95. "McAfee": "RDN/Generic Dropper"
  96. },
  97. {
  98. "VBA32": "suspected of Trojan.Downloader.gen.h"
  99. },
  100. {
  101. "Rising": "Trojan.Fuery!8.EAFB (TFE:dGZlOgXMjqmCm5VF6Q)"
  102. },
  103. {
  104. "MAX": "malware (ai score=93)"
  105. },
  106. {
  107. "Panda": "Trj/GdSda.A"
  108. }
  109. ]
  110. }
  111. ]
  112.  
  113. [*] Started Service: []
  114.  
  115. [*] Executed Commands: []
  116.  
  117. [*] Mutexes: []
  118.  
  119. [*] Modified Files: [
  120. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
  121. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
  122. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220",
  123. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220",
  124. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_99D41F4D77B8F7BB12F6EE812A503A28",
  125. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_99D41F4D77B8F7BB12F6EE812A503A28"
  126. ]
  127.  
  128. [*] Deleted Files: []
  129.  
  130. [*] Modified Registry Keys: []
  131.  
  132. [*] Deleted Registry Keys: []
  133.  
  134. [*] DNS Communications: [
  135. {
  136. "type": "A",
  137. "request": "iplogger.org",
  138. "answers": [
  139. {
  140. "data": "88.99.66.31",
  141. "type": "A"
  142. }
  143. ]
  144. }
  145. ]
  146.  
  147. [*] Domains: [
  148. {
  149. "ip": "88.99.66.31",
  150. "domain": "iplogger.org"
  151. }
  152. ]
  153.  
  154. [*] Network Communication - ICMP: []
  155.  
  156. [*] Network Communication - HTTP: [
  157. {
  158. "count": 1,
  159. "body": "",
  160. "uri": "http://iplogger.org/14r757",
  161. "user-agent": "deus vult",
  162. "method": "GET",
  163. "host": "iplogger.org",
  164. "version": "1.1",
  165. "path": "/14r757",
  166. "data": "GET /14r757 HTTP/1.1\r\nAccept: text/*\r\nUser-Agent: deus vult\r\nHost: iplogger.org\r\n\r\n",
  167. "port": 80
  168. },
  169. {
  170. "count": 1,
  171. "body": "",
  172. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  173. "user-agent": "Microsoft-CryptoAPI/6.1",
  174. "method": "GET",
  175. "host": "ocsp.usertrust.com",
  176. "version": "1.1",
  177. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  178. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  179. "port": 80
  180. },
  181. {
  182. "count": 1,
  183. "body": "",
  184. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D",
  185. "user-agent": "Microsoft-CryptoAPI/6.1",
  186. "method": "GET",
  187. "host": "ocsp.comodoca.com",
  188. "version": "1.1",
  189. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D",
  190. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  191. "port": 80
  192. },
  193. {
  194. "count": 1,
  195. "body": "",
  196. "uri": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg",
  197. "user-agent": "Microsoft-CryptoAPI/6.1",
  198. "method": "GET",
  199. "host": "ocsp.comodoca.com",
  200. "version": "1.1",
  201. "path": "/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg",
  202. "data": "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  203. "port": 80
  204. }
  205. ]
  206.  
  207. [*] Network Communication - SMTP: []
  208.  
  209. [*] Network Communication - Hosts: []
  210.  
  211. [*] Network Communication - IRC: []
  212.  
  213. [*] Static Analysis: {
  214. "pe": {
  215. "peid_signatures": null,
  216. "imports": [
  217. {
  218. "imports": [
  219. {
  220. "name": "Sleep",
  221. "address": "0x40e000"
  222. },
  223. {
  224. "name": "ExitProcess",
  225. "address": "0x40e004"
  226. },
  227. {
  228. "name": "GetProcAddress",
  229. "address": "0x40e008"
  230. },
  231. {
  232. "name": "GetModuleFileNameW",
  233. "address": "0x40e00c"
  234. },
  235. {
  236. "name": "WriteConsoleW",
  237. "address": "0x40e010"
  238. },
  239. {
  240. "name": "CloseHandle",
  241. "address": "0x40e014"
  242. },
  243. {
  244. "name": "CreateFileW",
  245. "address": "0x40e018"
  246. },
  247. {
  248. "name": "SetFilePointerEx",
  249. "address": "0x40e01c"
  250. },
  251. {
  252. "name": "GetConsoleMode",
  253. "address": "0x40e020"
  254. },
  255. {
  256. "name": "GetConsoleCP",
  257. "address": "0x40e024"
  258. },
  259. {
  260. "name": "FlushFileBuffers",
  261. "address": "0x40e028"
  262. },
  263. {
  264. "name": "HeapReAlloc",
  265. "address": "0x40e02c"
  266. },
  267. {
  268. "name": "UnhandledExceptionFilter",
  269. "address": "0x40e030"
  270. },
  271. {
  272. "name": "SetUnhandledExceptionFilter",
  273. "address": "0x40e034"
  274. },
  275. {
  276. "name": "GetCurrentProcess",
  277. "address": "0x40e038"
  278. },
  279. {
  280. "name": "TerminateProcess",
  281. "address": "0x40e03c"
  282. },
  283. {
  284. "name": "IsProcessorFeaturePresent",
  285. "address": "0x40e040"
  286. },
  287. {
  288. "name": "QueryPerformanceCounter",
  289. "address": "0x40e044"
  290. },
  291. {
  292. "name": "GetCurrentProcessId",
  293. "address": "0x40e048"
  294. },
  295. {
  296. "name": "GetCurrentThreadId",
  297. "address": "0x40e04c"
  298. },
  299. {
  300. "name": "GetSystemTimeAsFileTime",
  301. "address": "0x40e050"
  302. },
  303. {
  304. "name": "InitializeSListHead",
  305. "address": "0x40e054"
  306. },
  307. {
  308. "name": "IsDebuggerPresent",
  309. "address": "0x40e058"
  310. },
  311. {
  312. "name": "GetStartupInfoW",
  313. "address": "0x40e05c"
  314. },
  315. {
  316. "name": "GetModuleHandleW",
  317. "address": "0x40e060"
  318. },
  319. {
  320. "name": "RtlUnwind",
  321. "address": "0x40e064"
  322. },
  323. {
  324. "name": "RaiseException",
  325. "address": "0x40e068"
  326. },
  327. {
  328. "name": "GetLastError",
  329. "address": "0x40e06c"
  330. },
  331. {
  332. "name": "SetLastError",
  333. "address": "0x40e070"
  334. },
  335. {
  336. "name": "EncodePointer",
  337. "address": "0x40e074"
  338. },
  339. {
  340. "name": "EnterCriticalSection",
  341. "address": "0x40e078"
  342. },
  343. {
  344. "name": "LeaveCriticalSection",
  345. "address": "0x40e07c"
  346. },
  347. {
  348. "name": "DeleteCriticalSection",
  349. "address": "0x40e080"
  350. },
  351. {
  352. "name": "InitializeCriticalSectionAndSpinCount",
  353. "address": "0x40e084"
  354. },
  355. {
  356. "name": "TlsAlloc",
  357. "address": "0x40e088"
  358. },
  359. {
  360. "name": "TlsGetValue",
  361. "address": "0x40e08c"
  362. },
  363. {
  364. "name": "TlsSetValue",
  365. "address": "0x40e090"
  366. },
  367. {
  368. "name": "TlsFree",
  369. "address": "0x40e094"
  370. },
  371. {
  372. "name": "FreeLibrary",
  373. "address": "0x40e098"
  374. },
  375. {
  376. "name": "LoadLibraryExW",
  377. "address": "0x40e09c"
  378. },
  379. {
  380. "name": "GetStdHandle",
  381. "address": "0x40e0a0"
  382. },
  383. {
  384. "name": "WriteFile",
  385. "address": "0x40e0a4"
  386. },
  387. {
  388. "name": "MultiByteToWideChar",
  389. "address": "0x40e0a8"
  390. },
  391. {
  392. "name": "WideCharToMultiByte",
  393. "address": "0x40e0ac"
  394. },
  395. {
  396. "name": "GetModuleHandleExW",
  397. "address": "0x40e0b0"
  398. },
  399. {
  400. "name": "GetACP",
  401. "address": "0x40e0b4"
  402. },
  403. {
  404. "name": "HeapAlloc",
  405. "address": "0x40e0b8"
  406. },
  407. {
  408. "name": "HeapFree",
  409. "address": "0x40e0bc"
  410. },
  411. {
  412. "name": "FindClose",
  413. "address": "0x40e0c0"
  414. },
  415. {
  416. "name": "FindFirstFileExW",
  417. "address": "0x40e0c4"
  418. },
  419. {
  420. "name": "FindNextFileW",
  421. "address": "0x40e0c8"
  422. },
  423. {
  424. "name": "IsValidCodePage",
  425. "address": "0x40e0cc"
  426. },
  427. {
  428. "name": "GetOEMCP",
  429. "address": "0x40e0d0"
  430. },
  431. {
  432. "name": "GetCPInfo",
  433. "address": "0x40e0d4"
  434. },
  435. {
  436. "name": "GetCommandLineA",
  437. "address": "0x40e0d8"
  438. },
  439. {
  440. "name": "GetCommandLineW",
  441. "address": "0x40e0dc"
  442. },
  443. {
  444. "name": "GetEnvironmentStringsW",
  445. "address": "0x40e0e0"
  446. },
  447. {
  448. "name": "FreeEnvironmentStringsW",
  449. "address": "0x40e0e4"
  450. },
  451. {
  452. "name": "SetStdHandle",
  453. "address": "0x40e0e8"
  454. },
  455. {
  456. "name": "GetFileType",
  457. "address": "0x40e0ec"
  458. },
  459. {
  460. "name": "GetStringTypeW",
  461. "address": "0x40e0f0"
  462. },
  463. {
  464. "name": "LCMapStringW",
  465. "address": "0x40e0f4"
  466. },
  467. {
  468. "name": "GetProcessHeap",
  469. "address": "0x40e0f8"
  470. },
  471. {
  472. "name": "HeapSize",
  473. "address": "0x40e0fc"
  474. },
  475. {
  476. "name": "DecodePointer",
  477. "address": "0x40e100"
  478. }
  479. ],
  480. "dll": "KERNEL32.dll"
  481. },
  482. {
  483. "imports": [
  484. {
  485. "name": "HttpSendRequestW",
  486. "address": "0x40e108"
  487. },
  488. {
  489. "name": "HttpOpenRequestW",
  490. "address": "0x40e10c"
  491. },
  492. {
  493. "name": "InternetConnectW",
  494. "address": "0x40e110"
  495. },
  496. {
  497. "name": "InternetOpenW",
  498. "address": "0x40e114"
  499. },
  500. {
  501. "name": "InternetReadFile",
  502. "address": "0x40e118"
  503. },
  504. {
  505. "name": "InternetCloseHandle",
  506. "address": "0x40e11c"
  507. }
  508. ],
  509. "dll": "WININET.dll"
  510. }
  511. ],
  512. "digital_signers": null,
  513. "exported_dll_name": null,
  514. "actual_checksum": "0x000232b2",
  515. "overlay": null,
  516. "imagebase": "0x00400000",
  517. "reported_checksum": "0x000232b2",
  518. "icon_hash": null,
  519. "entrypoint": "0x00401e8f",
  520. "timestamp": "2019-06-21 11:24:57",
  521. "osversion": "6.0",
  522. "sections": [
  523. {
  524. "name": ".text",
  525. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  526. "virtual_address": "0x00001000",
  527. "size_of_data": "0x0000cc00",
  528. "entropy": "6.59",
  529. "raw_address": "0x00000400",
  530. "virtual_size": "0x0000ca1b",
  531. "characteristics_raw": "0x60000020"
  532. },
  533. {
  534. "name": ".rdata",
  535. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  536. "virtual_address": "0x0000e000",
  537. "size_of_data": "0x00006000",
  538. "entropy": "4.83",
  539. "raw_address": "0x0000d000",
  540. "virtual_size": "0x00005f04",
  541. "characteristics_raw": "0x40000040"
  542. },
  543. {
  544. "name": ".data",
  545. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  546. "virtual_address": "0x00014000",
  547. "size_of_data": "0x00000a00",
  548. "entropy": "2.21",
  549. "raw_address": "0x00013000",
  550. "virtual_size": "0x0000137c",
  551. "characteristics_raw": "0xc0000040"
  552. },
  553. {
  554. "name": ".rsrc",
  555. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  556. "virtual_address": "0x00016000",
  557. "size_of_data": "0x00004c00",
  558. "entropy": "5.30",
  559. "raw_address": "0x00013a00",
  560. "virtual_size": "0x00004b30",
  561. "characteristics_raw": "0x40000040"
  562. },
  563. {
  564. "name": ".reloc",
  565. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  566. "virtual_address": "0x0001b000",
  567. "size_of_data": "0x00001000",
  568. "entropy": "6.43",
  569. "raw_address": "0x00018600",
  570. "virtual_size": "0x00000f7c",
  571. "characteristics_raw": "0x42000040"
  572. }
  573. ],
  574. "resources": [],
  575. "dirents": [
  576. {
  577. "virtual_address": "0x00000000",
  578. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  579. "size": "0x00000000"
  580. },
  581. {
  582. "virtual_address": "0x00013874",
  583. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  584. "size": "0x0000003c"
  585. },
  586. {
  587. "virtual_address": "0x00016000",
  588. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  589. "size": "0x00004b30"
  590. },
  591. {
  592. "virtual_address": "0x00000000",
  593. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  594. "size": "0x00000000"
  595. },
  596. {
  597. "virtual_address": "0x00000000",
  598. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  599. "size": "0x00000000"
  600. },
  601. {
  602. "virtual_address": "0x0001b000",
  603. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  604. "size": "0x00000f7c"
  605. },
  606. {
  607. "virtual_address": "0x00012bd0",
  608. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  609. "size": "0x00000070"
  610. },
  611. {
  612. "virtual_address": "0x00000000",
  613. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  614. "size": "0x00000000"
  615. },
  616. {
  617. "virtual_address": "0x00000000",
  618. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  619. "size": "0x00000000"
  620. },
  621. {
  622. "virtual_address": "0x00000000",
  623. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  624. "size": "0x00000000"
  625. },
  626. {
  627. "virtual_address": "0x00012c40",
  628. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  629. "size": "0x00000040"
  630. },
  631. {
  632. "virtual_address": "0x00000000",
  633. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  634. "size": "0x00000000"
  635. },
  636. {
  637. "virtual_address": "0x0000e000",
  638. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  639. "size": "0x00000124"
  640. },
  641. {
  642. "virtual_address": "0x00000000",
  643. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  644. "size": "0x00000000"
  645. },
  646. {
  647. "virtual_address": "0x00000000",
  648. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  649. "size": "0x00000000"
  650. },
  651. {
  652. "virtual_address": "0x00000000",
  653. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  654. "size": "0x00000000"
  655. }
  656. ],
  657. "exports": [],
  658. "guest_signers": {},
  659. "imphash": "09719c89219864b02e305528e222092a",
  660. "icon_fuzzy": null,
  661. "icon": null,
  662. "pdbpath": "C:\\Users\\admin\\Desktop\\\\xd0\\x9d\\xd0\\xbe\\xd0\\xb2\\xd0\\xb0\\xd1\\x8f \\xd0\\xbf\\xd0\\xb0\\xd0\\xbf\\xd0\\xba\\xd0\\xb0 (2)\\Release\\ConsoleApp.pdb",
  663. "imported_dll_count": 2,
  664. "versioninfo": []
  665. }
  666. }
  667.  
  668. [*] Resolved APIs: [
  669. "kernel32.dll.InitializeCriticalSectionEx",
  670. "kernel32.dll.FlsAlloc",
  671. "kernel32.dll.FlsSetValue",
  672. "kernel32.dll.FlsGetValue",
  673. "kernel32.dll.LCMapStringEx",
  674. "rasapi32.dll.RasConnectionNotificationW",
  675. "sechost.dll.NotifyServiceStatusChangeA",
  676. "cryptbase.dll.SystemFunction036",
  677. "winhttp.dll.WinHttpOpen",
  678. "winhttp.dll.WinHttpSetTimeouts",
  679. "winhttp.dll.WinHttpSetOption",
  680. "winhttp.dll.WinHttpCrackUrl",
  681. "shlwapi.dll.StrCmpNW",
  682. "winhttp.dll.WinHttpConnect",
  683. "winhttp.dll.WinHttpOpenRequest",
  684. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
  685. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
  686. "winhttp.dll.WinHttpTimeFromSystemTime",
  687. "winhttp.dll.WinHttpSendRequest",
  688. "ws2_32.dll.GetAddrInfoW",
  689. "ws2_32.dll.WSASocketW",
  690. "ws2_32.dll.#2",
  691. "ws2_32.dll.#21",
  692. "ws2_32.dll.#9",
  693. "ws2_32.dll.WSAIoctl",
  694. "ws2_32.dll.FreeAddrInfoW",
  695. "ws2_32.dll.#6",
  696. "ws2_32.dll.#5",
  697. "ws2_32.dll.WSARecv",
  698. "ws2_32.dll.WSASend",
  699. "winhttp.dll.WinHttpReceiveResponse",
  700. "winhttp.dll.WinHttpQueryHeaders",
  701. "shlwapi.dll.StrStrIW",
  702. "winhttp.dll.WinHttpQueryDataAvailable",
  703. "winhttp.dll.WinHttpReadData",
  704. "winhttp.dll.WinHttpCloseHandle",
  705. "rpcrt4.dll.RpcBindingFree",
  706. "ncrypt.dll.SslFreeObject"
  707. ]
  708.  
  709. [*] Static Analysis: {
  710. "pe": {
  711. "peid_signatures": null,
  712. "imports": [
  713. {
  714. "imports": [
  715. {
  716. "name": "Sleep",
  717. "address": "0x40e000"
  718. },
  719. {
  720. "name": "ExitProcess",
  721. "address": "0x40e004"
  722. },
  723. {
  724. "name": "GetProcAddress",
  725. "address": "0x40e008"
  726. },
  727. {
  728. "name": "GetModuleFileNameW",
  729. "address": "0x40e00c"
  730. },
  731. {
  732. "name": "WriteConsoleW",
  733. "address": "0x40e010"
  734. },
  735. {
  736. "name": "CloseHandle",
  737. "address": "0x40e014"
  738. },
  739. {
  740. "name": "CreateFileW",
  741. "address": "0x40e018"
  742. },
  743. {
  744. "name": "SetFilePointerEx",
  745. "address": "0x40e01c"
  746. },
  747. {
  748. "name": "GetConsoleMode",
  749. "address": "0x40e020"
  750. },
  751. {
  752. "name": "GetConsoleCP",
  753. "address": "0x40e024"
  754. },
  755. {
  756. "name": "FlushFileBuffers",
  757. "address": "0x40e028"
  758. },
  759. {
  760. "name": "HeapReAlloc",
  761. "address": "0x40e02c"
  762. },
  763. {
  764. "name": "UnhandledExceptionFilter",
  765. "address": "0x40e030"
  766. },
  767. {
  768. "name": "SetUnhandledExceptionFilter",
  769. "address": "0x40e034"
  770. },
  771. {
  772. "name": "GetCurrentProcess",
  773. "address": "0x40e038"
  774. },
  775. {
  776. "name": "TerminateProcess",
  777. "address": "0x40e03c"
  778. },
  779. {
  780. "name": "IsProcessorFeaturePresent",
  781. "address": "0x40e040"
  782. },
  783. {
  784. "name": "QueryPerformanceCounter",
  785. "address": "0x40e044"
  786. },
  787. {
  788. "name": "GetCurrentProcessId",
  789. "address": "0x40e048"
  790. },
  791. {
  792. "name": "GetCurrentThreadId",
  793. "address": "0x40e04c"
  794. },
  795. {
  796. "name": "GetSystemTimeAsFileTime",
  797. "address": "0x40e050"
  798. },
  799. {
  800. "name": "InitializeSListHead",
  801. "address": "0x40e054"
  802. },
  803. {
  804. "name": "IsDebuggerPresent",
  805. "address": "0x40e058"
  806. },
  807. {
  808. "name": "GetStartupInfoW",
  809. "address": "0x40e05c"
  810. },
  811. {
  812. "name": "GetModuleHandleW",
  813. "address": "0x40e060"
  814. },
  815. {
  816. "name": "RtlUnwind",
  817. "address": "0x40e064"
  818. },
  819. {
  820. "name": "RaiseException",
  821. "address": "0x40e068"
  822. },
  823. {
  824. "name": "GetLastError",
  825. "address": "0x40e06c"
  826. },
  827. {
  828. "name": "SetLastError",
  829. "address": "0x40e070"
  830. },
  831. {
  832. "name": "EncodePointer",
  833. "address": "0x40e074"
  834. },
  835. {
  836. "name": "EnterCriticalSection",
  837. "address": "0x40e078"
  838. },
  839. {
  840. "name": "LeaveCriticalSection",
  841. "address": "0x40e07c"
  842. },
  843. {
  844. "name": "DeleteCriticalSection",
  845. "address": "0x40e080"
  846. },
  847. {
  848. "name": "InitializeCriticalSectionAndSpinCount",
  849. "address": "0x40e084"
  850. },
  851. {
  852. "name": "TlsAlloc",
  853. "address": "0x40e088"
  854. },
  855. {
  856. "name": "TlsGetValue",
  857. "address": "0x40e08c"
  858. },
  859. {
  860. "name": "TlsSetValue",
  861. "address": "0x40e090"
  862. },
  863. {
  864. "name": "TlsFree",
  865. "address": "0x40e094"
  866. },
  867. {
  868. "name": "FreeLibrary",
  869. "address": "0x40e098"
  870. },
  871. {
  872. "name": "LoadLibraryExW",
  873. "address": "0x40e09c"
  874. },
  875. {
  876. "name": "GetStdHandle",
  877. "address": "0x40e0a0"
  878. },
  879. {
  880. "name": "WriteFile",
  881. "address": "0x40e0a4"
  882. },
  883. {
  884. "name": "MultiByteToWideChar",
  885. "address": "0x40e0a8"
  886. },
  887. {
  888. "name": "WideCharToMultiByte",
  889. "address": "0x40e0ac"
  890. },
  891. {
  892. "name": "GetModuleHandleExW",
  893. "address": "0x40e0b0"
  894. },
  895. {
  896. "name": "GetACP",
  897. "address": "0x40e0b4"
  898. },
  899. {
  900. "name": "HeapAlloc",
  901. "address": "0x40e0b8"
  902. },
  903. {
  904. "name": "HeapFree",
  905. "address": "0x40e0bc"
  906. },
  907. {
  908. "name": "FindClose",
  909. "address": "0x40e0c0"
  910. },
  911. {
  912. "name": "FindFirstFileExW",
  913. "address": "0x40e0c4"
  914. },
  915. {
  916. "name": "FindNextFileW",
  917. "address": "0x40e0c8"
  918. },
  919. {
  920. "name": "IsValidCodePage",
  921. "address": "0x40e0cc"
  922. },
  923. {
  924. "name": "GetOEMCP",
  925. "address": "0x40e0d0"
  926. },
  927. {
  928. "name": "GetCPInfo",
  929. "address": "0x40e0d4"
  930. },
  931. {
  932. "name": "GetCommandLineA",
  933. "address": "0x40e0d8"
  934. },
  935. {
  936. "name": "GetCommandLineW",
  937. "address": "0x40e0dc"
  938. },
  939. {
  940. "name": "GetEnvironmentStringsW",
  941. "address": "0x40e0e0"
  942. },
  943. {
  944. "name": "FreeEnvironmentStringsW",
  945. "address": "0x40e0e4"
  946. },
  947. {
  948. "name": "SetStdHandle",
  949. "address": "0x40e0e8"
  950. },
  951. {
  952. "name": "GetFileType",
  953. "address": "0x40e0ec"
  954. },
  955. {
  956. "name": "GetStringTypeW",
  957. "address": "0x40e0f0"
  958. },
  959. {
  960. "name": "LCMapStringW",
  961. "address": "0x40e0f4"
  962. },
  963. {
  964. "name": "GetProcessHeap",
  965. "address": "0x40e0f8"
  966. },
  967. {
  968. "name": "HeapSize",
  969. "address": "0x40e0fc"
  970. },
  971. {
  972. "name": "DecodePointer",
  973. "address": "0x40e100"
  974. }
  975. ],
  976. "dll": "KERNEL32.dll"
  977. },
  978. {
  979. "imports": [
  980. {
  981. "name": "HttpSendRequestW",
  982. "address": "0x40e108"
  983. },
  984. {
  985. "name": "HttpOpenRequestW",
  986. "address": "0x40e10c"
  987. },
  988. {
  989. "name": "InternetConnectW",
  990. "address": "0x40e110"
  991. },
  992. {
  993. "name": "InternetOpenW",
  994. "address": "0x40e114"
  995. },
  996. {
  997. "name": "InternetReadFile",
  998. "address": "0x40e118"
  999. },
  1000. {
  1001. "name": "InternetCloseHandle",
  1002. "address": "0x40e11c"
  1003. }
  1004. ],
  1005. "dll": "WININET.dll"
  1006. }
  1007. ],
  1008. "digital_signers": null,
  1009. "exported_dll_name": null,
  1010. "actual_checksum": "0x000232b2",
  1011. "overlay": null,
  1012. "imagebase": "0x00400000",
  1013. "reported_checksum": "0x000232b2",
  1014. "icon_hash": null,
  1015. "entrypoint": "0x00401e8f",
  1016. "timestamp": "2019-06-21 11:24:57",
  1017. "osversion": "6.0",
  1018. "sections": [
  1019. {
  1020. "name": ".text",
  1021. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1022. "virtual_address": "0x00001000",
  1023. "size_of_data": "0x0000cc00",
  1024. "entropy": "6.59",
  1025. "raw_address": "0x00000400",
  1026. "virtual_size": "0x0000ca1b",
  1027. "characteristics_raw": "0x60000020"
  1028. },
  1029. {
  1030. "name": ".rdata",
  1031. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1032. "virtual_address": "0x0000e000",
  1033. "size_of_data": "0x00006000",
  1034. "entropy": "4.83",
  1035. "raw_address": "0x0000d000",
  1036. "virtual_size": "0x00005f04",
  1037. "characteristics_raw": "0x40000040"
  1038. },
  1039. {
  1040. "name": ".data",
  1041. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1042. "virtual_address": "0x00014000",
  1043. "size_of_data": "0x00000a00",
  1044. "entropy": "2.21",
  1045. "raw_address": "0x00013000",
  1046. "virtual_size": "0x0000137c",
  1047. "characteristics_raw": "0xc0000040"
  1048. },
  1049. {
  1050. "name": ".rsrc",
  1051. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1052. "virtual_address": "0x00016000",
  1053. "size_of_data": "0x00004c00",
  1054. "entropy": "5.30",
  1055. "raw_address": "0x00013a00",
  1056. "virtual_size": "0x00004b30",
  1057. "characteristics_raw": "0x40000040"
  1058. },
  1059. {
  1060. "name": ".reloc",
  1061. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1062. "virtual_address": "0x0001b000",
  1063. "size_of_data": "0x00001000",
  1064. "entropy": "6.43",
  1065. "raw_address": "0x00018600",
  1066. "virtual_size": "0x00000f7c",
  1067. "characteristics_raw": "0x42000040"
  1068. }
  1069. ],
  1070. "resources": [],
  1071. "dirents": [
  1072. {
  1073. "virtual_address": "0x00000000",
  1074. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1075. "size": "0x00000000"
  1076. },
  1077. {
  1078. "virtual_address": "0x00013874",
  1079. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1080. "size": "0x0000003c"
  1081. },
  1082. {
  1083. "virtual_address": "0x00016000",
  1084. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1085. "size": "0x00004b30"
  1086. },
  1087. {
  1088. "virtual_address": "0x00000000",
  1089. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1090. "size": "0x00000000"
  1091. },
  1092. {
  1093. "virtual_address": "0x00000000",
  1094. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1095. "size": "0x00000000"
  1096. },
  1097. {
  1098. "virtual_address": "0x0001b000",
  1099. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1100. "size": "0x00000f7c"
  1101. },
  1102. {
  1103. "virtual_address": "0x00012bd0",
  1104. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1105. "size": "0x00000070"
  1106. },
  1107. {
  1108. "virtual_address": "0x00000000",
  1109. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1110. "size": "0x00000000"
  1111. },
  1112. {
  1113. "virtual_address": "0x00000000",
  1114. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1115. "size": "0x00000000"
  1116. },
  1117. {
  1118. "virtual_address": "0x00000000",
  1119. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1120. "size": "0x00000000"
  1121. },
  1122. {
  1123. "virtual_address": "0x00012c40",
  1124. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1125. "size": "0x00000040"
  1126. },
  1127. {
  1128. "virtual_address": "0x00000000",
  1129. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1130. "size": "0x00000000"
  1131. },
  1132. {
  1133. "virtual_address": "0x0000e000",
  1134. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1135. "size": "0x00000124"
  1136. },
  1137. {
  1138. "virtual_address": "0x00000000",
  1139. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1140. "size": "0x00000000"
  1141. },
  1142. {
  1143. "virtual_address": "0x00000000",
  1144. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1145. "size": "0x00000000"
  1146. },
  1147. {
  1148. "virtual_address": "0x00000000",
  1149. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1150. "size": "0x00000000"
  1151. }
  1152. ],
  1153. "exports": [],
  1154. "guest_signers": {},
  1155. "imphash": "09719c89219864b02e305528e222092a",
  1156. "icon_fuzzy": null,
  1157. "icon": null,
  1158. "pdbpath": "C:\\Users\\admin\\Desktop\\\\xd0\\x9d\\xd0\\xbe\\xd0\\xb2\\xd0\\xb0\\xd1\\x8f \\xd0\\xbf\\xd0\\xb0\\xd0\\xbf\\xd0\\xba\\xd0\\xb0 (2)\\Release\\ConsoleApp.pdb",
  1159. "imported_dll_count": 2,
  1160. "versioninfo": []
  1161. }
  1162. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!