API tools faq
paste
Advertisement
paladin316

Exes_af07a7de_exe.json

paladin316
Jun 17th, 2019
1,311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 70.01 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_af07a7de.exe"
  7. [*] File Size: 283136
  8. [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
  9. [*] SHA256: "90f277b97d30399367a7e56551bbf2135c4968ade64100863095dc7031f34c91"
  10. [*] MD5: "0f98b7b43ab1b3e2a957c5361fc403cd"
  11. [*] SHA1: "6afc0ae820991afcf9d6eeab0cbb68378b2f8d00"
  12. [*] SHA512: "f56b1fbf9ec6c63807882166fd8845ba4660eb16403706d4d0b3c4ee3de8a86549771e516d017058da9a023f787b997855733b975ad98569975655d92101ffb3"
  13. [*] CRC32: "AF07A7DE"
  14. [*] SSDEEP: "6144:kTkJkvRAhoED0xWSVwbhDV4UszE7hvrimn:kwCAh1S2wUszE7hv9n"
  15.  
  16. [*] Process Execution: [
  17. "Exes_af07a7de.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. },
  25. {
  26. "Description": "File has been identified by 52 Antiviruses on VirusTotal as malicious",
  27. "Details": [
  28. {
  29. "MicroWorld-eScan": "Gen:Variant.Mikey.99065"
  30. },
  31. {
  32. "FireEye": "Generic.mg.0f98b7b43ab1b3e2"
  33. },
  34. {
  35. "CAT-QuickHeal": "Trojan.Multi"
  36. },
  37. {
  38. "McAfee": "GenericRXHT-TY!0F98B7B43AB1"
  39. },
  40. {
  41. "Malwarebytes": "Trojan.MalPack.RES"
  42. },
  43. {
  44. "Alibaba": "Trojan:Win32/Zudochka.80e074bf"
  45. },
  46. {
  47. "K7GW": "Trojan ( 0054fcdf1 )"
  48. },
  49. {
  50. "K7AntiVirus": "Trojan ( 0054fcdf1 )"
  51. },
  52. {
  53. "Arcabit": "Trojan.Mikey.D182F9"
  54. },
  55. {
  56. "Invincea": "heuristic"
  57. },
  58. {
  59. "Symantec": "Trojan.Gen.2"
  60. },
  61. {
  62. "APEX": "Malicious"
  63. },
  64. {
  65. "Paloalto": "generic.ml"
  66. },
  67. {
  68. "Kaspersky": "Trojan.Win32.Zudochka.uz"
  69. },
  70. {
  71. "BitDefender": "Gen:Variant.Mikey.99065"
  72. },
  73. {
  74. "NANO-Antivirus": "Trojan.Win32.Bsymem.frdpmk"
  75. },
  76. {
  77. "Avast": "Win32:RansomX-gen [Ransom]"
  78. },
  79. {
  80. "Tencent": "Win32.Trojan.Zudochka.Jcq"
  81. },
  82. {
  83. "Endgame": "malicious (high confidence)"
  84. },
  85. {
  86. "Emsisoft": "Gen:Variant.Mikey.99065 (B)"
  87. },
  88. {
  89. "Comodo": "Malware@#1brrnak2x7xsm"
  90. },
  91. {
  92. "F-Secure": "Trojan.TR/AD.Petya.yrncr"
  93. },
  94. {
  95. "DrWeb": "Trojan.Encoder.11539"
  96. },
  97. {
  98. "TrendMicro": "TROJ_GEN.R03BC0WFB19"
  99. },
  100. {
  101. "McAfee-GW-Edition": "Artemis!Trojan"
  102. },
  103. {
  104. "Sophos": "Mal/Generic-S"
  105. },
  106. {
  107. "Ikarus": "Trojan.Win32.Krypt"
  108. },
  109. {
  110. "Cyren": "W32/Trojan.GJIE-9214"
  111. },
  112. {
  113. "ESET-NOD32": "a variant of Win32/Kryptik.GTWJ"
  114. },
  115. {
  116. "Webroot": "W32.Zudochka"
  117. },
  118. {
  119. "Avira": "TR/AD.Petya.yrncr"
  120. },
  121. {
  122. "MAX": "malware (ai score=100)"
  123. },
  124. {
  125. "Microsoft": "Trojan:Win32/Skeeyah.A!bit"
  126. },
  127. {
  128. "AegisLab": "Trojan.Multi.Generic.4!c"
  129. },
  130. {
  131. "ZoneAlarm": "Trojan.Win32.Zudochka.uz"
  132. },
  133. {
  134. "GData": "Gen:Variant.Mikey.99065"
  135. },
  136. {
  137. "AhnLab-V3": "Trojan/Win32.Agent.C3286130"
  138. },
  139. {
  140. "Acronis": "suspicious"
  141. },
  142. {
  143. "VBA32": "Trojan.Bsymem"
  144. },
  145. {
  146. "ALYac": "Gen:Variant.Mikey.99065"
  147. },
  148. {
  149. "Ad-Aware": "Gen:Variant.Mikey.99065"
  150. },
  151. {
  152. "TrendMicro-HouseCall": "TROJ_GEN.R03BC0WFB19"
  153. },
  154. {
  155. "Rising": "Malware.Heuristic.MLite(98%) (AI-LITE:2gqYo2DDtgKIBgFc/glrrA)"
  156. },
  157. {
  158. "Yandex": "Trojan.GenKryptik!"
  159. },
  160. {
  161. "SentinelOne": "DFI - Malicious PE"
  162. },
  163. {
  164. "eGambit": "Unsafe.AI_Score_75%"
  165. },
  166. {
  167. "Fortinet": "W32/GenKryptik.DKGQ!tr"
  168. },
  169. {
  170. "AVG": "Win32:RansomX-gen [Ransom]"
  171. },
  172. {
  173. "Cybereason": "malicious.43ab1b"
  174. },
  175. {
  176. "Panda": "Trj/CI.A"
  177. },
  178. {
  179. "CrowdStrike": "win/malicious_confidence_80% (W)"
  180. },
  181. {
  182. "Qihoo-360": "Win32/Trojan.37f"
  183. }
  184. ]
  185. }
  186. ]
  187.  
  188. [*] Started Service: []
  189.  
  190. [*] Executed Commands: []
  191.  
  192. [*] Mutexes: [
  193. "DBWinMutex"
  194. ]
  195.  
  196. [*] Modified Files: []
  197.  
  198. [*] Deleted Files: []
  199.  
  200. [*] Modified Registry Keys: []
  201.  
  202. [*] Deleted Registry Keys: []
  203.  
  204. [*] DNS Communications: []
  205.  
  206. [*] Domains: []
  207.  
  208. [*] Network Communication - ICMP: []
  209.  
  210. [*] Network Communication - HTTP: []
  211.  
  212. [*] Network Communication - SMTP: []
  213.  
  214. [*] Network Communication - Hosts: []
  215.  
  216. [*] Network Communication - IRC: []
  217.  
  218. [*] Static Analysis: {
  219. "pe": {
  220. "peid_signatures": null,
  221. "imports": [
  222. {
  223. "imports": [
  224. {
  225. "name": "LCMapStringW",
  226. "address": "0x40d04c"
  227. },
  228. {
  229. "name": "CompareStringW",
  230. "address": "0x40d050"
  231. },
  232. {
  233. "name": "SetEnvironmentVariableA",
  234. "address": "0x40d054"
  235. },
  236. {
  237. "name": "FreeEnvironmentStringsW",
  238. "address": "0x40d058"
  239. },
  240. {
  241. "name": "GetEnvironmentStringsW",
  242. "address": "0x40d05c"
  243. },
  244. {
  245. "name": "GetCPInfo",
  246. "address": "0x40d060"
  247. },
  248. {
  249. "name": "GetOEMCP",
  250. "address": "0x40d064"
  251. },
  252. {
  253. "name": "IsValidCodePage",
  254. "address": "0x40d068"
  255. },
  256. {
  257. "name": "FindNextFileA",
  258. "address": "0x40d06c"
  259. },
  260. {
  261. "name": "FindFirstFileExA",
  262. "address": "0x40d070"
  263. },
  264. {
  265. "name": "FindClose",
  266. "address": "0x40d074"
  267. },
  268. {
  269. "name": "CloseHandle",
  270. "address": "0x40d078"
  271. },
  272. {
  273. "name": "HeapAlloc",
  274. "address": "0x40d07c"
  275. },
  276. {
  277. "name": "HeapFree",
  278. "address": "0x40d080"
  279. },
  280. {
  281. "name": "GetACP",
  282. "address": "0x40d084"
  283. },
  284. {
  285. "name": "GetCommandLineW",
  286. "address": "0x40d088"
  287. },
  288. {
  289. "name": "GetCommandLineA",
  290. "address": "0x40d08c"
  291. },
  292. {
  293. "name": "GetModuleHandleExW",
  294. "address": "0x40d090"
  295. },
  296. {
  297. "name": "ExitProcess",
  298. "address": "0x40d094"
  299. },
  300. {
  301. "name": "WideCharToMultiByte",
  302. "address": "0x40d098"
  303. },
  304. {
  305. "name": "GetModuleFileNameA",
  306. "address": "0x40d09c"
  307. },
  308. {
  309. "name": "WriteFile",
  310. "address": "0x40d0a0"
  311. },
  312. {
  313. "name": "GetStdHandle",
  314. "address": "0x40d0a4"
  315. },
  316. {
  317. "name": "LoadLibraryExW",
  318. "address": "0x40d0a8"
  319. },
  320. {
  321. "name": "GetProcAddress",
  322. "address": "0x40d0ac"
  323. },
  324. {
  325. "name": "FreeLibrary",
  326. "address": "0x40d0b0"
  327. },
  328. {
  329. "name": "TlsFree",
  330. "address": "0x40d0b4"
  331. },
  332. {
  333. "name": "TlsSetValue",
  334. "address": "0x40d0b8"
  335. },
  336. {
  337. "name": "TlsGetValue",
  338. "address": "0x40d0bc"
  339. },
  340. {
  341. "name": "TlsAlloc",
  342. "address": "0x40d0c0"
  343. },
  344. {
  345. "name": "InitializeCriticalSectionAndSpinCount",
  346. "address": "0x40d0c4"
  347. },
  348. {
  349. "name": "DeleteCriticalSection",
  350. "address": "0x40d0c8"
  351. },
  352. {
  353. "name": "LeaveCriticalSection",
  354. "address": "0x40d0cc"
  355. },
  356. {
  357. "name": "EnterCriticalSection",
  358. "address": "0x40d0d0"
  359. },
  360. {
  361. "name": "SetLastError",
  362. "address": "0x40d0d4"
  363. },
  364. {
  365. "name": "GetLastError",
  366. "address": "0x40d0d8"
  367. },
  368. {
  369. "name": "RtlUnwind",
  370. "address": "0x40d0dc"
  371. },
  372. {
  373. "name": "TerminateProcess",
  374. "address": "0x40d0e0"
  375. },
  376. {
  377. "name": "GetCurrentProcess",
  378. "address": "0x40d0e4"
  379. },
  380. {
  381. "name": "GetModuleHandleW",
  382. "address": "0x40d0e8"
  383. },
  384. {
  385. "name": "IsProcessorFeaturePresent",
  386. "address": "0x40d0ec"
  387. },
  388. {
  389. "name": "GetStartupInfoW",
  390. "address": "0x40d0f0"
  391. },
  392. {
  393. "name": "SetUnhandledExceptionFilter",
  394. "address": "0x40d0f4"
  395. },
  396. {
  397. "name": "UnhandledExceptionFilter",
  398. "address": "0x40d0f8"
  399. },
  400. {
  401. "name": "IsDebuggerPresent",
  402. "address": "0x40d0fc"
  403. },
  404. {
  405. "name": "InitializeSListHead",
  406. "address": "0x40d100"
  407. },
  408. {
  409. "name": "GetSystemTimeAsFileTime",
  410. "address": "0x40d104"
  411. },
  412. {
  413. "name": "GetCurrentThreadId",
  414. "address": "0x40d108"
  415. },
  416. {
  417. "name": "GetCurrentProcessId",
  418. "address": "0x40d10c"
  419. },
  420. {
  421. "name": "QueryPerformanceCounter",
  422. "address": "0x40d110"
  423. },
  424. {
  425. "name": "SetStdHandle",
  426. "address": "0x40d114"
  427. },
  428. {
  429. "name": "GetFileType",
  430. "address": "0x40d118"
  431. },
  432. {
  433. "name": "GetStringTypeW",
  434. "address": "0x40d11c"
  435. },
  436. {
  437. "name": "GetProcessHeap",
  438. "address": "0x40d120"
  439. },
  440. {
  441. "name": "HeapSize",
  442. "address": "0x40d124"
  443. },
  444. {
  445. "name": "HeapReAlloc",
  446. "address": "0x40d128"
  447. },
  448. {
  449. "name": "FlushFileBuffers",
  450. "address": "0x40d12c"
  451. },
  452. {
  453. "name": "GetConsoleCP",
  454. "address": "0x40d130"
  455. },
  456. {
  457. "name": "GetConsoleMode",
  458. "address": "0x40d134"
  459. },
  460. {
  461. "name": "SetFilePointerEx",
  462. "address": "0x40d138"
  463. },
  464. {
  465. "name": "WriteConsoleW",
  466. "address": "0x40d13c"
  467. },
  468. {
  469. "name": "DecodePointer",
  470. "address": "0x40d140"
  471. },
  472. {
  473. "name": "CreateFileW",
  474. "address": "0x40d144"
  475. },
  476. {
  477. "name": "LoadLibraryW",
  478. "address": "0x40d148"
  479. },
  480. {
  481. "name": "RaiseException",
  482. "address": "0x40d14c"
  483. },
  484. {
  485. "name": "MultiByteToWideChar",
  486. "address": "0x40d150"
  487. },
  488. {
  489. "name": "VirtualProtect",
  490. "address": "0x40d154"
  491. }
  492. ],
  493. "dll": "KERNEL32.dll"
  494. },
  495. {
  496. "imports": [
  497. {
  498. "name": "CreateMDIWindowA",
  499. "address": "0x40d1c4"
  500. },
  501. {
  502. "name": "ImpersonateDdeClientWindow",
  503. "address": "0x40d1c8"
  504. },
  505. {
  506. "name": "SetKeyboardState",
  507. "address": "0x40d1cc"
  508. },
  509. {
  510. "name": "CreateCursor",
  511. "address": "0x40d1d0"
  512. },
  513. {
  514. "name": "LockWindowUpdate",
  515. "address": "0x40d1d4"
  516. },
  517. {
  518. "name": "GetDesktopWindow",
  519. "address": "0x40d1d8"
  520. },
  521. {
  522. "name": "ReuseDDElParam",
  523. "address": "0x40d1dc"
  524. },
  525. {
  526. "name": "EqualRect",
  527. "address": "0x40d1e0"
  528. },
  529. {
  530. "name": "DefWindowProcW",
  531. "address": "0x40d1e4"
  532. },
  533. {
  534. "name": "CreateIcon",
  535. "address": "0x40d1e8"
  536. },
  537. {
  538. "name": "IsCharAlphaA",
  539. "address": "0x40d1ec"
  540. },
  541. {
  542. "name": "ChangeDisplaySettingsExA",
  543. "address": "0x40d1f0"
  544. },
  545. {
  546. "name": "GetUserObjectSecurity",
  547. "address": "0x40d1f4"
  548. },
  549. {
  550. "name": "SetMessageExtraInfo",
  551. "address": "0x40d1f8"
  552. },
  553. {
  554. "name": "DdeQueryStringW",
  555. "address": "0x40d1fc"
  556. },
  557. {
  558. "name": "DefFrameProcA",
  559. "address": "0x40d200"
  560. },
  561. {
  562. "name": "AnyPopup",
  563. "address": "0x40d204"
  564. },
  565. {
  566. "name": "CharLowerBuffW",
  567. "address": "0x40d208"
  568. },
  569. {
  570. "name": "VkKeyScanExW",
  571. "address": "0x40d20c"
  572. },
  573. {
  574. "name": "UnhookWinEvent",
  575. "address": "0x40d210"
  576. },
  577. {
  578. "name": "IsCharUpperW",
  579. "address": "0x40d214"
  580. },
  581. {
  582. "name": "OpenWindowStationA",
  583. "address": "0x40d218"
  584. },
  585. {
  586. "name": "TranslateAcceleratorW",
  587. "address": "0x40d21c"
  588. },
  589. {
  590. "name": "ChangeDisplaySettingsExW",
  591. "address": "0x40d220"
  592. },
  593. {
  594. "name": "ToUnicodeEx",
  595. "address": "0x40d224"
  596. },
  597. {
  598. "name": "CreateWindowStationA",
  599. "address": "0x40d228"
  600. },
  601. {
  602. "name": "UnregisterHotKey",
  603. "address": "0x40d22c"
  604. }
  605. ],
  606. "dll": "USER32.dll"
  607. },
  608. {
  609. "imports": [
  610. {
  611. "name": "DocumentPropertySheets",
  612. "address": "0x40d288"
  613. },
  614. {
  615. "name": "EnumJobsW",
  616. "address": "0x40d28c"
  617. },
  618. {
  619. "name": "AddJobA",
  620. "address": "0x40d290"
  621. },
  622. {
  623. "name": "EnumPrintProcessorsA",
  624. "address": "0x40d294"
  625. },
  626. {
  627. "name": "GetFormW",
  628. "address": "0x40d298"
  629. },
  630. {
  631. "name": null,
  632. "address": "0x40d29c"
  633. },
  634. {
  635. "name": "GetSpoolFileHandle",
  636. "address": "0x40d2a0"
  637. },
  638. {
  639. "name": "PrinterProperties",
  640. "address": "0x40d2a4"
  641. },
  642. {
  643. "name": "DeleteMonitorW",
  644. "address": "0x40d2a8"
  645. },
  646. {
  647. "name": "EnumPrinterDriversW",
  648. "address": "0x40d2ac"
  649. },
  650. {
  651. "name": "EnumPrinterDriversA",
  652. "address": "0x40d2b0"
  653. },
  654. {
  655. "name": "CloseSpoolFileHandle",
  656. "address": "0x40d2b4"
  657. },
  658. {
  659. "name": "DeletePrintProcessorA",
  660. "address": "0x40d2b8"
  661. },
  662. {
  663. "name": "EnumPrintersA",
  664. "address": "0x40d2bc"
  665. },
  666. {
  667. "name": "GetPrinterA",
  668. "address": "0x40d2c0"
  669. },
  670. {
  671. "name": "AddPrintProcessorW",
  672. "address": "0x40d2c4"
  673. },
  674. {
  675. "name": null,
  676. "address": "0x40d2c8"
  677. },
  678. {
  679. "name": "DeletePrinterKeyA",
  680. "address": "0x40d2cc"
  681. },
  682. {
  683. "name": "DeletePrinterDriverA",
  684. "address": "0x40d2d0"
  685. },
  686. {
  687. "name": "PlayGdiScriptOnPrinterIC",
  688. "address": "0x40d2d4"
  689. },
  690. {
  691. "name": "DeletePrintProcessorW",
  692. "address": "0x40d2d8"
  693. },
  694. {
  695. "name": "FindClosePrinterChangeNotification",
  696. "address": "0x40d2dc"
  697. },
  698. {
  699. "name": null,
  700. "address": "0x40d2e0"
  701. },
  702. {
  703. "name": "DeletePrinterDataExW",
  704. "address": "0x40d2e4"
  705. },
  706. {
  707. "name": "XcvDataW",
  708. "address": "0x40d2e8"
  709. }
  710. ],
  711. "dll": "WINSPOOL.DRV"
  712. },
  713. {
  714. "imports": [
  715. {
  716. "name": "InternetCloseHandle",
  717. "address": "0x40d234"
  718. },
  719. {
  720. "name": "HttpSendRequestA",
  721. "address": "0x40d238"
  722. },
  723. {
  724. "name": "InternetCrackUrlA",
  725. "address": "0x40d23c"
  726. },
  727. {
  728. "name": "FindNextUrlCacheContainerW",
  729. "address": "0x40d240"
  730. },
  731. {
  732. "name": "ParseX509EncodedCertificateForListBoxEntry",
  733. "address": "0x40d244"
  734. },
  735. {
  736. "name": "GetUrlCacheConfigInfoW",
  737. "address": "0x40d248"
  738. },
  739. {
  740. "name": "GopherCreateLocatorA",
  741. "address": "0x40d24c"
  742. },
  743. {
  744. "name": "FtpCreateDirectoryA",
  745. "address": "0x40d250"
  746. },
  747. {
  748. "name": "InternetCombineUrlA",
  749. "address": "0x40d254"
  750. },
  751. {
  752. "name": "SetUrlCacheEntryInfoA",
  753. "address": "0x40d258"
  754. },
  755. {
  756. "name": "InternetConnectW",
  757. "address": "0x40d25c"
  758. },
  759. {
  760. "name": "UnlockUrlCacheEntryFile",
  761. "address": "0x40d260"
  762. },
  763. {
  764. "name": "RetrieveUrlCacheEntryStreamA",
  765. "address": "0x40d264"
  766. },
  767. {
  768. "name": "InternetWriteFileExA",
  769. "address": "0x40d268"
  770. },
  771. {
  772. "name": "GetUrlCacheConfigInfoA",
  773. "address": "0x40d26c"
  774. },
  775. {
  776. "name": "InternetSetCookieA",
  777. "address": "0x40d270"
  778. },
  779. {
  780. "name": "GetUrlCacheHeaderData",
  781. "address": "0x40d274"
  782. },
  783. {
  784. "name": "HttpOpenRequestA",
  785. "address": "0x40d278"
  786. },
  787. {
  788. "name": "GopherGetAttributeW",
  789. "address": "0x40d27c"
  790. },
  791. {
  792. "name": "FindFirstUrlCacheContainerA",
  793. "address": "0x40d280"
  794. }
  795. ],
  796. "dll": "WININET.dll"
  797. },
  798. {
  799. "imports": [
  800. {
  801. "name": "PathIsContentTypeW",
  802. "address": "0x40d15c"
  803. },
  804. {
  805. "name": "StrChrIA",
  806. "address": "0x40d160"
  807. },
  808. {
  809. "name": "SHDeleteKeyA",
  810. "address": "0x40d164"
  811. },
  812. {
  813. "name": "UrlGetLocationW",
  814. "address": "0x40d168"
  815. },
  816. {
  817. "name": "UrlUnescapeA",
  818. "address": "0x40d16c"
  819. },
  820. {
  821. "name": "StrCSpnA",
  822. "address": "0x40d170"
  823. },
  824. {
  825. "name": "StrFormatByteSizeA",
  826. "address": "0x40d174"
  827. },
  828. {
  829. "name": "SHRegCreateUSKeyA",
  830. "address": "0x40d178"
  831. },
  832. {
  833. "name": "UrlCanonicalizeW",
  834. "address": "0x40d17c"
  835. },
  836. {
  837. "name": "PathUnquoteSpacesA",
  838. "address": "0x40d180"
  839. },
  840. {
  841. "name": "SHRegWriteUSValueW",
  842. "address": "0x40d184"
  843. },
  844. {
  845. "name": "StrSpnW",
  846. "address": "0x40d188"
  847. },
  848. {
  849. "name": "PathRemoveBackslashW",
  850. "address": "0x40d18c"
  851. },
  852. {
  853. "name": "PathIsDirectoryW",
  854. "address": "0x40d190"
  855. },
  856. {
  857. "name": "PathParseIconLocationA",
  858. "address": "0x40d194"
  859. },
  860. {
  861. "name": "PathUnquoteSpacesW",
  862. "address": "0x40d198"
  863. },
  864. {
  865. "name": "PathCompactPathExW",
  866. "address": "0x40d19c"
  867. },
  868. {
  869. "name": "PathCombineW",
  870. "address": "0x40d1a0"
  871. },
  872. {
  873. "name": "SHEnumValueA",
  874. "address": "0x40d1a4"
  875. },
  876. {
  877. "name": "PathStripPathA",
  878. "address": "0x40d1a8"
  879. },
  880. {
  881. "name": "StrCatW",
  882. "address": "0x40d1ac"
  883. },
  884. {
  885. "name": "SHRegDeleteEmptyUSKeyA",
  886. "address": "0x40d1b0"
  887. },
  888. {
  889. "name": "StrStrIW",
  890. "address": "0x40d1b4"
  891. },
  892. {
  893. "name": "SHEnumKeyExA",
  894. "address": "0x40d1b8"
  895. },
  896. {
  897. "name": "StrCmpW",
  898. "address": "0x40d1bc"
  899. }
  900. ],
  901. "dll": "SHLWAPI.dll"
  902. },
  903. {
  904. "imports": [
  905. {
  906. "name": "CryptHashPublicKeyInfo",
  907. "address": "0x40d000"
  908. },
  909. {
  910. "name": "CertAddSerializedElementToStore",
  911. "address": "0x40d004"
  912. },
  913. {
  914. "name": "CertDuplicateCRLContext",
  915. "address": "0x40d008"
  916. },
  917. {
  918. "name": "CertEnumCertificatesInStore",
  919. "address": "0x40d00c"
  920. },
  921. {
  922. "name": "CertAddEncodedCRLToStore",
  923. "address": "0x40d010"
  924. },
  925. {
  926. "name": "CertGetIntendedKeyUsage",
  927. "address": "0x40d014"
  928. },
  929. {
  930. "name": "CertSerializeCertificateStoreElement",
  931. "address": "0x40d018"
  932. },
  933. {
  934. "name": "CertIsRDNAttrsInCertificateName",
  935. "address": "0x40d01c"
  936. },
  937. {
  938. "name": "CryptImportPublicKeyInfo",
  939. "address": "0x40d020"
  940. },
  941. {
  942. "name": "CryptVerifyCertificateSignature",
  943. "address": "0x40d024"
  944. },
  945. {
  946. "name": "CertDeleteCTLFromStore",
  947. "address": "0x40d028"
  948. },
  949. {
  950. "name": "CryptFormatObject",
  951. "address": "0x40d02c"
  952. },
  953. {
  954. "name": "CryptExportPublicKeyInfo",
  955. "address": "0x40d030"
  956. },
  957. {
  958. "name": "CertSetEnhancedKeyUsage",
  959. "address": "0x40d034"
  960. },
  961. {
  962. "name": "CertAddCRLContextToStore",
  963. "address": "0x40d038"
  964. },
  965. {
  966. "name": "CertCompareCertificate",
  967. "address": "0x40d03c"
  968. },
  969. {
  970. "name": "CertCreateCTLContext",
  971. "address": "0x40d040"
  972. },
  973. {
  974. "name": "CryptSignAndEncryptMessage",
  975. "address": "0x40d044"
  976. }
  977. ],
  978. "dll": "CRYPT32.dll"
  979. }
  980. ],
  981. "digital_signers": null,
  982. "exported_dll_name": null,
  983. "actual_checksum": "0x000459f1",
  984. "overlay": null,
  985. "imagebase": "0x00400000",
  986. "reported_checksum": "0x00000000",
  987. "icon_hash": null,
  988. "entrypoint": "0x00402055",
  989. "timestamp": "2019-06-08 12:45:24",
  990. "osversion": "5.1",
  991. "sections": [
  992. {
  993. "name": ".text",
  994. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  995. "virtual_address": "0x00001000",
  996. "size_of_data": "0x0000be00",
  997. "entropy": "6.65",
  998. "raw_address": "0x00000400",
  999. "virtual_size": "0x0000bd87",
  1000. "characteristics_raw": "0x60000020"
  1001. },
  1002. {
  1003. "name": ".rdata",
  1004. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1005. "virtual_address": "0x0000d000",
  1006. "size_of_data": "0x00006600",
  1007. "entropy": "5.09",
  1008. "raw_address": "0x0000c200",
  1009. "virtual_size": "0x000065b2",
  1010. "characteristics_raw": "0x40000040"
  1011. },
  1012. {
  1013. "name": ".data",
  1014. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1015. "virtual_address": "0x00014000",
  1016. "size_of_data": "0x00007800",
  1017. "entropy": "6.76",
  1018. "raw_address": "0x00012800",
  1019. "virtual_size": "0x00008120",
  1020. "characteristics_raw": "0xc0000040"
  1021. },
  1022. {
  1023. "name": ".gfids",
  1024. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1025. "virtual_address": "0x0001d000",
  1026. "size_of_data": "0x00000200",
  1027. "entropy": "1.41",
  1028. "raw_address": "0x0001a000",
  1029. "virtual_size": "0x000000ac",
  1030. "characteristics_raw": "0x40000040"
  1031. },
  1032. {
  1033. "name": ".rsrc",
  1034. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1035. "virtual_address": "0x0001e000",
  1036. "size_of_data": "0x00029800",
  1037. "entropy": "6.52",
  1038. "raw_address": "0x0001a200",
  1039. "virtual_size": "0x000296dd",
  1040. "characteristics_raw": "0x40000040"
  1041. },
  1042. {
  1043. "name": ".reloc",
  1044. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1045. "virtual_address": "0x00048000",
  1046. "size_of_data": "0x00001800",
  1047. "entropy": "6.30",
  1048. "raw_address": "0x00043a00",
  1049. "virtual_size": "0x00001628",
  1050. "characteristics_raw": "0x42000040"
  1051. }
  1052. ],
  1053. "resources": [],
  1054. "dirents": [
  1055. {
  1056. "virtual_address": "0x00000000",
  1057. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1058. "size": "0x00000000"
  1059. },
  1060. {
  1061. "virtual_address": "0x00012384",
  1062. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1063. "size": "0x0000008c"
  1064. },
  1065. {
  1066. "virtual_address": "0x0001e000",
  1067. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1068. "size": "0x000296dd"
  1069. },
  1070. {
  1071. "virtual_address": "0x00000000",
  1072. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1073. "size": "0x00000000"
  1074. },
  1075. {
  1076. "virtual_address": "0x00000000",
  1077. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1078. "size": "0x00000000"
  1079. },
  1080. {
  1081. "virtual_address": "0x00048000",
  1082. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1083. "size": "0x00001628"
  1084. },
  1085. {
  1086. "virtual_address": "0x00011cc0",
  1087. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1088. "size": "0x0000001c"
  1089. },
  1090. {
  1091. "virtual_address": "0x00000000",
  1092. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1093. "size": "0x00000000"
  1094. },
  1095. {
  1096. "virtual_address": "0x00000000",
  1097. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1098. "size": "0x00000000"
  1099. },
  1100. {
  1101. "virtual_address": "0x00000000",
  1102. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1103. "size": "0x00000000"
  1104. },
  1105. {
  1106. "virtual_address": "0x00011ce0",
  1107. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1108. "size": "0x00000040"
  1109. },
  1110. {
  1111. "virtual_address": "0x00000000",
  1112. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1113. "size": "0x00000000"
  1114. },
  1115. {
  1116. "virtual_address": "0x0000d000",
  1117. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1118. "size": "0x000002f0"
  1119. },
  1120. {
  1121. "virtual_address": "0x00000000",
  1122. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1123. "size": "0x00000000"
  1124. },
  1125. {
  1126. "virtual_address": "0x00000000",
  1127. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1128. "size": "0x00000000"
  1129. },
  1130. {
  1131. "virtual_address": "0x00000000",
  1132. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1133. "size": "0x00000000"
  1134. }
  1135. ],
  1136. "exports": [],
  1137. "guest_signers": {},
  1138. "imphash": "1263d471a0f2e9a98846386838077c21",
  1139. "icon_fuzzy": null,
  1140. "icon": null,
  1141. "pdbpath": null,
  1142. "imported_dll_count": 6,
  1143. "versioninfo": []
  1144. }
  1145. }
  1146.  
  1147. [*] Resolved APIs: [
  1148. "kernel32.dll.FlsAlloc",
  1149. "kernel32.dll.FlsSetValue",
  1150. "kernel32.dll.FlsGetValue",
  1151. "kernel32.dll.LCMapStringEx"
  1152. ]
  1153.  
  1154. [*] Static Analysis: {
  1155. "pe": {
  1156. "peid_signatures": null,
  1157. "imports": [
  1158. {
  1159. "imports": [
  1160. {
  1161. "name": "LCMapStringW",
  1162. "address": "0x40d04c"
  1163. },
  1164. {
  1165. "name": "CompareStringW",
  1166. "address": "0x40d050"
  1167. },
  1168. {
  1169. "name": "SetEnvironmentVariableA",
  1170. "address": "0x40d054"
  1171. },
  1172. {
  1173. "name": "FreeEnvironmentStringsW",
  1174. "address": "0x40d058"
  1175. },
  1176. {
  1177. "name": "GetEnvironmentStringsW",
  1178. "address": "0x40d05c"
  1179. },
  1180. {
  1181. "name": "GetCPInfo",
  1182. "address": "0x40d060"
  1183. },
  1184. {
  1185. "name": "GetOEMCP",
  1186. "address": "0x40d064"
  1187. },
  1188. {
  1189. "name": "IsValidCodePage",
  1190. "address": "0x40d068"
  1191. },
  1192. {
  1193. "name": "FindNextFileA",
  1194. "address": "0x40d06c"
  1195. },
  1196. {
  1197. "name": "FindFirstFileExA",
  1198. "address": "0x40d070"
  1199. },
  1200. {
  1201. "name": "FindClose",
  1202. "address": "0x40d074"
  1203. },
  1204. {
  1205. "name": "CloseHandle",
  1206. "address": "0x40d078"
  1207. },
  1208. {
  1209. "name": "HeapAlloc",
  1210. "address": "0x40d07c"
  1211. },
  1212. {
  1213. "name": "HeapFree",
  1214. "address": "0x40d080"
  1215. },
  1216. {
  1217. "name": "GetACP",
  1218. "address": "0x40d084"
  1219. },
  1220. {
  1221. "name": "GetCommandLineW",
  1222. "address": "0x40d088"
  1223. },
  1224. {
  1225. "name": "GetCommandLineA",
  1226. "address": "0x40d08c"
  1227. },
  1228. {
  1229. "name": "GetModuleHandleExW",
  1230. "address": "0x40d090"
  1231. },
  1232. {
  1233. "name": "ExitProcess",
  1234. "address": "0x40d094"
  1235. },
  1236. {
  1237. "name": "WideCharToMultiByte",
  1238. "address": "0x40d098"
  1239. },
  1240. {
  1241. "name": "GetModuleFileNameA",
  1242. "address": "0x40d09c"
  1243. },
  1244. {
  1245. "name": "WriteFile",
  1246. "address": "0x40d0a0"
  1247. },
  1248. {
  1249. "name": "GetStdHandle",
  1250. "address": "0x40d0a4"
  1251. },
  1252. {
  1253. "name": "LoadLibraryExW",
  1254. "address": "0x40d0a8"
  1255. },
  1256. {
  1257. "name": "GetProcAddress",
  1258. "address": "0x40d0ac"
  1259. },
  1260. {
  1261. "name": "FreeLibrary",
  1262. "address": "0x40d0b0"
  1263. },
  1264. {
  1265. "name": "TlsFree",
  1266. "address": "0x40d0b4"
  1267. },
  1268. {
  1269. "name": "TlsSetValue",
  1270. "address": "0x40d0b8"
  1271. },
  1272. {
  1273. "name": "TlsGetValue",
  1274. "address": "0x40d0bc"
  1275. },
  1276. {
  1277. "name": "TlsAlloc",
  1278. "address": "0x40d0c0"
  1279. },
  1280. {
  1281. "name": "InitializeCriticalSectionAndSpinCount",
  1282. "address": "0x40d0c4"
  1283. },
  1284. {
  1285. "name": "DeleteCriticalSection",
  1286. "address": "0x40d0c8"
  1287. },
  1288. {
  1289. "name": "LeaveCriticalSection",
  1290. "address": "0x40d0cc"
  1291. },
  1292. {
  1293. "name": "EnterCriticalSection",
  1294. "address": "0x40d0d0"
  1295. },
  1296. {
  1297. "name": "SetLastError",
  1298. "address": "0x40d0d4"
  1299. },
  1300. {
  1301. "name": "GetLastError",
  1302. "address": "0x40d0d8"
  1303. },
  1304. {
  1305. "name": "RtlUnwind",
  1306. "address": "0x40d0dc"
  1307. },
  1308. {
  1309. "name": "TerminateProcess",
  1310. "address": "0x40d0e0"
  1311. },
  1312. {
  1313. "name": "GetCurrentProcess",
  1314. "address": "0x40d0e4"
  1315. },
  1316. {
  1317. "name": "GetModuleHandleW",
  1318. "address": "0x40d0e8"
  1319. },
  1320. {
  1321. "name": "IsProcessorFeaturePresent",
  1322. "address": "0x40d0ec"
  1323. },
  1324. {
  1325. "name": "GetStartupInfoW",
  1326. "address": "0x40d0f0"
  1327. },
  1328. {
  1329. "name": "SetUnhandledExceptionFilter",
  1330. "address": "0x40d0f4"
  1331. },
  1332. {
  1333. "name": "UnhandledExceptionFilter",
  1334. "address": "0x40d0f8"
  1335. },
  1336. {
  1337. "name": "IsDebuggerPresent",
  1338. "address": "0x40d0fc"
  1339. },
  1340. {
  1341. "name": "InitializeSListHead",
  1342. "address": "0x40d100"
  1343. },
  1344. {
  1345. "name": "GetSystemTimeAsFileTime",
  1346. "address": "0x40d104"
  1347. },
  1348. {
  1349. "name": "GetCurrentThreadId",
  1350. "address": "0x40d108"
  1351. },
  1352. {
  1353. "name": "GetCurrentProcessId",
  1354. "address": "0x40d10c"
  1355. },
  1356. {
  1357. "name": "QueryPerformanceCounter",
  1358. "address": "0x40d110"
  1359. },
  1360. {
  1361. "name": "SetStdHandle",
  1362. "address": "0x40d114"
  1363. },
  1364. {
  1365. "name": "GetFileType",
  1366. "address": "0x40d118"
  1367. },
  1368. {
  1369. "name": "GetStringTypeW",
  1370. "address": "0x40d11c"
  1371. },
  1372. {
  1373. "name": "GetProcessHeap",
  1374. "address": "0x40d120"
  1375. },
  1376. {
  1377. "name": "HeapSize",
  1378. "address": "0x40d124"
  1379. },
  1380. {
  1381. "name": "HeapReAlloc",
  1382. "address": "0x40d128"
  1383. },
  1384. {
  1385. "name": "FlushFileBuffers",
  1386. "address": "0x40d12c"
  1387. },
  1388. {
  1389. "name": "GetConsoleCP",
  1390. "address": "0x40d130"
  1391. },
  1392. {
  1393. "name": "GetConsoleMode",
  1394. "address": "0x40d134"
  1395. },
  1396. {
  1397. "name": "SetFilePointerEx",
  1398. "address": "0x40d138"
  1399. },
  1400. {
  1401. "name": "WriteConsoleW",
  1402. "address": "0x40d13c"
  1403. },
  1404. {
  1405. "name": "DecodePointer",
  1406. "address": "0x40d140"
  1407. },
  1408. {
  1409. "name": "CreateFileW",
  1410. "address": "0x40d144"
  1411. },
  1412. {
  1413. "name": "LoadLibraryW",
  1414. "address": "0x40d148"
  1415. },
  1416. {
  1417. "name": "RaiseException",
  1418. "address": "0x40d14c"
  1419. },
  1420. {
  1421. "name": "MultiByteToWideChar",
  1422. "address": "0x40d150"
  1423. },
  1424. {
  1425. "name": "VirtualProtect",
  1426. "address": "0x40d154"
  1427. }
  1428. ],
  1429. "dll": "KERNEL32.dll"
  1430. },
  1431. {
  1432. "imports": [
  1433. {
  1434. "name": "CreateMDIWindowA",
  1435. "address": "0x40d1c4"
  1436. },
  1437. {
  1438. "name": "ImpersonateDdeClientWindow",
  1439. "address": "0x40d1c8"
  1440. },
  1441. {
  1442. "name": "SetKeyboardState",
  1443. "address": "0x40d1cc"
  1444. },
  1445. {
  1446. "name": "CreateCursor",
  1447. "address": "0x40d1d0"
  1448. },
  1449. {
  1450. "name": "LockWindowUpdate",
  1451. "address": "0x40d1d4"
  1452. },
  1453. {
  1454. "name": "GetDesktopWindow",
  1455. "address": "0x40d1d8"
  1456. },
  1457. {
  1458. "name": "ReuseDDElParam",
  1459. "address": "0x40d1dc"
  1460. },
  1461. {
  1462. "name": "EqualRect",
  1463. "address": "0x40d1e0"
  1464. },
  1465. {
  1466. "name": "DefWindowProcW",
  1467. "address": "0x40d1e4"
  1468. },
  1469. {
  1470. "name": "CreateIcon",
  1471. "address": "0x40d1e8"
  1472. },
  1473. {
  1474. "name": "IsCharAlphaA",
  1475. "address": "0x40d1ec"
  1476. },
  1477. {
  1478. "name": "ChangeDisplaySettingsExA",
  1479. "address": "0x40d1f0"
  1480. },
  1481. {
  1482. "name": "GetUserObjectSecurity",
  1483. "address": "0x40d1f4"
  1484. },
  1485. {
  1486. "name": "SetMessageExtraInfo",
  1487. "address": "0x40d1f8"
  1488. },
  1489. {
  1490. "name": "DdeQueryStringW",
  1491. "address": "0x40d1fc"
  1492. },
  1493. {
  1494. "name": "DefFrameProcA",
  1495. "address": "0x40d200"
  1496. },
  1497. {
  1498. "name": "AnyPopup",
  1499. "address": "0x40d204"
  1500. },
  1501. {
  1502. "name": "CharLowerBuffW",
  1503. "address": "0x40d208"
  1504. },
  1505. {
  1506. "name": "VkKeyScanExW",
  1507. "address": "0x40d20c"
  1508. },
  1509. {
  1510. "name": "UnhookWinEvent",
  1511. "address": "0x40d210"
  1512. },
  1513. {
  1514. "name": "IsCharUpperW",
  1515. "address": "0x40d214"
  1516. },
  1517. {
  1518. "name": "OpenWindowStationA",
  1519. "address": "0x40d218"
  1520. },
  1521. {
  1522. "name": "TranslateAcceleratorW",
  1523. "address": "0x40d21c"
  1524. },
  1525. {
  1526. "name": "ChangeDisplaySettingsExW",
  1527. "address": "0x40d220"
  1528. },
  1529. {
  1530. "name": "ToUnicodeEx",
  1531. "address": "0x40d224"
  1532. },
  1533. {
  1534. "name": "CreateWindowStationA",
  1535. "address": "0x40d228"
  1536. },
  1537. {
  1538. "name": "UnregisterHotKey",
  1539. "address": "0x40d22c"
  1540. }
  1541. ],
  1542. "dll": "USER32.dll"
  1543. },
  1544. {
  1545. "imports": [
  1546. {
  1547. "name": "DocumentPropertySheets",
  1548. "address": "0x40d288"
  1549. },
  1550. {
  1551. "name": "EnumJobsW",
  1552. "address": "0x40d28c"
  1553. },
  1554. {
  1555. "name": "AddJobA",
  1556. "address": "0x40d290"
  1557. },
  1558. {
  1559. "name": "EnumPrintProcessorsA",
  1560. "address": "0x40d294"
  1561. },
  1562. {
  1563. "name": "GetFormW",
  1564. "address": "0x40d298"
  1565. },
  1566. {
  1567. "name": null,
  1568. "address": "0x40d29c"
  1569. },
  1570. {
  1571. "name": "GetSpoolFileHandle",
  1572. "address": "0x40d2a0"
  1573. },
  1574. {
  1575. "name": "PrinterProperties",
  1576. "address": "0x40d2a4"
  1577. },
  1578. {
  1579. "name": "DeleteMonitorW",
  1580. "address": "0x40d2a8"
  1581. },
  1582. {
  1583. "name": "EnumPrinterDriversW",
  1584. "address": "0x40d2ac"
  1585. },
  1586. {
  1587. "name": "EnumPrinterDriversA",
  1588. "address": "0x40d2b0"
  1589. },
  1590. {
  1591. "name": "CloseSpoolFileHandle",
  1592. "address": "0x40d2b4"
  1593. },
  1594. {
  1595. "name": "DeletePrintProcessorA",
  1596. "address": "0x40d2b8"
  1597. },
  1598. {
  1599. "name": "EnumPrintersA",
  1600. "address": "0x40d2bc"
  1601. },
  1602. {
  1603. "name": "GetPrinterA",
  1604. "address": "0x40d2c0"
  1605. },
  1606. {
  1607. "name": "AddPrintProcessorW",
  1608. "address": "0x40d2c4"
  1609. },
  1610. {
  1611. "name": null,
  1612. "address": "0x40d2c8"
  1613. },
  1614. {
  1615. "name": "DeletePrinterKeyA",
  1616. "address": "0x40d2cc"
  1617. },
  1618. {
  1619. "name": "DeletePrinterDriverA",
  1620. "address": "0x40d2d0"
  1621. },
  1622. {
  1623. "name": "PlayGdiScriptOnPrinterIC",
  1624. "address": "0x40d2d4"
  1625. },
  1626. {
  1627. "name": "DeletePrintProcessorW",
  1628. "address": "0x40d2d8"
  1629. },
  1630. {
  1631. "name": "FindClosePrinterChangeNotification",
  1632. "address": "0x40d2dc"
  1633. },
  1634. {
  1635. "name": null,
  1636. "address": "0x40d2e0"
  1637. },
  1638. {
  1639. "name": "DeletePrinterDataExW",
  1640. "address": "0x40d2e4"
  1641. },
  1642. {
  1643. "name": "XcvDataW",
  1644. "address": "0x40d2e8"
  1645. }
  1646. ],
  1647. "dll": "WINSPOOL.DRV"
  1648. },
  1649. {
  1650. "imports": [
  1651. {
  1652. "name": "InternetCloseHandle",
  1653. "address": "0x40d234"
  1654. },
  1655. {
  1656. "name": "HttpSendRequestA",
  1657. "address": "0x40d238"
  1658. },
  1659. {
  1660. "name": "InternetCrackUrlA",
  1661. "address": "0x40d23c"
  1662. },
  1663. {
  1664. "name": "FindNextUrlCacheContainerW",
  1665. "address": "0x40d240"
  1666. },
  1667. {
  1668. "name": "ParseX509EncodedCertificateForListBoxEntry",
  1669. "address": "0x40d244"
  1670. },
  1671. {
  1672. "name": "GetUrlCacheConfigInfoW",
  1673. "address": "0x40d248"
  1674. },
  1675. {
  1676. "name": "GopherCreateLocatorA",
  1677. "address": "0x40d24c"
  1678. },
  1679. {
  1680. "name": "FtpCreateDirectoryA",
  1681. "address": "0x40d250"
  1682. },
  1683. {
  1684. "name": "InternetCombineUrlA",
  1685. "address": "0x40d254"
  1686. },
  1687. {
  1688. "name": "SetUrlCacheEntryInfoA",
  1689. "address": "0x40d258"
  1690. },
  1691. {
  1692. "name": "InternetConnectW",
  1693. "address": "0x40d25c"
  1694. },
  1695. {
  1696. "name": "UnlockUrlCacheEntryFile",
  1697. "address": "0x40d260"
  1698. },
  1699. {
  1700. "name": "RetrieveUrlCacheEntryStreamA",
  1701. "address": "0x40d264"
  1702. },
  1703. {
  1704. "name": "InternetWriteFileExA",
  1705. "address": "0x40d268"
  1706. },
  1707. {
  1708. "name": "GetUrlCacheConfigInfoA",
  1709. "address": "0x40d26c"
  1710. },
  1711. {
  1712. "name": "InternetSetCookieA",
  1713. "address": "0x40d270"
  1714. },
  1715. {
  1716. "name": "GetUrlCacheHeaderData",
  1717. "address": "0x40d274"
  1718. },
  1719. {
  1720. "name": "HttpOpenRequestA",
  1721. "address": "0x40d278"
  1722. },
  1723. {
  1724. "name": "GopherGetAttributeW",
  1725. "address": "0x40d27c"
  1726. },
  1727. {
  1728. "name": "FindFirstUrlCacheContainerA",
  1729. "address": "0x40d280"
  1730. }
  1731. ],
  1732. "dll": "WININET.dll"
  1733. },
  1734. {
  1735. "imports": [
  1736. {
  1737. "name": "PathIsContentTypeW",
  1738. "address": "0x40d15c"
  1739. },
  1740. {
  1741. "name": "StrChrIA",
  1742. "address": "0x40d160"
  1743. },
  1744. {
  1745. "name": "SHDeleteKeyA",
  1746. "address": "0x40d164"
  1747. },
  1748. {
  1749. "name": "UrlGetLocationW",
  1750. "address": "0x40d168"
  1751. },
  1752. {
  1753. "name": "UrlUnescapeA",
  1754. "address": "0x40d16c"
  1755. },
  1756. {
  1757. "name": "StrCSpnA",
  1758. "address": "0x40d170"
  1759. },
  1760. {
  1761. "name": "StrFormatByteSizeA",
  1762. "address": "0x40d174"
  1763. },
  1764. {
  1765. "name": "SHRegCreateUSKeyA",
  1766. "address": "0x40d178"
  1767. },
  1768. {
  1769. "name": "UrlCanonicalizeW",
  1770. "address": "0x40d17c"
  1771. },
  1772. {
  1773. "name": "PathUnquoteSpacesA",
  1774. "address": "0x40d180"
  1775. },
  1776. {
  1777. "name": "SHRegWriteUSValueW",
  1778. "address": "0x40d184"
  1779. },
  1780. {
  1781. "name": "StrSpnW",
  1782. "address": "0x40d188"
  1783. },
  1784. {
  1785. "name": "PathRemoveBackslashW",
  1786. "address": "0x40d18c"
  1787. },
  1788. {
  1789. "name": "PathIsDirectoryW",
  1790. "address": "0x40d190"
  1791. },
  1792. {
  1793. "name": "PathParseIconLocationA",
  1794. "address": "0x40d194"
  1795. },
  1796. {
  1797. "name": "PathUnquoteSpacesW",
  1798. "address": "0x40d198"
  1799. },
  1800. {
  1801. "name": "PathCompactPathExW",
  1802. "address": "0x40d19c"
  1803. },
  1804. {
  1805. "name": "PathCombineW",
  1806. "address": "0x40d1a0"
  1807. },
  1808. {
  1809. "name": "SHEnumValueA",
  1810. "address": "0x40d1a4"
  1811. },
  1812. {
  1813. "name": "PathStripPathA",
  1814. "address": "0x40d1a8"
  1815. },
  1816. {
  1817. "name": "StrCatW",
  1818. "address": "0x40d1ac"
  1819. },
  1820. {
  1821. "name": "SHRegDeleteEmptyUSKeyA",
  1822. "address": "0x40d1b0"
  1823. },
  1824. {
  1825. "name": "StrStrIW",
  1826. "address": "0x40d1b4"
  1827. },
  1828. {
  1829. "name": "SHEnumKeyExA",
  1830. "address": "0x40d1b8"
  1831. },
  1832. {
  1833. "name": "StrCmpW",
  1834. "address": "0x40d1bc"
  1835. }
  1836. ],
  1837. "dll": "SHLWAPI.dll"
  1838. },
  1839. {
  1840. "imports": [
  1841. {
  1842. "name": "CryptHashPublicKeyInfo",
  1843. "address": "0x40d000"
  1844. },
  1845. {
  1846. "name": "CertAddSerializedElementToStore",
  1847. "address": "0x40d004"
  1848. },
  1849. {
  1850. "name": "CertDuplicateCRLContext",
  1851. "address": "0x40d008"
  1852. },
  1853. {
  1854. "name": "CertEnumCertificatesInStore",
  1855. "address": "0x40d00c"
  1856. },
  1857. {
  1858. "name": "CertAddEncodedCRLToStore",
  1859. "address": "0x40d010"
  1860. },
  1861. {
  1862. "name": "CertGetIntendedKeyUsage",
  1863. "address": "0x40d014"
  1864. },
  1865. {
  1866. "name": "CertSerializeCertificateStoreElement",
  1867. "address": "0x40d018"
  1868. },
  1869. {
  1870. "name": "CertIsRDNAttrsInCertificateName",
  1871. "address": "0x40d01c"
  1872. },
  1873. {
  1874. "name": "CryptImportPublicKeyInfo",
  1875. "address": "0x40d020"
  1876. },
  1877. {
  1878. "name": "CryptVerifyCertificateSignature",
  1879. "address": "0x40d024"
  1880. },
  1881. {
  1882. "name": "CertDeleteCTLFromStore",
  1883. "address": "0x40d028"
  1884. },
  1885. {
  1886. "name": "CryptFormatObject",
  1887. "address": "0x40d02c"
  1888. },
  1889. {
  1890. "name": "CryptExportPublicKeyInfo",
  1891. "address": "0x40d030"
  1892. },
  1893. {
  1894. "name": "CertSetEnhancedKeyUsage",
  1895. "address": "0x40d034"
  1896. },
  1897. {
  1898. "name": "CertAddCRLContextToStore",
  1899. "address": "0x40d038"
  1900. },
  1901. {
  1902. "name": "CertCompareCertificate",
  1903. "address": "0x40d03c"
  1904. },
  1905. {
  1906. "name": "CertCreateCTLContext",
  1907. "address": "0x40d040"
  1908. },
  1909. {
  1910. "name": "CryptSignAndEncryptMessage",
  1911. "address": "0x40d044"
  1912. }
  1913. ],
  1914. "dll": "CRYPT32.dll"
  1915. }
  1916. ],
  1917. "digital_signers": null,
  1918. "exported_dll_name": null,
  1919. "actual_checksum": "0x000459f1",
  1920. "overlay": null,
  1921. "imagebase": "0x00400000",
  1922. "reported_checksum": "0x00000000",
  1923. "icon_hash": null,
  1924. "entrypoint": "0x00402055",
  1925. "timestamp": "2019-06-08 12:45:24",
  1926. "osversion": "5.1",
  1927. "sections": [
  1928. {
  1929. "name": ".text",
  1930. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1931. "virtual_address": "0x00001000",
  1932. "size_of_data": "0x0000be00",
  1933. "entropy": "6.65",
  1934. "raw_address": "0x00000400",
  1935. "virtual_size": "0x0000bd87",
  1936. "characteristics_raw": "0x60000020"
  1937. },
  1938. {
  1939. "name": ".rdata",
  1940. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1941. "virtual_address": "0x0000d000",
  1942. "size_of_data": "0x00006600",
  1943. "entropy": "5.09",
  1944. "raw_address": "0x0000c200",
  1945. "virtual_size": "0x000065b2",
  1946. "characteristics_raw": "0x40000040"
  1947. },
  1948. {
  1949. "name": ".data",
  1950. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1951. "virtual_address": "0x00014000",
  1952. "size_of_data": "0x00007800",
  1953. "entropy": "6.76",
  1954. "raw_address": "0x00012800",
  1955. "virtual_size": "0x00008120",
  1956. "characteristics_raw": "0xc0000040"
  1957. },
  1958. {
  1959. "name": ".gfids",
  1960. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1961. "virtual_address": "0x0001d000",
  1962. "size_of_data": "0x00000200",
  1963. "entropy": "1.41",
  1964. "raw_address": "0x0001a000",
  1965. "virtual_size": "0x000000ac",
  1966. "characteristics_raw": "0x40000040"
  1967. },
  1968. {
  1969. "name": ".rsrc",
  1970. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1971. "virtual_address": "0x0001e000",
  1972. "size_of_data": "0x00029800",
  1973. "entropy": "6.52",
  1974. "raw_address": "0x0001a200",
  1975. "virtual_size": "0x000296dd",
  1976. "characteristics_raw": "0x40000040"
  1977. },
  1978. {
  1979. "name": ".reloc",
  1980. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1981. "virtual_address": "0x00048000",
  1982. "size_of_data": "0x00001800",
  1983. "entropy": "6.30",
  1984. "raw_address": "0x00043a00",
  1985. "virtual_size": "0x00001628",
  1986. "characteristics_raw": "0x42000040"
  1987. }
  1988. ],
  1989. "resources": [],
  1990. "dirents": [
  1991. {
  1992. "virtual_address": "0x00000000",
  1993. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1994. "size": "0x00000000"
  1995. },
  1996. {
  1997. "virtual_address": "0x00012384",
  1998. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1999. "size": "0x0000008c"
  2000. },
  2001. {
  2002. "virtual_address": "0x0001e000",
  2003. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  2004. "size": "0x000296dd"
  2005. },
  2006. {
  2007. "virtual_address": "0x00000000",
  2008. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  2009. "size": "0x00000000"
  2010. },
  2011. {
  2012. "virtual_address": "0x00000000",
  2013. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  2014. "size": "0x00000000"
  2015. },
  2016. {
  2017. "virtual_address": "0x00048000",
  2018. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  2019. "size": "0x00001628"
  2020. },
  2021. {
  2022. "virtual_address": "0x00011cc0",
  2023. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  2024. "size": "0x0000001c"
  2025. },
  2026. {
  2027. "virtual_address": "0x00000000",
  2028. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  2029. "size": "0x00000000"
  2030. },
  2031. {
  2032. "virtual_address": "0x00000000",
  2033. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  2034. "size": "0x00000000"
  2035. },
  2036. {
  2037. "virtual_address": "0x00000000",
  2038. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  2039. "size": "0x00000000"
  2040. },
  2041. {
  2042. "virtual_address": "0x00011ce0",
  2043. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  2044. "size": "0x00000040"
  2045. },
  2046. {
  2047. "virtual_address": "0x00000000",
  2048. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  2049. "size": "0x00000000"
  2050. },
  2051. {
  2052. "virtual_address": "0x0000d000",
  2053. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  2054. "size": "0x000002f0"
  2055. },
  2056. {
  2057. "virtual_address": "0x00000000",
  2058. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  2059. "size": "0x00000000"
  2060. },
  2061. {
  2062. "virtual_address": "0x00000000",
  2063. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  2064. "size": "0x00000000"
  2065. },
  2066. {
  2067. "virtual_address": "0x00000000",
  2068. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  2069. "size": "0x00000000"
  2070. }
  2071. ],
  2072. "exports": [],
  2073. "guest_signers": {},
  2074. "imphash": "1263d471a0f2e9a98846386838077c21",
  2075. "icon_fuzzy": null,
  2076. "icon": null,
  2077. "pdbpath": null,
  2078. "imported_dll_count": 6,
  2079. "versioninfo": []
  2080. }
  2081. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!