Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 0.0
- [*] File Name: "webfakes.dll"
- [*] File Size: 24064
- [*] File Type: "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "c283038c883dbbe776a1c75660d6f156a9308739c894a6f9be5731cc894a7f01"
- [*] MD5: "e4e206ab09e11e5896ec181b781dceac"
- [*] SHA1: "3b076018f7f75154bec7793ea711ce9d74d324f6"
- [*] SHA512: "5cb5055d31ccb5e27ce2e9c57f151992254dcce441ee3086dd3cce23c3d0f5ca2889abd024c9b025ee94d02cf6cb5b1d5efb39fd330add4c265c10324a90cd62"
- [*] CRC32: "04D6F5BC"
- [*] SSDEEP: "384:PdNBqHz3zTrUM3DL8kpEkgOvDg0fv1nYEEJW0at/IRZUTouv5HQ:P/cH3TJDLTpEwn1nYEMMt/IDU8wH"
- [*] Process Execution: [
- "rundll32.exe"
- ]
- [*] Signatures Detected: []
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "HeapFree",
- "address": "0x10005000"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x10005004"
- },
- {
- "name": "OutputDebugStringA",
- "address": "0x10005008"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x1000500c"
- },
- {
- "name": "HeapAlloc",
- "address": "0x10005010"
- }
- ],
- "dll": "KERNEL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "webfakes.dll",
- "actual_checksum": "0x000136f1",
- "overlay": null,
- "imagebase": "0x10000000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x10003af0",
- "timestamp": "2011-02-24 23:26:57",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00003200",
- "entropy": "5.48",
- "raw_address": "0x00000400",
- "virtual_size": "0x000030d4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00002000",
- "entropy": "4.43",
- "raw_address": "0x00003600",
- "virtual_size": "0x00001ff5",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00007000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".CRT",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00008000",
- "size_of_data": "0x00000200",
- "entropy": "0.06",
- "raw_address": "0x00005600",
- "virtual_size": "0x00000004",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00009000",
- "size_of_data": "0x00000600",
- "entropy": "5.69",
- "raw_address": "0x00005800",
- "virtual_size": "0x0000049a",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00006ee0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x000000d1"
- },
- {
- "virtual_address": "0x00006e28",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00009000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000046c"
- },
- {
- "virtual_address": "0x00005020",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "Callback_OnBeforeProcessUrl",
- "address": "0x10001250"
- },
- {
- "ordinal": 2,
- "name": "Init",
- "address": "0x10003acd"
- },
- {
- "ordinal": 3,
- "name": "IsGlobal",
- "address": "0x10003adf"
- },
- {
- "ordinal": 4,
- "name": "Start",
- "address": "0x10003adc"
- },
- {
- "ordinal": 5,
- "name": "Stop",
- "address": "0x10003adc"
- },
- {
- "ordinal": 6,
- "name": "TakeBotGuid",
- "address": "0x10003ae3"
- },
- {
- "ordinal": 7,
- "name": "TakeGateToCollector2",
- "address": "0x10001034"
- }
- ],
- "guest_signers": {},
- "imphash": "d2586efacdb91be4d8a7e081ab4eda49",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "D:\\wwalu\\webfakes18\\Release\\webfakes.pdb",
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "HeapFree",
- "address": "0x10005000"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x10005004"
- },
- {
- "name": "OutputDebugStringA",
- "address": "0x10005008"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x1000500c"
- },
- {
- "name": "HeapAlloc",
- "address": "0x10005010"
- }
- ],
- "dll": "KERNEL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "webfakes.dll",
- "actual_checksum": "0x000136f1",
- "overlay": null,
- "imagebase": "0x10000000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x10003af0",
- "timestamp": "2011-02-24 23:26:57",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00003200",
- "entropy": "5.48",
- "raw_address": "0x00000400",
- "virtual_size": "0x000030d4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00002000",
- "entropy": "4.43",
- "raw_address": "0x00003600",
- "virtual_size": "0x00001ff5",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00007000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".CRT",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00008000",
- "size_of_data": "0x00000200",
- "entropy": "0.06",
- "raw_address": "0x00005600",
- "virtual_size": "0x00000004",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00009000",
- "size_of_data": "0x00000600",
- "entropy": "5.69",
- "raw_address": "0x00005800",
- "virtual_size": "0x0000049a",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00006ee0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x000000d1"
- },
- {
- "virtual_address": "0x00006e28",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00009000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000046c"
- },
- {
- "virtual_address": "0x00005020",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "Callback_OnBeforeProcessUrl",
- "address": "0x10001250"
- },
- {
- "ordinal": 2,
- "name": "Init",
- "address": "0x10003acd"
- },
- {
- "ordinal": 3,
- "name": "IsGlobal",
- "address": "0x10003adf"
- },
- {
- "ordinal": 4,
- "name": "Start",
- "address": "0x10003adc"
- },
- {
- "ordinal": 5,
- "name": "Stop",
- "address": "0x10003adc"
- },
- {
- "ordinal": 6,
- "name": "TakeBotGuid",
- "address": "0x10003ae3"
- },
- {
- "ordinal": 7,
- "name": "TakeGateToCollector2",
- "address": "0x10001034"
- }
- ],
- "guest_signers": {},
- "imphash": "d2586efacdb91be4d8a7e081ab4eda49",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "D:\\wwalu\\webfakes18\\Release\\webfakes.pdb",
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement