Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Fuery"
- [*] MalScore: 10.0
- [*] File Name: "Exes_3deaf3fbac14a4f44fd9df75c4fe0051.exe"
- [*] File Size: 103936
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "f8399e2a4097db23a10dcef7935f4c81160b440063c994b8b8b0b2a4ec1c07a7"
- [*] MD5: "3deaf3fbac14a4f44fd9df75c4fe0051"
- [*] SHA1: "96b9e8a65e24d84903b57015d1f845603a519ce4"
- [*] SHA512: "7cbaea05b1f1016005e01241351e97e39a053ef1164bbe935446f912cf72496bbb58708c8a1f4123c022ae2c82b1d7dbae49135ff138d588cea891332ee7dd3e"
- [*] CRC32: "125082BF"
- [*] SSDEEP: "3072:pHjawvSu4VtScvzmXAuZzXJHhnFn4ZePd:pHjaGAJohnFnTd"
- [*] Process Execution: [
- "Exes_3deaf3fbac14a4f44fd9df75c4fe0051.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details": [
- {
- "IP": "151.139.128.14:80"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://iplogger.org/14r757"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg"
- }
- ]
- },
- {
- "Description": "File has been identified by 20 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.32076907"
- },
- {
- "FireEye": "Trojan.GenericKD.32076907"
- },
- {
- "ALYac": "Trojan.GenericKD.32076907"
- },
- {
- "Arcabit": "Trojan.Generic.D1E9746B"
- },
- {
- "Symantec": "Trojan.Gen.2"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Kaspersky": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "BitDefender": "Trojan.GenericKD.32076907"
- },
- {
- "AegisLab": "Trojan.Multi.Generic.4!c"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.32076907"
- },
- {
- "Emsisoft": "Trojan.GenericKD.32076907 (B)"
- },
- {
- "McAfee-GW-Edition": "Artemis!Trojan"
- },
- {
- "Microsoft": "Trojan:Win32/Fuery.A!cl"
- },
- {
- "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "GData": "Trojan.GenericKD.32076907"
- },
- {
- "McAfee": "RDN/Generic Dropper"
- },
- {
- "VBA32": "suspected of Trojan.Downloader.gen.h"
- },
- {
- "Rising": "Trojan.Fuery!8.EAFB (TFE:dGZlOgXMjqmCm5VF6Q)"
- },
- {
- "MAX": "malware (ai score=93)"
- },
- {
- "Panda": "Trj/GdSda.A"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_99D41F4D77B8F7BB12F6EE812A503A28",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_99D41F4D77B8F7BB12F6EE812A503A28"
- ]
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "iplogger.org",
- "answers": [
- {
- "data": "88.99.66.31",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "88.99.66.31",
- "domain": "iplogger.org"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://iplogger.org/14r757",
- "user-agent": "deus vult",
- "method": "GET",
- "host": "iplogger.org",
- "version": "1.1",
- "path": "/14r757",
- "data": "GET /14r757 HTTP/1.1\r\nAccept: text/*\r\nUser-Agent: deus vult\r\nHost: iplogger.org\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg",
- "data": "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x40e000"
- },
- {
- "name": "ExitProcess",
- "address": "0x40e004"
- },
- {
- "name": "GetProcAddress",
- "address": "0x40e008"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x40e00c"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x40e010"
- },
- {
- "name": "CloseHandle",
- "address": "0x40e014"
- },
- {
- "name": "CreateFileW",
- "address": "0x40e018"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x40e01c"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x40e020"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x40e024"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x40e028"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x40e02c"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x40e030"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x40e034"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40e038"
- },
- {
- "name": "TerminateProcess",
- "address": "0x40e03c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x40e040"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x40e044"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x40e048"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x40e04c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x40e050"
- },
- {
- "name": "InitializeSListHead",
- "address": "0x40e054"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x40e058"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x40e05c"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x40e060"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40e064"
- },
- {
- "name": "RaiseException",
- "address": "0x40e068"
- },
- {
- "name": "GetLastError",
- "address": "0x40e06c"
- },
- {
- "name": "SetLastError",
- "address": "0x40e070"
- },
- {
- "name": "EncodePointer",
- "address": "0x40e074"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40e078"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x40e07c"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x40e080"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x40e084"
- },
- {
- "name": "TlsAlloc",
- "address": "0x40e088"
- },
- {
- "name": "TlsGetValue",
- "address": "0x40e08c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x40e090"
- },
- {
- "name": "TlsFree",
- "address": "0x40e094"
- },
- {
- "name": "FreeLibrary",
- "address": "0x40e098"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x40e09c"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40e0a0"
- },
- {
- "name": "WriteFile",
- "address": "0x40e0a4"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x40e0a8"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x40e0ac"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x40e0b0"
- },
- {
- "name": "GetACP",
- "address": "0x40e0b4"
- },
- {
- "name": "HeapAlloc",
- "address": "0x40e0b8"
- },
- {
- "name": "HeapFree",
- "address": "0x40e0bc"
- },
- {
- "name": "FindClose",
- "address": "0x40e0c0"
- },
- {
- "name": "FindFirstFileExW",
- "address": "0x40e0c4"
- },
- {
- "name": "FindNextFileW",
- "address": "0x40e0c8"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x40e0cc"
- },
- {
- "name": "GetOEMCP",
- "address": "0x40e0d0"
- },
- {
- "name": "GetCPInfo",
- "address": "0x40e0d4"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40e0d8"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x40e0dc"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x40e0e0"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x40e0e4"
- },
- {
- "name": "SetStdHandle",
- "address": "0x40e0e8"
- },
- {
- "name": "GetFileType",
- "address": "0x40e0ec"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x40e0f0"
- },
- {
- "name": "LCMapStringW",
- "address": "0x40e0f4"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x40e0f8"
- },
- {
- "name": "HeapSize",
- "address": "0x40e0fc"
- },
- {
- "name": "DecodePointer",
- "address": "0x40e100"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "HttpSendRequestW",
- "address": "0x40e108"
- },
- {
- "name": "HttpOpenRequestW",
- "address": "0x40e10c"
- },
- {
- "name": "InternetConnectW",
- "address": "0x40e110"
- },
- {
- "name": "InternetOpenW",
- "address": "0x40e114"
- },
- {
- "name": "InternetReadFile",
- "address": "0x40e118"
- },
- {
- "name": "InternetCloseHandle",
- "address": "0x40e11c"
- }
- ],
- "dll": "WININET.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000232b2",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x000232b2",
- "icon_hash": null,
- "entrypoint": "0x00401e8f",
- "timestamp": "2019-06-21 11:24:57",
- "osversion": "6.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0000cc00",
- "entropy": "6.59",
- "raw_address": "0x00000400",
- "virtual_size": "0x0000ca1b",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0000e000",
- "size_of_data": "0x00006000",
- "entropy": "4.83",
- "raw_address": "0x0000d000",
- "virtual_size": "0x00005f04",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00014000",
- "size_of_data": "0x00000a00",
- "entropy": "2.21",
- "raw_address": "0x00013000",
- "virtual_size": "0x0000137c",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00016000",
- "size_of_data": "0x00004c00",
- "entropy": "5.30",
- "raw_address": "0x00013a00",
- "virtual_size": "0x00004b30",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001b000",
- "size_of_data": "0x00001000",
- "entropy": "6.43",
- "raw_address": "0x00018600",
- "virtual_size": "0x00000f7c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00013874",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000003c"
- },
- {
- "virtual_address": "0x00016000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00004b30"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001b000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000f7c"
- },
- {
- "virtual_address": "0x00012bd0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000070"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00012c40",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000e000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000124"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "09719c89219864b02e305528e222092a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "C:\\Users\\admin\\Desktop\\\\xd0\\x9d\\xd0\\xbe\\xd0\\xb2\\xd0\\xb0\\xd1\\x8f \\xd0\\xbf\\xd0\\xb0\\xd0\\xbf\\xd0\\xba\\xd0\\xb0 (2)\\Release\\ConsoleApp.pdb",
- "imported_dll_count": 2,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.InitializeCriticalSectionEx",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.LCMapStringEx",
- "rasapi32.dll.RasConnectionNotificationW",
- "sechost.dll.NotifyServiceStatusChangeA",
- "cryptbase.dll.SystemFunction036",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpCrackUrl",
- "shlwapi.dll.StrCmpNW",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "winhttp.dll.WinHttpTimeFromSystemTime",
- "winhttp.dll.WinHttpSendRequest",
- "ws2_32.dll.GetAddrInfoW",
- "ws2_32.dll.WSASocketW",
- "ws2_32.dll.#2",
- "ws2_32.dll.#21",
- "ws2_32.dll.#9",
- "ws2_32.dll.WSAIoctl",
- "ws2_32.dll.FreeAddrInfoW",
- "ws2_32.dll.#6",
- "ws2_32.dll.#5",
- "ws2_32.dll.WSARecv",
- "ws2_32.dll.WSASend",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpQueryHeaders",
- "shlwapi.dll.StrStrIW",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpReadData",
- "winhttp.dll.WinHttpCloseHandle",
- "rpcrt4.dll.RpcBindingFree",
- "ncrypt.dll.SslFreeObject"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x40e000"
- },
- {
- "name": "ExitProcess",
- "address": "0x40e004"
- },
- {
- "name": "GetProcAddress",
- "address": "0x40e008"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x40e00c"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x40e010"
- },
- {
- "name": "CloseHandle",
- "address": "0x40e014"
- },
- {
- "name": "CreateFileW",
- "address": "0x40e018"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x40e01c"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x40e020"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x40e024"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x40e028"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x40e02c"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x40e030"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x40e034"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40e038"
- },
- {
- "name": "TerminateProcess",
- "address": "0x40e03c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x40e040"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x40e044"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x40e048"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x40e04c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x40e050"
- },
- {
- "name": "InitializeSListHead",
- "address": "0x40e054"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x40e058"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x40e05c"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x40e060"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40e064"
- },
- {
- "name": "RaiseException",
- "address": "0x40e068"
- },
- {
- "name": "GetLastError",
- "address": "0x40e06c"
- },
- {
- "name": "SetLastError",
- "address": "0x40e070"
- },
- {
- "name": "EncodePointer",
- "address": "0x40e074"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40e078"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x40e07c"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x40e080"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x40e084"
- },
- {
- "name": "TlsAlloc",
- "address": "0x40e088"
- },
- {
- "name": "TlsGetValue",
- "address": "0x40e08c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x40e090"
- },
- {
- "name": "TlsFree",
- "address": "0x40e094"
- },
- {
- "name": "FreeLibrary",
- "address": "0x40e098"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x40e09c"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40e0a0"
- },
- {
- "name": "WriteFile",
- "address": "0x40e0a4"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x40e0a8"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x40e0ac"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x40e0b0"
- },
- {
- "name": "GetACP",
- "address": "0x40e0b4"
- },
- {
- "name": "HeapAlloc",
- "address": "0x40e0b8"
- },
- {
- "name": "HeapFree",
- "address": "0x40e0bc"
- },
- {
- "name": "FindClose",
- "address": "0x40e0c0"
- },
- {
- "name": "FindFirstFileExW",
- "address": "0x40e0c4"
- },
- {
- "name": "FindNextFileW",
- "address": "0x40e0c8"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x40e0cc"
- },
- {
- "name": "GetOEMCP",
- "address": "0x40e0d0"
- },
- {
- "name": "GetCPInfo",
- "address": "0x40e0d4"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40e0d8"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x40e0dc"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x40e0e0"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x40e0e4"
- },
- {
- "name": "SetStdHandle",
- "address": "0x40e0e8"
- },
- {
- "name": "GetFileType",
- "address": "0x40e0ec"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x40e0f0"
- },
- {
- "name": "LCMapStringW",
- "address": "0x40e0f4"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x40e0f8"
- },
- {
- "name": "HeapSize",
- "address": "0x40e0fc"
- },
- {
- "name": "DecodePointer",
- "address": "0x40e100"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "HttpSendRequestW",
- "address": "0x40e108"
- },
- {
- "name": "HttpOpenRequestW",
- "address": "0x40e10c"
- },
- {
- "name": "InternetConnectW",
- "address": "0x40e110"
- },
- {
- "name": "InternetOpenW",
- "address": "0x40e114"
- },
- {
- "name": "InternetReadFile",
- "address": "0x40e118"
- },
- {
- "name": "InternetCloseHandle",
- "address": "0x40e11c"
- }
- ],
- "dll": "WININET.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000232b2",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x000232b2",
- "icon_hash": null,
- "entrypoint": "0x00401e8f",
- "timestamp": "2019-06-21 11:24:57",
- "osversion": "6.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0000cc00",
- "entropy": "6.59",
- "raw_address": "0x00000400",
- "virtual_size": "0x0000ca1b",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0000e000",
- "size_of_data": "0x00006000",
- "entropy": "4.83",
- "raw_address": "0x0000d000",
- "virtual_size": "0x00005f04",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00014000",
- "size_of_data": "0x00000a00",
- "entropy": "2.21",
- "raw_address": "0x00013000",
- "virtual_size": "0x0000137c",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00016000",
- "size_of_data": "0x00004c00",
- "entropy": "5.30",
- "raw_address": "0x00013a00",
- "virtual_size": "0x00004b30",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001b000",
- "size_of_data": "0x00001000",
- "entropy": "6.43",
- "raw_address": "0x00018600",
- "virtual_size": "0x00000f7c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00013874",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000003c"
- },
- {
- "virtual_address": "0x00016000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00004b30"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001b000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000f7c"
- },
- {
- "virtual_address": "0x00012bd0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000070"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00012c40",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000e000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000124"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "09719c89219864b02e305528e222092a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "C:\\Users\\admin\\Desktop\\\\xd0\\x9d\\xd0\\xbe\\xd0\\xb2\\xd0\\xb0\\xd1\\x8f \\xd0\\xbf\\xd0\\xb0\\xd0\\xbf\\xd0\\xba\\xd0\\xb0 (2)\\Release\\ConsoleApp.pdb",
- "imported_dll_count": 2,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement