API tools faq
paste
Advertisement
paladin316

45B65D_exe_.json

paladin316
Jun 17th, 2019
1,400
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 81.86 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 1.0
  5.  
  6. [*] File Name: "45B65D.exe"
  7. [*] File Size: 179712
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102"
  10. [*] MD5: "d378bffb70923139d6a4f546864aa61c"
  11. [*] SHA1: "f00aa51c2ed8b2f656318fdc01ee1cf5441011a4"
  12. [*] SHA512: "7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663"
  13. [*] CRC32: "5D47D00E"
  14. [*] SSDEEP: "3072:9VexzTMlI0frxJLgf7nDVF6PUp1Yo3ICgxgV:9ExJex5gfzDVlVXgaV"
  15.  
  16. [*] Process Execution: [
  17. "45B65D.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "The binary likely contains encrypted or compressed data.",
  23. "Details": [
  24. {
  25. "section": "name: .rsrc, entropy: 7.37, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0001f200, virtual_size: 0x0001f160"
  26. }
  27. ]
  28. }
  29. ]
  30.  
  31. [*] Started Service: []
  32.  
  33. [*] Created Services: []
  34.  
  35. [*] Mutexes: []
  36.  
  37. [*] Modified Files: []
  38.  
  39. [*] Deleted Files: []
  40.  
  41. [*] Modified Registry Keys: []
  42.  
  43. [*] Deleted Registry Keys: []
  44.  
  45. [*] DNS Communications: []
  46.  
  47. [*] Domains: []
  48.  
  49. [*] Network Communication - ICMP: []
  50.  
  51. [*] Network Communication - HTTP: []
  52.  
  53. [*] Network Communication - SMTP: []
  54.  
  55. [*] Network Communication - Hosts: []
  56.  
  57. [*] Network Communication - IRC: []
  58.  
  59. [*] Static Analysis: {
  60. "pe": {
  61. "peid_signatures": null,
  62. "imports": [
  63. {
  64. "imports": [
  65. {
  66. "name": "RegSetValueExW",
  67. "address": "0x1001000"
  68. },
  69. {
  70. "name": "RegQueryValueExW",
  71. "address": "0x1001004"
  72. },
  73. {
  74. "name": "RegCloseKey",
  75. "address": "0x1001008"
  76. },
  77. {
  78. "name": "RegCreateKeyW",
  79. "address": "0x100100c"
  80. },
  81. {
  82. "name": "RegOpenKeyExW",
  83. "address": "0x1001010"
  84. },
  85. {
  86. "name": "IsTextUnicode",
  87. "address": "0x1001014"
  88. },
  89. {
  90. "name": "CloseServiceHandle",
  91. "address": "0x1001018"
  92. },
  93. {
  94. "name": "QueryServiceConfigW",
  95. "address": "0x100101c"
  96. },
  97. {
  98. "name": "OpenServiceW",
  99. "address": "0x1001020"
  100. },
  101. {
  102. "name": "OpenSCManagerW",
  103. "address": "0x1001024"
  104. }
  105. ],
  106. "dll": "ADVAPI32.dll"
  107. },
  108. {
  109. "imports": [
  110. {
  111. "name": "FindNLSString",
  112. "address": "0x100102c"
  113. },
  114. {
  115. "name": "GlobalAlloc",
  116. "address": "0x1001030"
  117. },
  118. {
  119. "name": "GlobalUnlock",
  120. "address": "0x1001034"
  121. },
  122. {
  123. "name": "GlobalLock",
  124. "address": "0x1001038"
  125. },
  126. {
  127. "name": "GetTimeFormatW",
  128. "address": "0x100103c"
  129. },
  130. {
  131. "name": "GetDateFormatW",
  132. "address": "0x1001040"
  133. },
  134. {
  135. "name": "GetLocalTime",
  136. "address": "0x1001044"
  137. },
  138. {
  139. "name": "GetUserDefaultUILanguage",
  140. "address": "0x1001048"
  141. },
  142. {
  143. "name": "HeapFree",
  144. "address": "0x100104c"
  145. },
  146. {
  147. "name": "HeapAlloc",
  148. "address": "0x1001050"
  149. },
  150. {
  151. "name": "GetProcessHeap",
  152. "address": "0x1001054"
  153. },
  154. {
  155. "name": "GetFileInformationByHandle",
  156. "address": "0x1001058"
  157. },
  158. {
  159. "name": "InterlockedExchange",
  160. "address": "0x100105c"
  161. },
  162. {
  163. "name": "FreeLibraryAndExitThread",
  164. "address": "0x1001060"
  165. },
  166. {
  167. "name": "GetFileAttributesW",
  168. "address": "0x1001064"
  169. },
  170. {
  171. "name": "Wow64RevertWow64FsRedirection",
  172. "address": "0x1001068"
  173. },
  174. {
  175. "name": "Wow64DisableWow64FsRedirection",
  176. "address": "0x100106c"
  177. },
  178. {
  179. "name": "IsWow64Process",
  180. "address": "0x1001070"
  181. },
  182. {
  183. "name": "GetCurrentProcess",
  184. "address": "0x1001074"
  185. },
  186. {
  187. "name": "CreateThread",
  188. "address": "0x1001078"
  189. },
  190. {
  191. "name": "LoadLibraryW",
  192. "address": "0x100107c"
  193. },
  194. {
  195. "name": "GetModuleFileNameW",
  196. "address": "0x1001080"
  197. },
  198. {
  199. "name": "CreateFileMappingW",
  200. "address": "0x1001084"
  201. },
  202. {
  203. "name": "FormatMessageW",
  204. "address": "0x1001088"
  205. },
  206. {
  207. "name": "MapViewOfFile",
  208. "address": "0x100108c"
  209. },
  210. {
  211. "name": "MultiByteToWideChar",
  212. "address": "0x1001090"
  213. },
  214. {
  215. "name": "UnmapViewOfFile",
  216. "address": "0x1001094"
  217. },
  218. {
  219. "name": "LocalReAlloc",
  220. "address": "0x1001098"
  221. },
  222. {
  223. "name": "GetACP",
  224. "address": "0x100109c"
  225. },
  226. {
  227. "name": "DeleteFileW",
  228. "address": "0x10010a0"
  229. },
  230. {
  231. "name": "SetEndOfFile",
  232. "address": "0x10010a4"
  233. },
  234. {
  235. "name": "WideCharToMultiByte",
  236. "address": "0x10010a8"
  237. },
  238. {
  239. "name": "SetLastError",
  240. "address": "0x10010ac"
  241. },
  242. {
  243. "name": "WriteFile",
  244. "address": "0x10010b0"
  245. },
  246. {
  247. "name": "GetLastError",
  248. "address": "0x10010b4"
  249. },
  250. {
  251. "name": "LocalSize",
  252. "address": "0x10010b8"
  253. },
  254. {
  255. "name": "GetFullPathNameW",
  256. "address": "0x10010bc"
  257. },
  258. {
  259. "name": "MulDiv",
  260. "address": "0x10010c0"
  261. },
  262. {
  263. "name": "GetCommandLineW",
  264. "address": "0x10010c4"
  265. },
  266. {
  267. "name": "GetCurrentProcessId",
  268. "address": "0x10010c8"
  269. },
  270. {
  271. "name": "FoldStringW",
  272. "address": "0x10010cc"
  273. },
  274. {
  275. "name": "lstrcmpW",
  276. "address": "0x10010d0"
  277. },
  278. {
  279. "name": "FindFirstFileW",
  280. "address": "0x10010d4"
  281. },
  282. {
  283. "name": "FindClose",
  284. "address": "0x10010d8"
  285. },
  286. {
  287. "name": "HeapSetInformation",
  288. "address": "0x10010dc"
  289. },
  290. {
  291. "name": "TerminateProcess",
  292. "address": "0x10010e0"
  293. },
  294. {
  295. "name": "GetSystemTimeAsFileTime",
  296. "address": "0x10010e4"
  297. },
  298. {
  299. "name": "GetCurrentThreadId",
  300. "address": "0x10010e8"
  301. },
  302. {
  303. "name": "GetTickCount",
  304. "address": "0x10010ec"
  305. },
  306. {
  307. "name": "QueryPerformanceCounter",
  308. "address": "0x10010f0"
  309. },
  310. {
  311. "name": "GetModuleHandleA",
  312. "address": "0x10010f4"
  313. },
  314. {
  315. "name": "SetUnhandledExceptionFilter",
  316. "address": "0x10010f8"
  317. },
  318. {
  319. "name": "GetStartupInfoA",
  320. "address": "0x10010fc"
  321. },
  322. {
  323. "name": "InterlockedCompareExchange",
  324. "address": "0x1001100"
  325. },
  326. {
  327. "name": "Sleep",
  328. "address": "0x1001104"
  329. },
  330. {
  331. "name": "LocalLock",
  332. "address": "0x1001108"
  333. },
  334. {
  335. "name": "LocalUnlock",
  336. "address": "0x100110c"
  337. },
  338. {
  339. "name": "lstrlenW",
  340. "address": "0x1001110"
  341. },
  342. {
  343. "name": "GetLocaleInfoW",
  344. "address": "0x1001114"
  345. },
  346. {
  347. "name": "GlobalFree",
  348. "address": "0x1001118"
  349. },
  350. {
  351. "name": "lstrcmpiW",
  352. "address": "0x100111c"
  353. },
  354. {
  355. "name": "SetErrorMode",
  356. "address": "0x1001120"
  357. },
  358. {
  359. "name": "CreateFileW",
  360. "address": "0x1001124"
  361. },
  362. {
  363. "name": "ReadFile",
  364. "address": "0x1001128"
  365. },
  366. {
  367. "name": "CloseHandle",
  368. "address": "0x100112c"
  369. },
  370. {
  371. "name": "LocalAlloc",
  372. "address": "0x1001130"
  373. },
  374. {
  375. "name": "InterlockedDecrement",
  376. "address": "0x1001134"
  377. },
  378. {
  379. "name": "LocalFree",
  380. "address": "0x1001138"
  381. },
  382. {
  383. "name": "InterlockedIncrement",
  384. "address": "0x100113c"
  385. },
  386. {
  387. "name": "GetVersionExW",
  388. "address": "0x1001140"
  389. },
  390. {
  391. "name": "UnhandledExceptionFilter",
  392. "address": "0x1001144"
  393. }
  394. ],
  395. "dll": "KERNEL32.dll"
  396. },
  397. {
  398. "imports": [
  399. {
  400. "name": "CreateFontIndirectW",
  401. "address": "0x100114c"
  402. },
  403. {
  404. "name": "SetMapMode",
  405. "address": "0x1001150"
  406. },
  407. {
  408. "name": "SetViewportExtEx",
  409. "address": "0x1001154"
  410. },
  411. {
  412. "name": "SetWindowExtEx",
  413. "address": "0x1001158"
  414. },
  415. {
  416. "name": "LPtoDP",
  417. "address": "0x100115c"
  418. },
  419. {
  420. "name": "SetBkMode",
  421. "address": "0x1001160"
  422. },
  423. {
  424. "name": "GetTextMetricsW",
  425. "address": "0x1001164"
  426. },
  427. {
  428. "name": "SetAbortProc",
  429. "address": "0x1001168"
  430. },
  431. {
  432. "name": "StartDocW",
  433. "address": "0x100116c"
  434. },
  435. {
  436. "name": "StartPage",
  437. "address": "0x1001170"
  438. },
  439. {
  440. "name": "EndPage",
  441. "address": "0x1001174"
  442. },
  443. {
  444. "name": "AbortDoc",
  445. "address": "0x1001178"
  446. },
  447. {
  448. "name": "EndDoc",
  449. "address": "0x100117c"
  450. },
  451. {
  452. "name": "DeleteDC",
  453. "address": "0x1001180"
  454. },
  455. {
  456. "name": "TextOutW",
  457. "address": "0x1001184"
  458. },
  459. {
  460. "name": "GetTextExtentPoint32W",
  461. "address": "0x1001188"
  462. },
  463. {
  464. "name": "CreateDCW",
  465. "address": "0x100118c"
  466. },
  467. {
  468. "name": "SelectObject",
  469. "address": "0x1001190"
  470. },
  471. {
  472. "name": "GetTextFaceW",
  473. "address": "0x1001194"
  474. },
  475. {
  476. "name": "EnumFontsW",
  477. "address": "0x1001198"
  478. },
  479. {
  480. "name": "GetDeviceCaps",
  481. "address": "0x100119c"
  482. },
  483. {
  484. "name": "DeleteObject",
  485. "address": "0x10011a0"
  486. }
  487. ],
  488. "dll": "GDI32.dll"
  489. },
  490. {
  491. "imports": [
  492. {
  493. "name": "SetActiveWindow",
  494. "address": "0x10011a8"
  495. },
  496. {
  497. "name": "GetKeyboardLayout",
  498. "address": "0x10011ac"
  499. },
  500. {
  501. "name": "PostQuitMessage",
  502. "address": "0x10011b0"
  503. },
  504. {
  505. "name": "DefWindowProcW",
  506. "address": "0x10011b4"
  507. },
  508. {
  509. "name": "GetForegroundWindow",
  510. "address": "0x10011b8"
  511. },
  512. {
  513. "name": "IsIconic",
  514. "address": "0x10011bc"
  515. },
  516. {
  517. "name": "DestroyWindow",
  518. "address": "0x10011c0"
  519. },
  520. {
  521. "name": "MessageBeep",
  522. "address": "0x10011c4"
  523. },
  524. {
  525. "name": "GetWindowPlacement",
  526. "address": "0x10011c8"
  527. },
  528. {
  529. "name": "CharUpperW",
  530. "address": "0x10011cc"
  531. },
  532. {
  533. "name": "RegisterClassExW",
  534. "address": "0x10011d0"
  535. },
  536. {
  537. "name": "LoadImageW",
  538. "address": "0x10011d4"
  539. },
  540. {
  541. "name": "LoadCursorW",
  542. "address": "0x10011d8"
  543. },
  544. {
  545. "name": "SetWindowLongW",
  546. "address": "0x10011dc"
  547. },
  548. {
  549. "name": "LoadAcceleratorsW",
  550. "address": "0x10011e0"
  551. },
  552. {
  553. "name": "GetSystemMenu",
  554. "address": "0x10011e4"
  555. },
  556. {
  557. "name": "SetWindowPlacement",
  558. "address": "0x10011e8"
  559. },
  560. {
  561. "name": "CreateWindowExW",
  562. "address": "0x10011ec"
  563. },
  564. {
  565. "name": "RegisterWindowMessageW",
  566. "address": "0x10011f0"
  567. },
  568. {
  569. "name": "UpdateWindow",
  570. "address": "0x10011f4"
  571. },
  572. {
  573. "name": "InvalidateRect",
  574. "address": "0x10011f8"
  575. },
  576. {
  577. "name": "SetScrollPos",
  578. "address": "0x10011fc"
  579. },
  580. {
  581. "name": "GetWindowTextLengthW",
  582. "address": "0x1001200"
  583. },
  584. {
  585. "name": "GetWindowLongW",
  586. "address": "0x1001204"
  587. },
  588. {
  589. "name": "PeekMessageW",
  590. "address": "0x1001208"
  591. },
  592. {
  593. "name": "EnableWindow",
  594. "address": "0x100120c"
  595. },
  596. {
  597. "name": "DialogBoxParamW",
  598. "address": "0x1001210"
  599. },
  600. {
  601. "name": "CreateDialogParamW",
  602. "address": "0x1001214"
  603. },
  604. {
  605. "name": "GetWindowTextW",
  606. "address": "0x1001218"
  607. },
  608. {
  609. "name": "SetWindowPos",
  610. "address": "0x100121c"
  611. },
  612. {
  613. "name": "SetCursor",
  614. "address": "0x1001220"
  615. },
  616. {
  617. "name": "SetForegroundWindow",
  618. "address": "0x1001224"
  619. },
  620. {
  621. "name": "FindWindowW",
  622. "address": "0x1001228"
  623. },
  624. {
  625. "name": "GetSystemMetrics",
  626. "address": "0x100122c"
  627. },
  628. {
  629. "name": "MoveWindow",
  630. "address": "0x1001230"
  631. },
  632. {
  633. "name": "SendMessageW",
  634. "address": "0x1001234"
  635. },
  636. {
  637. "name": "CharNextW",
  638. "address": "0x1001238"
  639. },
  640. {
  641. "name": "CheckMenuItem",
  642. "address": "0x100123c"
  643. },
  644. {
  645. "name": "CloseClipboard",
  646. "address": "0x1001240"
  647. },
  648. {
  649. "name": "IsClipboardFormatAvailable",
  650. "address": "0x1001244"
  651. },
  652. {
  653. "name": "OpenClipboard",
  654. "address": "0x1001248"
  655. },
  656. {
  657. "name": "GetMenuState",
  658. "address": "0x100124c"
  659. },
  660. {
  661. "name": "EnableMenuItem",
  662. "address": "0x1001250"
  663. },
  664. {
  665. "name": "GetSubMenu",
  666. "address": "0x1001254"
  667. },
  668. {
  669. "name": "GetClientRect",
  670. "address": "0x1001258"
  671. },
  672. {
  673. "name": "UnhookWinEvent",
  674. "address": "0x100125c"
  675. },
  676. {
  677. "name": "GetFocus",
  678. "address": "0x1001260"
  679. },
  680. {
  681. "name": "GetMenu",
  682. "address": "0x1001264"
  683. },
  684. {
  685. "name": "MessageBoxW",
  686. "address": "0x1001268"
  687. },
  688. {
  689. "name": "WinHelpW",
  690. "address": "0x100126c"
  691. },
  692. {
  693. "name": "GetDlgCtrlID",
  694. "address": "0x1001270"
  695. },
  696. {
  697. "name": "ChildWindowFromPoint",
  698. "address": "0x1001274"
  699. },
  700. {
  701. "name": "GetDC",
  702. "address": "0x1001278"
  703. },
  704. {
  705. "name": "ShowWindow",
  706. "address": "0x100127c"
  707. },
  708. {
  709. "name": "DrawTextExW",
  710. "address": "0x1001280"
  711. },
  712. {
  713. "name": "ReleaseDC",
  714. "address": "0x1001284"
  715. },
  716. {
  717. "name": "LoadIconW",
  718. "address": "0x1001288"
  719. },
  720. {
  721. "name": "SetWinEventHook",
  722. "address": "0x100128c"
  723. },
  724. {
  725. "name": "GetMessageW",
  726. "address": "0x1001290"
  727. },
  728. {
  729. "name": "PostMessageW",
  730. "address": "0x1001294"
  731. },
  732. {
  733. "name": "IsDialogMessageW",
  734. "address": "0x1001298"
  735. },
  736. {
  737. "name": "TranslateAcceleratorW",
  738. "address": "0x100129c"
  739. },
  740. {
  741. "name": "EndDialog",
  742. "address": "0x10012a0"
  743. },
  744. {
  745. "name": "GetDlgItemTextW",
  746. "address": "0x10012a4"
  747. },
  748. {
  749. "name": "SetDlgItemTextW",
  750. "address": "0x10012a8"
  751. },
  752. {
  753. "name": "SetFocus",
  754. "address": "0x10012ac"
  755. },
  756. {
  757. "name": "SetWindowTextW",
  758. "address": "0x10012b0"
  759. },
  760. {
  761. "name": "GetParent",
  762. "address": "0x10012b4"
  763. },
  764. {
  765. "name": "LoadStringW",
  766. "address": "0x10012b8"
  767. },
  768. {
  769. "name": "SendDlgItemMessageW",
  770. "address": "0x10012bc"
  771. },
  772. {
  773. "name": "GetCursorPos",
  774. "address": "0x10012c0"
  775. },
  776. {
  777. "name": "ScreenToClient",
  778. "address": "0x10012c4"
  779. },
  780. {
  781. "name": "TranslateMessage",
  782. "address": "0x10012c8"
  783. },
  784. {
  785. "name": "GetAncestor",
  786. "address": "0x10012cc"
  787. },
  788. {
  789. "name": "DispatchMessageW",
  790. "address": "0x10012d0"
  791. }
  792. ],
  793. "dll": "USER32.dll"
  794. },
  795. {
  796. "imports": [
  797. {
  798. "name": "_controlfp",
  799. "address": "0x10012d8"
  800. },
  801. {
  802. "name": "_vsnwprintf",
  803. "address": "0x10012dc"
  804. },
  805. {
  806. "name": "memset",
  807. "address": "0x10012e0"
  808. },
  809. {
  810. "name": "_wtol",
  811. "address": "0x10012e4"
  812. },
  813. {
  814. "name": "memcpy",
  815. "address": "0x10012e8"
  816. },
  817. {
  818. "name": "iswctype",
  819. "address": "0x10012ec"
  820. },
  821. {
  822. "name": "wcsncmp",
  823. "address": "0x10012f0"
  824. },
  825. {
  826. "name": "wcsrchr",
  827. "address": "0x10012f4"
  828. },
  829. {
  830. "name": "_except_handler4_common",
  831. "address": "0x10012f8"
  832. },
  833. {
  834. "name": "__p__fmode",
  835. "address": "0x10012fc"
  836. },
  837. {
  838. "name": "__p__commode",
  839. "address": "0x1001300"
  840. },
  841. {
  842. "name": "__setusermatherr",
  843. "address": "0x1001304"
  844. },
  845. {
  846. "name": "_amsg_exit",
  847. "address": "0x1001308"
  848. },
  849. {
  850. "name": "_initterm",
  851. "address": "0x100130c"
  852. },
  853. {
  854. "name": "_acmdln",
  855. "address": "0x1001310"
  856. },
  857. {
  858. "name": "exit",
  859. "address": "0x1001314"
  860. },
  861. {
  862. "name": "_ismbblead",
  863. "address": "0x1001318"
  864. },
  865. {
  866. "name": "_XcptFilter",
  867. "address": "0x100131c"
  868. },
  869. {
  870. "name": "__getmainargs",
  871. "address": "0x1001320"
  872. },
  873. {
  874. "name": "_cexit",
  875. "address": "0x1001324"
  876. },
  877. {
  878. "name": "_exit",
  879. "address": "0x1001328"
  880. },
  881. {
  882. "name": "?terminate@@YAXXZ",
  883. "address": "0x100132c"
  884. },
  885. {
  886. "name": "__set_app_type",
  887. "address": "0x1001330"
  888. }
  889. ],
  890. "dll": "msvcrt.dll"
  891. },
  892. {
  893. "imports": [
  894. {
  895. "name": "ReplaceTextW",
  896. "address": "0x1001338"
  897. },
  898. {
  899. "name": "PageSetupDlgW",
  900. "address": "0x100133c"
  901. },
  902. {
  903. "name": "PrintDlgExW",
  904. "address": "0x1001340"
  905. },
  906. {
  907. "name": "FindTextW",
  908. "address": "0x1001344"
  909. },
  910. {
  911. "name": "ChooseFontW",
  912. "address": "0x1001348"
  913. },
  914. {
  915. "name": "GetSaveFileNameW",
  916. "address": "0x100134c"
  917. },
  918. {
  919. "name": "CommDlgExtendedError",
  920. "address": "0x1001350"
  921. },
  922. {
  923. "name": "GetOpenFileNameW",
  924. "address": "0x1001354"
  925. },
  926. {
  927. "name": "GetFileTitleW",
  928. "address": "0x1001358"
  929. }
  930. ],
  931. "dll": "COMDLG32.dll"
  932. },
  933. {
  934. "imports": [
  935. {
  936. "name": "DragAcceptFiles",
  937. "address": "0x1001360"
  938. },
  939. {
  940. "name": "SHAddToRecentDocs",
  941. "address": "0x1001364"
  942. },
  943. {
  944. "name": "SHGetFolderPathW",
  945. "address": "0x1001368"
  946. },
  947. {
  948. "name": "SHCreateItemFromParsingName",
  949. "address": "0x100136c"
  950. },
  951. {
  952. "name": "ShellExecuteExW",
  953. "address": "0x1001370"
  954. },
  955. {
  956. "name": "DragQueryFileW",
  957. "address": "0x1001374"
  958. },
  959. {
  960. "name": "DragFinish",
  961. "address": "0x1001378"
  962. },
  963. {
  964. "name": "ShellAboutW",
  965. "address": "0x100137c"
  966. }
  967. ],
  968. "dll": "SHELL32.dll"
  969. },
  970. {
  971. "imports": [
  972. {
  973. "name": "OpenPrinterW",
  974. "address": "0x1001384"
  975. },
  976. {
  977. "name": "ClosePrinter",
  978. "address": "0x1001388"
  979. },
  980. {
  981. "name": "GetPrinterDriverW",
  982. "address": "0x100138c"
  983. }
  984. ],
  985. "dll": "WINSPOOL.DRV"
  986. },
  987. {
  988. "imports": [
  989. {
  990. "name": "CoInitializeEx",
  991. "address": "0x1001394"
  992. },
  993. {
  994. "name": "CoUninitialize",
  995. "address": "0x1001398"
  996. },
  997. {
  998. "name": "CoTaskMemAlloc",
  999. "address": "0x100139c"
  1000. },
  1001. {
  1002. "name": "CoCreateInstance",
  1003. "address": "0x10013a0"
  1004. },
  1005. {
  1006. "name": "CoTaskMemFree",
  1007. "address": "0x10013a4"
  1008. },
  1009. {
  1010. "name": "CoInitialize",
  1011. "address": "0x10013a8"
  1012. }
  1013. ],
  1014. "dll": "ole32.dll"
  1015. },
  1016. {
  1017. "imports": [
  1018. {
  1019. "name": "PathIsFileSpecW",
  1020. "address": "0x10013b0"
  1021. },
  1022. {
  1023. "name": "SHStrDupW",
  1024. "address": "0x10013b4"
  1025. }
  1026. ],
  1027. "dll": "SHLWAPI.dll"
  1028. },
  1029. {
  1030. "imports": [
  1031. {
  1032. "name": "CreatePropertySheetPageW",
  1033. "address": "0x10013bc"
  1034. },
  1035. {
  1036. "name": "PropertySheetW",
  1037. "address": "0x10013c0"
  1038. },
  1039. {
  1040. "name": "CreateStatusWindowW",
  1041. "address": "0x10013c4"
  1042. },
  1043. {
  1044. "name": null,
  1045. "address": "0x10013c8"
  1046. }
  1047. ],
  1048. "dll": "COMCTL32.dll"
  1049. },
  1050. {
  1051. "imports": [
  1052. {
  1053. "name": "SysFreeString",
  1054. "address": "0x10013d0"
  1055. },
  1056. {
  1057. "name": "SysAllocString",
  1058. "address": "0x10013d4"
  1059. }
  1060. ],
  1061. "dll": "OLEAUT32.dll"
  1062. },
  1063. {
  1064. "imports": [
  1065. {
  1066. "name": "WinSqmIncrementDWORD",
  1067. "address": "0x10013dc"
  1068. },
  1069. {
  1070. "name": "RtlInitUnicodeString",
  1071. "address": "0x10013e0"
  1072. },
  1073. {
  1074. "name": "NtQueryLicenseValue",
  1075. "address": "0x10013e4"
  1076. },
  1077. {
  1078. "name": "WinSqmAddToStream",
  1079. "address": "0x10013e8"
  1080. }
  1081. ],
  1082. "dll": "ntdll.dll"
  1083. },
  1084. {
  1085. "imports": [
  1086. {
  1087. "name": "GetFileVersionInfoExW",
  1088. "address": "0x10013f0"
  1089. },
  1090. {
  1091. "name": "GetFileVersionInfoSizeExW",
  1092. "address": "0x10013f4"
  1093. },
  1094. {
  1095. "name": "VerQueryValueW",
  1096. "address": "0x10013f8"
  1097. }
  1098. ],
  1099. "dll": "VERSION.dll"
  1100. }
  1101. ],
  1102. "digital_signers": null,
  1103. "exported_dll_name": null,
  1104. "actual_checksum": "0x00039741",
  1105. "overlay": null,
  1106. "imagebase": "0x01000000",
  1107. "reported_checksum": "0x00039741",
  1108. "icon_hash": null,
  1109. "entrypoint": "0x01003689",
  1110. "timestamp": "2009-07-13 23:41:03",
  1111. "osversion": "6.1",
  1112. "sections": [
  1113. {
  1114. "name": ".text",
  1115. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1116. "virtual_address": "0x00001000",
  1117. "size_of_data": "0x0000a800",
  1118. "entropy": "6.28",
  1119. "raw_address": "0x00000400",
  1120. "virtual_size": "0x0000a68c",
  1121. "characteristics_raw": "0x60000020"
  1122. },
  1123. {
  1124. "name": ".data",
  1125. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1126. "virtual_address": "0x0000c000",
  1127. "size_of_data": "0x00001000",
  1128. "entropy": "0.76",
  1129. "raw_address": "0x0000ac00",
  1130. "virtual_size": "0x00002164",
  1131. "characteristics_raw": "0xc0000040"
  1132. },
  1133. {
  1134. "name": ".rsrc",
  1135. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1136. "virtual_address": "0x0000f000",
  1137. "size_of_data": "0x0001f200",
  1138. "entropy": "7.37",
  1139. "raw_address": "0x0000bc00",
  1140. "virtual_size": "0x0001f160",
  1141. "characteristics_raw": "0x40000040"
  1142. },
  1143. {
  1144. "name": ".reloc",
  1145. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1146. "virtual_address": "0x0002f000",
  1147. "size_of_data": "0x00001000",
  1148. "entropy": "6.43",
  1149. "raw_address": "0x0002ae00",
  1150. "virtual_size": "0x00000e34",
  1151. "characteristics_raw": "0x42000040"
  1152. }
  1153. ],
  1154. "resources": [],
  1155. "dirents": [
  1156. {
  1157. "virtual_address": "0x00000000",
  1158. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1159. "size": "0x00000000"
  1160. },
  1161. {
  1162. "virtual_address": "0x0000a048",
  1163. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1164. "size": "0x0000012c"
  1165. },
  1166. {
  1167. "virtual_address": "0x0000f000",
  1168. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1169. "size": "0x0001f160"
  1170. },
  1171. {
  1172. "virtual_address": "0x00000000",
  1173. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1174. "size": "0x00000000"
  1175. },
  1176. {
  1177. "virtual_address": "0x00000000",
  1178. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1179. "size": "0x00000000"
  1180. },
  1181. {
  1182. "virtual_address": "0x0002f000",
  1183. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1184. "size": "0x00000e34"
  1185. },
  1186. {
  1187. "virtual_address": "0x0000b62c",
  1188. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1189. "size": "0x00000038"
  1190. },
  1191. {
  1192. "virtual_address": "0x00000000",
  1193. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1194. "size": "0x00000000"
  1195. },
  1196. {
  1197. "virtual_address": "0x00000000",
  1198. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1199. "size": "0x00000000"
  1200. },
  1201. {
  1202. "virtual_address": "0x00000000",
  1203. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1204. "size": "0x00000000"
  1205. },
  1206. {
  1207. "virtual_address": "0x00006d58",
  1208. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1209. "size": "0x00000040"
  1210. },
  1211. {
  1212. "virtual_address": "0x00000278",
  1213. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1214. "size": "0x00000128"
  1215. },
  1216. {
  1217. "virtual_address": "0x00001000",
  1218. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1219. "size": "0x00000400"
  1220. },
  1221. {
  1222. "virtual_address": "0x00000000",
  1223. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1224. "size": "0x00000000"
  1225. },
  1226. {
  1227. "virtual_address": "0x00000000",
  1228. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1229. "size": "0x00000000"
  1230. },
  1231. {
  1232. "virtual_address": "0x00000000",
  1233. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1234. "size": "0x00000000"
  1235. }
  1236. ],
  1237. "exports": [],
  1238. "guest_signers": {},
  1239. "imphash": "2a141685bec588fb7b12c50a8a40eb2b",
  1240. "icon_fuzzy": null,
  1241. "icon": null,
  1242. "pdbpath": "notepad.pdb",
  1243. "imported_dll_count": 14,
  1244. "versioninfo": []
  1245. }
  1246. }
  1247.  
  1248. [*] Resolved APIs: [
  1249. "cryptbase.dll.SystemFunction036",
  1250. "uxtheme.dll.ThemeInitApiHook",
  1251. "user32.dll.IsProcessDPIAware",
  1252. "oleaut32.dll.#500"
  1253. ]
  1254.  
  1255. [*] Static Analysis: {
  1256. "pe": {
  1257. "peid_signatures": null,
  1258. "imports": [
  1259. {
  1260. "imports": [
  1261. {
  1262. "name": "RegSetValueExW",
  1263. "address": "0x1001000"
  1264. },
  1265. {
  1266. "name": "RegQueryValueExW",
  1267. "address": "0x1001004"
  1268. },
  1269. {
  1270. "name": "RegCloseKey",
  1271. "address": "0x1001008"
  1272. },
  1273. {
  1274. "name": "RegCreateKeyW",
  1275. "address": "0x100100c"
  1276. },
  1277. {
  1278. "name": "RegOpenKeyExW",
  1279. "address": "0x1001010"
  1280. },
  1281. {
  1282. "name": "IsTextUnicode",
  1283. "address": "0x1001014"
  1284. },
  1285. {
  1286. "name": "CloseServiceHandle",
  1287. "address": "0x1001018"
  1288. },
  1289. {
  1290. "name": "QueryServiceConfigW",
  1291. "address": "0x100101c"
  1292. },
  1293. {
  1294. "name": "OpenServiceW",
  1295. "address": "0x1001020"
  1296. },
  1297. {
  1298. "name": "OpenSCManagerW",
  1299. "address": "0x1001024"
  1300. }
  1301. ],
  1302. "dll": "ADVAPI32.dll"
  1303. },
  1304. {
  1305. "imports": [
  1306. {
  1307. "name": "FindNLSString",
  1308. "address": "0x100102c"
  1309. },
  1310. {
  1311. "name": "GlobalAlloc",
  1312. "address": "0x1001030"
  1313. },
  1314. {
  1315. "name": "GlobalUnlock",
  1316. "address": "0x1001034"
  1317. },
  1318. {
  1319. "name": "GlobalLock",
  1320. "address": "0x1001038"
  1321. },
  1322. {
  1323. "name": "GetTimeFormatW",
  1324. "address": "0x100103c"
  1325. },
  1326. {
  1327. "name": "GetDateFormatW",
  1328. "address": "0x1001040"
  1329. },
  1330. {
  1331. "name": "GetLocalTime",
  1332. "address": "0x1001044"
  1333. },
  1334. {
  1335. "name": "GetUserDefaultUILanguage",
  1336. "address": "0x1001048"
  1337. },
  1338. {
  1339. "name": "HeapFree",
  1340. "address": "0x100104c"
  1341. },
  1342. {
  1343. "name": "HeapAlloc",
  1344. "address": "0x1001050"
  1345. },
  1346. {
  1347. "name": "GetProcessHeap",
  1348. "address": "0x1001054"
  1349. },
  1350. {
  1351. "name": "GetFileInformationByHandle",
  1352. "address": "0x1001058"
  1353. },
  1354. {
  1355. "name": "InterlockedExchange",
  1356. "address": "0x100105c"
  1357. },
  1358. {
  1359. "name": "FreeLibraryAndExitThread",
  1360. "address": "0x1001060"
  1361. },
  1362. {
  1363. "name": "GetFileAttributesW",
  1364. "address": "0x1001064"
  1365. },
  1366. {
  1367. "name": "Wow64RevertWow64FsRedirection",
  1368. "address": "0x1001068"
  1369. },
  1370. {
  1371. "name": "Wow64DisableWow64FsRedirection",
  1372. "address": "0x100106c"
  1373. },
  1374. {
  1375. "name": "IsWow64Process",
  1376. "address": "0x1001070"
  1377. },
  1378. {
  1379. "name": "GetCurrentProcess",
  1380. "address": "0x1001074"
  1381. },
  1382. {
  1383. "name": "CreateThread",
  1384. "address": "0x1001078"
  1385. },
  1386. {
  1387. "name": "LoadLibraryW",
  1388. "address": "0x100107c"
  1389. },
  1390. {
  1391. "name": "GetModuleFileNameW",
  1392. "address": "0x1001080"
  1393. },
  1394. {
  1395. "name": "CreateFileMappingW",
  1396. "address": "0x1001084"
  1397. },
  1398. {
  1399. "name": "FormatMessageW",
  1400. "address": "0x1001088"
  1401. },
  1402. {
  1403. "name": "MapViewOfFile",
  1404. "address": "0x100108c"
  1405. },
  1406. {
  1407. "name": "MultiByteToWideChar",
  1408. "address": "0x1001090"
  1409. },
  1410. {
  1411. "name": "UnmapViewOfFile",
  1412. "address": "0x1001094"
  1413. },
  1414. {
  1415. "name": "LocalReAlloc",
  1416. "address": "0x1001098"
  1417. },
  1418. {
  1419. "name": "GetACP",
  1420. "address": "0x100109c"
  1421. },
  1422. {
  1423. "name": "DeleteFileW",
  1424. "address": "0x10010a0"
  1425. },
  1426. {
  1427. "name": "SetEndOfFile",
  1428. "address": "0x10010a4"
  1429. },
  1430. {
  1431. "name": "WideCharToMultiByte",
  1432. "address": "0x10010a8"
  1433. },
  1434. {
  1435. "name": "SetLastError",
  1436. "address": "0x10010ac"
  1437. },
  1438. {
  1439. "name": "WriteFile",
  1440. "address": "0x10010b0"
  1441. },
  1442. {
  1443. "name": "GetLastError",
  1444. "address": "0x10010b4"
  1445. },
  1446. {
  1447. "name": "LocalSize",
  1448. "address": "0x10010b8"
  1449. },
  1450. {
  1451. "name": "GetFullPathNameW",
  1452. "address": "0x10010bc"
  1453. },
  1454. {
  1455. "name": "MulDiv",
  1456. "address": "0x10010c0"
  1457. },
  1458. {
  1459. "name": "GetCommandLineW",
  1460. "address": "0x10010c4"
  1461. },
  1462. {
  1463. "name": "GetCurrentProcessId",
  1464. "address": "0x10010c8"
  1465. },
  1466. {
  1467. "name": "FoldStringW",
  1468. "address": "0x10010cc"
  1469. },
  1470. {
  1471. "name": "lstrcmpW",
  1472. "address": "0x10010d0"
  1473. },
  1474. {
  1475. "name": "FindFirstFileW",
  1476. "address": "0x10010d4"
  1477. },
  1478. {
  1479. "name": "FindClose",
  1480. "address": "0x10010d8"
  1481. },
  1482. {
  1483. "name": "HeapSetInformation",
  1484. "address": "0x10010dc"
  1485. },
  1486. {
  1487. "name": "TerminateProcess",
  1488. "address": "0x10010e0"
  1489. },
  1490. {
  1491. "name": "GetSystemTimeAsFileTime",
  1492. "address": "0x10010e4"
  1493. },
  1494. {
  1495. "name": "GetCurrentThreadId",
  1496. "address": "0x10010e8"
  1497. },
  1498. {
  1499. "name": "GetTickCount",
  1500. "address": "0x10010ec"
  1501. },
  1502. {
  1503. "name": "QueryPerformanceCounter",
  1504. "address": "0x10010f0"
  1505. },
  1506. {
  1507. "name": "GetModuleHandleA",
  1508. "address": "0x10010f4"
  1509. },
  1510. {
  1511. "name": "SetUnhandledExceptionFilter",
  1512. "address": "0x10010f8"
  1513. },
  1514. {
  1515. "name": "GetStartupInfoA",
  1516. "address": "0x10010fc"
  1517. },
  1518. {
  1519. "name": "InterlockedCompareExchange",
  1520. "address": "0x1001100"
  1521. },
  1522. {
  1523. "name": "Sleep",
  1524. "address": "0x1001104"
  1525. },
  1526. {
  1527. "name": "LocalLock",
  1528. "address": "0x1001108"
  1529. },
  1530. {
  1531. "name": "LocalUnlock",
  1532. "address": "0x100110c"
  1533. },
  1534. {
  1535. "name": "lstrlenW",
  1536. "address": "0x1001110"
  1537. },
  1538. {
  1539. "name": "GetLocaleInfoW",
  1540. "address": "0x1001114"
  1541. },
  1542. {
  1543. "name": "GlobalFree",
  1544. "address": "0x1001118"
  1545. },
  1546. {
  1547. "name": "lstrcmpiW",
  1548. "address": "0x100111c"
  1549. },
  1550. {
  1551. "name": "SetErrorMode",
  1552. "address": "0x1001120"
  1553. },
  1554. {
  1555. "name": "CreateFileW",
  1556. "address": "0x1001124"
  1557. },
  1558. {
  1559. "name": "ReadFile",
  1560. "address": "0x1001128"
  1561. },
  1562. {
  1563. "name": "CloseHandle",
  1564. "address": "0x100112c"
  1565. },
  1566. {
  1567. "name": "LocalAlloc",
  1568. "address": "0x1001130"
  1569. },
  1570. {
  1571. "name": "InterlockedDecrement",
  1572. "address": "0x1001134"
  1573. },
  1574. {
  1575. "name": "LocalFree",
  1576. "address": "0x1001138"
  1577. },
  1578. {
  1579. "name": "InterlockedIncrement",
  1580. "address": "0x100113c"
  1581. },
  1582. {
  1583. "name": "GetVersionExW",
  1584. "address": "0x1001140"
  1585. },
  1586. {
  1587. "name": "UnhandledExceptionFilter",
  1588. "address": "0x1001144"
  1589. }
  1590. ],
  1591. "dll": "KERNEL32.dll"
  1592. },
  1593. {
  1594. "imports": [
  1595. {
  1596. "name": "CreateFontIndirectW",
  1597. "address": "0x100114c"
  1598. },
  1599. {
  1600. "name": "SetMapMode",
  1601. "address": "0x1001150"
  1602. },
  1603. {
  1604. "name": "SetViewportExtEx",
  1605. "address": "0x1001154"
  1606. },
  1607. {
  1608. "name": "SetWindowExtEx",
  1609. "address": "0x1001158"
  1610. },
  1611. {
  1612. "name": "LPtoDP",
  1613. "address": "0x100115c"
  1614. },
  1615. {
  1616. "name": "SetBkMode",
  1617. "address": "0x1001160"
  1618. },
  1619. {
  1620. "name": "GetTextMetricsW",
  1621. "address": "0x1001164"
  1622. },
  1623. {
  1624. "name": "SetAbortProc",
  1625. "address": "0x1001168"
  1626. },
  1627. {
  1628. "name": "StartDocW",
  1629. "address": "0x100116c"
  1630. },
  1631. {
  1632. "name": "StartPage",
  1633. "address": "0x1001170"
  1634. },
  1635. {
  1636. "name": "EndPage",
  1637. "address": "0x1001174"
  1638. },
  1639. {
  1640. "name": "AbortDoc",
  1641. "address": "0x1001178"
  1642. },
  1643. {
  1644. "name": "EndDoc",
  1645. "address": "0x100117c"
  1646. },
  1647. {
  1648. "name": "DeleteDC",
  1649. "address": "0x1001180"
  1650. },
  1651. {
  1652. "name": "TextOutW",
  1653. "address": "0x1001184"
  1654. },
  1655. {
  1656. "name": "GetTextExtentPoint32W",
  1657. "address": "0x1001188"
  1658. },
  1659. {
  1660. "name": "CreateDCW",
  1661. "address": "0x100118c"
  1662. },
  1663. {
  1664. "name": "SelectObject",
  1665. "address": "0x1001190"
  1666. },
  1667. {
  1668. "name": "GetTextFaceW",
  1669. "address": "0x1001194"
  1670. },
  1671. {
  1672. "name": "EnumFontsW",
  1673. "address": "0x1001198"
  1674. },
  1675. {
  1676. "name": "GetDeviceCaps",
  1677. "address": "0x100119c"
  1678. },
  1679. {
  1680. "name": "DeleteObject",
  1681. "address": "0x10011a0"
  1682. }
  1683. ],
  1684. "dll": "GDI32.dll"
  1685. },
  1686. {
  1687. "imports": [
  1688. {
  1689. "name": "SetActiveWindow",
  1690. "address": "0x10011a8"
  1691. },
  1692. {
  1693. "name": "GetKeyboardLayout",
  1694. "address": "0x10011ac"
  1695. },
  1696. {
  1697. "name": "PostQuitMessage",
  1698. "address": "0x10011b0"
  1699. },
  1700. {
  1701. "name": "DefWindowProcW",
  1702. "address": "0x10011b4"
  1703. },
  1704. {
  1705. "name": "GetForegroundWindow",
  1706. "address": "0x10011b8"
  1707. },
  1708. {
  1709. "name": "IsIconic",
  1710. "address": "0x10011bc"
  1711. },
  1712. {
  1713. "name": "DestroyWindow",
  1714. "address": "0x10011c0"
  1715. },
  1716. {
  1717. "name": "MessageBeep",
  1718. "address": "0x10011c4"
  1719. },
  1720. {
  1721. "name": "GetWindowPlacement",
  1722. "address": "0x10011c8"
  1723. },
  1724. {
  1725. "name": "CharUpperW",
  1726. "address": "0x10011cc"
  1727. },
  1728. {
  1729. "name": "RegisterClassExW",
  1730. "address": "0x10011d0"
  1731. },
  1732. {
  1733. "name": "LoadImageW",
  1734. "address": "0x10011d4"
  1735. },
  1736. {
  1737. "name": "LoadCursorW",
  1738. "address": "0x10011d8"
  1739. },
  1740. {
  1741. "name": "SetWindowLongW",
  1742. "address": "0x10011dc"
  1743. },
  1744. {
  1745. "name": "LoadAcceleratorsW",
  1746. "address": "0x10011e0"
  1747. },
  1748. {
  1749. "name": "GetSystemMenu",
  1750. "address": "0x10011e4"
  1751. },
  1752. {
  1753. "name": "SetWindowPlacement",
  1754. "address": "0x10011e8"
  1755. },
  1756. {
  1757. "name": "CreateWindowExW",
  1758. "address": "0x10011ec"
  1759. },
  1760. {
  1761. "name": "RegisterWindowMessageW",
  1762. "address": "0x10011f0"
  1763. },
  1764. {
  1765. "name": "UpdateWindow",
  1766. "address": "0x10011f4"
  1767. },
  1768. {
  1769. "name": "InvalidateRect",
  1770. "address": "0x10011f8"
  1771. },
  1772. {
  1773. "name": "SetScrollPos",
  1774. "address": "0x10011fc"
  1775. },
  1776. {
  1777. "name": "GetWindowTextLengthW",
  1778. "address": "0x1001200"
  1779. },
  1780. {
  1781. "name": "GetWindowLongW",
  1782. "address": "0x1001204"
  1783. },
  1784. {
  1785. "name": "PeekMessageW",
  1786. "address": "0x1001208"
  1787. },
  1788. {
  1789. "name": "EnableWindow",
  1790. "address": "0x100120c"
  1791. },
  1792. {
  1793. "name": "DialogBoxParamW",
  1794. "address": "0x1001210"
  1795. },
  1796. {
  1797. "name": "CreateDialogParamW",
  1798. "address": "0x1001214"
  1799. },
  1800. {
  1801. "name": "GetWindowTextW",
  1802. "address": "0x1001218"
  1803. },
  1804. {
  1805. "name": "SetWindowPos",
  1806. "address": "0x100121c"
  1807. },
  1808. {
  1809. "name": "SetCursor",
  1810. "address": "0x1001220"
  1811. },
  1812. {
  1813. "name": "SetForegroundWindow",
  1814. "address": "0x1001224"
  1815. },
  1816. {
  1817. "name": "FindWindowW",
  1818. "address": "0x1001228"
  1819. },
  1820. {
  1821. "name": "GetSystemMetrics",
  1822. "address": "0x100122c"
  1823. },
  1824. {
  1825. "name": "MoveWindow",
  1826. "address": "0x1001230"
  1827. },
  1828. {
  1829. "name": "SendMessageW",
  1830. "address": "0x1001234"
  1831. },
  1832. {
  1833. "name": "CharNextW",
  1834. "address": "0x1001238"
  1835. },
  1836. {
  1837. "name": "CheckMenuItem",
  1838. "address": "0x100123c"
  1839. },
  1840. {
  1841. "name": "CloseClipboard",
  1842. "address": "0x1001240"
  1843. },
  1844. {
  1845. "name": "IsClipboardFormatAvailable",
  1846. "address": "0x1001244"
  1847. },
  1848. {
  1849. "name": "OpenClipboard",
  1850. "address": "0x1001248"
  1851. },
  1852. {
  1853. "name": "GetMenuState",
  1854. "address": "0x100124c"
  1855. },
  1856. {
  1857. "name": "EnableMenuItem",
  1858. "address": "0x1001250"
  1859. },
  1860. {
  1861. "name": "GetSubMenu",
  1862. "address": "0x1001254"
  1863. },
  1864. {
  1865. "name": "GetClientRect",
  1866. "address": "0x1001258"
  1867. },
  1868. {
  1869. "name": "UnhookWinEvent",
  1870. "address": "0x100125c"
  1871. },
  1872. {
  1873. "name": "GetFocus",
  1874. "address": "0x1001260"
  1875. },
  1876. {
  1877. "name": "GetMenu",
  1878. "address": "0x1001264"
  1879. },
  1880. {
  1881. "name": "MessageBoxW",
  1882. "address": "0x1001268"
  1883. },
  1884. {
  1885. "name": "WinHelpW",
  1886. "address": "0x100126c"
  1887. },
  1888. {
  1889. "name": "GetDlgCtrlID",
  1890. "address": "0x1001270"
  1891. },
  1892. {
  1893. "name": "ChildWindowFromPoint",
  1894. "address": "0x1001274"
  1895. },
  1896. {
  1897. "name": "GetDC",
  1898. "address": "0x1001278"
  1899. },
  1900. {
  1901. "name": "ShowWindow",
  1902. "address": "0x100127c"
  1903. },
  1904. {
  1905. "name": "DrawTextExW",
  1906. "address": "0x1001280"
  1907. },
  1908. {
  1909. "name": "ReleaseDC",
  1910. "address": "0x1001284"
  1911. },
  1912. {
  1913. "name": "LoadIconW",
  1914. "address": "0x1001288"
  1915. },
  1916. {
  1917. "name": "SetWinEventHook",
  1918. "address": "0x100128c"
  1919. },
  1920. {
  1921. "name": "GetMessageW",
  1922. "address": "0x1001290"
  1923. },
  1924. {
  1925. "name": "PostMessageW",
  1926. "address": "0x1001294"
  1927. },
  1928. {
  1929. "name": "IsDialogMessageW",
  1930. "address": "0x1001298"
  1931. },
  1932. {
  1933. "name": "TranslateAcceleratorW",
  1934. "address": "0x100129c"
  1935. },
  1936. {
  1937. "name": "EndDialog",
  1938. "address": "0x10012a0"
  1939. },
  1940. {
  1941. "name": "GetDlgItemTextW",
  1942. "address": "0x10012a4"
  1943. },
  1944. {
  1945. "name": "SetDlgItemTextW",
  1946. "address": "0x10012a8"
  1947. },
  1948. {
  1949. "name": "SetFocus",
  1950. "address": "0x10012ac"
  1951. },
  1952. {
  1953. "name": "SetWindowTextW",
  1954. "address": "0x10012b0"
  1955. },
  1956. {
  1957. "name": "GetParent",
  1958. "address": "0x10012b4"
  1959. },
  1960. {
  1961. "name": "LoadStringW",
  1962. "address": "0x10012b8"
  1963. },
  1964. {
  1965. "name": "SendDlgItemMessageW",
  1966. "address": "0x10012bc"
  1967. },
  1968. {
  1969. "name": "GetCursorPos",
  1970. "address": "0x10012c0"
  1971. },
  1972. {
  1973. "name": "ScreenToClient",
  1974. "address": "0x10012c4"
  1975. },
  1976. {
  1977. "name": "TranslateMessage",
  1978. "address": "0x10012c8"
  1979. },
  1980. {
  1981. "name": "GetAncestor",
  1982. "address": "0x10012cc"
  1983. },
  1984. {
  1985. "name": "DispatchMessageW",
  1986. "address": "0x10012d0"
  1987. }
  1988. ],
  1989. "dll": "USER32.dll"
  1990. },
  1991. {
  1992. "imports": [
  1993. {
  1994. "name": "_controlfp",
  1995. "address": "0x10012d8"
  1996. },
  1997. {
  1998. "name": "_vsnwprintf",
  1999. "address": "0x10012dc"
  2000. },
  2001. {
  2002. "name": "memset",
  2003. "address": "0x10012e0"
  2004. },
  2005. {
  2006. "name": "_wtol",
  2007. "address": "0x10012e4"
  2008. },
  2009. {
  2010. "name": "memcpy",
  2011. "address": "0x10012e8"
  2012. },
  2013. {
  2014. "name": "iswctype",
  2015. "address": "0x10012ec"
  2016. },
  2017. {
  2018. "name": "wcsncmp",
  2019. "address": "0x10012f0"
  2020. },
  2021. {
  2022. "name": "wcsrchr",
  2023. "address": "0x10012f4"
  2024. },
  2025. {
  2026. "name": "_except_handler4_common",
  2027. "address": "0x10012f8"
  2028. },
  2029. {
  2030. "name": "__p__fmode",
  2031. "address": "0x10012fc"
  2032. },
  2033. {
  2034. "name": "__p__commode",
  2035. "address": "0x1001300"
  2036. },
  2037. {
  2038. "name": "__setusermatherr",
  2039. "address": "0x1001304"
  2040. },
  2041. {
  2042. "name": "_amsg_exit",
  2043. "address": "0x1001308"
  2044. },
  2045. {
  2046. "name": "_initterm",
  2047. "address": "0x100130c"
  2048. },
  2049. {
  2050. "name": "_acmdln",
  2051. "address": "0x1001310"
  2052. },
  2053. {
  2054. "name": "exit",
  2055. "address": "0x1001314"
  2056. },
  2057. {
  2058. "name": "_ismbblead",
  2059. "address": "0x1001318"
  2060. },
  2061. {
  2062. "name": "_XcptFilter",
  2063. "address": "0x100131c"
  2064. },
  2065. {
  2066. "name": "__getmainargs",
  2067. "address": "0x1001320"
  2068. },
  2069. {
  2070. "name": "_cexit",
  2071. "address": "0x1001324"
  2072. },
  2073. {
  2074. "name": "_exit",
  2075. "address": "0x1001328"
  2076. },
  2077. {
  2078. "name": "?terminate@@YAXXZ",
  2079. "address": "0x100132c"
  2080. },
  2081. {
  2082. "name": "__set_app_type",
  2083. "address": "0x1001330"
  2084. }
  2085. ],
  2086. "dll": "msvcrt.dll"
  2087. },
  2088. {
  2089. "imports": [
  2090. {
  2091. "name": "ReplaceTextW",
  2092. "address": "0x1001338"
  2093. },
  2094. {
  2095. "name": "PageSetupDlgW",
  2096. "address": "0x100133c"
  2097. },
  2098. {
  2099. "name": "PrintDlgExW",
  2100. "address": "0x1001340"
  2101. },
  2102. {
  2103. "name": "FindTextW",
  2104. "address": "0x1001344"
  2105. },
  2106. {
  2107. "name": "ChooseFontW",
  2108. "address": "0x1001348"
  2109. },
  2110. {
  2111. "name": "GetSaveFileNameW",
  2112. "address": "0x100134c"
  2113. },
  2114. {
  2115. "name": "CommDlgExtendedError",
  2116. "address": "0x1001350"
  2117. },
  2118. {
  2119. "name": "GetOpenFileNameW",
  2120. "address": "0x1001354"
  2121. },
  2122. {
  2123. "name": "GetFileTitleW",
  2124. "address": "0x1001358"
  2125. }
  2126. ],
  2127. "dll": "COMDLG32.dll"
  2128. },
  2129. {
  2130. "imports": [
  2131. {
  2132. "name": "DragAcceptFiles",
  2133. "address": "0x1001360"
  2134. },
  2135. {
  2136. "name": "SHAddToRecentDocs",
  2137. "address": "0x1001364"
  2138. },
  2139. {
  2140. "name": "SHGetFolderPathW",
  2141. "address": "0x1001368"
  2142. },
  2143. {
  2144. "name": "SHCreateItemFromParsingName",
  2145. "address": "0x100136c"
  2146. },
  2147. {
  2148. "name": "ShellExecuteExW",
  2149. "address": "0x1001370"
  2150. },
  2151. {
  2152. "name": "DragQueryFileW",
  2153. "address": "0x1001374"
  2154. },
  2155. {
  2156. "name": "DragFinish",
  2157. "address": "0x1001378"
  2158. },
  2159. {
  2160. "name": "ShellAboutW",
  2161. "address": "0x100137c"
  2162. }
  2163. ],
  2164. "dll": "SHELL32.dll"
  2165. },
  2166. {
  2167. "imports": [
  2168. {
  2169. "name": "OpenPrinterW",
  2170. "address": "0x1001384"
  2171. },
  2172. {
  2173. "name": "ClosePrinter",
  2174. "address": "0x1001388"
  2175. },
  2176. {
  2177. "name": "GetPrinterDriverW",
  2178. "address": "0x100138c"
  2179. }
  2180. ],
  2181. "dll": "WINSPOOL.DRV"
  2182. },
  2183. {
  2184. "imports": [
  2185. {
  2186. "name": "CoInitializeEx",
  2187. "address": "0x1001394"
  2188. },
  2189. {
  2190. "name": "CoUninitialize",
  2191. "address": "0x1001398"
  2192. },
  2193. {
  2194. "name": "CoTaskMemAlloc",
  2195. "address": "0x100139c"
  2196. },
  2197. {
  2198. "name": "CoCreateInstance",
  2199. "address": "0x10013a0"
  2200. },
  2201. {
  2202. "name": "CoTaskMemFree",
  2203. "address": "0x10013a4"
  2204. },
  2205. {
  2206. "name": "CoInitialize",
  2207. "address": "0x10013a8"
  2208. }
  2209. ],
  2210. "dll": "ole32.dll"
  2211. },
  2212. {
  2213. "imports": [
  2214. {
  2215. "name": "PathIsFileSpecW",
  2216. "address": "0x10013b0"
  2217. },
  2218. {
  2219. "name": "SHStrDupW",
  2220. "address": "0x10013b4"
  2221. }
  2222. ],
  2223. "dll": "SHLWAPI.dll"
  2224. },
  2225. {
  2226. "imports": [
  2227. {
  2228. "name": "CreatePropertySheetPageW",
  2229. "address": "0x10013bc"
  2230. },
  2231. {
  2232. "name": "PropertySheetW",
  2233. "address": "0x10013c0"
  2234. },
  2235. {
  2236. "name": "CreateStatusWindowW",
  2237. "address": "0x10013c4"
  2238. },
  2239. {
  2240. "name": null,
  2241. "address": "0x10013c8"
  2242. }
  2243. ],
  2244. "dll": "COMCTL32.dll"
  2245. },
  2246. {
  2247. "imports": [
  2248. {
  2249. "name": "SysFreeString",
  2250. "address": "0x10013d0"
  2251. },
  2252. {
  2253. "name": "SysAllocString",
  2254. "address": "0x10013d4"
  2255. }
  2256. ],
  2257. "dll": "OLEAUT32.dll"
  2258. },
  2259. {
  2260. "imports": [
  2261. {
  2262. "name": "WinSqmIncrementDWORD",
  2263. "address": "0x10013dc"
  2264. },
  2265. {
  2266. "name": "RtlInitUnicodeString",
  2267. "address": "0x10013e0"
  2268. },
  2269. {
  2270. "name": "NtQueryLicenseValue",
  2271. "address": "0x10013e4"
  2272. },
  2273. {
  2274. "name": "WinSqmAddToStream",
  2275. "address": "0x10013e8"
  2276. }
  2277. ],
  2278. "dll": "ntdll.dll"
  2279. },
  2280. {
  2281. "imports": [
  2282. {
  2283. "name": "GetFileVersionInfoExW",
  2284. "address": "0x10013f0"
  2285. },
  2286. {
  2287. "name": "GetFileVersionInfoSizeExW",
  2288. "address": "0x10013f4"
  2289. },
  2290. {
  2291. "name": "VerQueryValueW",
  2292. "address": "0x10013f8"
  2293. }
  2294. ],
  2295. "dll": "VERSION.dll"
  2296. }
  2297. ],
  2298. "digital_signers": null,
  2299. "exported_dll_name": null,
  2300. "actual_checksum": "0x00039741",
  2301. "overlay": null,
  2302. "imagebase": "0x01000000",
  2303. "reported_checksum": "0x00039741",
  2304. "icon_hash": null,
  2305. "entrypoint": "0x01003689",
  2306. "timestamp": "2009-07-13 23:41:03",
  2307. "osversion": "6.1",
  2308. "sections": [
  2309. {
  2310. "name": ".text",
  2311. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  2312. "virtual_address": "0x00001000",
  2313. "size_of_data": "0x0000a800",
  2314. "entropy": "6.28",
  2315. "raw_address": "0x00000400",
  2316. "virtual_size": "0x0000a68c",
  2317. "characteristics_raw": "0x60000020"
  2318. },
  2319. {
  2320. "name": ".data",
  2321. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  2322. "virtual_address": "0x0000c000",
  2323. "size_of_data": "0x00001000",
  2324. "entropy": "0.76",
  2325. "raw_address": "0x0000ac00",
  2326. "virtual_size": "0x00002164",
  2327. "characteristics_raw": "0xc0000040"
  2328. },
  2329. {
  2330. "name": ".rsrc",
  2331. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  2332. "virtual_address": "0x0000f000",
  2333. "size_of_data": "0x0001f200",
  2334. "entropy": "7.37",
  2335. "raw_address": "0x0000bc00",
  2336. "virtual_size": "0x0001f160",
  2337. "characteristics_raw": "0x40000040"
  2338. },
  2339. {
  2340. "name": ".reloc",
  2341. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  2342. "virtual_address": "0x0002f000",
  2343. "size_of_data": "0x00001000",
  2344. "entropy": "6.43",
  2345. "raw_address": "0x0002ae00",
  2346. "virtual_size": "0x00000e34",
  2347. "characteristics_raw": "0x42000040"
  2348. }
  2349. ],
  2350. "resources": [],
  2351. "dirents": [
  2352. {
  2353. "virtual_address": "0x00000000",
  2354. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  2355. "size": "0x00000000"
  2356. },
  2357. {
  2358. "virtual_address": "0x0000a048",
  2359. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  2360. "size": "0x0000012c"
  2361. },
  2362. {
  2363. "virtual_address": "0x0000f000",
  2364. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  2365. "size": "0x0001f160"
  2366. },
  2367. {
  2368. "virtual_address": "0x00000000",
  2369. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  2370. "size": "0x00000000"
  2371. },
  2372. {
  2373. "virtual_address": "0x00000000",
  2374. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  2375. "size": "0x00000000"
  2376. },
  2377. {
  2378. "virtual_address": "0x0002f000",
  2379. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  2380. "size": "0x00000e34"
  2381. },
  2382. {
  2383. "virtual_address": "0x0000b62c",
  2384. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  2385. "size": "0x00000038"
  2386. },
  2387. {
  2388. "virtual_address": "0x00000000",
  2389. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  2390. "size": "0x00000000"
  2391. },
  2392. {
  2393. "virtual_address": "0x00000000",
  2394. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  2395. "size": "0x00000000"
  2396. },
  2397. {
  2398. "virtual_address": "0x00000000",
  2399. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  2400. "size": "0x00000000"
  2401. },
  2402. {
  2403. "virtual_address": "0x00006d58",
  2404. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  2405. "size": "0x00000040"
  2406. },
  2407. {
  2408. "virtual_address": "0x00000278",
  2409. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  2410. "size": "0x00000128"
  2411. },
  2412. {
  2413. "virtual_address": "0x00001000",
  2414. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  2415. "size": "0x00000400"
  2416. },
  2417. {
  2418. "virtual_address": "0x00000000",
  2419. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  2420. "size": "0x00000000"
  2421. },
  2422. {
  2423. "virtual_address": "0x00000000",
  2424. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  2425. "size": "0x00000000"
  2426. },
  2427. {
  2428. "virtual_address": "0x00000000",
  2429. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  2430. "size": "0x00000000"
  2431. }
  2432. ],
  2433. "exports": [],
  2434. "guest_signers": {},
  2435. "imphash": "2a141685bec588fb7b12c50a8a40eb2b",
  2436. "icon_fuzzy": null,
  2437. "icon": null,
  2438. "pdbpath": "notepad.pdb",
  2439. "imported_dll_count": 14,
  2440. "versioninfo": []
  2441. }
  2442. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!