API tools faq
paste
Advertisement
paladin316

Exes_c9351110_exe.json

paladin316
Jun 17th, 2019
1,391
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.03 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_c9351110.exe"
  7. [*] File Size: 276560
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "08f7c2a8b124972c88f685d28e19b7a4dfdf63a4d2aabf3bb2672900d11fd517"
  10. [*] MD5: "b44f00cb1edb37de99b3433e1923690f"
  11. [*] SHA1: "214e0da093d49cfc4ff6c34515767dc079daaeed"
  12. [*] SHA512: "529c279d2cf5ab854adf02d47924fa351a21c58a912323b164da4c3840a52376ef74a4b021fcf610794b3b1d99b3775365d21041404038bc3ca1101e6b0641c8"
  13. [*] CRC32: "C9351110"
  14. [*] SSDEEP: "3072:WnKTc3gcjY8HYRuV4ek4gXhD6/iQ0ET1fY/Tnib6qICONXvm0JZxkW5QGmwFp+14:WhPHY01/p0VTJq+9wm07jXJE"
  15.  
  16. [*] Process Execution: [
  17. "Exes_c9351110.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "The binary likely contains encrypted or compressed data.",
  23. "Details": [
  24. {
  25. "section": "name: .text, entropy: 7.43, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00041200, virtual_size: 0x000411f4"
  26. }
  27. ]
  28. },
  29. {
  30. "Description": "File has been identified by 47 Antiviruses on VirusTotal as malicious",
  31. "Details": [
  32. {
  33. "MicroWorld-eScan": "Trojan.Ransomware.GenericKDS.32047067"
  34. },
  35. {
  36. "FireEye": "Generic.mg.b44f00cb1edb37de"
  37. },
  38. {
  39. "ALYac": "Trojan.Ransomware.GenericKDS.32047067"
  40. },
  41. {
  42. "Cylance": "Unsafe"
  43. },
  44. {
  45. "Alibaba": "Trojan:Win32/Malmail.ali1000112"
  46. },
  47. {
  48. "K7GW": "Trojan ( 0054e2cc1 )"
  49. },
  50. {
  51. "K7AntiVirus": "Trojan ( 0054e2cc1 )"
  52. },
  53. {
  54. "Arcabit": "Trojan.Ransomware.GenericS.D1E8FFDB"
  55. },
  56. {
  57. "TrendMicro": "TROJ_GEN.R002C0WFB19"
  58. },
  59. {
  60. "NANO-Antivirus": "Trojan.Win32.Androm.fregmi"
  61. },
  62. {
  63. "Symantec": "Trojan.Gen.MBT"
  64. },
  65. {
  66. "APEX": "Malicious"
  67. },
  68. {
  69. "Paloalto": "generic.ml"
  70. },
  71. {
  72. "Kaspersky": "HEUR:Backdoor.MSIL.Androm.gen"
  73. },
  74. {
  75. "BitDefender": "Trojan.Ransomware.GenericKDS.32047067"
  76. },
  77. {
  78. "AegisLab": "Trojan.MSIL.Androm.4!c"
  79. },
  80. {
  81. "Avast": "Win32:Malware-gen"
  82. },
  83. {
  84. "Tencent": "Win32.Trojan.Raas.Auto"
  85. },
  86. {
  87. "Ad-Aware": "Trojan.Ransomware.GenericKDS.32047067"
  88. },
  89. {
  90. "Emsisoft": "Trojan.Ransomware.GenericKDS.32047067 (B)"
  91. },
  92. {
  93. "F-Secure": "Trojan.TR/Kryptik.nwikz"
  94. },
  95. {
  96. "Invincea": "heuristic"
  97. },
  98. {
  99. "McAfee-GW-Edition": "RDN/Generic BackDoor"
  100. },
  101. {
  102. "Trapmine": "malicious.moderate.ml.score"
  103. },
  104. {
  105. "Sophos": "Mal/Generic-S"
  106. },
  107. {
  108. "Ikarus": "Trojan.MSIL.Crypt"
  109. },
  110. {
  111. "ESET-NOD32": "a variant of MSIL/Kryptik.RTU"
  112. },
  113. {
  114. "Avira": "TR/Kryptik.nwikz"
  115. },
  116. {
  117. "MAX": "malware (ai score=100)"
  118. },
  119. {
  120. "Microsoft": "Trojan:Win32/Occamy.C"
  121. },
  122. {
  123. "Endgame": "malicious (high confidence)"
  124. },
  125. {
  126. "ViRobot": "Trojan.Win32.Z.Ransomware.276560"
  127. },
  128. {
  129. "ZoneAlarm": "HEUR:Backdoor.MSIL.Androm.gen"
  130. },
  131. {
  132. "GData": "Trojan.Ransomware.GenericKDS.32047067"
  133. },
  134. {
  135. "Acronis": "suspicious"
  136. },
  137. {
  138. "McAfee": "RDN/Generic BackDoor"
  139. },
  140. {
  141. "TrendMicro-HouseCall": "TROJ_GEN.R002C0WFB19"
  142. },
  143. {
  144. "Rising": "Backdoor.Androm!8.113 (CLOUD)"
  145. },
  146. {
  147. "SentinelOne": "DFI - Suspicious PE"
  148. },
  149. {
  150. "eGambit": "PE.Heur.InvalidSig"
  151. },
  152. {
  153. "Fortinet": "MSIL/Kryptik.RPR!tr"
  154. },
  155. {
  156. "Webroot": "W32.Trojan.Gen"
  157. },
  158. {
  159. "AVG": "Win32:Malware-gen"
  160. },
  161. {
  162. "Cybereason": "malicious.b1edb3"
  163. },
  164. {
  165. "Panda": "Trj/Genetic.gen"
  166. },
  167. {
  168. "CrowdStrike": "win/malicious_confidence_90% (W)"
  169. },
  170. {
  171. "Qihoo-360": "Win32/Backdoor.9cf"
  172. }
  173. ]
  174. },
  175. {
  176. "Description": "Anomalous binary characteristics",
  177. "Details": [
  178. {
  179. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
  180. }
  181. ]
  182. }
  183. ]
  184.  
  185. [*] Started Service: []
  186.  
  187. [*] Executed Commands: []
  188.  
  189. [*] Mutexes: []
  190.  
  191. [*] Modified Files: []
  192.  
  193. [*] Deleted Files: []
  194.  
  195. [*] Modified Registry Keys: []
  196.  
  197. [*] Deleted Registry Keys: []
  198.  
  199. [*] DNS Communications: []
  200.  
  201. [*] Domains: []
  202.  
  203. [*] Network Communication - ICMP: []
  204.  
  205. [*] Network Communication - HTTP: []
  206.  
  207. [*] Network Communication - SMTP: []
  208.  
  209. [*] Network Communication - Hosts: []
  210.  
  211. [*] Network Communication - IRC: []
  212.  
  213. [*] Static Analysis: {
  214. "dotnet": {
  215. "customattrs": [
  216. {
  217. "type": "Assembly",
  218. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  219. "value": "6.8.11."
  220. },
  221. {
  222. "type": "Assembly",
  223. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  224. "value": "3e54aa41-20b9-48be-8cda-b800465a70"
  225. },
  226. {
  227. "type": "Assembly",
  228. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  229. "value": "oyesurik"
  230. },
  231. {
  232. "type": "Assembly",
  233. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  234. "value": "oyesurik"
  235. },
  236. {
  237. "type": "Assembly",
  238. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  239. "value": "Copyright \\xc2\\xa9 20"
  240. },
  241. {
  242. "type": "Assembly",
  243. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  244. "value": "ozumebedufijuwelox"
  245. },
  246. {
  247. "type": "Assembly",
  248. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  249. "value": "emitipayohap"
  250. },
  251. {
  252. "type": "Property",
  253. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  254. "value": ""
  255. },
  256. {
  257. "type": "Property",
  258. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  259. "value": "10"
  260. }
  261. ],
  262. "assemblyinfo": {
  263. "version": "1.0.0.0",
  264. "name": "F5xCidiE9j51rHUM"
  265. },
  266. "assemblyrefs": [
  267. {
  268. "version": "4.0.0.0",
  269. "name": "mscorlib"
  270. },
  271. {
  272. "version": "4.0.0.0",
  273. "name": "System"
  274. },
  275. {
  276. "version": "1.0.0.1",
  277. "name": "gdi32"
  278. }
  279. ],
  280. "typerefs": [
  281. {
  282. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  283. "assembly": "System"
  284. },
  285. {
  286. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  287. "assembly": "System"
  288. },
  289. {
  290. "typename": "System.ComponentModel.EditorBrowsableState",
  291. "assembly": "System"
  292. },
  293. {
  294. "typename": "System.Configuration.ApplicationSettingsBase",
  295. "assembly": "System"
  296. },
  297. {
  298. "typename": "System.Configuration.DefaultSettingValueAttribute",
  299. "assembly": "System"
  300. },
  301. {
  302. "typename": "System.Configuration.SettingsBase",
  303. "assembly": "System"
  304. },
  305. {
  306. "typename": "System.Configuration.UserScopedSettingAttribute",
  307. "assembly": "System"
  308. },
  309. {
  310. "typename": "gdi32.Program",
  311. "assembly": "gdi32"
  312. },
  313. {
  314. "typename": "System.AppDomain",
  315. "assembly": "mscorlib"
  316. },
  317. {
  318. "typename": "System.Array",
  319. "assembly": "mscorlib"
  320. },
  321. {
  322. "typename": "System.Boolean",
  323. "assembly": "mscorlib"
  324. },
  325. {
  326. "typename": "System.Buffer",
  327. "assembly": "mscorlib"
  328. },
  329. {
  330. "typename": "System.Byte",
  331. "assembly": "mscorlib"
  332. },
  333. {
  334. "typename": "System.Char",
  335. "assembly": "mscorlib"
  336. },
  337. {
  338. "typename": "System.Collections.Generic.IEnumerable`1",
  339. "assembly": "mscorlib"
  340. },
  341. {
  342. "typename": "System.Collections.IEnumerable",
  343. "assembly": "mscorlib"
  344. },
  345. {
  346. "typename": "System.Console",
  347. "assembly": "mscorlib"
  348. },
  349. {
  350. "typename": "System.DBNull",
  351. "assembly": "mscorlib"
  352. },
  353. {
  354. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  355. "assembly": "mscorlib"
  356. },
  357. {
  358. "typename": "System.Enum",
  359. "assembly": "mscorlib"
  360. },
  361. {
  362. "typename": "System.Exception",
  363. "assembly": "mscorlib"
  364. },
  365. {
  366. "typename": "System.Globalization.CompareOptions",
  367. "assembly": "mscorlib"
  368. },
  369. {
  370. "typename": "System.Globalization.CultureInfo",
  371. "assembly": "mscorlib"
  372. },
  373. {
  374. "typename": "System.Globalization.NumberStyles",
  375. "assembly": "mscorlib"
  376. },
  377. {
  378. "typename": "System.Globalization.UnicodeCategory",
  379. "assembly": "mscorlib"
  380. },
  381. {
  382. "typename": "System.ICloneable",
  383. "assembly": "mscorlib"
  384. },
  385. {
  386. "typename": "System.IConvertible",
  387. "assembly": "mscorlib"
  388. },
  389. {
  390. "typename": "System.IFormatProvider",
  391. "assembly": "mscorlib"
  392. },
  393. {
  394. "typename": "System.Int16",
  395. "assembly": "mscorlib"
  396. },
  397. {
  398. "typename": "System.Int32",
  399. "assembly": "mscorlib"
  400. },
  401. {
  402. "typename": "System.Int64",
  403. "assembly": "mscorlib"
  404. },
  405. {
  406. "typename": "System.NotSupportedException",
  407. "assembly": "mscorlib"
  408. },
  409. {
  410. "typename": "System.Object",
  411. "assembly": "mscorlib"
  412. },
  413. {
  414. "typename": "System.Reflection.Assembly",
  415. "assembly": "mscorlib"
  416. },
  417. {
  418. "typename": "System.Reflection.AssemblyCompanyAttribute",
  419. "assembly": "mscorlib"
  420. },
  421. {
  422. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  423. "assembly": "mscorlib"
  424. },
  425. {
  426. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  427. "assembly": "mscorlib"
  428. },
  429. {
  430. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  431. "assembly": "mscorlib"
  432. },
  433. {
  434. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  435. "assembly": "mscorlib"
  436. },
  437. {
  438. "typename": "System.Reflection.AssemblyProductAttribute",
  439. "assembly": "mscorlib"
  440. },
  441. {
  442. "typename": "System.Reflection.AssemblyTitleAttribute",
  443. "assembly": "mscorlib"
  444. },
  445. {
  446. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  447. "assembly": "mscorlib"
  448. },
  449. {
  450. "typename": "System.Reflection.BindingFlags",
  451. "assembly": "mscorlib"
  452. },
  453. {
  454. "typename": "System.Reflection.CallingConventions",
  455. "assembly": "mscorlib"
  456. },
  457. {
  458. "typename": "System.Reflection.MemberInfo",
  459. "assembly": "mscorlib"
  460. },
  461. {
  462. "typename": "System.Reflection.MethodBase",
  463. "assembly": "mscorlib"
  464. },
  465. {
  466. "typename": "System.Reflection.ParameterInfo",
  467. "assembly": "mscorlib"
  468. },
  469. {
  470. "typename": "System.Reflection.ParameterModifier",
  471. "assembly": "mscorlib"
  472. },
  473. {
  474. "typename": "System.Reflection.PropertyInfo",
  475. "assembly": "mscorlib"
  476. },
  477. {
  478. "typename": "System.ResolveEventArgs",
  479. "assembly": "mscorlib"
  480. },
  481. {
  482. "typename": "System.ResolveEventHandler",
  483. "assembly": "mscorlib"
  484. },
  485. {
  486. "typename": "System.Resources.ResourceManager",
  487. "assembly": "mscorlib"
  488. },
  489. {
  490. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  491. "assembly": "mscorlib"
  492. },
  493. {
  494. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  495. "assembly": "mscorlib"
  496. },
  497. {
  498. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  499. "assembly": "mscorlib"
  500. },
  501. {
  502. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  503. "assembly": "mscorlib"
  504. },
  505. {
  506. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  507. "assembly": "mscorlib"
  508. },
  509. {
  510. "typename": "System.Runtime.InteropServices.GuidAttribute",
  511. "assembly": "mscorlib"
  512. },
  513. {
  514. "typename": "System.Runtime.InteropServices._Type",
  515. "assembly": "mscorlib"
  516. },
  517. {
  518. "typename": "System.Runtime.Remoting.ObjectHandle",
  519. "assembly": "mscorlib"
  520. },
  521. {
  522. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  523. "assembly": "mscorlib"
  524. },
  525. {
  526. "typename": "System.RuntimeFieldHandle",
  527. "assembly": "mscorlib"
  528. },
  529. {
  530. "typename": "System.RuntimeTypeHandle",
  531. "assembly": "mscorlib"
  532. },
  533. {
  534. "typename": "System.SByte",
  535. "assembly": "mscorlib"
  536. },
  537. {
  538. "typename": "System.STAThreadAttribute",
  539. "assembly": "mscorlib"
  540. },
  541. {
  542. "typename": "System.String",
  543. "assembly": "mscorlib"
  544. },
  545. {
  546. "typename": "System.StringComparison",
  547. "assembly": "mscorlib"
  548. },
  549. {
  550. "typename": "System.StringSplitOptions",
  551. "assembly": "mscorlib"
  552. },
  553. {
  554. "typename": "System.Text.NormalizationForm",
  555. "assembly": "mscorlib"
  556. },
  557. {
  558. "typename": "System.Text.StringBuilder",
  559. "assembly": "mscorlib"
  560. },
  561. {
  562. "typename": "System.Threading.Thread",
  563. "assembly": "mscorlib"
  564. },
  565. {
  566. "typename": "System.Type",
  567. "assembly": "mscorlib"
  568. },
  569. {
  570. "typename": "System.TypeCode",
  571. "assembly": "mscorlib"
  572. },
  573. {
  574. "typename": "System.UInt16",
  575. "assembly": "mscorlib"
  576. },
  577. {
  578. "typename": "System.UInt32",
  579. "assembly": "mscorlib"
  580. },
  581. {
  582. "typename": "System.UInt64",
  583. "assembly": "mscorlib"
  584. },
  585. {
  586. "typename": "System.ValueType",
  587. "assembly": "mscorlib"
  588. },
  589. {
  590. "typename": "System.Void",
  591. "assembly": "mscorlib"
  592. }
  593. ]
  594. },
  595. "pe": {
  596. "peid_signatures": null,
  597. "imports": [
  598. {
  599. "imports": [
  600. {
  601. "name": "_CorExeMain",
  602. "address": "0x402000"
  603. }
  604. ],
  605. "dll": "mscoree.dll"
  606. }
  607. ],
  608. "digital_signers": null,
  609. "exported_dll_name": null,
  610. "actual_checksum": "0x000527c1",
  611. "overlay": {
  612. "size": "0x00001c50",
  613. "offset": "0x00041c00"
  614. },
  615. "imagebase": "0x00400000",
  616. "reported_checksum": "0x00000000",
  617. "icon_hash": null,
  618. "entrypoint": "0x004431ee",
  619. "timestamp": "1990-12-07 04:38:41",
  620. "osversion": "4.0",
  621. "sections": [
  622. {
  623. "name": ".text",
  624. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  625. "virtual_address": "0x00002000",
  626. "size_of_data": "0x00041200",
  627. "entropy": "7.43",
  628. "raw_address": "0x00000200",
  629. "virtual_size": "0x000411f4",
  630. "characteristics_raw": "0x60000020"
  631. },
  632. {
  633. "name": ".rsrc",
  634. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  635. "virtual_address": "0x00044000",
  636. "size_of_data": "0x00000600",
  637. "entropy": "4.47",
  638. "raw_address": "0x00041400",
  639. "virtual_size": "0x00000600",
  640. "characteristics_raw": "0x40000040"
  641. },
  642. {
  643. "name": ".reloc",
  644. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  645. "virtual_address": "0x00046000",
  646. "size_of_data": "0x00000200",
  647. "entropy": "0.10",
  648. "raw_address": "0x00041a00",
  649. "virtual_size": "0x0000000c",
  650. "characteristics_raw": "0x42000040"
  651. }
  652. ],
  653. "resources": [],
  654. "dirents": [
  655. {
  656. "virtual_address": "0x00000000",
  657. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  658. "size": "0x00000000"
  659. },
  660. {
  661. "virtual_address": "0x00043194",
  662. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  663. "size": "0x00000057"
  664. },
  665. {
  666. "virtual_address": "0x00044000",
  667. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  668. "size": "0x00000600"
  669. },
  670. {
  671. "virtual_address": "0x00000000",
  672. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  673. "size": "0x00000000"
  674. },
  675. {
  676. "virtual_address": "0x00041c00",
  677. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  678. "size": "0x00001c50"
  679. },
  680. {
  681. "virtual_address": "0x00046000",
  682. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  683. "size": "0x0000000c"
  684. },
  685. {
  686. "virtual_address": "0x00000000",
  687. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  688. "size": "0x00000000"
  689. },
  690. {
  691. "virtual_address": "0x00000000",
  692. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  693. "size": "0x00000000"
  694. },
  695. {
  696. "virtual_address": "0x00000000",
  697. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  698. "size": "0x00000000"
  699. },
  700. {
  701. "virtual_address": "0x00000000",
  702. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  703. "size": "0x00000000"
  704. },
  705. {
  706. "virtual_address": "0x00000000",
  707. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  708. "size": "0x00000000"
  709. },
  710. {
  711. "virtual_address": "0x00000000",
  712. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  713. "size": "0x00000000"
  714. },
  715. {
  716. "virtual_address": "0x00002000",
  717. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  718. "size": "0x00000008"
  719. },
  720. {
  721. "virtual_address": "0x00000000",
  722. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  723. "size": "0x00000000"
  724. },
  725. {
  726. "virtual_address": "0x00002008",
  727. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  728. "size": "0x00000048"
  729. },
  730. {
  731. "virtual_address": "0x00000000",
  732. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  733. "size": "0x00000000"
  734. }
  735. ],
  736. "exports": [],
  737. "guest_signers": {},
  738. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  739. "icon_fuzzy": null,
  740. "icon": null,
  741. "pdbpath": null,
  742. "imported_dll_count": 1,
  743. "versioninfo": []
  744. }
  745. }
  746.  
  747. [*] Resolved APIs: [
  748. "advapi32.dll.RegOpenKeyExW",
  749. "advapi32.dll.RegQueryInfoKeyW",
  750. "advapi32.dll.RegEnumKeyExW",
  751. "advapi32.dll.RegEnumValueW",
  752. "advapi32.dll.RegCloseKey",
  753. "advapi32.dll.RegQueryValueExW",
  754. "kernel32.dll.QueryActCtxW",
  755. "shlwapi.dll.UrlIsW"
  756. ]
  757.  
  758. [*] Static Analysis: {
  759. "dotnet": {
  760. "customattrs": [
  761. {
  762. "type": "Assembly",
  763. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  764. "value": "6.8.11."
  765. },
  766. {
  767. "type": "Assembly",
  768. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  769. "value": "3e54aa41-20b9-48be-8cda-b800465a70"
  770. },
  771. {
  772. "type": "Assembly",
  773. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  774. "value": "oyesurik"
  775. },
  776. {
  777. "type": "Assembly",
  778. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  779. "value": "oyesurik"
  780. },
  781. {
  782. "type": "Assembly",
  783. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  784. "value": "Copyright \\xc2\\xa9 20"
  785. },
  786. {
  787. "type": "Assembly",
  788. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  789. "value": "ozumebedufijuwelox"
  790. },
  791. {
  792. "type": "Assembly",
  793. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  794. "value": "emitipayohap"
  795. },
  796. {
  797. "type": "Property",
  798. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  799. "value": ""
  800. },
  801. {
  802. "type": "Property",
  803. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  804. "value": "10"
  805. }
  806. ],
  807. "assemblyinfo": {
  808. "version": "1.0.0.0",
  809. "name": "F5xCidiE9j51rHUM"
  810. },
  811. "assemblyrefs": [
  812. {
  813. "version": "4.0.0.0",
  814. "name": "mscorlib"
  815. },
  816. {
  817. "version": "4.0.0.0",
  818. "name": "System"
  819. },
  820. {
  821. "version": "1.0.0.1",
  822. "name": "gdi32"
  823. }
  824. ],
  825. "typerefs": [
  826. {
  827. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  828. "assembly": "System"
  829. },
  830. {
  831. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  832. "assembly": "System"
  833. },
  834. {
  835. "typename": "System.ComponentModel.EditorBrowsableState",
  836. "assembly": "System"
  837. },
  838. {
  839. "typename": "System.Configuration.ApplicationSettingsBase",
  840. "assembly": "System"
  841. },
  842. {
  843. "typename": "System.Configuration.DefaultSettingValueAttribute",
  844. "assembly": "System"
  845. },
  846. {
  847. "typename": "System.Configuration.SettingsBase",
  848. "assembly": "System"
  849. },
  850. {
  851. "typename": "System.Configuration.UserScopedSettingAttribute",
  852. "assembly": "System"
  853. },
  854. {
  855. "typename": "gdi32.Program",
  856. "assembly": "gdi32"
  857. },
  858. {
  859. "typename": "System.AppDomain",
  860. "assembly": "mscorlib"
  861. },
  862. {
  863. "typename": "System.Array",
  864. "assembly": "mscorlib"
  865. },
  866. {
  867. "typename": "System.Boolean",
  868. "assembly": "mscorlib"
  869. },
  870. {
  871. "typename": "System.Buffer",
  872. "assembly": "mscorlib"
  873. },
  874. {
  875. "typename": "System.Byte",
  876. "assembly": "mscorlib"
  877. },
  878. {
  879. "typename": "System.Char",
  880. "assembly": "mscorlib"
  881. },
  882. {
  883. "typename": "System.Collections.Generic.IEnumerable`1",
  884. "assembly": "mscorlib"
  885. },
  886. {
  887. "typename": "System.Collections.IEnumerable",
  888. "assembly": "mscorlib"
  889. },
  890. {
  891. "typename": "System.Console",
  892. "assembly": "mscorlib"
  893. },
  894. {
  895. "typename": "System.DBNull",
  896. "assembly": "mscorlib"
  897. },
  898. {
  899. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  900. "assembly": "mscorlib"
  901. },
  902. {
  903. "typename": "System.Enum",
  904. "assembly": "mscorlib"
  905. },
  906. {
  907. "typename": "System.Exception",
  908. "assembly": "mscorlib"
  909. },
  910. {
  911. "typename": "System.Globalization.CompareOptions",
  912. "assembly": "mscorlib"
  913. },
  914. {
  915. "typename": "System.Globalization.CultureInfo",
  916. "assembly": "mscorlib"
  917. },
  918. {
  919. "typename": "System.Globalization.NumberStyles",
  920. "assembly": "mscorlib"
  921. },
  922. {
  923. "typename": "System.Globalization.UnicodeCategory",
  924. "assembly": "mscorlib"
  925. },
  926. {
  927. "typename": "System.ICloneable",
  928. "assembly": "mscorlib"
  929. },
  930. {
  931. "typename": "System.IConvertible",
  932. "assembly": "mscorlib"
  933. },
  934. {
  935. "typename": "System.IFormatProvider",
  936. "assembly": "mscorlib"
  937. },
  938. {
  939. "typename": "System.Int16",
  940. "assembly": "mscorlib"
  941. },
  942. {
  943. "typename": "System.Int32",
  944. "assembly": "mscorlib"
  945. },
  946. {
  947. "typename": "System.Int64",
  948. "assembly": "mscorlib"
  949. },
  950. {
  951. "typename": "System.NotSupportedException",
  952. "assembly": "mscorlib"
  953. },
  954. {
  955. "typename": "System.Object",
  956. "assembly": "mscorlib"
  957. },
  958. {
  959. "typename": "System.Reflection.Assembly",
  960. "assembly": "mscorlib"
  961. },
  962. {
  963. "typename": "System.Reflection.AssemblyCompanyAttribute",
  964. "assembly": "mscorlib"
  965. },
  966. {
  967. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  968. "assembly": "mscorlib"
  969. },
  970. {
  971. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  972. "assembly": "mscorlib"
  973. },
  974. {
  975. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  976. "assembly": "mscorlib"
  977. },
  978. {
  979. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  980. "assembly": "mscorlib"
  981. },
  982. {
  983. "typename": "System.Reflection.AssemblyProductAttribute",
  984. "assembly": "mscorlib"
  985. },
  986. {
  987. "typename": "System.Reflection.AssemblyTitleAttribute",
  988. "assembly": "mscorlib"
  989. },
  990. {
  991. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  992. "assembly": "mscorlib"
  993. },
  994. {
  995. "typename": "System.Reflection.BindingFlags",
  996. "assembly": "mscorlib"
  997. },
  998. {
  999. "typename": "System.Reflection.CallingConventions",
  1000. "assembly": "mscorlib"
  1001. },
  1002. {
  1003. "typename": "System.Reflection.MemberInfo",
  1004. "assembly": "mscorlib"
  1005. },
  1006. {
  1007. "typename": "System.Reflection.MethodBase",
  1008. "assembly": "mscorlib"
  1009. },
  1010. {
  1011. "typename": "System.Reflection.ParameterInfo",
  1012. "assembly": "mscorlib"
  1013. },
  1014. {
  1015. "typename": "System.Reflection.ParameterModifier",
  1016. "assembly": "mscorlib"
  1017. },
  1018. {
  1019. "typename": "System.Reflection.PropertyInfo",
  1020. "assembly": "mscorlib"
  1021. },
  1022. {
  1023. "typename": "System.ResolveEventArgs",
  1024. "assembly": "mscorlib"
  1025. },
  1026. {
  1027. "typename": "System.ResolveEventHandler",
  1028. "assembly": "mscorlib"
  1029. },
  1030. {
  1031. "typename": "System.Resources.ResourceManager",
  1032. "assembly": "mscorlib"
  1033. },
  1034. {
  1035. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1036. "assembly": "mscorlib"
  1037. },
  1038. {
  1039. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1040. "assembly": "mscorlib"
  1041. },
  1042. {
  1043. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1044. "assembly": "mscorlib"
  1045. },
  1046. {
  1047. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  1048. "assembly": "mscorlib"
  1049. },
  1050. {
  1051. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1052. "assembly": "mscorlib"
  1053. },
  1054. {
  1055. "typename": "System.Runtime.InteropServices.GuidAttribute",
  1056. "assembly": "mscorlib"
  1057. },
  1058. {
  1059. "typename": "System.Runtime.InteropServices._Type",
  1060. "assembly": "mscorlib"
  1061. },
  1062. {
  1063. "typename": "System.Runtime.Remoting.ObjectHandle",
  1064. "assembly": "mscorlib"
  1065. },
  1066. {
  1067. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  1068. "assembly": "mscorlib"
  1069. },
  1070. {
  1071. "typename": "System.RuntimeFieldHandle",
  1072. "assembly": "mscorlib"
  1073. },
  1074. {
  1075. "typename": "System.RuntimeTypeHandle",
  1076. "assembly": "mscorlib"
  1077. },
  1078. {
  1079. "typename": "System.SByte",
  1080. "assembly": "mscorlib"
  1081. },
  1082. {
  1083. "typename": "System.STAThreadAttribute",
  1084. "assembly": "mscorlib"
  1085. },
  1086. {
  1087. "typename": "System.String",
  1088. "assembly": "mscorlib"
  1089. },
  1090. {
  1091. "typename": "System.StringComparison",
  1092. "assembly": "mscorlib"
  1093. },
  1094. {
  1095. "typename": "System.StringSplitOptions",
  1096. "assembly": "mscorlib"
  1097. },
  1098. {
  1099. "typename": "System.Text.NormalizationForm",
  1100. "assembly": "mscorlib"
  1101. },
  1102. {
  1103. "typename": "System.Text.StringBuilder",
  1104. "assembly": "mscorlib"
  1105. },
  1106. {
  1107. "typename": "System.Threading.Thread",
  1108. "assembly": "mscorlib"
  1109. },
  1110. {
  1111. "typename": "System.Type",
  1112. "assembly": "mscorlib"
  1113. },
  1114. {
  1115. "typename": "System.TypeCode",
  1116. "assembly": "mscorlib"
  1117. },
  1118. {
  1119. "typename": "System.UInt16",
  1120. "assembly": "mscorlib"
  1121. },
  1122. {
  1123. "typename": "System.UInt32",
  1124. "assembly": "mscorlib"
  1125. },
  1126. {
  1127. "typename": "System.UInt64",
  1128. "assembly": "mscorlib"
  1129. },
  1130. {
  1131. "typename": "System.ValueType",
  1132. "assembly": "mscorlib"
  1133. },
  1134. {
  1135. "typename": "System.Void",
  1136. "assembly": "mscorlib"
  1137. }
  1138. ]
  1139. },
  1140. "pe": {
  1141. "peid_signatures": null,
  1142. "imports": [
  1143. {
  1144. "imports": [
  1145. {
  1146. "name": "_CorExeMain",
  1147. "address": "0x402000"
  1148. }
  1149. ],
  1150. "dll": "mscoree.dll"
  1151. }
  1152. ],
  1153. "digital_signers": null,
  1154. "exported_dll_name": null,
  1155. "actual_checksum": "0x000527c1",
  1156. "overlay": {
  1157. "size": "0x00001c50",
  1158. "offset": "0x00041c00"
  1159. },
  1160. "imagebase": "0x00400000",
  1161. "reported_checksum": "0x00000000",
  1162. "icon_hash": null,
  1163. "entrypoint": "0x004431ee",
  1164. "timestamp": "1990-12-07 04:38:41",
  1165. "osversion": "4.0",
  1166. "sections": [
  1167. {
  1168. "name": ".text",
  1169. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1170. "virtual_address": "0x00002000",
  1171. "size_of_data": "0x00041200",
  1172. "entropy": "7.43",
  1173. "raw_address": "0x00000200",
  1174. "virtual_size": "0x000411f4",
  1175. "characteristics_raw": "0x60000020"
  1176. },
  1177. {
  1178. "name": ".rsrc",
  1179. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1180. "virtual_address": "0x00044000",
  1181. "size_of_data": "0x00000600",
  1182. "entropy": "4.47",
  1183. "raw_address": "0x00041400",
  1184. "virtual_size": "0x00000600",
  1185. "characteristics_raw": "0x40000040"
  1186. },
  1187. {
  1188. "name": ".reloc",
  1189. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1190. "virtual_address": "0x00046000",
  1191. "size_of_data": "0x00000200",
  1192. "entropy": "0.10",
  1193. "raw_address": "0x00041a00",
  1194. "virtual_size": "0x0000000c",
  1195. "characteristics_raw": "0x42000040"
  1196. }
  1197. ],
  1198. "resources": [],
  1199. "dirents": [
  1200. {
  1201. "virtual_address": "0x00000000",
  1202. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1203. "size": "0x00000000"
  1204. },
  1205. {
  1206. "virtual_address": "0x00043194",
  1207. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1208. "size": "0x00000057"
  1209. },
  1210. {
  1211. "virtual_address": "0x00044000",
  1212. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1213. "size": "0x00000600"
  1214. },
  1215. {
  1216. "virtual_address": "0x00000000",
  1217. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1218. "size": "0x00000000"
  1219. },
  1220. {
  1221. "virtual_address": "0x00041c00",
  1222. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1223. "size": "0x00001c50"
  1224. },
  1225. {
  1226. "virtual_address": "0x00046000",
  1227. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1228. "size": "0x0000000c"
  1229. },
  1230. {
  1231. "virtual_address": "0x00000000",
  1232. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1233. "size": "0x00000000"
  1234. },
  1235. {
  1236. "virtual_address": "0x00000000",
  1237. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1238. "size": "0x00000000"
  1239. },
  1240. {
  1241. "virtual_address": "0x00000000",
  1242. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1243. "size": "0x00000000"
  1244. },
  1245. {
  1246. "virtual_address": "0x00000000",
  1247. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1248. "size": "0x00000000"
  1249. },
  1250. {
  1251. "virtual_address": "0x00000000",
  1252. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1253. "size": "0x00000000"
  1254. },
  1255. {
  1256. "virtual_address": "0x00000000",
  1257. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1258. "size": "0x00000000"
  1259. },
  1260. {
  1261. "virtual_address": "0x00002000",
  1262. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1263. "size": "0x00000008"
  1264. },
  1265. {
  1266. "virtual_address": "0x00000000",
  1267. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1268. "size": "0x00000000"
  1269. },
  1270. {
  1271. "virtual_address": "0x00002008",
  1272. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1273. "size": "0x00000048"
  1274. },
  1275. {
  1276. "virtual_address": "0x00000000",
  1277. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1278. "size": "0x00000000"
  1279. }
  1280. ],
  1281. "exports": [],
  1282. "guest_signers": {},
  1283. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1284. "icon_fuzzy": null,
  1285. "icon": null,
  1286. "pdbpath": null,
  1287. "imported_dll_count": 1,
  1288. "versioninfo": []
  1289. }
  1290. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!