API tools faq
paste
Advertisement
paladin316

webfakes_dll_2019-06-24_10_30.json

paladin316
Jun 24th, 2019
1,311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.91 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 0.0
  5.  
  6. [*] File Name: "webfakes.dll"
  7. [*] File Size: 24064
  8. [*] File Type: "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "c283038c883dbbe776a1c75660d6f156a9308739c894a6f9be5731cc894a7f01"
  10. [*] MD5: "e4e206ab09e11e5896ec181b781dceac"
  11. [*] SHA1: "3b076018f7f75154bec7793ea711ce9d74d324f6"
  12. [*] SHA512: "5cb5055d31ccb5e27ce2e9c57f151992254dcce441ee3086dd3cce23c3d0f5ca2889abd024c9b025ee94d02cf6cb5b1d5efb39fd330add4c265c10324a90cd62"
  13. [*] CRC32: "04D6F5BC"
  14. [*] SSDEEP: "384:PdNBqHz3zTrUM3DL8kpEkgOvDg0fv1nYEEJW0at/IRZUTouv5HQ:P/cH3TJDLTpEwn1nYEMMt/IDU8wH"
  15.  
  16. [*] Process Execution: [
  17. "rundll32.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: []
  21.  
  22. [*] Started Service: []
  23.  
  24. [*] Executed Commands: []
  25.  
  26. [*] Mutexes: []
  27.  
  28. [*] Modified Files: []
  29.  
  30. [*] Deleted Files: []
  31.  
  32. [*] Modified Registry Keys: []
  33.  
  34. [*] Deleted Registry Keys: []
  35.  
  36. [*] DNS Communications: []
  37.  
  38. [*] Domains: []
  39.  
  40. [*] Network Communication - ICMP: []
  41.  
  42. [*] Network Communication - HTTP: []
  43.  
  44. [*] Network Communication - SMTP: []
  45.  
  46. [*] Network Communication - Hosts: []
  47.  
  48. [*] Network Communication - IRC: []
  49.  
  50. [*] Static Analysis: {
  51. "pe": {
  52. "peid_signatures": null,
  53. "imports": [
  54. {
  55. "imports": [
  56. {
  57. "name": "HeapFree",
  58. "address": "0x10005000"
  59. },
  60. {
  61. "name": "GetProcessHeap",
  62. "address": "0x10005004"
  63. },
  64. {
  65. "name": "OutputDebugStringA",
  66. "address": "0x10005008"
  67. },
  68. {
  69. "name": "IsProcessorFeaturePresent",
  70. "address": "0x1000500c"
  71. },
  72. {
  73. "name": "HeapAlloc",
  74. "address": "0x10005010"
  75. }
  76. ],
  77. "dll": "KERNEL32.dll"
  78. }
  79. ],
  80. "digital_signers": null,
  81. "exported_dll_name": "webfakes.dll",
  82. "actual_checksum": "0x000136f1",
  83. "overlay": null,
  84. "imagebase": "0x10000000",
  85. "reported_checksum": "0x00000000",
  86. "icon_hash": null,
  87. "entrypoint": "0x10003af0",
  88. "timestamp": "2011-02-24 23:26:57",
  89. "osversion": "5.1",
  90. "sections": [
  91. {
  92. "name": ".text",
  93. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  94. "virtual_address": "0x00001000",
  95. "size_of_data": "0x00003200",
  96. "entropy": "5.48",
  97. "raw_address": "0x00000400",
  98. "virtual_size": "0x000030d4",
  99. "characteristics_raw": "0x60000020"
  100. },
  101. {
  102. "name": ".rdata",
  103. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  104. "virtual_address": "0x00005000",
  105. "size_of_data": "0x00002000",
  106. "entropy": "4.43",
  107. "raw_address": "0x00003600",
  108. "virtual_size": "0x00001ff5",
  109. "characteristics_raw": "0x40000040"
  110. },
  111. {
  112. "name": ".data",
  113. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  114. "virtual_address": "0x00007000",
  115. "size_of_data": "0x00000000",
  116. "entropy": "0.00",
  117. "raw_address": "0x00000000",
  118. "virtual_size": "0x00000010",
  119. "characteristics_raw": "0xc0000040"
  120. },
  121. {
  122. "name": ".CRT",
  123. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  124. "virtual_address": "0x00008000",
  125. "size_of_data": "0x00000200",
  126. "entropy": "0.06",
  127. "raw_address": "0x00005600",
  128. "virtual_size": "0x00000004",
  129. "characteristics_raw": "0x40000040"
  130. },
  131. {
  132. "name": ".reloc",
  133. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  134. "virtual_address": "0x00009000",
  135. "size_of_data": "0x00000600",
  136. "entropy": "5.69",
  137. "raw_address": "0x00005800",
  138. "virtual_size": "0x0000049a",
  139. "characteristics_raw": "0x42000040"
  140. }
  141. ],
  142. "resources": [],
  143. "dirents": [
  144. {
  145. "virtual_address": "0x00006ee0",
  146. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  147. "size": "0x000000d1"
  148. },
  149. {
  150. "virtual_address": "0x00006e28",
  151. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  152. "size": "0x00000028"
  153. },
  154. {
  155. "virtual_address": "0x00000000",
  156. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  157. "size": "0x00000000"
  158. },
  159. {
  160. "virtual_address": "0x00000000",
  161. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  162. "size": "0x00000000"
  163. },
  164. {
  165. "virtual_address": "0x00000000",
  166. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  167. "size": "0x00000000"
  168. },
  169. {
  170. "virtual_address": "0x00009000",
  171. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  172. "size": "0x0000046c"
  173. },
  174. {
  175. "virtual_address": "0x00005020",
  176. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  177. "size": "0x0000001c"
  178. },
  179. {
  180. "virtual_address": "0x00000000",
  181. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  182. "size": "0x00000000"
  183. },
  184. {
  185. "virtual_address": "0x00000000",
  186. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  187. "size": "0x00000000"
  188. },
  189. {
  190. "virtual_address": "0x00000000",
  191. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  192. "size": "0x00000000"
  193. },
  194. {
  195. "virtual_address": "0x00000000",
  196. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  197. "size": "0x00000000"
  198. },
  199. {
  200. "virtual_address": "0x00000000",
  201. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  202. "size": "0x00000000"
  203. },
  204. {
  205. "virtual_address": "0x00005000",
  206. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  207. "size": "0x00000018"
  208. },
  209. {
  210. "virtual_address": "0x00000000",
  211. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  212. "size": "0x00000000"
  213. },
  214. {
  215. "virtual_address": "0x00000000",
  216. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  217. "size": "0x00000000"
  218. },
  219. {
  220. "virtual_address": "0x00000000",
  221. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  222. "size": "0x00000000"
  223. }
  224. ],
  225. "exports": [
  226. {
  227. "ordinal": 1,
  228. "name": "Callback_OnBeforeProcessUrl",
  229. "address": "0x10001250"
  230. },
  231. {
  232. "ordinal": 2,
  233. "name": "Init",
  234. "address": "0x10003acd"
  235. },
  236. {
  237. "ordinal": 3,
  238. "name": "IsGlobal",
  239. "address": "0x10003adf"
  240. },
  241. {
  242. "ordinal": 4,
  243. "name": "Start",
  244. "address": "0x10003adc"
  245. },
  246. {
  247. "ordinal": 5,
  248. "name": "Stop",
  249. "address": "0x10003adc"
  250. },
  251. {
  252. "ordinal": 6,
  253. "name": "TakeBotGuid",
  254. "address": "0x10003ae3"
  255. },
  256. {
  257. "ordinal": 7,
  258. "name": "TakeGateToCollector2",
  259. "address": "0x10001034"
  260. }
  261. ],
  262. "guest_signers": {},
  263. "imphash": "d2586efacdb91be4d8a7e081ab4eda49",
  264. "icon_fuzzy": null,
  265. "icon": null,
  266. "pdbpath": "D:\\wwalu\\webfakes18\\Release\\webfakes.pdb",
  267. "imported_dll_count": 1,
  268. "versioninfo": []
  269. }
  270. }
  271.  
  272. [*] Resolved APIs: []
  273.  
  274. [*] Static Analysis: {
  275. "pe": {
  276. "peid_signatures": null,
  277. "imports": [
  278. {
  279. "imports": [
  280. {
  281. "name": "HeapFree",
  282. "address": "0x10005000"
  283. },
  284. {
  285. "name": "GetProcessHeap",
  286. "address": "0x10005004"
  287. },
  288. {
  289. "name": "OutputDebugStringA",
  290. "address": "0x10005008"
  291. },
  292. {
  293. "name": "IsProcessorFeaturePresent",
  294. "address": "0x1000500c"
  295. },
  296. {
  297. "name": "HeapAlloc",
  298. "address": "0x10005010"
  299. }
  300. ],
  301. "dll": "KERNEL32.dll"
  302. }
  303. ],
  304. "digital_signers": null,
  305. "exported_dll_name": "webfakes.dll",
  306. "actual_checksum": "0x000136f1",
  307. "overlay": null,
  308. "imagebase": "0x10000000",
  309. "reported_checksum": "0x00000000",
  310. "icon_hash": null,
  311. "entrypoint": "0x10003af0",
  312. "timestamp": "2011-02-24 23:26:57",
  313. "osversion": "5.1",
  314. "sections": [
  315. {
  316. "name": ".text",
  317. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  318. "virtual_address": "0x00001000",
  319. "size_of_data": "0x00003200",
  320. "entropy": "5.48",
  321. "raw_address": "0x00000400",
  322. "virtual_size": "0x000030d4",
  323. "characteristics_raw": "0x60000020"
  324. },
  325. {
  326. "name": ".rdata",
  327. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  328. "virtual_address": "0x00005000",
  329. "size_of_data": "0x00002000",
  330. "entropy": "4.43",
  331. "raw_address": "0x00003600",
  332. "virtual_size": "0x00001ff5",
  333. "characteristics_raw": "0x40000040"
  334. },
  335. {
  336. "name": ".data",
  337. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  338. "virtual_address": "0x00007000",
  339. "size_of_data": "0x00000000",
  340. "entropy": "0.00",
  341. "raw_address": "0x00000000",
  342. "virtual_size": "0x00000010",
  343. "characteristics_raw": "0xc0000040"
  344. },
  345. {
  346. "name": ".CRT",
  347. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  348. "virtual_address": "0x00008000",
  349. "size_of_data": "0x00000200",
  350. "entropy": "0.06",
  351. "raw_address": "0x00005600",
  352. "virtual_size": "0x00000004",
  353. "characteristics_raw": "0x40000040"
  354. },
  355. {
  356. "name": ".reloc",
  357. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  358. "virtual_address": "0x00009000",
  359. "size_of_data": "0x00000600",
  360. "entropy": "5.69",
  361. "raw_address": "0x00005800",
  362. "virtual_size": "0x0000049a",
  363. "characteristics_raw": "0x42000040"
  364. }
  365. ],
  366. "resources": [],
  367. "dirents": [
  368. {
  369. "virtual_address": "0x00006ee0",
  370. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  371. "size": "0x000000d1"
  372. },
  373. {
  374. "virtual_address": "0x00006e28",
  375. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  376. "size": "0x00000028"
  377. },
  378. {
  379. "virtual_address": "0x00000000",
  380. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  381. "size": "0x00000000"
  382. },
  383. {
  384. "virtual_address": "0x00000000",
  385. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  386. "size": "0x00000000"
  387. },
  388. {
  389. "virtual_address": "0x00000000",
  390. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  391. "size": "0x00000000"
  392. },
  393. {
  394. "virtual_address": "0x00009000",
  395. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  396. "size": "0x0000046c"
  397. },
  398. {
  399. "virtual_address": "0x00005020",
  400. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  401. "size": "0x0000001c"
  402. },
  403. {
  404. "virtual_address": "0x00000000",
  405. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  406. "size": "0x00000000"
  407. },
  408. {
  409. "virtual_address": "0x00000000",
  410. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  411. "size": "0x00000000"
  412. },
  413. {
  414. "virtual_address": "0x00000000",
  415. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  416. "size": "0x00000000"
  417. },
  418. {
  419. "virtual_address": "0x00000000",
  420. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  421. "size": "0x00000000"
  422. },
  423. {
  424. "virtual_address": "0x00000000",
  425. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  426. "size": "0x00000000"
  427. },
  428. {
  429. "virtual_address": "0x00005000",
  430. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  431. "size": "0x00000018"
  432. },
  433. {
  434. "virtual_address": "0x00000000",
  435. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  436. "size": "0x00000000"
  437. },
  438. {
  439. "virtual_address": "0x00000000",
  440. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  441. "size": "0x00000000"
  442. },
  443. {
  444. "virtual_address": "0x00000000",
  445. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  446. "size": "0x00000000"
  447. }
  448. ],
  449. "exports": [
  450. {
  451. "ordinal": 1,
  452. "name": "Callback_OnBeforeProcessUrl",
  453. "address": "0x10001250"
  454. },
  455. {
  456. "ordinal": 2,
  457. "name": "Init",
  458. "address": "0x10003acd"
  459. },
  460. {
  461. "ordinal": 3,
  462. "name": "IsGlobal",
  463. "address": "0x10003adf"
  464. },
  465. {
  466. "ordinal": 4,
  467. "name": "Start",
  468. "address": "0x10003adc"
  469. },
  470. {
  471. "ordinal": 5,
  472. "name": "Stop",
  473. "address": "0x10003adc"
  474. },
  475. {
  476. "ordinal": 6,
  477. "name": "TakeBotGuid",
  478. "address": "0x10003ae3"
  479. },
  480. {
  481. "ordinal": 7,
  482. "name": "TakeGateToCollector2",
  483. "address": "0x10001034"
  484. }
  485. ],
  486. "guest_signers": {},
  487. "imphash": "d2586efacdb91be4d8a7e081ab4eda49",
  488. "icon_fuzzy": null,
  489. "icon": null,
  490. "pdbpath": "D:\\wwalu\\webfakes18\\Release\\webfakes.pdb",
  491. "imported_dll_count": 1,
  492. "versioninfo": []
  493. }
  494. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!