API tools faq
paste
Advertisement
paladin316

Exes_4fb52da6_exe.json

paladin316
Jun 17th, 2019
1,461
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 52.49 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_4fb52da6.exe"
  7. [*] File Size: 245760
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "a4400937d227423b58c89bdb7c7608a835a1261ed60e169a6a72648bc281220a"
  10. [*] MD5: "55b62223fdac796d20d4d5204373ce27"
  11. [*] SHA1: "57cf6463b40fcd07f7d3276412d511c92ff6b377"
  12. [*] SHA512: "20d177138b962f213987d079c6a7141d2e43052b64be6ab242ded5c598fa516ad32a6199388c1a3cddadb1393a55e15c0bd17c8eb02579d637cf132073e8f5cb"
  13. [*] CRC32: "4FB52DA6"
  14. [*] SSDEEP: "3072:0p6oe7L89edlzPazHEBwopYcx7APAj0tmVLaArz0/gGXsWPLq2DWKTNUJ9MXNCT:mY7YkdlzPCHsOAj00czgmsWPLHWBiCT"
  15.  
  16. [*] Process Execution: [
  17. "Exes_4fb52da6.exe",
  18. "winplug.exe"
  19. ]
  20.  
  21. [*] Signatures Detected: [
  22. {
  23. "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
  24. "Details": [
  25. {
  26. "IP": "74.6.137.65:25"
  27. }
  28. ]
  29. },
  30. {
  31. "Description": "Creates RWX memory",
  32. "Details": []
  33. },
  34. {
  35. "Description": "Possible date expiration check, exits too soon after checking local time",
  36. "Details": [
  37. {
  38. "process": "winplug.exe, PID 2248"
  39. }
  40. ]
  41. },
  42. {
  43. "Description": "Drops a binary and executes it",
  44. "Details": [
  45. {
  46. "binary": "C:\\Windows\\1041197711752527\\winplug.exe"
  47. }
  48. ]
  49. },
  50. {
  51. "Description": "Installs itself for autorun at Windows startup",
  52. "Details": [
  53. {
  54. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 495006960"
  55. },
  56. {
  57. "data": "C:\\Windows\\1041197711752527\\winplug.exe"
  58. },
  59. {
  60. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 495006960"
  61. },
  62. {
  63. "data": "C:\\Windows\\1041197711752527\\winplug.exe"
  64. }
  65. ]
  66. },
  67. {
  68. "Description": "Creates a hidden or system file",
  69. "Details": [
  70. {
  71. "file": "C:\\Windows\\1041197711752527"
  72. },
  73. {
  74. "file": "C:\\Windows\\1041197711752527\\winplug.exe"
  75. }
  76. ]
  77. },
  78. {
  79. "Description": "File has been identified by 42 Antiviruses on VirusTotal as malicious",
  80. "Details": [
  81. {
  82. "MicroWorld-eScan": "Trojan.GenericKD.41366882"
  83. },
  84. {
  85. "FireEye": "Generic.mg.55b62223fdac796d"
  86. },
  87. {
  88. "McAfee": "Trojan-FQYR!55B62223FDAC"
  89. },
  90. {
  91. "Alibaba": "Trojan:Win32/Starter.ali2000005"
  92. },
  93. {
  94. "K7GW": "Riskware ( 0040eff71 )"
  95. },
  96. {
  97. "Arcabit": "Trojan.Generic.D2773562"
  98. },
  99. {
  100. "Symantec": "Trojan.Gen.2"
  101. },
  102. {
  103. "APEX": "Malicious"
  104. },
  105. {
  106. "Avast": "Win32:CrypterX-gen [Trj]"
  107. },
  108. {
  109. "Kaspersky": "Trojan.Win32.Zonidel.egs"
  110. },
  111. {
  112. "BitDefender": "Trojan.GenericKD.41366882"
  113. },
  114. {
  115. "Paloalto": "generic.ml"
  116. },
  117. {
  118. "AegisLab": "Trojan.Win32.Zonidel.4!c"
  119. },
  120. {
  121. "Tencent": "Win32.Trojan.Zonidel.Swuw"
  122. },
  123. {
  124. "Ad-Aware": "Trojan.GenericKD.41366882"
  125. },
  126. {
  127. "Emsisoft": "Trojan.GenericKD.41366882 (B)"
  128. },
  129. {
  130. "F-Secure": "Trojan.TR/AD.Phorpiex.jwpre"
  131. },
  132. {
  133. "TrendMicro": "TROJ_GEN.R011C0WFD19"
  134. },
  135. {
  136. "McAfee-GW-Edition": "BehavesLike.Win32.MultiPlug.dh"
  137. },
  138. {
  139. "Trapmine": "malicious.high.ml.score"
  140. },
  141. {
  142. "Sophos": "Mal/Generic-S"
  143. },
  144. {
  145. "Ikarus": "Trojan.Win32.Krypt"
  146. },
  147. {
  148. "Cyren": "W32/Trojan.WCFB-4455"
  149. },
  150. {
  151. "ESET-NOD32": "a variant of Win32/Kryptik.GTXN"
  152. },
  153. {
  154. "Avira": "TR/AD.Phorpiex.jwpre"
  155. },
  156. {
  157. "Microsoft": "Backdoor:Win32/Phorpiex.YP!bit"
  158. },
  159. {
  160. "Endgame": "malicious (moderate confidence)"
  161. },
  162. {
  163. "ZoneAlarm": "Trojan.Win32.Zonidel.egs"
  164. },
  165. {
  166. "GData": "Trojan.GenericKD.41366882"
  167. },
  168. {
  169. "AhnLab-V3": "Trojan/Win32.Phorpiex.C3288969"
  170. },
  171. {
  172. "Acronis": "suspicious"
  173. },
  174. {
  175. "VBA32": "BScope.Trojan.AET.281105"
  176. },
  177. {
  178. "ALYac": "Trojan.GenericKD.41366882"
  179. },
  180. {
  181. "Malwarebytes": "Trojan.MalPack.GS"
  182. },
  183. {
  184. "TrendMicro-HouseCall": "TROJ_GEN.R011C0WFD19"
  185. },
  186. {
  187. "Rising": "Malware.Heuristic.MLite(95%) (AI-LITE:yZwIADiXp/Tx065jT4Ht0g)"
  188. },
  189. {
  190. "SentinelOne": "DFI - Suspicious PE"
  191. },
  192. {
  193. "Fortinet": "W32/GenKryptik.DKOA!tr"
  194. },
  195. {
  196. "Webroot": "W32.Trojan.Gen"
  197. },
  198. {
  199. "AVG": "Win32:CrypterX-gen [Trj]"
  200. },
  201. {
  202. "Panda": "Trj/GdSda.A"
  203. },
  204. {
  205. "CrowdStrike": "win/malicious_confidence_70% (W)"
  206. }
  207. ]
  208. },
  209. {
  210. "Description": "Operates on local firewall's policies and settings",
  211. "Details": []
  212. },
  213. {
  214. "Description": "Creates a copy of itself",
  215. "Details": [
  216. {
  217. "copy": "C:\\Windows\\1041197711752527\\winplug.exe"
  218. }
  219. ]
  220. },
  221. {
  222. "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
  223. "Details": [
  224. {
  225. "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4fb52da6.exe:Zone.Iduentifier"
  226. },
  227. {
  228. "file": "C:\\Windows\\1041197711752527\\winplug.exe:Zone.Iduentifier"
  229. }
  230. ]
  231. },
  232. {
  233. "Description": "Anomalous binary characteristics",
  234. "Details": [
  235. {
  236. "anomaly": "Found duplicated section names"
  237. }
  238. ]
  239. }
  240. ]
  241.  
  242. [*] Started Service: []
  243.  
  244. [*] Executed Commands: [
  245. "C:\\Windows\\1041197711752527\\winplug.exe"
  246. ]
  247.  
  248. [*] Mutexes: [
  249. "406080840"
  250. ]
  251.  
  252. [*] Modified Files: [
  253. "C:\\Windows\\1041197711752527\\winplug.exe"
  254. ]
  255.  
  256. [*] Deleted Files: [
  257. "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_4fb52da6.exe:Zone.Iduentifier",
  258. "C:\\Windows\\1041197711752527\\winplug.exe:Zone.Iduentifier"
  259. ]
  260.  
  261. [*] Modified Registry Keys: [
  262. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 495006960",
  263. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 495006960"
  264. ]
  265.  
  266. [*] Deleted Registry Keys: []
  267.  
  268. [*] DNS Communications: [
  269. {
  270. "type": "MX",
  271. "request": "yahoo.com",
  272. "answers": [
  273. {
  274. "data": "mta5.am0.yahoodns.net",
  275. "type": "MX"
  276. },
  277. {
  278. "data": "mta7.am0.yahoodns.net",
  279. "type": "MX"
  280. },
  281. {
  282. "data": "mta6.am0.yahoodns.net",
  283. "type": "MX"
  284. }
  285. ]
  286. },
  287. {
  288. "type": "A",
  289. "request": "mta6.am0.yahoodns.net",
  290. "answers": [
  291. {
  292. "data": "66.218.85.139",
  293. "type": "A"
  294. },
  295. {
  296. "data": "74.6.137.65",
  297. "type": "A"
  298. },
  299. {
  300. "data": "98.137.159.27",
  301. "type": "A"
  302. },
  303. {
  304. "data": "98.137.159.26",
  305. "type": "A"
  306. },
  307. {
  308. "data": "98.137.159.24",
  309. "type": "A"
  310. },
  311. {
  312. "data": "67.195.228.111",
  313. "type": "A"
  314. },
  315. {
  316. "data": "74.6.137.63",
  317. "type": "A"
  318. },
  319. {
  320. "data": "66.218.85.52",
  321. "type": "A"
  322. }
  323. ]
  324. }
  325. ]
  326.  
  327. [*] Domains: [
  328. {
  329. "ip": "74.6.137.65",
  330. "domain": "mta6.am0.yahoodns.net"
  331. },
  332. {
  333. "ip": "98.138.219.232",
  334. "domain": "yahoo.com"
  335. }
  336. ]
  337.  
  338. [*] Network Communication - ICMP: []
  339.  
  340. [*] Network Communication - HTTP: []
  341.  
  342. [*] Network Communication - SMTP: []
  343.  
  344. [*] Network Communication - Hosts: []
  345.  
  346. [*] Network Communication - IRC: []
  347.  
  348. [*] Static Analysis: {
  349. "pe": {
  350. "peid_signatures": null,
  351. "imports": [
  352. {
  353. "imports": [
  354. {
  355. "name": "ExitProcess",
  356. "address": "0x426000"
  357. },
  358. {
  359. "name": "TryEnterCriticalSection",
  360. "address": "0x426004"
  361. },
  362. {
  363. "name": "DebugActiveProcessStop",
  364. "address": "0x426008"
  365. },
  366. {
  367. "name": "lstrcpynA",
  368. "address": "0x42600c"
  369. },
  370. {
  371. "name": "InitializeSListHead",
  372. "address": "0x426010"
  373. },
  374. {
  375. "name": "UnlockFile",
  376. "address": "0x426014"
  377. },
  378. {
  379. "name": "GetFileAttributesExA",
  380. "address": "0x426018"
  381. },
  382. {
  383. "name": "GetTickCount",
  384. "address": "0x42601c"
  385. },
  386. {
  387. "name": "GetNumberFormatA",
  388. "address": "0x426020"
  389. },
  390. {
  391. "name": "GlobalAlloc",
  392. "address": "0x426024"
  393. },
  394. {
  395. "name": "LoadLibraryW",
  396. "address": "0x426028"
  397. },
  398. {
  399. "name": "GetBinaryTypeA",
  400. "address": "0x42602c"
  401. },
  402. {
  403. "name": "GetConsoleFontSize",
  404. "address": "0x426030"
  405. },
  406. {
  407. "name": "lstrlenW",
  408. "address": "0x426034"
  409. },
  410. {
  411. "name": "Module32First",
  412. "address": "0x426038"
  413. },
  414. {
  415. "name": "GetLastError",
  416. "address": "0x42603c"
  417. },
  418. {
  419. "name": "GetProcAddress",
  420. "address": "0x426040"
  421. },
  422. {
  423. "name": "PeekConsoleInputW",
  424. "address": "0x426044"
  425. },
  426. {
  427. "name": "WTSGetActiveConsoleSessionId",
  428. "address": "0x426048"
  429. },
  430. {
  431. "name": "VirtualProtect",
  432. "address": "0x42604c"
  433. },
  434. {
  435. "name": "CreateToolhelp32Snapshot",
  436. "address": "0x426050"
  437. },
  438. {
  439. "name": "CloseHandle",
  440. "address": "0x426054"
  441. },
  442. {
  443. "name": "EncodePointer",
  444. "address": "0x426058"
  445. },
  446. {
  447. "name": "DecodePointer",
  448. "address": "0x42605c"
  449. },
  450. {
  451. "name": "GetCommandLineA",
  452. "address": "0x426060"
  453. },
  454. {
  455. "name": "RaiseException",
  456. "address": "0x426064"
  457. },
  458. {
  459. "name": "RtlUnwind",
  460. "address": "0x426068"
  461. },
  462. {
  463. "name": "IsDebuggerPresent",
  464. "address": "0x42606c"
  465. },
  466. {
  467. "name": "IsProcessorFeaturePresent",
  468. "address": "0x426070"
  469. },
  470. {
  471. "name": "EnterCriticalSection",
  472. "address": "0x426074"
  473. },
  474. {
  475. "name": "LeaveCriticalSection",
  476. "address": "0x426078"
  477. },
  478. {
  479. "name": "FlushFileBuffers",
  480. "address": "0x42607c"
  481. },
  482. {
  483. "name": "WriteFile",
  484. "address": "0x426080"
  485. },
  486. {
  487. "name": "WideCharToMultiByte",
  488. "address": "0x426084"
  489. },
  490. {
  491. "name": "GetConsoleCP",
  492. "address": "0x426088"
  493. },
  494. {
  495. "name": "GetConsoleMode",
  496. "address": "0x42608c"
  497. },
  498. {
  499. "name": "DeleteCriticalSection",
  500. "address": "0x426090"
  501. },
  502. {
  503. "name": "FatalAppExitA",
  504. "address": "0x426094"
  505. },
  506. {
  507. "name": "GetModuleHandleExW",
  508. "address": "0x426098"
  509. },
  510. {
  511. "name": "AreFileApisANSI",
  512. "address": "0x42609c"
  513. },
  514. {
  515. "name": "MultiByteToWideChar",
  516. "address": "0x4260a0"
  517. },
  518. {
  519. "name": "HeapSize",
  520. "address": "0x4260a4"
  521. },
  522. {
  523. "name": "HeapFree",
  524. "address": "0x4260a8"
  525. },
  526. {
  527. "name": "HeapAlloc",
  528. "address": "0x4260ac"
  529. },
  530. {
  531. "name": "SetLastError",
  532. "address": "0x4260b0"
  533. },
  534. {
  535. "name": "GetCurrentThread",
  536. "address": "0x4260b4"
  537. },
  538. {
  539. "name": "GetCurrentThreadId",
  540. "address": "0x4260b8"
  541. },
  542. {
  543. "name": "GetProcessHeap",
  544. "address": "0x4260bc"
  545. },
  546. {
  547. "name": "GetStdHandle",
  548. "address": "0x4260c0"
  549. },
  550. {
  551. "name": "GetFileType",
  552. "address": "0x4260c4"
  553. },
  554. {
  555. "name": "GetStartupInfoW",
  556. "address": "0x4260c8"
  557. },
  558. {
  559. "name": "GetModuleFileNameA",
  560. "address": "0x4260cc"
  561. },
  562. {
  563. "name": "GetModuleFileNameW",
  564. "address": "0x4260d0"
  565. },
  566. {
  567. "name": "QueryPerformanceCounter",
  568. "address": "0x4260d4"
  569. },
  570. {
  571. "name": "GetCurrentProcessId",
  572. "address": "0x4260d8"
  573. },
  574. {
  575. "name": "GetSystemTimeAsFileTime",
  576. "address": "0x4260dc"
  577. },
  578. {
  579. "name": "GetEnvironmentStringsW",
  580. "address": "0x4260e0"
  581. },
  582. {
  583. "name": "FreeEnvironmentStringsW",
  584. "address": "0x4260e4"
  585. },
  586. {
  587. "name": "UnhandledExceptionFilter",
  588. "address": "0x4260e8"
  589. },
  590. {
  591. "name": "SetUnhandledExceptionFilter",
  592. "address": "0x4260ec"
  593. },
  594. {
  595. "name": "InitializeCriticalSectionAndSpinCount",
  596. "address": "0x4260f0"
  597. },
  598. {
  599. "name": "CreateEventW",
  600. "address": "0x4260f4"
  601. },
  602. {
  603. "name": "Sleep",
  604. "address": "0x4260f8"
  605. },
  606. {
  607. "name": "GetCurrentProcess",
  608. "address": "0x4260fc"
  609. },
  610. {
  611. "name": "TerminateProcess",
  612. "address": "0x426100"
  613. },
  614. {
  615. "name": "TlsAlloc",
  616. "address": "0x426104"
  617. },
  618. {
  619. "name": "TlsGetValue",
  620. "address": "0x426108"
  621. },
  622. {
  623. "name": "TlsSetValue",
  624. "address": "0x42610c"
  625. },
  626. {
  627. "name": "TlsFree",
  628. "address": "0x426110"
  629. },
  630. {
  631. "name": "GetModuleHandleW",
  632. "address": "0x426114"
  633. },
  634. {
  635. "name": "CreateSemaphoreW",
  636. "address": "0x426118"
  637. },
  638. {
  639. "name": "SetStdHandle",
  640. "address": "0x42611c"
  641. },
  642. {
  643. "name": "SetFilePointerEx",
  644. "address": "0x426120"
  645. },
  646. {
  647. "name": "WriteConsoleW",
  648. "address": "0x426124"
  649. },
  650. {
  651. "name": "SetConsoleCtrlHandler",
  652. "address": "0x426128"
  653. },
  654. {
  655. "name": "FreeLibrary",
  656. "address": "0x42612c"
  657. },
  658. {
  659. "name": "LoadLibraryExW",
  660. "address": "0x426130"
  661. },
  662. {
  663. "name": "IsValidCodePage",
  664. "address": "0x426134"
  665. },
  666. {
  667. "name": "GetACP",
  668. "address": "0x426138"
  669. },
  670. {
  671. "name": "GetOEMCP",
  672. "address": "0x42613c"
  673. },
  674. {
  675. "name": "GetCPInfo",
  676. "address": "0x426140"
  677. },
  678. {
  679. "name": "HeapReAlloc",
  680. "address": "0x426144"
  681. },
  682. {
  683. "name": "GetDateFormatW",
  684. "address": "0x426148"
  685. },
  686. {
  687. "name": "GetTimeFormatW",
  688. "address": "0x42614c"
  689. },
  690. {
  691. "name": "CompareStringW",
  692. "address": "0x426150"
  693. },
  694. {
  695. "name": "LCMapStringW",
  696. "address": "0x426154"
  697. },
  698. {
  699. "name": "GetLocaleInfoW",
  700. "address": "0x426158"
  701. },
  702. {
  703. "name": "IsValidLocale",
  704. "address": "0x42615c"
  705. },
  706. {
  707. "name": "GetUserDefaultLCID",
  708. "address": "0x426160"
  709. },
  710. {
  711. "name": "EnumSystemLocalesW",
  712. "address": "0x426164"
  713. },
  714. {
  715. "name": "OutputDebugStringW",
  716. "address": "0x426168"
  717. },
  718. {
  719. "name": "GetStringTypeW",
  720. "address": "0x42616c"
  721. },
  722. {
  723. "name": "CreateFileW",
  724. "address": "0x426170"
  725. }
  726. ],
  727. "dll": "KERNEL32.dll"
  728. }
  729. ],
  730. "digital_signers": null,
  731. "exported_dll_name": "tajod.exe",
  732. "actual_checksum": "0x0004b976",
  733. "overlay": null,
  734. "imagebase": "0x00400000",
  735. "reported_checksum": "0x0004b976",
  736. "icon_hash": null,
  737. "entrypoint": "0x00403a61",
  738. "timestamp": "2018-02-17 00:37:03",
  739. "osversion": "5.1",
  740. "sections": [
  741. {
  742. "name": ".text",
  743. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  744. "virtual_address": "0x00001000",
  745. "size_of_data": "0x00025000",
  746. "entropy": "6.72",
  747. "raw_address": "0x00000400",
  748. "virtual_size": "0x00024edd",
  749. "characteristics_raw": "0x60000020"
  750. },
  751. {
  752. "name": ".rdata",
  753. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  754. "virtual_address": "0x00026000",
  755. "size_of_data": "0x00009000",
  756. "entropy": "4.71",
  757. "raw_address": "0x00025400",
  758. "virtual_size": "0x00008ea8",
  759. "characteristics_raw": "0x40000040"
  760. },
  761. {
  762. "name": ".data",
  763. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  764. "virtual_address": "0x0002f000",
  765. "size_of_data": "0x00001a00",
  766. "entropy": "3.42",
  767. "raw_address": "0x0002e400",
  768. "virtual_size": "0x04e5d9ec",
  769. "characteristics_raw": "0xc0000040"
  770. },
  771. {
  772. "name": ".text",
  773. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  774. "virtual_address": "0x04e8d000",
  775. "size_of_data": "0x00007a00",
  776. "entropy": "5.99",
  777. "raw_address": "0x0002fe00",
  778. "virtual_size": "0x0000782c",
  779. "characteristics_raw": "0xc0000040"
  780. },
  781. {
  782. "name": ".wati",
  783. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  784. "virtual_address": "0x04e95000",
  785. "size_of_data": "0x00000600",
  786. "entropy": "0.00",
  787. "raw_address": "0x00037800",
  788. "virtual_size": "0x00001400",
  789. "characteristics_raw": "0xc0000040"
  790. },
  791. {
  792. "name": ".rsrc",
  793. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  794. "virtual_address": "0x04e97000",
  795. "size_of_data": "0x00002200",
  796. "entropy": "5.37",
  797. "raw_address": "0x00037e00",
  798. "virtual_size": "0x00002148",
  799. "characteristics_raw": "0x40000040"
  800. },
  801. {
  802. "name": ".reloc",
  803. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  804. "virtual_address": "0x04e9a000",
  805. "size_of_data": "0x00002000",
  806. "entropy": "6.62",
  807. "raw_address": "0x0003a000",
  808. "virtual_size": "0x00001fcc",
  809. "characteristics_raw": "0x42000040"
  810. }
  811. ],
  812. "resources": [],
  813. "dirents": [
  814. {
  815. "virtual_address": "0x0002e5e0",
  816. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  817. "size": "0x00000049"
  818. },
  819. {
  820. "virtual_address": "0x0002e62c",
  821. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  822. "size": "0x00000028"
  823. },
  824. {
  825. "virtual_address": "0x04e97000",
  826. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  827. "size": "0x00002148"
  828. },
  829. {
  830. "virtual_address": "0x00000000",
  831. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  832. "size": "0x00000000"
  833. },
  834. {
  835. "virtual_address": "0x00000000",
  836. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  837. "size": "0x00000000"
  838. },
  839. {
  840. "virtual_address": "0x04e9a000",
  841. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  842. "size": "0x00001fcc"
  843. },
  844. {
  845. "virtual_address": "0x000261d0",
  846. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  847. "size": "0x00000038"
  848. },
  849. {
  850. "virtual_address": "0x00000000",
  851. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  852. "size": "0x00000000"
  853. },
  854. {
  855. "virtual_address": "0x00000000",
  856. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  857. "size": "0x00000000"
  858. },
  859. {
  860. "virtual_address": "0x00000000",
  861. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  862. "size": "0x00000000"
  863. },
  864. {
  865. "virtual_address": "0x00000000",
  866. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  867. "size": "0x00000000"
  868. },
  869. {
  870. "virtual_address": "0x00000000",
  871. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  872. "size": "0x00000000"
  873. },
  874. {
  875. "virtual_address": "0x00026000",
  876. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  877. "size": "0x00000178"
  878. },
  879. {
  880. "virtual_address": "0x00000000",
  881. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  882. "size": "0x00000000"
  883. },
  884. {
  885. "virtual_address": "0x00000000",
  886. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  887. "size": "0x00000000"
  888. },
  889. {
  890. "virtual_address": "0x00000000",
  891. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  892. "size": "0x00000000"
  893. }
  894. ],
  895. "exports": [
  896. {
  897. "ordinal": 1,
  898. "name": "MyFunc165@@4",
  899. "address": "0x425dd0"
  900. }
  901. ],
  902. "guest_signers": {},
  903. "imphash": "bb9dce5f640c039f985f2e5b679bde5d",
  904. "icon_fuzzy": null,
  905. "icon": null,
  906. "pdbpath": "C:\\sevociyudahunez.pdb\\x00r\\runtime\\crypt\\tmp_564564180\\bin\\tajod.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x06C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@",
  907. "imported_dll_count": 1,
  908. "versioninfo": []
  909. }
  910. }
  911.  
  912. [*] Resolved APIs: [
  913. "kernel32.dll.FlsAlloc",
  914. "kernel32.dll.FlsFree",
  915. "kernel32.dll.FlsGetValue",
  916. "kernel32.dll.FlsSetValue",
  917. "kernel32.dll.InitializeCriticalSectionEx",
  918. "kernel32.dll.CreateEventExW",
  919. "kernel32.dll.CreateSemaphoreExW",
  920. "kernel32.dll.SetThreadStackGuarantee",
  921. "kernel32.dll.CreateThreadpoolTimer",
  922. "kernel32.dll.SetThreadpoolTimer",
  923. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
  924. "kernel32.dll.CloseThreadpoolTimer",
  925. "kernel32.dll.CreateThreadpoolWait",
  926. "kernel32.dll.SetThreadpoolWait",
  927. "kernel32.dll.CloseThreadpoolWait",
  928. "kernel32.dll.FlushProcessWriteBuffers",
  929. "kernel32.dll.FreeLibraryWhenCallbackReturns",
  930. "kernel32.dll.GetCurrentProcessorNumber",
  931. "kernel32.dll.GetLogicalProcessorInformation",
  932. "kernel32.dll.CreateSymbolicLinkW",
  933. "kernel32.dll.EnumSystemLocalesEx",
  934. "kernel32.dll.CompareStringEx",
  935. "kernel32.dll.GetDateFormatEx",
  936. "kernel32.dll.GetLocaleInfoEx",
  937. "kernel32.dll.GetTimeFormatEx",
  938. "kernel32.dll.GetUserDefaultLocaleName",
  939. "kernel32.dll.IsValidLocaleName",
  940. "kernel32.dll.LCMapStringEx",
  941. "kernel32.dll.GetTickCount64",
  942. "kernel32.dll.LoadLibraryA",
  943. "kernel32.dll.VirtualAlloc",
  944. "kernel32.dll.VirtualProtect",
  945. "kernel32.dll.VirtualFree",
  946. "kernel32.dll.GetVersionExA",
  947. "kernel32.dll.TerminateProcess",
  948. "kernel32.dll.ExitProcess",
  949. "kernel32.dll.SetErrorMode",
  950. "msvcrt.dll._except_handler3",
  951. "msvcrt.dll.__set_app_type",
  952. "msvcrt.dll.__p__fmode",
  953. "msvcrt.dll.__p__commode",
  954. "msvcrt.dll._adjust_fdiv",
  955. "msvcrt.dll.__setusermatherr",
  956. "msvcrt.dll._initterm",
  957. "msvcrt.dll.__getmainargs",
  958. "msvcrt.dll._acmdln",
  959. "msvcrt.dll.exit",
  960. "msvcrt.dll._XcptFilter",
  961. "msvcrt.dll._exit",
  962. "msvcrt.dll.wcsstr",
  963. "msvcrt.dll.wcslen",
  964. "msvcrt.dll.mbstowcs",
  965. "msvcrt.dll.atoi",
  966. "msvcrt.dll._snwprintf",
  967. "msvcrt.dll._wfopen",
  968. "msvcrt.dll.fgets",
  969. "msvcrt.dll.fclose",
  970. "msvcrt.dll.strtok",
  971. "msvcrt.dll.strchr",
  972. "msvcrt.dll.strcpy",
  973. "msvcrt.dll.strcat",
  974. "msvcrt.dll.strlen",
  975. "msvcrt.dll.strstr",
  976. "msvcrt.dll._snprintf",
  977. "msvcrt.dll.memset",
  978. "msvcrt.dll.malloc",
  979. "msvcrt.dll.srand",
  980. "msvcrt.dll.rand",
  981. "msvcrt.dll._controlfp",
  982. "msvcrt.dll.sprintf",
  983. "ws2_32.dll.#9",
  984. "ws2_32.dll.#16",
  985. "ws2_32.dll.#115",
  986. "ws2_32.dll.#19",
  987. "ws2_32.dll.#23",
  988. "ws2_32.dll.#4",
  989. "ws2_32.dll.#11",
  990. "ws2_32.dll.#52",
  991. "ws2_32.dll.#3",
  992. "wininet.dll.InternetOpenUrlW",
  993. "wininet.dll.InternetReadFile",
  994. "wininet.dll.InternetOpenA",
  995. "wininet.dll.InternetOpenUrlA",
  996. "wininet.dll.InternetOpenW",
  997. "wininet.dll.InternetCloseHandle",
  998. "shlwapi.dll.PathFindFileNameW",
  999. "dnsapi.dll.DnsQuery_A",
  1000. "dnsapi.dll.DnsFree",
  1001. "kernel32.dll.GetTickCount",
  1002. "kernel32.dll.GetTimeZoneInformation",
  1003. "kernel32.dll.FileTimeToSystemTime",
  1004. "kernel32.dll.CloseHandle",
  1005. "kernel32.dll.WriteFile",
  1006. "kernel32.dll.CreateFileW",
  1007. "kernel32.dll.ExpandEnvironmentStringsW",
  1008. "kernel32.dll.FileTimeToLocalFileTime",
  1009. "kernel32.dll.CopyFileW",
  1010. "kernel32.dll.CreateDirectoryW",
  1011. "kernel32.dll.GetModuleFileNameW",
  1012. "kernel32.dll.GetLastError",
  1013. "kernel32.dll.Sleep",
  1014. "kernel32.dll.CreateMutexA",
  1015. "kernel32.dll.GetModuleHandleA",
  1016. "kernel32.dll.GetStartupInfoA",
  1017. "kernel32.dll.GetLocalTime",
  1018. "kernel32.dll.CreateProcessW",
  1019. "kernel32.dll.SetFileAttributesW",
  1020. "kernel32.dll.DeleteFileW",
  1021. "kernel32.dll.ExitThread",
  1022. "kernel32.dll.CreateThread",
  1023. "user32.dll.wsprintfA",
  1024. "advapi32.dll.RegSetValueExW",
  1025. "advapi32.dll.RegCloseKey",
  1026. "advapi32.dll.RegOpenKeyExW",
  1027. "shell32.dll.ShellExecuteW",
  1028. "msvcr100.dll.atexit"
  1029. ]
  1030.  
  1031. [*] Static Analysis: {
  1032. "pe": {
  1033. "peid_signatures": null,
  1034. "imports": [
  1035. {
  1036. "imports": [
  1037. {
  1038. "name": "ExitProcess",
  1039. "address": "0x426000"
  1040. },
  1041. {
  1042. "name": "TryEnterCriticalSection",
  1043. "address": "0x426004"
  1044. },
  1045. {
  1046. "name": "DebugActiveProcessStop",
  1047. "address": "0x426008"
  1048. },
  1049. {
  1050. "name": "lstrcpynA",
  1051. "address": "0x42600c"
  1052. },
  1053. {
  1054. "name": "InitializeSListHead",
  1055. "address": "0x426010"
  1056. },
  1057. {
  1058. "name": "UnlockFile",
  1059. "address": "0x426014"
  1060. },
  1061. {
  1062. "name": "GetFileAttributesExA",
  1063. "address": "0x426018"
  1064. },
  1065. {
  1066. "name": "GetTickCount",
  1067. "address": "0x42601c"
  1068. },
  1069. {
  1070. "name": "GetNumberFormatA",
  1071. "address": "0x426020"
  1072. },
  1073. {
  1074. "name": "GlobalAlloc",
  1075. "address": "0x426024"
  1076. },
  1077. {
  1078. "name": "LoadLibraryW",
  1079. "address": "0x426028"
  1080. },
  1081. {
  1082. "name": "GetBinaryTypeA",
  1083. "address": "0x42602c"
  1084. },
  1085. {
  1086. "name": "GetConsoleFontSize",
  1087. "address": "0x426030"
  1088. },
  1089. {
  1090. "name": "lstrlenW",
  1091. "address": "0x426034"
  1092. },
  1093. {
  1094. "name": "Module32First",
  1095. "address": "0x426038"
  1096. },
  1097. {
  1098. "name": "GetLastError",
  1099. "address": "0x42603c"
  1100. },
  1101. {
  1102. "name": "GetProcAddress",
  1103. "address": "0x426040"
  1104. },
  1105. {
  1106. "name": "PeekConsoleInputW",
  1107. "address": "0x426044"
  1108. },
  1109. {
  1110. "name": "WTSGetActiveConsoleSessionId",
  1111. "address": "0x426048"
  1112. },
  1113. {
  1114. "name": "VirtualProtect",
  1115. "address": "0x42604c"
  1116. },
  1117. {
  1118. "name": "CreateToolhelp32Snapshot",
  1119. "address": "0x426050"
  1120. },
  1121. {
  1122. "name": "CloseHandle",
  1123. "address": "0x426054"
  1124. },
  1125. {
  1126. "name": "EncodePointer",
  1127. "address": "0x426058"
  1128. },
  1129. {
  1130. "name": "DecodePointer",
  1131. "address": "0x42605c"
  1132. },
  1133. {
  1134. "name": "GetCommandLineA",
  1135. "address": "0x426060"
  1136. },
  1137. {
  1138. "name": "RaiseException",
  1139. "address": "0x426064"
  1140. },
  1141. {
  1142. "name": "RtlUnwind",
  1143. "address": "0x426068"
  1144. },
  1145. {
  1146. "name": "IsDebuggerPresent",
  1147. "address": "0x42606c"
  1148. },
  1149. {
  1150. "name": "IsProcessorFeaturePresent",
  1151. "address": "0x426070"
  1152. },
  1153. {
  1154. "name": "EnterCriticalSection",
  1155. "address": "0x426074"
  1156. },
  1157. {
  1158. "name": "LeaveCriticalSection",
  1159. "address": "0x426078"
  1160. },
  1161. {
  1162. "name": "FlushFileBuffers",
  1163. "address": "0x42607c"
  1164. },
  1165. {
  1166. "name": "WriteFile",
  1167. "address": "0x426080"
  1168. },
  1169. {
  1170. "name": "WideCharToMultiByte",
  1171. "address": "0x426084"
  1172. },
  1173. {
  1174. "name": "GetConsoleCP",
  1175. "address": "0x426088"
  1176. },
  1177. {
  1178. "name": "GetConsoleMode",
  1179. "address": "0x42608c"
  1180. },
  1181. {
  1182. "name": "DeleteCriticalSection",
  1183. "address": "0x426090"
  1184. },
  1185. {
  1186. "name": "FatalAppExitA",
  1187. "address": "0x426094"
  1188. },
  1189. {
  1190. "name": "GetModuleHandleExW",
  1191. "address": "0x426098"
  1192. },
  1193. {
  1194. "name": "AreFileApisANSI",
  1195. "address": "0x42609c"
  1196. },
  1197. {
  1198. "name": "MultiByteToWideChar",
  1199. "address": "0x4260a0"
  1200. },
  1201. {
  1202. "name": "HeapSize",
  1203. "address": "0x4260a4"
  1204. },
  1205. {
  1206. "name": "HeapFree",
  1207. "address": "0x4260a8"
  1208. },
  1209. {
  1210. "name": "HeapAlloc",
  1211. "address": "0x4260ac"
  1212. },
  1213. {
  1214. "name": "SetLastError",
  1215. "address": "0x4260b0"
  1216. },
  1217. {
  1218. "name": "GetCurrentThread",
  1219. "address": "0x4260b4"
  1220. },
  1221. {
  1222. "name": "GetCurrentThreadId",
  1223. "address": "0x4260b8"
  1224. },
  1225. {
  1226. "name": "GetProcessHeap",
  1227. "address": "0x4260bc"
  1228. },
  1229. {
  1230. "name": "GetStdHandle",
  1231. "address": "0x4260c0"
  1232. },
  1233. {
  1234. "name": "GetFileType",
  1235. "address": "0x4260c4"
  1236. },
  1237. {
  1238. "name": "GetStartupInfoW",
  1239. "address": "0x4260c8"
  1240. },
  1241. {
  1242. "name": "GetModuleFileNameA",
  1243. "address": "0x4260cc"
  1244. },
  1245. {
  1246. "name": "GetModuleFileNameW",
  1247. "address": "0x4260d0"
  1248. },
  1249. {
  1250. "name": "QueryPerformanceCounter",
  1251. "address": "0x4260d4"
  1252. },
  1253. {
  1254. "name": "GetCurrentProcessId",
  1255. "address": "0x4260d8"
  1256. },
  1257. {
  1258. "name": "GetSystemTimeAsFileTime",
  1259. "address": "0x4260dc"
  1260. },
  1261. {
  1262. "name": "GetEnvironmentStringsW",
  1263. "address": "0x4260e0"
  1264. },
  1265. {
  1266. "name": "FreeEnvironmentStringsW",
  1267. "address": "0x4260e4"
  1268. },
  1269. {
  1270. "name": "UnhandledExceptionFilter",
  1271. "address": "0x4260e8"
  1272. },
  1273. {
  1274. "name": "SetUnhandledExceptionFilter",
  1275. "address": "0x4260ec"
  1276. },
  1277. {
  1278. "name": "InitializeCriticalSectionAndSpinCount",
  1279. "address": "0x4260f0"
  1280. },
  1281. {
  1282. "name": "CreateEventW",
  1283. "address": "0x4260f4"
  1284. },
  1285. {
  1286. "name": "Sleep",
  1287. "address": "0x4260f8"
  1288. },
  1289. {
  1290. "name": "GetCurrentProcess",
  1291. "address": "0x4260fc"
  1292. },
  1293. {
  1294. "name": "TerminateProcess",
  1295. "address": "0x426100"
  1296. },
  1297. {
  1298. "name": "TlsAlloc",
  1299. "address": "0x426104"
  1300. },
  1301. {
  1302. "name": "TlsGetValue",
  1303. "address": "0x426108"
  1304. },
  1305. {
  1306. "name": "TlsSetValue",
  1307. "address": "0x42610c"
  1308. },
  1309. {
  1310. "name": "TlsFree",
  1311. "address": "0x426110"
  1312. },
  1313. {
  1314. "name": "GetModuleHandleW",
  1315. "address": "0x426114"
  1316. },
  1317. {
  1318. "name": "CreateSemaphoreW",
  1319. "address": "0x426118"
  1320. },
  1321. {
  1322. "name": "SetStdHandle",
  1323. "address": "0x42611c"
  1324. },
  1325. {
  1326. "name": "SetFilePointerEx",
  1327. "address": "0x426120"
  1328. },
  1329. {
  1330. "name": "WriteConsoleW",
  1331. "address": "0x426124"
  1332. },
  1333. {
  1334. "name": "SetConsoleCtrlHandler",
  1335. "address": "0x426128"
  1336. },
  1337. {
  1338. "name": "FreeLibrary",
  1339. "address": "0x42612c"
  1340. },
  1341. {
  1342. "name": "LoadLibraryExW",
  1343. "address": "0x426130"
  1344. },
  1345. {
  1346. "name": "IsValidCodePage",
  1347. "address": "0x426134"
  1348. },
  1349. {
  1350. "name": "GetACP",
  1351. "address": "0x426138"
  1352. },
  1353. {
  1354. "name": "GetOEMCP",
  1355. "address": "0x42613c"
  1356. },
  1357. {
  1358. "name": "GetCPInfo",
  1359. "address": "0x426140"
  1360. },
  1361. {
  1362. "name": "HeapReAlloc",
  1363. "address": "0x426144"
  1364. },
  1365. {
  1366. "name": "GetDateFormatW",
  1367. "address": "0x426148"
  1368. },
  1369. {
  1370. "name": "GetTimeFormatW",
  1371. "address": "0x42614c"
  1372. },
  1373. {
  1374. "name": "CompareStringW",
  1375. "address": "0x426150"
  1376. },
  1377. {
  1378. "name": "LCMapStringW",
  1379. "address": "0x426154"
  1380. },
  1381. {
  1382. "name": "GetLocaleInfoW",
  1383. "address": "0x426158"
  1384. },
  1385. {
  1386. "name": "IsValidLocale",
  1387. "address": "0x42615c"
  1388. },
  1389. {
  1390. "name": "GetUserDefaultLCID",
  1391. "address": "0x426160"
  1392. },
  1393. {
  1394. "name": "EnumSystemLocalesW",
  1395. "address": "0x426164"
  1396. },
  1397. {
  1398. "name": "OutputDebugStringW",
  1399. "address": "0x426168"
  1400. },
  1401. {
  1402. "name": "GetStringTypeW",
  1403. "address": "0x42616c"
  1404. },
  1405. {
  1406. "name": "CreateFileW",
  1407. "address": "0x426170"
  1408. }
  1409. ],
  1410. "dll": "KERNEL32.dll"
  1411. }
  1412. ],
  1413. "digital_signers": null,
  1414. "exported_dll_name": "tajod.exe",
  1415. "actual_checksum": "0x0004b976",
  1416. "overlay": null,
  1417. "imagebase": "0x00400000",
  1418. "reported_checksum": "0x0004b976",
  1419. "icon_hash": null,
  1420. "entrypoint": "0x00403a61",
  1421. "timestamp": "2018-02-17 00:37:03",
  1422. "osversion": "5.1",
  1423. "sections": [
  1424. {
  1425. "name": ".text",
  1426. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1427. "virtual_address": "0x00001000",
  1428. "size_of_data": "0x00025000",
  1429. "entropy": "6.72",
  1430. "raw_address": "0x00000400",
  1431. "virtual_size": "0x00024edd",
  1432. "characteristics_raw": "0x60000020"
  1433. },
  1434. {
  1435. "name": ".rdata",
  1436. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1437. "virtual_address": "0x00026000",
  1438. "size_of_data": "0x00009000",
  1439. "entropy": "4.71",
  1440. "raw_address": "0x00025400",
  1441. "virtual_size": "0x00008ea8",
  1442. "characteristics_raw": "0x40000040"
  1443. },
  1444. {
  1445. "name": ".data",
  1446. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1447. "virtual_address": "0x0002f000",
  1448. "size_of_data": "0x00001a00",
  1449. "entropy": "3.42",
  1450. "raw_address": "0x0002e400",
  1451. "virtual_size": "0x04e5d9ec",
  1452. "characteristics_raw": "0xc0000040"
  1453. },
  1454. {
  1455. "name": ".text",
  1456. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1457. "virtual_address": "0x04e8d000",
  1458. "size_of_data": "0x00007a00",
  1459. "entropy": "5.99",
  1460. "raw_address": "0x0002fe00",
  1461. "virtual_size": "0x0000782c",
  1462. "characteristics_raw": "0xc0000040"
  1463. },
  1464. {
  1465. "name": ".wati",
  1466. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1467. "virtual_address": "0x04e95000",
  1468. "size_of_data": "0x00000600",
  1469. "entropy": "0.00",
  1470. "raw_address": "0x00037800",
  1471. "virtual_size": "0x00001400",
  1472. "characteristics_raw": "0xc0000040"
  1473. },
  1474. {
  1475. "name": ".rsrc",
  1476. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1477. "virtual_address": "0x04e97000",
  1478. "size_of_data": "0x00002200",
  1479. "entropy": "5.37",
  1480. "raw_address": "0x00037e00",
  1481. "virtual_size": "0x00002148",
  1482. "characteristics_raw": "0x40000040"
  1483. },
  1484. {
  1485. "name": ".reloc",
  1486. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1487. "virtual_address": "0x04e9a000",
  1488. "size_of_data": "0x00002000",
  1489. "entropy": "6.62",
  1490. "raw_address": "0x0003a000",
  1491. "virtual_size": "0x00001fcc",
  1492. "characteristics_raw": "0x42000040"
  1493. }
  1494. ],
  1495. "resources": [],
  1496. "dirents": [
  1497. {
  1498. "virtual_address": "0x0002e5e0",
  1499. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1500. "size": "0x00000049"
  1501. },
  1502. {
  1503. "virtual_address": "0x0002e62c",
  1504. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1505. "size": "0x00000028"
  1506. },
  1507. {
  1508. "virtual_address": "0x04e97000",
  1509. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1510. "size": "0x00002148"
  1511. },
  1512. {
  1513. "virtual_address": "0x00000000",
  1514. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1515. "size": "0x00000000"
  1516. },
  1517. {
  1518. "virtual_address": "0x00000000",
  1519. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1520. "size": "0x00000000"
  1521. },
  1522. {
  1523. "virtual_address": "0x04e9a000",
  1524. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1525. "size": "0x00001fcc"
  1526. },
  1527. {
  1528. "virtual_address": "0x000261d0",
  1529. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1530. "size": "0x00000038"
  1531. },
  1532. {
  1533. "virtual_address": "0x00000000",
  1534. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1535. "size": "0x00000000"
  1536. },
  1537. {
  1538. "virtual_address": "0x00000000",
  1539. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1540. "size": "0x00000000"
  1541. },
  1542. {
  1543. "virtual_address": "0x00000000",
  1544. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1545. "size": "0x00000000"
  1546. },
  1547. {
  1548. "virtual_address": "0x00000000",
  1549. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1550. "size": "0x00000000"
  1551. },
  1552. {
  1553. "virtual_address": "0x00000000",
  1554. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1555. "size": "0x00000000"
  1556. },
  1557. {
  1558. "virtual_address": "0x00026000",
  1559. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1560. "size": "0x00000178"
  1561. },
  1562. {
  1563. "virtual_address": "0x00000000",
  1564. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1565. "size": "0x00000000"
  1566. },
  1567. {
  1568. "virtual_address": "0x00000000",
  1569. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1570. "size": "0x00000000"
  1571. },
  1572. {
  1573. "virtual_address": "0x00000000",
  1574. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1575. "size": "0x00000000"
  1576. }
  1577. ],
  1578. "exports": [
  1579. {
  1580. "ordinal": 1,
  1581. "name": "MyFunc165@@4",
  1582. "address": "0x425dd0"
  1583. }
  1584. ],
  1585. "guest_signers": {},
  1586. "imphash": "bb9dce5f640c039f985f2e5b679bde5d",
  1587. "icon_fuzzy": null,
  1588. "icon": null,
  1589. "pdbpath": "C:\\sevociyudahunez.pdb\\x00r\\runtime\\crypt\\tmp_564564180\\bin\\tajod.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x06C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@",
  1590. "imported_dll_count": 1,
  1591. "versioninfo": []
  1592. }
  1593. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!