API tools faq
paste
Advertisement
paladin316

Exes_dd35726c_exe.json

paladin316
Jun 17th, 2019
1,311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 47.12 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_dd35726c.exe"
  7. [*] File Size: 475136
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "a6b2208ba5e0b85c9055498134b44797fb620ba55ff8fb3ae15360507ec07c93"
  10. [*] MD5: "167fd5c9fcfad77ca574b06768d4185f"
  11. [*] SHA1: "b6485db8005156be050bd4a5230ace2903601862"
  12. [*] SHA512: "e60285f6315bb4c136fc32df8327d8df239308f761dfc6b7aacf23d7b03137a96745f2b109d6977fef6976aa6757156c03a60eca18acd506e9390b591dbb2fb2"
  13. [*] CRC32: "DD35726C"
  14. [*] SSDEEP: "6144:KzceHUVqJgnz4lEuXCZdNHRBQdyqffdDKd5qn9BcsLFN0f05LGSmedPLsO8gX4sU:TZVbax2S9BZZN0s5LmePkg4s+yR"
  15.  
  16. [*] Process Execution: [
  17. "Exes_dd35726c.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. },
  25. {
  26. "Description": "Performs some HTTP requests",
  27. "Details": [
  28. {
  29. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  30. },
  31. {
  32. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  33. },
  34. {
  35. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  36. },
  37. {
  38. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe"
  39. },
  40. {
  41. "url": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes"
  42. }
  43. ]
  44. },
  45. {
  46. "Description": "The binary likely contains encrypted or compressed data.",
  47. "Details": [
  48. {
  49. "section": "name: .text, entropy: 7.11, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00070000, virtual_size: 0x0006fbd4"
  50. }
  51. ]
  52. },
  53. {
  54. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  55. "Details": [
  56. {
  57. "Spam": "Exes_dd35726c.exe (1608) called API CreateProcessInternalW 31338 times"
  58. }
  59. ]
  60. },
  61. {
  62. "Description": "File has been identified by 36 Antiviruses on VirusTotal as malicious",
  63. "Details": [
  64. {
  65. "Bkav": "HW32.Packed."
  66. },
  67. {
  68. "MicroWorld-eScan": "Gen:Variant.Midie.64228"
  69. },
  70. {
  71. "McAfee": "Packed-FTY!167FD5C9FCFA"
  72. },
  73. {
  74. "Malwarebytes": "Trojan.MalPack.VB.Generic"
  75. },
  76. {
  77. "Symantec": "Trojan Horse"
  78. },
  79. {
  80. "APEX": "Malicious"
  81. },
  82. {
  83. "Paloalto": "generic.ml"
  84. },
  85. {
  86. "ClamAV": "Win.Malware.Ursu-6991711-0"
  87. },
  88. {
  89. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
  90. },
  91. {
  92. "BitDefender": "Gen:Variant.Midie.64228"
  93. },
  94. {
  95. "Rising": "Backdoor.NetWiredRC!8.2AF (CLOUD)"
  96. },
  97. {
  98. "Endgame": "malicious (high confidence)"
  99. },
  100. {
  101. "Sophos": "Mal/FareitVB-N"
  102. },
  103. {
  104. "DrWeb": "Trojan.PWS.Siggen2.17736"
  105. },
  106. {
  107. "Invincea": "heuristic"
  108. },
  109. {
  110. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.gc"
  111. },
  112. {
  113. "Trapmine": "malicious.high.ml.score"
  114. },
  115. {
  116. "FireEye": "Generic.mg.167fd5c9fcfad77c"
  117. },
  118. {
  119. "Emsisoft": "Gen:Variant.Midie.64228 (B)"
  120. },
  121. {
  122. "SentinelOne": "DFI - Suspicious PE"
  123. },
  124. {
  125. "Microsoft": "PWS:Win32/Fareit.AD!MTB"
  126. },
  127. {
  128. "Arcabit": "Trojan.Midie.DFAE4"
  129. },
  130. {
  131. "AhnLab-V3": "Trojan/Win32.VBInjector.R275306"
  132. },
  133. {
  134. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
  135. },
  136. {
  137. "GData": "Gen:Variant.Midie.64228"
  138. },
  139. {
  140. "ESET-NOD32": "a variant of Win32/Injector.EFYI"
  141. },
  142. {
  143. "Acronis": "suspicious"
  144. },
  145. {
  146. "ALYac": "Gen:Variant.Midie.64228"
  147. },
  148. {
  149. "Ad-Aware": "Gen:Variant.Midie.64228"
  150. },
  151. {
  152. "Cylance": "Unsafe"
  153. },
  154. {
  155. "TrendMicro-HouseCall": "TROJ_GEN.R061C0DFD19"
  156. },
  157. {
  158. "MAX": "malware (ai score=81)"
  159. },
  160. {
  161. "Fortinet": "W32/Injector.EFXH!tr"
  162. },
  163. {
  164. "Cybereason": "malicious.9fcfad"
  165. },
  166. {
  167. "CrowdStrike": "win/malicious_confidence_80% (D)"
  168. },
  169. {
  170. "Qihoo-360": "HEUR/QVM03.0.D705.Malware.Gen"
  171. }
  172. ]
  173. }
  174. ]
  175.  
  176. [*] Started Service: []
  177.  
  178. [*] Executed Commands: [
  179. "\\x01C:\\Users\\user\\AppData\\Local\\Temp\\Exes_dd35726c.exe\""
  180. ]
  181.  
  182. [*] Mutexes: []
  183.  
  184. [*] Modified Files: []
  185.  
  186. [*] Deleted Files: []
  187.  
  188. [*] Modified Registry Keys: []
  189.  
  190. [*] Deleted Registry Keys: []
  191.  
  192. [*] DNS Communications: []
  193.  
  194. [*] Domains: []
  195.  
  196. [*] Network Communication - ICMP: []
  197.  
  198. [*] Network Communication - HTTP: [
  199. {
  200. "count": 1,
  201. "body": "",
  202. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  203. "user-agent": "Microsoft-CryptoAPI/6.1",
  204. "method": "GET",
  205. "host": "ocsp.digicert.com",
  206. "version": "1.1",
  207. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  208. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  209. "port": 80
  210. },
  211. {
  212. "count": 1,
  213. "body": "",
  214. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  215. "user-agent": "Microsoft-CryptoAPI/6.1",
  216. "method": "GET",
  217. "host": "ocsp.digicert.com",
  218. "version": "1.1",
  219. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  220. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  221. "port": 80
  222. },
  223. {
  224. "count": 1,
  225. "body": "",
  226. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  227. "user-agent": "Microsoft-CryptoAPI/6.1",
  228. "method": "GET",
  229. "host": "ocsp.digicert.com",
  230. "version": "1.1",
  231. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  232. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  233. "port": 80
  234. },
  235. {
  236. "count": 1,
  237. "body": "",
  238. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
  239. "user-agent": "Microsoft BITS/7.5",
  240. "method": "HEAD",
  241. "host": "redirector.gvt1.com",
  242. "version": "1.1",
  243. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
  244. "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  245. "port": 80
  246. },
  247. {
  248. "count": 1,
  249. "body": "",
  250. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  251. "user-agent": "Microsoft BITS/7.5",
  252. "method": "HEAD",
  253. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  254. "version": "1.1",
  255. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  256. "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  257. "port": 80
  258. },
  259. {
  260. "count": 1,
  261. "body": "",
  262. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  263. "user-agent": "Microsoft BITS/7.5",
  264. "method": "GET",
  265. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  266. "version": "1.1",
  267. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  268. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=0-6776\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  269. "port": 80
  270. },
  271. {
  272. "count": 1,
  273. "body": "",
  274. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  275. "user-agent": "Microsoft BITS/7.5",
  276. "method": "GET",
  277. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  278. "version": "1.1",
  279. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  280. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=6777-16369\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  281. "port": 80
  282. },
  283. {
  284. "count": 1,
  285. "body": "",
  286. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  287. "user-agent": "Microsoft BITS/7.5",
  288. "method": "GET",
  289. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  290. "version": "1.1",
  291. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  292. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=16370-25780\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  293. "port": 80
  294. },
  295. {
  296. "count": 1,
  297. "body": "",
  298. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  299. "user-agent": "Microsoft BITS/7.5",
  300. "method": "GET",
  301. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  302. "version": "1.1",
  303. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  304. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=25781-35020\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  305. "port": 80
  306. },
  307. {
  308. "count": 1,
  309. "body": "",
  310. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  311. "user-agent": "Microsoft BITS/7.5",
  312. "method": "GET",
  313. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  314. "version": "1.1",
  315. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  316. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=35021-55110\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  317. "port": 80
  318. },
  319. {
  320. "count": 1,
  321. "body": "",
  322. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  323. "user-agent": "Microsoft BITS/7.5",
  324. "method": "GET",
  325. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  326. "version": "1.1",
  327. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  328. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=55111-97173\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  329. "port": 80
  330. },
  331. {
  332. "count": 1,
  333. "body": "",
  334. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  335. "user-agent": "Microsoft BITS/7.5",
  336. "method": "GET",
  337. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  338. "version": "1.1",
  339. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  340. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=97174-183836\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  341. "port": 80
  342. },
  343. {
  344. "count": 1,
  345. "body": "",
  346. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  347. "user-agent": "Microsoft BITS/7.5",
  348. "method": "GET",
  349. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  350. "version": "1.1",
  351. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  352. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=183837-212943\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  353. "port": 80
  354. },
  355. {
  356. "count": 1,
  357. "body": "",
  358. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  359. "user-agent": "Microsoft BITS/7.5",
  360. "method": "GET",
  361. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  362. "version": "1.1",
  363. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  364. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=212944-494042\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  365. "port": 80
  366. },
  367. {
  368. "count": 1,
  369. "body": "",
  370. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  371. "user-agent": "Microsoft BITS/7.5",
  372. "method": "GET",
  373. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  374. "version": "1.1",
  375. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  376. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=494043-1218988\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  377. "port": 80
  378. },
  379. {
  380. "count": 1,
  381. "body": "",
  382. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  383. "user-agent": "Microsoft BITS/7.5",
  384. "method": "GET",
  385. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  386. "version": "1.1",
  387. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  388. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=1218989-2646325\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  389. "port": 80
  390. },
  391. {
  392. "count": 1,
  393. "body": "",
  394. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  395. "user-agent": "Microsoft BITS/7.5",
  396. "method": "GET",
  397. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  398. "version": "1.1",
  399. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  400. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=2646326-5514147\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  401. "port": 80
  402. },
  403. {
  404. "count": 1,
  405. "body": "",
  406. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  407. "user-agent": "Microsoft BITS/7.5",
  408. "method": "GET",
  409. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  410. "version": "1.1",
  411. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  412. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=5514148-11277996\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  413. "port": 80
  414. },
  415. {
  416. "count": 1,
  417. "body": "",
  418. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  419. "user-agent": "Microsoft BITS/7.5",
  420. "method": "GET",
  421. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  422. "version": "1.1",
  423. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  424. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=11277997-22725974\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  425. "port": 80
  426. },
  427. {
  428. "count": 1,
  429. "body": "",
  430. "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  431. "user-agent": "Microsoft BITS/7.5",
  432. "method": "GET",
  433. "host": "r2---sn-bvvbax-2ims.gvt1.com",
  434. "version": "1.1",
  435. "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes",
  436. "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560481966&mv=m&nh=EAE&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=22725975-30355199\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
  437. "port": 80
  438. }
  439. ]
  440.  
  441. [*] Network Communication - SMTP: []
  442.  
  443. [*] Network Communication - Hosts: []
  444.  
  445. [*] Network Communication - IRC: []
  446.  
  447. [*] Static Analysis: {
  448. "pe": {
  449. "peid_signatures": null,
  450. "imports": [
  451. {
  452. "imports": [
  453. {
  454. "name": "MethCallEngine",
  455. "address": "0x401000"
  456. },
  457. {
  458. "name": null,
  459. "address": "0x401004"
  460. },
  461. {
  462. "name": null,
  463. "address": "0x401008"
  464. },
  465. {
  466. "name": "EVENT_SINK_AddRef",
  467. "address": "0x40100c"
  468. },
  469. {
  470. "name": "DllFunctionCall",
  471. "address": "0x401010"
  472. },
  473. {
  474. "name": "EVENT_SINK_Release",
  475. "address": "0x401014"
  476. },
  477. {
  478. "name": null,
  479. "address": "0x401018"
  480. },
  481. {
  482. "name": "EVENT_SINK_QueryInterface",
  483. "address": "0x40101c"
  484. },
  485. {
  486. "name": "__vbaExceptHandler",
  487. "address": "0x401020"
  488. },
  489. {
  490. "name": null,
  491. "address": "0x401024"
  492. },
  493. {
  494. "name": null,
  495. "address": "0x401028"
  496. },
  497. {
  498. "name": null,
  499. "address": "0x40102c"
  500. },
  501. {
  502. "name": null,
  503. "address": "0x401030"
  504. }
  505. ],
  506. "dll": "MSVBVM60.DLL"
  507. }
  508. ],
  509. "digital_signers": null,
  510. "exported_dll_name": null,
  511. "actual_checksum": "0x00083f4a",
  512. "overlay": null,
  513. "imagebase": "0x00400000",
  514. "reported_checksum": "0x00083f4a",
  515. "icon_hash": null,
  516. "entrypoint": "0x00401090",
  517. "timestamp": "2006-04-16 01:52:11",
  518. "osversion": "4.0",
  519. "sections": [
  520. {
  521. "name": ".text",
  522. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  523. "virtual_address": "0x00001000",
  524. "size_of_data": "0x00070000",
  525. "entropy": "7.11",
  526. "raw_address": "0x00001000",
  527. "virtual_size": "0x0006fbd4",
  528. "characteristics_raw": "0x60000020"
  529. },
  530. {
  531. "name": ".data",
  532. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  533. "virtual_address": "0x00071000",
  534. "size_of_data": "0x00000000",
  535. "entropy": "0.00",
  536. "raw_address": "0x00000000",
  537. "virtual_size": "0x000088f0",
  538. "characteristics_raw": "0xc0000040"
  539. },
  540. {
  541. "name": ".rsrc",
  542. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  543. "virtual_address": "0x0007a000",
  544. "size_of_data": "0x00003000",
  545. "entropy": "3.73",
  546. "raw_address": "0x00071000",
  547. "virtual_size": "0x000026a8",
  548. "characteristics_raw": "0x40000040"
  549. }
  550. ],
  551. "resources": [],
  552. "dirents": [
  553. {
  554. "virtual_address": "0x00000000",
  555. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  556. "size": "0x00000000"
  557. },
  558. {
  559. "virtual_address": "0x00070ae4",
  560. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  561. "size": "0x00000028"
  562. },
  563. {
  564. "virtual_address": "0x0007a000",
  565. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  566. "size": "0x000026a8"
  567. },
  568. {
  569. "virtual_address": "0x00000000",
  570. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  571. "size": "0x00000000"
  572. },
  573. {
  574. "virtual_address": "0x00000000",
  575. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  576. "size": "0x00000000"
  577. },
  578. {
  579. "virtual_address": "0x00000000",
  580. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  581. "size": "0x00000000"
  582. },
  583. {
  584. "virtual_address": "0x00000000",
  585. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  586. "size": "0x00000000"
  587. },
  588. {
  589. "virtual_address": "0x00000000",
  590. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  591. "size": "0x00000000"
  592. },
  593. {
  594. "virtual_address": "0x00000000",
  595. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  596. "size": "0x00000000"
  597. },
  598. {
  599. "virtual_address": "0x00000000",
  600. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  601. "size": "0x00000000"
  602. },
  603. {
  604. "virtual_address": "0x00000000",
  605. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  606. "size": "0x00000000"
  607. },
  608. {
  609. "virtual_address": "0x00000220",
  610. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  611. "size": "0x00000020"
  612. },
  613. {
  614. "virtual_address": "0x00001000",
  615. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  616. "size": "0x00000038"
  617. },
  618. {
  619. "virtual_address": "0x00000000",
  620. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  621. "size": "0x00000000"
  622. },
  623. {
  624. "virtual_address": "0x00000000",
  625. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  626. "size": "0x00000000"
  627. },
  628. {
  629. "virtual_address": "0x00000000",
  630. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  631. "size": "0x00000000"
  632. }
  633. ],
  634. "exports": [],
  635. "guest_signers": {},
  636. "imphash": "d4646fcc792100b2be41ad765ddc8731",
  637. "icon_fuzzy": null,
  638. "icon": null,
  639. "pdbpath": null,
  640. "imported_dll_count": 1,
  641. "versioninfo": []
  642. }
  643. }
  644.  
  645. [*] Resolved APIs: [
  646. "cryptbase.dll.SystemFunction036",
  647. "uxtheme.dll.ThemeInitApiHook",
  648. "user32.dll.IsProcessDPIAware",
  649. "oleaut32.dll.OleLoadPictureEx",
  650. "oleaut32.dll.DispCallFunc",
  651. "oleaut32.dll.LoadTypeLibEx",
  652. "oleaut32.dll.UnRegisterTypeLib",
  653. "oleaut32.dll.CreateTypeLib2",
  654. "oleaut32.dll.VarDateFromUdate",
  655. "oleaut32.dll.VarUdateFromDate",
  656. "oleaut32.dll.GetAltMonthNames",
  657. "oleaut32.dll.VarNumFromParseNum",
  658. "oleaut32.dll.VarParseNumFromStr",
  659. "oleaut32.dll.VarDecFromR4",
  660. "oleaut32.dll.VarDecFromR8",
  661. "oleaut32.dll.VarDecFromDate",
  662. "oleaut32.dll.VarDecFromI4",
  663. "oleaut32.dll.VarDecFromCy",
  664. "oleaut32.dll.VarR4FromDec",
  665. "oleaut32.dll.GetRecordInfoFromTypeInfo",
  666. "oleaut32.dll.GetRecordInfoFromGuids",
  667. "oleaut32.dll.SafeArrayGetRecordInfo",
  668. "oleaut32.dll.SafeArraySetRecordInfo",
  669. "oleaut32.dll.SafeArrayGetIID",
  670. "oleaut32.dll.SafeArraySetIID",
  671. "oleaut32.dll.SafeArrayCopyData",
  672. "oleaut32.dll.SafeArrayAllocDescriptorEx",
  673. "oleaut32.dll.SafeArrayCreateEx",
  674. "oleaut32.dll.VarFormat",
  675. "oleaut32.dll.VarFormatDateTime",
  676. "oleaut32.dll.VarFormatNumber",
  677. "oleaut32.dll.VarFormatPercent",
  678. "oleaut32.dll.VarFormatCurrency",
  679. "oleaut32.dll.VarWeekdayName",
  680. "oleaut32.dll.VarMonthName",
  681. "oleaut32.dll.VarAdd",
  682. "oleaut32.dll.VarAnd",
  683. "oleaut32.dll.VarCat",
  684. "oleaut32.dll.VarDiv",
  685. "oleaut32.dll.VarEqv",
  686. "oleaut32.dll.VarIdiv",
  687. "oleaut32.dll.VarImp",
  688. "oleaut32.dll.VarMod",
  689. "oleaut32.dll.VarMul",
  690. "oleaut32.dll.VarOr",
  691. "oleaut32.dll.VarPow",
  692. "oleaut32.dll.VarSub",
  693. "oleaut32.dll.VarXor",
  694. "oleaut32.dll.VarAbs",
  695. "oleaut32.dll.VarFix",
  696. "oleaut32.dll.VarInt",
  697. "oleaut32.dll.VarNeg",
  698. "oleaut32.dll.VarNot",
  699. "oleaut32.dll.VarRound",
  700. "oleaut32.dll.VarCmp",
  701. "oleaut32.dll.VarDecAdd",
  702. "oleaut32.dll.VarDecCmp",
  703. "oleaut32.dll.VarBstrCat",
  704. "oleaut32.dll.VarCyMulI4",
  705. "oleaut32.dll.VarBstrCmp",
  706. "ole32.dll.CoCreateInstanceEx",
  707. "ole32.dll.CLSIDFromProgIDEx",
  708. "sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary",
  709. "user32.dll.GetSystemMetrics",
  710. "user32.dll.MonitorFromWindow",
  711. "user32.dll.MonitorFromRect",
  712. "user32.dll.MonitorFromPoint",
  713. "user32.dll.EnumDisplayMonitors",
  714. "user32.dll.GetMonitorInfoA",
  715. "dwmapi.dll.DwmIsCompositionEnabled",
  716. "gdi32.dll.GetLayout",
  717. "gdi32.dll.GdiRealizationInfo",
  718. "gdi32.dll.FontIsLinked",
  719. "advapi32.dll.RegOpenKeyExW",
  720. "advapi32.dll.RegQueryInfoKeyW",
  721. "gdi32.dll.GetTextFaceAliasW",
  722. "advapi32.dll.RegEnumValueW",
  723. "advapi32.dll.RegCloseKey",
  724. "advapi32.dll.RegQueryValueExW",
  725. "gdi32.dll.GetFontAssocStatus",
  726. "advapi32.dll.RegQueryValueExA",
  727. "advapi32.dll.RegEnumKeyExW",
  728. "gdi32.dll.GdiIsMetaPrintDC",
  729. "user32.dll.GetDesktopWindow",
  730. "user32.dll.LockWindowUpdate",
  731. "user32.dll.FindWindowA",
  732. "user32.dll.GetParent",
  733. "user32.dll.GetWindow",
  734. "user32.dll.GetWindowThreadProcessId",
  735. "user32.dll.SetParent",
  736. "user32.dll.SetFocus",
  737. "sechost.dll.LookupAccountNameLocalW",
  738. "advapi32.dll.LookupAccountSidW",
  739. "sechost.dll.LookupAccountSidLocalW",
  740. "cryptsp.dll.CryptAcquireContextW",
  741. "cryptsp.dll.CryptGenRandom",
  742. "ole32.dll.NdrOleInitializeExtension",
  743. "ole32.dll.CoGetClassObject",
  744. "ole32.dll.CoGetMarshalSizeMax",
  745. "ole32.dll.CoMarshalInterface",
  746. "ole32.dll.CoUnmarshalInterface",
  747. "ole32.dll.StringFromIID",
  748. "ole32.dll.CoGetPSClsid",
  749. "ole32.dll.CoTaskMemAlloc",
  750. "ole32.dll.CoTaskMemFree",
  751. "ole32.dll.CoCreateInstance",
  752. "ole32.dll.CoReleaseMarshalData",
  753. "ole32.dll.DcomChannelSetHResult",
  754. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
  755. "kernel32.dll.GetTickCount",
  756. "kernel32.dll.Sleep",
  757. "user32.dll.GetCursorPos",
  758. "user32.dll.EnumWindows",
  759. "kernel32.dll.SetErrorMode",
  760. "kernel32.dll.SetLastError",
  761. "kernel32.dll.VirtualAllocEx",
  762. "kernel32.dll.CloseHandle",
  763. "shell32.dll.ShellExecuteW",
  764. "kernel32.dll.WriteFile",
  765. "kernel32.dll.UnmapViewOfFile",
  766. "kernel32.dll.CreateFileW",
  767. "kernel32.dll.TerminateProcess",
  768. "kernel32.dll.VirtualProtectEx",
  769. "kernel32.dll.CreateProcessInternalW",
  770. "kernel32.dll.GetTempPathW",
  771. "kernel32.dll.GetLongPathNameW",
  772. "kernel32.dll.GetFileSize",
  773. "kernel32.dll.ReadFile",
  774. "ntdll.dll.NtProtectVirtualMemory",
  775. "kernel32.dll.GetCommandLineW"
  776. ]
  777.  
  778. [*] Static Analysis: {
  779. "pe": {
  780. "peid_signatures": null,
  781. "imports": [
  782. {
  783. "imports": [
  784. {
  785. "name": "MethCallEngine",
  786. "address": "0x401000"
  787. },
  788. {
  789. "name": null,
  790. "address": "0x401004"
  791. },
  792. {
  793. "name": null,
  794. "address": "0x401008"
  795. },
  796. {
  797. "name": "EVENT_SINK_AddRef",
  798. "address": "0x40100c"
  799. },
  800. {
  801. "name": "DllFunctionCall",
  802. "address": "0x401010"
  803. },
  804. {
  805. "name": "EVENT_SINK_Release",
  806. "address": "0x401014"
  807. },
  808. {
  809. "name": null,
  810. "address": "0x401018"
  811. },
  812. {
  813. "name": "EVENT_SINK_QueryInterface",
  814. "address": "0x40101c"
  815. },
  816. {
  817. "name": "__vbaExceptHandler",
  818. "address": "0x401020"
  819. },
  820. {
  821. "name": null,
  822. "address": "0x401024"
  823. },
  824. {
  825. "name": null,
  826. "address": "0x401028"
  827. },
  828. {
  829. "name": null,
  830. "address": "0x40102c"
  831. },
  832. {
  833. "name": null,
  834. "address": "0x401030"
  835. }
  836. ],
  837. "dll": "MSVBVM60.DLL"
  838. }
  839. ],
  840. "digital_signers": null,
  841. "exported_dll_name": null,
  842. "actual_checksum": "0x00083f4a",
  843. "overlay": null,
  844. "imagebase": "0x00400000",
  845. "reported_checksum": "0x00083f4a",
  846. "icon_hash": null,
  847. "entrypoint": "0x00401090",
  848. "timestamp": "2006-04-16 01:52:11",
  849. "osversion": "4.0",
  850. "sections": [
  851. {
  852. "name": ".text",
  853. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  854. "virtual_address": "0x00001000",
  855. "size_of_data": "0x00070000",
  856. "entropy": "7.11",
  857. "raw_address": "0x00001000",
  858. "virtual_size": "0x0006fbd4",
  859. "characteristics_raw": "0x60000020"
  860. },
  861. {
  862. "name": ".data",
  863. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  864. "virtual_address": "0x00071000",
  865. "size_of_data": "0x00000000",
  866. "entropy": "0.00",
  867. "raw_address": "0x00000000",
  868. "virtual_size": "0x000088f0",
  869. "characteristics_raw": "0xc0000040"
  870. },
  871. {
  872. "name": ".rsrc",
  873. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  874. "virtual_address": "0x0007a000",
  875. "size_of_data": "0x00003000",
  876. "entropy": "3.73",
  877. "raw_address": "0x00071000",
  878. "virtual_size": "0x000026a8",
  879. "characteristics_raw": "0x40000040"
  880. }
  881. ],
  882. "resources": [],
  883. "dirents": [
  884. {
  885. "virtual_address": "0x00000000",
  886. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  887. "size": "0x00000000"
  888. },
  889. {
  890. "virtual_address": "0x00070ae4",
  891. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  892. "size": "0x00000028"
  893. },
  894. {
  895. "virtual_address": "0x0007a000",
  896. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  897. "size": "0x000026a8"
  898. },
  899. {
  900. "virtual_address": "0x00000000",
  901. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  902. "size": "0x00000000"
  903. },
  904. {
  905. "virtual_address": "0x00000000",
  906. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  907. "size": "0x00000000"
  908. },
  909. {
  910. "virtual_address": "0x00000000",
  911. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  912. "size": "0x00000000"
  913. },
  914. {
  915. "virtual_address": "0x00000000",
  916. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  917. "size": "0x00000000"
  918. },
  919. {
  920. "virtual_address": "0x00000000",
  921. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  922. "size": "0x00000000"
  923. },
  924. {
  925. "virtual_address": "0x00000000",
  926. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  927. "size": "0x00000000"
  928. },
  929. {
  930. "virtual_address": "0x00000000",
  931. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  932. "size": "0x00000000"
  933. },
  934. {
  935. "virtual_address": "0x00000000",
  936. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  937. "size": "0x00000000"
  938. },
  939. {
  940. "virtual_address": "0x00000220",
  941. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  942. "size": "0x00000020"
  943. },
  944. {
  945. "virtual_address": "0x00001000",
  946. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  947. "size": "0x00000038"
  948. },
  949. {
  950. "virtual_address": "0x00000000",
  951. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  952. "size": "0x00000000"
  953. },
  954. {
  955. "virtual_address": "0x00000000",
  956. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  957. "size": "0x00000000"
  958. },
  959. {
  960. "virtual_address": "0x00000000",
  961. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  962. "size": "0x00000000"
  963. }
  964. ],
  965. "exports": [],
  966. "guest_signers": {},
  967. "imphash": "d4646fcc792100b2be41ad765ddc8731",
  968. "icon_fuzzy": null,
  969. "icon": null,
  970. "pdbpath": null,
  971. "imported_dll_count": 1,
  972. "versioninfo": []
  973. }
  974. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!