API tools faq
paste
Advertisement
paladin316

socks5_dll_2019-06-24_20_30.json

paladin316
Jun 24th, 2019
1,411
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 48.54 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 0.5
  5.  
  6. [*] File Name: "socks5.dll"
  7. [*] File Size: 286720
  8. [*] File Type: "PE32 executable (DLL) (console) Intel 80386, for MS Windows"
  9. [*] SHA256: "d6394cbc1bbaf302169525838409325da63560b3d8a83c563c1d62166e20b7f8"
  10. [*] MD5: "394415eaed866c5ed8c6587b40e640b7"
  11. [*] SHA1: "f2404d097eb9713c489a788b96dc4832415b4c42"
  12. [*] SHA512: "1cb3962c1f26e5a49a4009c691ae0206edc542f0b2610d989f4a3ed970c7c82d346fa38222ffb77caf57d986c64451932bb2ad363c6da2fee44cfe3f5a0c52dd"
  13. [*] CRC32: "F27BA635"
  14. [*] SSDEEP: "6144:kstP7OknvSRqSPlcUdPr1aGaUYb1pcMp:kstP7Ogv8cOPrkGaU5g"
  15.  
  16. [*] Process Execution: [
  17. "rundll32.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. }
  25. ]
  26.  
  27. [*] Started Service: []
  28.  
  29. [*] Executed Commands: []
  30.  
  31. [*] Mutexes: []
  32.  
  33. [*] Modified Files: []
  34.  
  35. [*] Deleted Files: []
  36.  
  37. [*] Modified Registry Keys: []
  38.  
  39. [*] Deleted Registry Keys: []
  40.  
  41. [*] DNS Communications: []
  42.  
  43. [*] Domains: []
  44.  
  45. [*] Network Communication - ICMP: []
  46.  
  47. [*] Network Communication - HTTP: []
  48.  
  49. [*] Network Communication - SMTP: []
  50.  
  51. [*] Network Communication - Hosts: []
  52.  
  53. [*] Network Communication - IRC: []
  54.  
  55. [*] Static Analysis: {
  56. "pe": {
  57. "peid_signatures": null,
  58. "imports": [
  59. {
  60. "imports": [
  61. {
  62. "name": "atoi",
  63. "address": "0x100341d8"
  64. },
  65. {
  66. "name": "RtlUnwind",
  67. "address": "0x100341dc"
  68. },
  69. {
  70. "name": "memmove",
  71. "address": "0x100341e0"
  72. }
  73. ],
  74. "dll": "ntdll.dll"
  75. },
  76. {
  77. "imports": [
  78. {
  79. "name": "SetWaitableTimer",
  80. "address": "0x10034000"
  81. },
  82. {
  83. "name": "InterlockedIncrement",
  84. "address": "0x10034004"
  85. },
  86. {
  87. "name": "GetQueuedCompletionStatus",
  88. "address": "0x10034008"
  89. },
  90. {
  91. "name": "InterlockedDecrement",
  92. "address": "0x1003400c"
  93. },
  94. {
  95. "name": "InterlockedCompareExchange",
  96. "address": "0x10034010"
  97. },
  98. {
  99. "name": "SleepEx",
  100. "address": "0x10034014"
  101. },
  102. {
  103. "name": "TerminateThread",
  104. "address": "0x10034018"
  105. },
  106. {
  107. "name": "InitializeCriticalSectionAndSpinCount",
  108. "address": "0x1003401c"
  109. },
  110. {
  111. "name": "WaitForSingleObject",
  112. "address": "0x10034020"
  113. },
  114. {
  115. "name": "SetEvent",
  116. "address": "0x10034024"
  117. },
  118. {
  119. "name": "Sleep",
  120. "address": "0x10034028"
  121. },
  122. {
  123. "name": "LeaveCriticalSection",
  124. "address": "0x1003402c"
  125. },
  126. {
  127. "name": "InterlockedExchange",
  128. "address": "0x10034030"
  129. },
  130. {
  131. "name": "GetLastError",
  132. "address": "0x10034034"
  133. },
  134. {
  135. "name": "QueueUserAPC",
  136. "address": "0x10034038"
  137. },
  138. {
  139. "name": "EnterCriticalSection",
  140. "address": "0x1003403c"
  141. },
  142. {
  143. "name": "InterlockedExchangeAdd",
  144. "address": "0x10034040"
  145. },
  146. {
  147. "name": "CreateEventW",
  148. "address": "0x10034044"
  149. },
  150. {
  151. "name": "PostQueuedCompletionStatus",
  152. "address": "0x10034048"
  153. },
  154. {
  155. "name": "WaitForMultipleObjects",
  156. "address": "0x1003404c"
  157. },
  158. {
  159. "name": "CreateIoCompletionPort",
  160. "address": "0x10034050"
  161. },
  162. {
  163. "name": "DeleteCriticalSection",
  164. "address": "0x10034054"
  165. },
  166. {
  167. "name": "TlsAlloc",
  168. "address": "0x10034058"
  169. },
  170. {
  171. "name": "CloseHandle",
  172. "address": "0x1003405c"
  173. },
  174. {
  175. "name": "TlsFree",
  176. "address": "0x10034060"
  177. },
  178. {
  179. "name": "TlsGetValue",
  180. "address": "0x10034064"
  181. },
  182. {
  183. "name": "TlsSetValue",
  184. "address": "0x10034068"
  185. },
  186. {
  187. "name": "GetProcessHeap",
  188. "address": "0x1003406c"
  189. },
  190. {
  191. "name": "HeapAlloc",
  192. "address": "0x10034070"
  193. },
  194. {
  195. "name": "CreateEventA",
  196. "address": "0x10034074"
  197. },
  198. {
  199. "name": "HeapFree",
  200. "address": "0x10034078"
  201. },
  202. {
  203. "name": "SetLastError",
  204. "address": "0x1003407c"
  205. },
  206. {
  207. "name": "CreateThread",
  208. "address": "0x10034080"
  209. },
  210. {
  211. "name": "GetSystemTimeAsFileTime",
  212. "address": "0x10034084"
  213. },
  214. {
  215. "name": "CreateWaitableTimerW",
  216. "address": "0x10034088"
  217. },
  218. {
  219. "name": "CreateWaitableTimerA",
  220. "address": "0x1003408c"
  221. },
  222. {
  223. "name": "GetLocaleInfoW",
  224. "address": "0x10034090"
  225. },
  226. {
  227. "name": "LoadLibraryA",
  228. "address": "0x10034094"
  229. },
  230. {
  231. "name": "IsValidLocale",
  232. "address": "0x10034098"
  233. },
  234. {
  235. "name": "EnumSystemLocalesA",
  236. "address": "0x1003409c"
  237. },
  238. {
  239. "name": "GetLocaleInfoA",
  240. "address": "0x100340a0"
  241. },
  242. {
  243. "name": "GetUserDefaultLCID",
  244. "address": "0x100340a4"
  245. },
  246. {
  247. "name": "GetStringTypeW",
  248. "address": "0x100340a8"
  249. },
  250. {
  251. "name": "GetStringTypeA",
  252. "address": "0x100340ac"
  253. },
  254. {
  255. "name": "IsValidCodePage",
  256. "address": "0x100340b0"
  257. },
  258. {
  259. "name": "GetOEMCP",
  260. "address": "0x100340b4"
  261. },
  262. {
  263. "name": "GetACP",
  264. "address": "0x100340b8"
  265. },
  266. {
  267. "name": "HeapReAlloc",
  268. "address": "0x100340bc"
  269. },
  270. {
  271. "name": "VirtualAlloc",
  272. "address": "0x100340c0"
  273. },
  274. {
  275. "name": "QueryPerformanceCounter",
  276. "address": "0x100340c4"
  277. },
  278. {
  279. "name": "VirtualFree",
  280. "address": "0x100340c8"
  281. },
  282. {
  283. "name": "HeapCreate",
  284. "address": "0x100340cc"
  285. },
  286. {
  287. "name": "HeapDestroy",
  288. "address": "0x100340d0"
  289. },
  290. {
  291. "name": "GetEnvironmentStringsW",
  292. "address": "0x100340d4"
  293. },
  294. {
  295. "name": "FreeEnvironmentStringsW",
  296. "address": "0x100340d8"
  297. },
  298. {
  299. "name": "GetEnvironmentStrings",
  300. "address": "0x100340dc"
  301. },
  302. {
  303. "name": "FreeEnvironmentStringsA",
  304. "address": "0x100340e0"
  305. },
  306. {
  307. "name": "GetStartupInfoA",
  308. "address": "0x100340e4"
  309. },
  310. {
  311. "name": "WideCharToMultiByte",
  312. "address": "0x100340e8"
  313. },
  314. {
  315. "name": "MultiByteToWideChar",
  316. "address": "0x100340ec"
  317. },
  318. {
  319. "name": "InitializeCriticalSection",
  320. "address": "0x100340f0"
  321. },
  322. {
  323. "name": "LocalFree",
  324. "address": "0x100340f4"
  325. },
  326. {
  327. "name": "FormatMessageA",
  328. "address": "0x100340f8"
  329. },
  330. {
  331. "name": "GetCurrentProcessId",
  332. "address": "0x100340fc"
  333. },
  334. {
  335. "name": "OpenEventA",
  336. "address": "0x10034100"
  337. },
  338. {
  339. "name": "ResetEvent",
  340. "address": "0x10034104"
  341. },
  342. {
  343. "name": "ResumeThread",
  344. "address": "0x10034108"
  345. },
  346. {
  347. "name": "GetTickCount",
  348. "address": "0x1003410c"
  349. },
  350. {
  351. "name": "SystemTimeToFileTime",
  352. "address": "0x10034110"
  353. },
  354. {
  355. "name": "ExitThread",
  356. "address": "0x10034114"
  357. },
  358. {
  359. "name": "GetCurrentThreadId",
  360. "address": "0x10034118"
  361. },
  362. {
  363. "name": "TerminateProcess",
  364. "address": "0x1003411c"
  365. },
  366. {
  367. "name": "GetCurrentProcess",
  368. "address": "0x10034120"
  369. },
  370. {
  371. "name": "UnhandledExceptionFilter",
  372. "address": "0x10034124"
  373. },
  374. {
  375. "name": "SetUnhandledExceptionFilter",
  376. "address": "0x10034128"
  377. },
  378. {
  379. "name": "IsDebuggerPresent",
  380. "address": "0x1003412c"
  381. },
  382. {
  383. "name": "GetCommandLineA",
  384. "address": "0x10034130"
  385. },
  386. {
  387. "name": "GetVersionExA",
  388. "address": "0x10034134"
  389. },
  390. {
  391. "name": "RaiseException",
  392. "address": "0x10034138"
  393. },
  394. {
  395. "name": "GetCPInfo",
  396. "address": "0x1003413c"
  397. },
  398. {
  399. "name": "LCMapStringA",
  400. "address": "0x10034140"
  401. },
  402. {
  403. "name": "LCMapStringW",
  404. "address": "0x10034144"
  405. },
  406. {
  407. "name": "GetModuleHandleA",
  408. "address": "0x10034148"
  409. },
  410. {
  411. "name": "GetProcAddress",
  412. "address": "0x1003414c"
  413. },
  414. {
  415. "name": "HeapSize",
  416. "address": "0x10034150"
  417. },
  418. {
  419. "name": "ExitProcess",
  420. "address": "0x10034154"
  421. },
  422. {
  423. "name": "WriteFile",
  424. "address": "0x10034158"
  425. },
  426. {
  427. "name": "GetStdHandle",
  428. "address": "0x1003415c"
  429. },
  430. {
  431. "name": "GetModuleFileNameA",
  432. "address": "0x10034160"
  433. },
  434. {
  435. "name": "SetHandleCount",
  436. "address": "0x10034164"
  437. },
  438. {
  439. "name": "GetFileType",
  440. "address": "0x10034168"
  441. }
  442. ],
  443. "dll": "KERNEL32.dll"
  444. },
  445. {
  446. "imports": [
  447. {
  448. "name": "WSAGetLastError",
  449. "address": "0x10034170"
  450. },
  451. {
  452. "name": "getaddrinfo",
  453. "address": "0x10034174"
  454. },
  455. {
  456. "name": "shutdown",
  457. "address": "0x10034178"
  458. },
  459. {
  460. "name": "freeaddrinfo",
  461. "address": "0x1003417c"
  462. },
  463. {
  464. "name": "ioctlsocket",
  465. "address": "0x10034180"
  466. },
  467. {
  468. "name": "connect",
  469. "address": "0x10034184"
  470. },
  471. {
  472. "name": "WSAStartup",
  473. "address": "0x10034188"
  474. },
  475. {
  476. "name": "ntohl",
  477. "address": "0x1003418c"
  478. },
  479. {
  480. "name": "inet_addr",
  481. "address": "0x10034190"
  482. },
  483. {
  484. "name": "htonl",
  485. "address": "0x10034194"
  486. },
  487. {
  488. "name": "WSARecv",
  489. "address": "0x10034198"
  490. },
  491. {
  492. "name": "WSASocketW",
  493. "address": "0x1003419c"
  494. },
  495. {
  496. "name": "WSASend",
  497. "address": "0x100341a0"
  498. },
  499. {
  500. "name": "select",
  501. "address": "0x100341a4"
  502. },
  503. {
  504. "name": "htons",
  505. "address": "0x100341a8"
  506. },
  507. {
  508. "name": "getsockname",
  509. "address": "0x100341ac"
  510. },
  511. {
  512. "name": "setsockopt",
  513. "address": "0x100341b0"
  514. },
  515. {
  516. "name": "WSACleanup",
  517. "address": "0x100341b4"
  518. },
  519. {
  520. "name": "bind",
  521. "address": "0x100341b8"
  522. },
  523. {
  524. "name": "__WSAFDIsSet",
  525. "address": "0x100341bc"
  526. },
  527. {
  528. "name": "WSASetLastError",
  529. "address": "0x100341c0"
  530. },
  531. {
  532. "name": "closesocket",
  533. "address": "0x100341c4"
  534. },
  535. {
  536. "name": "getsockopt",
  537. "address": "0x100341c8"
  538. },
  539. {
  540. "name": "listen",
  541. "address": "0x100341cc"
  542. },
  543. {
  544. "name": "accept",
  545. "address": "0x100341d0"
  546. }
  547. ],
  548. "dll": "WS2_32.dll"
  549. }
  550. ],
  551. "digital_signers": null,
  552. "exported_dll_name": "socks5.dll",
  553. "actual_checksum": "0x00051ca8",
  554. "overlay": null,
  555. "imagebase": "0x10000000",
  556. "reported_checksum": "0x00051ca8",
  557. "icon_hash": null,
  558. "entrypoint": "0x10020cbb",
  559. "timestamp": "2011-02-05 07:00:43",
  560. "osversion": "5.1",
  561. "sections": [
  562. {
  563. "name": ".text",
  564. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  565. "virtual_address": "0x00001000",
  566. "size_of_data": "0x00032800",
  567. "entropy": "6.60",
  568. "raw_address": "0x00000400",
  569. "virtual_size": "0x00032662",
  570. "characteristics_raw": "0x60000020"
  571. },
  572. {
  573. "name": ".rdata",
  574. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  575. "virtual_address": "0x00034000",
  576. "size_of_data": "0x0000ac00",
  577. "entropy": "4.69",
  578. "raw_address": "0x00032c00",
  579. "virtual_size": "0x0000ab97",
  580. "characteristics_raw": "0x40000040"
  581. },
  582. {
  583. "name": ".data",
  584. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  585. "virtual_address": "0x0003f000",
  586. "size_of_data": "0x00003200",
  587. "entropy": "4.83",
  588. "raw_address": "0x0003d800",
  589. "virtual_size": "0x000041bc",
  590. "characteristics_raw": "0xc0000040"
  591. },
  592. {
  593. "name": ".tls",
  594. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  595. "virtual_address": "0x00044000",
  596. "size_of_data": "0x00000200",
  597. "entropy": "0.00",
  598. "raw_address": "0x00040a00",
  599. "virtual_size": "0x00000002",
  600. "characteristics_raw": "0xc0000040"
  601. },
  602. {
  603. "name": ".rsrc",
  604. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  605. "virtual_address": "0x00045000",
  606. "size_of_data": "0x00000200",
  607. "entropy": "5.10",
  608. "raw_address": "0x00040c00",
  609. "virtual_size": "0x000001b4",
  610. "characteristics_raw": "0x40000040"
  611. },
  612. {
  613. "name": ".reloc",
  614. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  615. "virtual_address": "0x00046000",
  616. "size_of_data": "0x00005200",
  617. "entropy": "5.11",
  618. "raw_address": "0x00040e00",
  619. "virtual_size": "0x000051fc",
  620. "characteristics_raw": "0x42000040"
  621. }
  622. ],
  623. "resources": [],
  624. "dirents": [
  625. {
  626. "virtual_address": "0x0003eb20",
  627. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  628. "size": "0x00000077"
  629. },
  630. {
  631. "virtual_address": "0x0003e1a4",
  632. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  633. "size": "0x00000050"
  634. },
  635. {
  636. "virtual_address": "0x00045000",
  637. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  638. "size": "0x000001b4"
  639. },
  640. {
  641. "virtual_address": "0x00000000",
  642. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  643. "size": "0x00000000"
  644. },
  645. {
  646. "virtual_address": "0x00000000",
  647. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  648. "size": "0x00000000"
  649. },
  650. {
  651. "virtual_address": "0x00046000",
  652. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  653. "size": "0x00003530"
  654. },
  655. {
  656. "virtual_address": "0x00034680",
  657. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  658. "size": "0x0000001c"
  659. },
  660. {
  661. "virtual_address": "0x00000000",
  662. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  663. "size": "0x00000000"
  664. },
  665. {
  666. "virtual_address": "0x00000000",
  667. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  668. "size": "0x00000000"
  669. },
  670. {
  671. "virtual_address": "0x00037900",
  672. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  673. "size": "0x00000018"
  674. },
  675. {
  676. "virtual_address": "0x000378b8",
  677. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  678. "size": "0x00000040"
  679. },
  680. {
  681. "virtual_address": "0x00000000",
  682. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  683. "size": "0x00000000"
  684. },
  685. {
  686. "virtual_address": "0x00034000",
  687. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  688. "size": "0x000001e8"
  689. },
  690. {
  691. "virtual_address": "0x00000000",
  692. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  693. "size": "0x00000000"
  694. },
  695. {
  696. "virtual_address": "0x00000000",
  697. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  698. "size": "0x00000000"
  699. },
  700. {
  701. "virtual_address": "0x00000000",
  702. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  703. "size": "0x00000000"
  704. }
  705. ],
  706. "exports": [
  707. {
  708. "ordinal": 1,
  709. "name": "GetPluginId",
  710. "address": "0x10008c00"
  711. },
  712. {
  713. "ordinal": 2,
  714. "name": "Init",
  715. "address": "0x10008c20"
  716. },
  717. {
  718. "ordinal": 3,
  719. "name": "Start",
  720. "address": "0x10008d10"
  721. },
  722. {
  723. "ordinal": 4,
  724. "name": "Stop",
  725. "address": "0x10008e20"
  726. }
  727. ],
  728. "guest_signers": {},
  729. "imphash": "767a502e07c59fb3145ffab2322e790c",
  730. "icon_fuzzy": null,
  731. "icon": null,
  732. "pdbpath": "C:\\Data\\Documents\\My Projects\\CC\\CardNet\\Progs\\Client\\SpyEye\\plugins\\BC\\Client\\Release\\socks5.pdb",
  733. "imported_dll_count": 3,
  734. "versioninfo": []
  735. }
  736. }
  737.  
  738. [*] Resolved APIs: [
  739. "kernel32.dll.FlsAlloc",
  740. "kernel32.dll.FlsGetValue",
  741. "kernel32.dll.FlsSetValue",
  742. "kernel32.dll.FlsFree",
  743. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
  744. "kernel32.dll.IsProcessorFeaturePresent"
  745. ]
  746.  
  747. [*] Static Analysis: {
  748. "pe": {
  749. "peid_signatures": null,
  750. "imports": [
  751. {
  752. "imports": [
  753. {
  754. "name": "atoi",
  755. "address": "0x100341d8"
  756. },
  757. {
  758. "name": "RtlUnwind",
  759. "address": "0x100341dc"
  760. },
  761. {
  762. "name": "memmove",
  763. "address": "0x100341e0"
  764. }
  765. ],
  766. "dll": "ntdll.dll"
  767. },
  768. {
  769. "imports": [
  770. {
  771. "name": "SetWaitableTimer",
  772. "address": "0x10034000"
  773. },
  774. {
  775. "name": "InterlockedIncrement",
  776. "address": "0x10034004"
  777. },
  778. {
  779. "name": "GetQueuedCompletionStatus",
  780. "address": "0x10034008"
  781. },
  782. {
  783. "name": "InterlockedDecrement",
  784. "address": "0x1003400c"
  785. },
  786. {
  787. "name": "InterlockedCompareExchange",
  788. "address": "0x10034010"
  789. },
  790. {
  791. "name": "SleepEx",
  792. "address": "0x10034014"
  793. },
  794. {
  795. "name": "TerminateThread",
  796. "address": "0x10034018"
  797. },
  798. {
  799. "name": "InitializeCriticalSectionAndSpinCount",
  800. "address": "0x1003401c"
  801. },
  802. {
  803. "name": "WaitForSingleObject",
  804. "address": "0x10034020"
  805. },
  806. {
  807. "name": "SetEvent",
  808. "address": "0x10034024"
  809. },
  810. {
  811. "name": "Sleep",
  812. "address": "0x10034028"
  813. },
  814. {
  815. "name": "LeaveCriticalSection",
  816. "address": "0x1003402c"
  817. },
  818. {
  819. "name": "InterlockedExchange",
  820. "address": "0x10034030"
  821. },
  822. {
  823. "name": "GetLastError",
  824. "address": "0x10034034"
  825. },
  826. {
  827. "name": "QueueUserAPC",
  828. "address": "0x10034038"
  829. },
  830. {
  831. "name": "EnterCriticalSection",
  832. "address": "0x1003403c"
  833. },
  834. {
  835. "name": "InterlockedExchangeAdd",
  836. "address": "0x10034040"
  837. },
  838. {
  839. "name": "CreateEventW",
  840. "address": "0x10034044"
  841. },
  842. {
  843. "name": "PostQueuedCompletionStatus",
  844. "address": "0x10034048"
  845. },
  846. {
  847. "name": "WaitForMultipleObjects",
  848. "address": "0x1003404c"
  849. },
  850. {
  851. "name": "CreateIoCompletionPort",
  852. "address": "0x10034050"
  853. },
  854. {
  855. "name": "DeleteCriticalSection",
  856. "address": "0x10034054"
  857. },
  858. {
  859. "name": "TlsAlloc",
  860. "address": "0x10034058"
  861. },
  862. {
  863. "name": "CloseHandle",
  864. "address": "0x1003405c"
  865. },
  866. {
  867. "name": "TlsFree",
  868. "address": "0x10034060"
  869. },
  870. {
  871. "name": "TlsGetValue",
  872. "address": "0x10034064"
  873. },
  874. {
  875. "name": "TlsSetValue",
  876. "address": "0x10034068"
  877. },
  878. {
  879. "name": "GetProcessHeap",
  880. "address": "0x1003406c"
  881. },
  882. {
  883. "name": "HeapAlloc",
  884. "address": "0x10034070"
  885. },
  886. {
  887. "name": "CreateEventA",
  888. "address": "0x10034074"
  889. },
  890. {
  891. "name": "HeapFree",
  892. "address": "0x10034078"
  893. },
  894. {
  895. "name": "SetLastError",
  896. "address": "0x1003407c"
  897. },
  898. {
  899. "name": "CreateThread",
  900. "address": "0x10034080"
  901. },
  902. {
  903. "name": "GetSystemTimeAsFileTime",
  904. "address": "0x10034084"
  905. },
  906. {
  907. "name": "CreateWaitableTimerW",
  908. "address": "0x10034088"
  909. },
  910. {
  911. "name": "CreateWaitableTimerA",
  912. "address": "0x1003408c"
  913. },
  914. {
  915. "name": "GetLocaleInfoW",
  916. "address": "0x10034090"
  917. },
  918. {
  919. "name": "LoadLibraryA",
  920. "address": "0x10034094"
  921. },
  922. {
  923. "name": "IsValidLocale",
  924. "address": "0x10034098"
  925. },
  926. {
  927. "name": "EnumSystemLocalesA",
  928. "address": "0x1003409c"
  929. },
  930. {
  931. "name": "GetLocaleInfoA",
  932. "address": "0x100340a0"
  933. },
  934. {
  935. "name": "GetUserDefaultLCID",
  936. "address": "0x100340a4"
  937. },
  938. {
  939. "name": "GetStringTypeW",
  940. "address": "0x100340a8"
  941. },
  942. {
  943. "name": "GetStringTypeA",
  944. "address": "0x100340ac"
  945. },
  946. {
  947. "name": "IsValidCodePage",
  948. "address": "0x100340b0"
  949. },
  950. {
  951. "name": "GetOEMCP",
  952. "address": "0x100340b4"
  953. },
  954. {
  955. "name": "GetACP",
  956. "address": "0x100340b8"
  957. },
  958. {
  959. "name": "HeapReAlloc",
  960. "address": "0x100340bc"
  961. },
  962. {
  963. "name": "VirtualAlloc",
  964. "address": "0x100340c0"
  965. },
  966. {
  967. "name": "QueryPerformanceCounter",
  968. "address": "0x100340c4"
  969. },
  970. {
  971. "name": "VirtualFree",
  972. "address": "0x100340c8"
  973. },
  974. {
  975. "name": "HeapCreate",
  976. "address": "0x100340cc"
  977. },
  978. {
  979. "name": "HeapDestroy",
  980. "address": "0x100340d0"
  981. },
  982. {
  983. "name": "GetEnvironmentStringsW",
  984. "address": "0x100340d4"
  985. },
  986. {
  987. "name": "FreeEnvironmentStringsW",
  988. "address": "0x100340d8"
  989. },
  990. {
  991. "name": "GetEnvironmentStrings",
  992. "address": "0x100340dc"
  993. },
  994. {
  995. "name": "FreeEnvironmentStringsA",
  996. "address": "0x100340e0"
  997. },
  998. {
  999. "name": "GetStartupInfoA",
  1000. "address": "0x100340e4"
  1001. },
  1002. {
  1003. "name": "WideCharToMultiByte",
  1004. "address": "0x100340e8"
  1005. },
  1006. {
  1007. "name": "MultiByteToWideChar",
  1008. "address": "0x100340ec"
  1009. },
  1010. {
  1011. "name": "InitializeCriticalSection",
  1012. "address": "0x100340f0"
  1013. },
  1014. {
  1015. "name": "LocalFree",
  1016. "address": "0x100340f4"
  1017. },
  1018. {
  1019. "name": "FormatMessageA",
  1020. "address": "0x100340f8"
  1021. },
  1022. {
  1023. "name": "GetCurrentProcessId",
  1024. "address": "0x100340fc"
  1025. },
  1026. {
  1027. "name": "OpenEventA",
  1028. "address": "0x10034100"
  1029. },
  1030. {
  1031. "name": "ResetEvent",
  1032. "address": "0x10034104"
  1033. },
  1034. {
  1035. "name": "ResumeThread",
  1036. "address": "0x10034108"
  1037. },
  1038. {
  1039. "name": "GetTickCount",
  1040. "address": "0x1003410c"
  1041. },
  1042. {
  1043. "name": "SystemTimeToFileTime",
  1044. "address": "0x10034110"
  1045. },
  1046. {
  1047. "name": "ExitThread",
  1048. "address": "0x10034114"
  1049. },
  1050. {
  1051. "name": "GetCurrentThreadId",
  1052. "address": "0x10034118"
  1053. },
  1054. {
  1055. "name": "TerminateProcess",
  1056. "address": "0x1003411c"
  1057. },
  1058. {
  1059. "name": "GetCurrentProcess",
  1060. "address": "0x10034120"
  1061. },
  1062. {
  1063. "name": "UnhandledExceptionFilter",
  1064. "address": "0x10034124"
  1065. },
  1066. {
  1067. "name": "SetUnhandledExceptionFilter",
  1068. "address": "0x10034128"
  1069. },
  1070. {
  1071. "name": "IsDebuggerPresent",
  1072. "address": "0x1003412c"
  1073. },
  1074. {
  1075. "name": "GetCommandLineA",
  1076. "address": "0x10034130"
  1077. },
  1078. {
  1079. "name": "GetVersionExA",
  1080. "address": "0x10034134"
  1081. },
  1082. {
  1083. "name": "RaiseException",
  1084. "address": "0x10034138"
  1085. },
  1086. {
  1087. "name": "GetCPInfo",
  1088. "address": "0x1003413c"
  1089. },
  1090. {
  1091. "name": "LCMapStringA",
  1092. "address": "0x10034140"
  1093. },
  1094. {
  1095. "name": "LCMapStringW",
  1096. "address": "0x10034144"
  1097. },
  1098. {
  1099. "name": "GetModuleHandleA",
  1100. "address": "0x10034148"
  1101. },
  1102. {
  1103. "name": "GetProcAddress",
  1104. "address": "0x1003414c"
  1105. },
  1106. {
  1107. "name": "HeapSize",
  1108. "address": "0x10034150"
  1109. },
  1110. {
  1111. "name": "ExitProcess",
  1112. "address": "0x10034154"
  1113. },
  1114. {
  1115. "name": "WriteFile",
  1116. "address": "0x10034158"
  1117. },
  1118. {
  1119. "name": "GetStdHandle",
  1120. "address": "0x1003415c"
  1121. },
  1122. {
  1123. "name": "GetModuleFileNameA",
  1124. "address": "0x10034160"
  1125. },
  1126. {
  1127. "name": "SetHandleCount",
  1128. "address": "0x10034164"
  1129. },
  1130. {
  1131. "name": "GetFileType",
  1132. "address": "0x10034168"
  1133. }
  1134. ],
  1135. "dll": "KERNEL32.dll"
  1136. },
  1137. {
  1138. "imports": [
  1139. {
  1140. "name": "WSAGetLastError",
  1141. "address": "0x10034170"
  1142. },
  1143. {
  1144. "name": "getaddrinfo",
  1145. "address": "0x10034174"
  1146. },
  1147. {
  1148. "name": "shutdown",
  1149. "address": "0x10034178"
  1150. },
  1151. {
  1152. "name": "freeaddrinfo",
  1153. "address": "0x1003417c"
  1154. },
  1155. {
  1156. "name": "ioctlsocket",
  1157. "address": "0x10034180"
  1158. },
  1159. {
  1160. "name": "connect",
  1161. "address": "0x10034184"
  1162. },
  1163. {
  1164. "name": "WSAStartup",
  1165. "address": "0x10034188"
  1166. },
  1167. {
  1168. "name": "ntohl",
  1169. "address": "0x1003418c"
  1170. },
  1171. {
  1172. "name": "inet_addr",
  1173. "address": "0x10034190"
  1174. },
  1175. {
  1176. "name": "htonl",
  1177. "address": "0x10034194"
  1178. },
  1179. {
  1180. "name": "WSARecv",
  1181. "address": "0x10034198"
  1182. },
  1183. {
  1184. "name": "WSASocketW",
  1185. "address": "0x1003419c"
  1186. },
  1187. {
  1188. "name": "WSASend",
  1189. "address": "0x100341a0"
  1190. },
  1191. {
  1192. "name": "select",
  1193. "address": "0x100341a4"
  1194. },
  1195. {
  1196. "name": "htons",
  1197. "address": "0x100341a8"
  1198. },
  1199. {
  1200. "name": "getsockname",
  1201. "address": "0x100341ac"
  1202. },
  1203. {
  1204. "name": "setsockopt",
  1205. "address": "0x100341b0"
  1206. },
  1207. {
  1208. "name": "WSACleanup",
  1209. "address": "0x100341b4"
  1210. },
  1211. {
  1212. "name": "bind",
  1213. "address": "0x100341b8"
  1214. },
  1215. {
  1216. "name": "__WSAFDIsSet",
  1217. "address": "0x100341bc"
  1218. },
  1219. {
  1220. "name": "WSASetLastError",
  1221. "address": "0x100341c0"
  1222. },
  1223. {
  1224. "name": "closesocket",
  1225. "address": "0x100341c4"
  1226. },
  1227. {
  1228. "name": "getsockopt",
  1229. "address": "0x100341c8"
  1230. },
  1231. {
  1232. "name": "listen",
  1233. "address": "0x100341cc"
  1234. },
  1235. {
  1236. "name": "accept",
  1237. "address": "0x100341d0"
  1238. }
  1239. ],
  1240. "dll": "WS2_32.dll"
  1241. }
  1242. ],
  1243. "digital_signers": null,
  1244. "exported_dll_name": "socks5.dll",
  1245. "actual_checksum": "0x00051ca8",
  1246. "overlay": null,
  1247. "imagebase": "0x10000000",
  1248. "reported_checksum": "0x00051ca8",
  1249. "icon_hash": null,
  1250. "entrypoint": "0x10020cbb",
  1251. "timestamp": "2011-02-05 07:00:43",
  1252. "osversion": "5.1",
  1253. "sections": [
  1254. {
  1255. "name": ".text",
  1256. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1257. "virtual_address": "0x00001000",
  1258. "size_of_data": "0x00032800",
  1259. "entropy": "6.60",
  1260. "raw_address": "0x00000400",
  1261. "virtual_size": "0x00032662",
  1262. "characteristics_raw": "0x60000020"
  1263. },
  1264. {
  1265. "name": ".rdata",
  1266. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1267. "virtual_address": "0x00034000",
  1268. "size_of_data": "0x0000ac00",
  1269. "entropy": "4.69",
  1270. "raw_address": "0x00032c00",
  1271. "virtual_size": "0x0000ab97",
  1272. "characteristics_raw": "0x40000040"
  1273. },
  1274. {
  1275. "name": ".data",
  1276. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1277. "virtual_address": "0x0003f000",
  1278. "size_of_data": "0x00003200",
  1279. "entropy": "4.83",
  1280. "raw_address": "0x0003d800",
  1281. "virtual_size": "0x000041bc",
  1282. "characteristics_raw": "0xc0000040"
  1283. },
  1284. {
  1285. "name": ".tls",
  1286. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1287. "virtual_address": "0x00044000",
  1288. "size_of_data": "0x00000200",
  1289. "entropy": "0.00",
  1290. "raw_address": "0x00040a00",
  1291. "virtual_size": "0x00000002",
  1292. "characteristics_raw": "0xc0000040"
  1293. },
  1294. {
  1295. "name": ".rsrc",
  1296. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1297. "virtual_address": "0x00045000",
  1298. "size_of_data": "0x00000200",
  1299. "entropy": "5.10",
  1300. "raw_address": "0x00040c00",
  1301. "virtual_size": "0x000001b4",
  1302. "characteristics_raw": "0x40000040"
  1303. },
  1304. {
  1305. "name": ".reloc",
  1306. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1307. "virtual_address": "0x00046000",
  1308. "size_of_data": "0x00005200",
  1309. "entropy": "5.11",
  1310. "raw_address": "0x00040e00",
  1311. "virtual_size": "0x000051fc",
  1312. "characteristics_raw": "0x42000040"
  1313. }
  1314. ],
  1315. "resources": [],
  1316. "dirents": [
  1317. {
  1318. "virtual_address": "0x0003eb20",
  1319. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1320. "size": "0x00000077"
  1321. },
  1322. {
  1323. "virtual_address": "0x0003e1a4",
  1324. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1325. "size": "0x00000050"
  1326. },
  1327. {
  1328. "virtual_address": "0x00045000",
  1329. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1330. "size": "0x000001b4"
  1331. },
  1332. {
  1333. "virtual_address": "0x00000000",
  1334. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1335. "size": "0x00000000"
  1336. },
  1337. {
  1338. "virtual_address": "0x00000000",
  1339. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1340. "size": "0x00000000"
  1341. },
  1342. {
  1343. "virtual_address": "0x00046000",
  1344. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1345. "size": "0x00003530"
  1346. },
  1347. {
  1348. "virtual_address": "0x00034680",
  1349. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1350. "size": "0x0000001c"
  1351. },
  1352. {
  1353. "virtual_address": "0x00000000",
  1354. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1355. "size": "0x00000000"
  1356. },
  1357. {
  1358. "virtual_address": "0x00000000",
  1359. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1360. "size": "0x00000000"
  1361. },
  1362. {
  1363. "virtual_address": "0x00037900",
  1364. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1365. "size": "0x00000018"
  1366. },
  1367. {
  1368. "virtual_address": "0x000378b8",
  1369. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1370. "size": "0x00000040"
  1371. },
  1372. {
  1373. "virtual_address": "0x00000000",
  1374. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1375. "size": "0x00000000"
  1376. },
  1377. {
  1378. "virtual_address": "0x00034000",
  1379. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1380. "size": "0x000001e8"
  1381. },
  1382. {
  1383. "virtual_address": "0x00000000",
  1384. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1385. "size": "0x00000000"
  1386. },
  1387. {
  1388. "virtual_address": "0x00000000",
  1389. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1390. "size": "0x00000000"
  1391. },
  1392. {
  1393. "virtual_address": "0x00000000",
  1394. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1395. "size": "0x00000000"
  1396. }
  1397. ],
  1398. "exports": [
  1399. {
  1400. "ordinal": 1,
  1401. "name": "GetPluginId",
  1402. "address": "0x10008c00"
  1403. },
  1404. {
  1405. "ordinal": 2,
  1406. "name": "Init",
  1407. "address": "0x10008c20"
  1408. },
  1409. {
  1410. "ordinal": 3,
  1411. "name": "Start",
  1412. "address": "0x10008d10"
  1413. },
  1414. {
  1415. "ordinal": 4,
  1416. "name": "Stop",
  1417. "address": "0x10008e20"
  1418. }
  1419. ],
  1420. "guest_signers": {},
  1421. "imphash": "767a502e07c59fb3145ffab2322e790c",
  1422. "icon_fuzzy": null,
  1423. "icon": null,
  1424. "pdbpath": "C:\\Data\\Documents\\My Projects\\CC\\CardNet\\Progs\\Client\\SpyEye\\plugins\\BC\\Client\\Release\\socks5.pdb",
  1425. "imported_dll_count": 3,
  1426. "versioninfo": []
  1427. }
  1428. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!