Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_d5384db2d7070b0675d3872fbd5130a8.JPG"
- [*] File Size: 328192
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "12bce5d73f70581d648ac76c8ffa428c34c05a3a84d084818c2c774f86689d1b"
- [*] MD5: "d5384db2d7070b0675d3872fbd5130a8"
- [*] SHA1: "6e76c96282502c103e026777ba1442ec237e3038"
- [*] SHA512: "2231d489367de5c7713fb405cc7cb8532ae2b27b3a6d0e112e7c26ece80b3c6368bf72bcdec7423e8a4b2f4b83de8de25b99a2026e05a020ab5a435d4ae2817f"
- [*] CRC32: "3EB28CB0"
- [*] SSDEEP: "6144:B8Y5+t42g3Ylic00IEANOsgoElx+6E+pFE5EI3DlzLrF:lE4TC00IEnhH5E+pFE5EIzdd"
- [*] Process Execution: [
- "Exes_d5384db2d7070b0675d3872fbd5130a8.JPG",
- "cmd.exe",
- "powershell.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "powershell.exe",
- "svchost.exe",
- "services.exe",
- "lsass.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details": [
- {
- "process": "cmd.exe, PID 2468"
- }
- ]
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "Exes_d5384db2d7070b0675d3872fbd5130a8.JPG -> cmd"
- },
- {
- "Process": "Exes_d5384db2d7070b0675d3872fbd5130a8.JPG -> cmd"
- },
- {
- "Process": "Exes_d5384db2d7070b0675d3872fbd5130a8.JPG -> cmd"
- }
- ]
- },
- {
- "Description": "Attempts to stop active services",
- "Details": [
- {
- "servicename": "WinDefend"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 7172859 times"
- }
- ]
- },
- {
- "Description": "Spoofs its process name and/or associated pathname to appear as a legitimate process",
- "Details": [
- {
- "modified_name": "svchost.exe",
- "modified_path": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d5384db2d7070b0675d3872fbd5130a8.JPG",
- "original_name": "svchost.exe",
- "original_path": "C:\\Windows\\system32\\svchost.exe"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2d8ac0.TMP"
- }
- ]
- },
- {
- "Description": "File has been identified by 11 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Kaspersky": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.PWSZbot.fh"
- },
- {
- "FireEye": "Generic.mg.d5384db2d7070b06"
- },
- {
- "Webroot": "W32.Trojan.Gen"
- },
- {
- "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "AVG": "FileRepMalware"
- },
- {
- "Avast": "FileRepMalware"
- },
- {
- "Qihoo-360": "HEUR/QVM41.1.1B03.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Attempts to disable Windows Defender",
- "Details": []
- }
- ]
- [*] Started Service: [
- "KeyIso"
- ]
- [*] Executed Commands: [
- "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend",
- "cmd /c sc stop WinDefend",
- "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend",
- "cmd /c sc delete WinDefend",
- "C:\\Windows\\system32\\cmd.exe /c sc stop WinDefend",
- "C:\\Windows\\system32\\cmd.exe /c sc delete WinDefend",
- "C:\\Windows\\system32\\cmd.exe /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "C:\\Windows\\system32\\svchost.exe",
- "powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "sc stop WinDefend",
- "sc delete WinDefend",
- "C:\\Windows\\system32\\lsass.exe"
- ]
- [*] Mutexes: [
- "Local\\ZoneAttributeCacheCounterMutex",
- "Local\\ZonesCacheCounterMutex",
- "Local\\ZonesLockedCacheCounterMutex",
- "Global\\CLR_CASOFF_MUTEX",
- "Global\\838B6C9EB27932960"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-0000000000-0000000000-0000000000-1000\\00000000-0000-0000-0000-000000000000b_00000000-0000-0000-0000-000000000000",
- "C:\\Users\\user\\AppData\\Local\\Temp\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
- "\\??\\PIPE\\srvsvc",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\WRQWGDBMYTMRCUSWV26C.temp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2d8ac0.TMP",
- "C:\\Windows\\SysWOW64\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\UUXBZ3GDDUYBH6EOMW6G.temp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2d8ac0.TMP",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.372.2993859",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.372.2993859",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.372.2993859",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\UUXBZ3GDDUYBH6EOMW6G.temp",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.2392.3015343",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2392.3015343",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.2392.3015343"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\DisableAntiSpyware",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableBehaviorMonitoring",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnAccessProtection",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnRealtimeEnable",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection",
- "DisableNotifications",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
- ]
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "InitCommonControlsEx",
- "address": "0x404008"
- },
- {
- "name": null,
- "address": "0x40400c"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "IsDebuggerPresent",
- "address": "0x404044"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x404048"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x40404c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x404050"
- },
- {
- "name": "TerminateProcess",
- "address": "0x404054"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x404058"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x40405c"
- },
- {
- "name": "Sleep",
- "address": "0x404060"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x404064"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x404068"
- },
- {
- "name": "LocalFree",
- "address": "0x40406c"
- },
- {
- "name": "FormatMessageA",
- "address": "0x404070"
- },
- {
- "name": "GetLastError",
- "address": "0x404074"
- },
- {
- "name": "ReadFile",
- "address": "0x404078"
- },
- {
- "name": "GetTickCount",
- "address": "0x40407c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x404080"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x404084"
- },
- {
- "name": "CreateFileMappingW",
- "address": "0x404088"
- },
- {
- "name": "MapViewOfFile",
- "address": "0x40408c"
- },
- {
- "name": "CreateFileA",
- "address": "0x404090"
- },
- {
- "name": "GetFileSize",
- "address": "0x404094"
- },
- {
- "name": "InterlockedCompareExchange",
- "address": "0x404098"
- },
- {
- "name": "CloseHandle",
- "address": "0x40409c"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "ShowCursor",
- "address": "0x40413c"
- },
- {
- "name": "SetCursor",
- "address": "0x404140"
- },
- {
- "name": "LoadCursorA",
- "address": "0x404144"
- },
- {
- "name": "InvalidateRect",
- "address": "0x404148"
- },
- {
- "name": "MoveWindow",
- "address": "0x40414c"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x404150"
- },
- {
- "name": "SendMessageA",
- "address": "0x404154"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x404158"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x40415c"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x404160"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x404164"
- },
- {
- "name": "RegisterClassA",
- "address": "0x404168"
- },
- {
- "name": "LoadIconA",
- "address": "0x40416c"
- },
- {
- "name": "ShowWindow",
- "address": "0x404170"
- },
- {
- "name": "TranslateMessage",
- "address": "0x404174"
- },
- {
- "name": "GetMessageA",
- "address": "0x404178"
- },
- {
- "name": "GetDC",
- "address": "0x40417c"
- },
- {
- "name": "CreateMenu",
- "address": "0x404180"
- },
- {
- "name": "AppendMenuA",
- "address": "0x404184"
- },
- {
- "name": "SetMenu",
- "address": "0x404188"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x40418c"
- },
- {
- "name": "UpdateWindow",
- "address": "0x404190"
- },
- {
- "name": "BeginPaint",
- "address": "0x404194"
- },
- {
- "name": "GetClientRect",
- "address": "0x404198"
- },
- {
- "name": "FillRect",
- "address": "0x40419c"
- },
- {
- "name": "EndPaint",
- "address": "0x4041a0"
- },
- {
- "name": "ScrollWindowEx",
- "address": "0x4041a4"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x4041a8"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4041ac"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4041b0"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "BitBlt",
- "address": "0x40401c"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x404020"
- },
- {
- "name": "SetDIBitsToDevice",
- "address": "0x404024"
- },
- {
- "name": "SelectObject",
- "address": "0x404028"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x40402c"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x404030"
- },
- {
- "name": "DeleteDC",
- "address": "0x404034"
- },
- {
- "name": "GetStockObject",
- "address": "0x404038"
- },
- {
- "name": "DeleteObject",
- "address": "0x40403c"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameA",
- "address": "0x404014"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "CryptAcquireContextA",
- "address": "0x404000"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ",
- "address": "0x4040a4"
- },
- {
- "name": "??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ",
- "address": "0x4040a8"
- },
- {
- "name": "??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z",
- "address": "0x4040ac"
- },
- {
- "name": "??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z",
- "address": "0x4040b0"
- },
- {
- "name": "??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z",
- "address": "0x4040b4"
- }
- ],
- "dll": "MSVCP90.dll"
- },
- {
- "imports": [
- {
- "name": "_lock",
- "address": "0x4040bc"
- },
- {
- "name": "__dllonexit",
- "address": "0x4040c0"
- },
- {
- "name": "_unlock",
- "address": "0x4040c4"
- },
- {
- "name": "?terminate@@YAXXZ",
- "address": "0x4040c8"
- },
- {
- "name": "_crt_debugger_hook",
- "address": "0x4040cc"
- },
- {
- "name": "_onexit",
- "address": "0x4040d0"
- },
- {
- "name": "__set_app_type",
- "address": "0x4040d4"
- },
- {
- "name": "_encode_pointer",
- "address": "0x4040d8"
- },
- {
- "name": "__p__fmode",
- "address": "0x4040dc"
- },
- {
- "name": "__p__commode",
- "address": "0x4040e0"
- },
- {
- "name": "_adjust_fdiv",
- "address": "0x4040e4"
- },
- {
- "name": "__setusermatherr",
- "address": "0x4040e8"
- },
- {
- "name": "_decode_pointer",
- "address": "0x4040ec"
- },
- {
- "name": "_except_handler4_common",
- "address": "0x4040f0"
- },
- {
- "name": "_invoke_watson",
- "address": "0x4040f4"
- },
- {
- "name": "_controlfp_s",
- "address": "0x4040f8"
- },
- {
- "name": "malloc",
- "address": "0x4040fc"
- },
- {
- "name": "free",
- "address": "0x404100"
- },
- {
- "name": "sprintf",
- "address": "0x404104"
- },
- {
- "name": "__CxxFrameHandler3",
- "address": "0x404108"
- },
- {
- "name": "_amsg_exit",
- "address": "0x40410c"
- },
- {
- "name": "__getmainargs",
- "address": "0x404110"
- },
- {
- "name": "_cexit",
- "address": "0x404114"
- },
- {
- "name": "_exit",
- "address": "0x404118"
- },
- {
- "name": "_XcptFilter",
- "address": "0x40411c"
- },
- {
- "name": "_ismbblead",
- "address": "0x404120"
- },
- {
- "name": "exit",
- "address": "0x404124"
- },
- {
- "name": "_acmdln",
- "address": "0x404128"
- },
- {
- "name": "_initterm",
- "address": "0x40412c"
- },
- {
- "name": "_initterm_e",
- "address": "0x404130"
- },
- {
- "name": "_configthreadlocale",
- "address": "0x404134"
- }
- ],
- "dll": "MSVCR90.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00057a06",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00057a06",
- "icon_hash": null,
- "entrypoint": "0x00402a57",
- "timestamp": "2019-06-25 13:41:15",
- "osversion": "5.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00002200",
- "entropy": "6.20",
- "raw_address": "0x00000400",
- "virtual_size": "0x00002164",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00004000",
- "size_of_data": "0x00039e00",
- "entropy": "6.06",
- "raw_address": "0x00002600",
- "virtual_size": "0x00039c8e",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0003e000",
- "size_of_data": "0x00000200",
- "entropy": "0.81",
- "raw_address": "0x0003c400",
- "virtual_size": "0x00000744",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0003f000",
- "size_of_data": "0x00013c00",
- "entropy": "4.81",
- "raw_address": "0x0003c600",
- "virtual_size": "0x00013a42",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0003d1cc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000b4"
- },
- {
- "virtual_address": "0x0003f000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00013a42"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000041e0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0003cff8",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00004000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001b8"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "e7090938ed62dc17f7da4646537d15ac",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "000000000000000000000000000000000000000000000000000000000000",
- "imported_dll_count": 8,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "cryptsp.dll.CryptAcquireContextA",
- "kernel32.dll.VirtualAlloc",
- "ntdll.dll.memcpy",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.CloseHandle",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "kernel32.dll.Wow64EnableWow64FsRedirection",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegCreateKeyW",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegSetValueExW",
- "shell32.dll.ShellExecuteA",
- "ole32.dll.OleInitialize",
- "cryptbase.dll.SystemFunction036",
- "ole32.dll.CreateBindCtx",
- "ole32.dll.CoTaskMemAlloc",
- "propsys.dll.PSCreateMemoryPropertyStore",
- "propsys.dll.PSPropertyBag_WriteDWORD",
- "ole32.dll.CoGetApartmentType",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoTaskMemFree",
- "comctl32.dll.#236",
- "oleaut32.dll.#6",
- "ole32.dll.CoGetMalloc",
- "propsys.dll.PSPropertyBag_ReadDWORD",
- "propsys.dll.PSPropertyBag_ReadGUID",
- "comctl32.dll.#320",
- "comctl32.dll.#324",
- "comctl32.dll.#323",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.OpenThreadToken",
- "ole32.dll.StringFromGUID2",
- "apphelp.dll.ApphelpCheckShellObject",
- "ole32.dll.CoCreateInstance",
- "urlmon.dll.CreateUri",
- "kernel32.dll.InitializeSRWLock",
- "kernel32.dll.AcquireSRWLockExclusive",
- "kernel32.dll.AcquireSRWLockShared",
- "kernel32.dll.ReleaseSRWLockExclusive",
- "kernel32.dll.ReleaseSRWLockShared",
- "comctl32.dll.#328",
- "comctl32.dll.#334",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "oleaut32.dll.#2",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "shell32.dll.#102",
- "propsys.dll.PSPropertyBag_ReadStrAlloc",
- "comctl32.dll.#332",
- "ole32.dll.CoInitializeEx",
- "comctl32.dll.#386",
- "advapi32.dll.InitializeSecurityDescriptor",
- "advapi32.dll.SetEntriesInAclW",
- "ntmarta.dll.GetMartaExtensionInterface",
- "advapi32.dll.SetSecurityDescriptorDacl",
- "advapi32.dll.IsTextUnicode",
- "comctl32.dll.#338",
- "comctl32.dll.#339",
- "ole32.dll.CoUninitialize",
- "sechost.dll.ConvertSidToStringSidW",
- "profapi.dll.#104",
- "propsys.dll.#430",
- "advapi32.dll.RegGetValueW",
- "ole32.dll.CoTaskMemRealloc",
- "propsys.dll.InitPropVariantFromStringAsVector",
- "propsys.dll.PSCoerceToCanonicalValue",
- "propsys.dll.PropVariantToStringAlloc",
- "ole32.dll.PropVariantClear",
- "ole32.dll.CoAllowSetForegroundWindow",
- "shell32.dll.SHGetFolderPathW",
- "advapi32.dll.SaferGetPolicyInformation",
- "ntdll.dll.RtlDllShutdownInProgress",
- "comctl32.dll.#329",
- "ole32.dll.OleUninitialize",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "oleaut32.dll.#500",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptEncrypt",
- "cryptsp.dll.CryptImportKey",
- "cryptbase.dll.SystemFunction040",
- "cryptbase.dll.SystemFunction041",
- "cryptsp.dll.CryptEncrypt",
- "advapi32.dll.UnregisterTraceGuids",
- "comctl32.dll.#321",
- "kernel32.dll.SetThreadUILanguage",
- "kernel32.dll.CopyFileExW",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.SetConsoleInputExeNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "shell32.dll.#66",
- "comctl32.dll.#385",
- "comctl32.dll.#336",
- "linkinfo.dll.IsValidLinkInfo",
- "propsys.dll.#417",
- "propsys.dll.PSGetNameFromPropertyKey",
- "propsys.dll.PSStringFromPropertyKey",
- "propsys.dll.InitVariantFromBuffer",
- "oleaut32.dll.#9",
- "propsys.dll.PropVariantToGUID",
- "comctl32.dll.#333",
- "linkinfo.dll.CreateLinkInfoW",
- "user32.dll.IsCharAlphaW",
- "user32.dll.CharPrevW",
- "ntshrui.dll.GetNetResourceFromLocalPathW",
- "srvcli.dll.NetShareEnum",
- "cscapi.dll.CscNetApiGetInterface",
- "slc.dll.SLGetWindowsInformationDWORD",
- "shlwapi.dll.PathRemoveFileSpecW",
- "linkinfo.dll.DestroyLinkInfo",
- "propsys.dll.PropVariantToBoolean",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "cryptsp.dll.CryptReleaseContext",
- "advapi32.dll.GetSecurityInfo",
- "advapi32.dll.SetSecurityInfo",
- "advapi32.dll.GetSecurityDescriptorControl",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegQueryValueExW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll.DllGetClassObjectInternal",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlVirtualUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsFree",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "kernel32.dll.GlobalMemoryStatusEx",
- "ole32.dll.CoGetContextToken",
- "oleaut32.dll.#149",
- "kernel32.dll.GetUserDefaultUILanguage",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "version.dll.GetFileVersionInfoSizeW",
- "version.dll.GetFileVersionInfoW",
- "version.dll.VerQueryValueW",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "mscoree.dll.ND_RI2",
- "kernel32.dll.lstrcpy",
- "kernel32.dll.lstrcpyW",
- "version.dll.VerLanguageNameW",
- "kernel32.dll.GetCurrentProcessId",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "kernel32.dll.OpenProcess",
- "psapi.dll.EnumProcessModules",
- "psapi.dll.GetModuleInformation",
- "psapi.dll.GetModuleBaseNameW",
- "psapi.dll.GetModuleFileNameExW",
- "kernel32.dll.GetExitCodeProcess",
- "ntdll.dll.NtQuerySystemInformation",
- "user32.dll.EnumWindows",
- "user32.dll.GetWindowThreadProcessId",
- "kernel32.dll.WerSetFlags",
- "kernel32.dll.SetThreadPreferredUILanguages",
- "kernel32.dll.GetThreadPreferredUILanguages",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.GetEnvironmentVariableW",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptDestroyHash",
- "cryptsp.dll.CryptDestroyKey",
- "mscoree.dll.GetTokenForVTableEntry",
- "mscoree.dll.SetTargetForVTableEntry",
- "mscoree.dll.GetTargetForVTableEntry",
- "culture.dll.ConvertLangIdToCultureName",
- "ole32.dll.CoCreateGuid",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetConsoleScreenBufferInfo",
- "kernel32.dll.LocalFree",
- "kernel32.dll.LocalAlloc",
- "mscoree.dll.ND_RI4",
- "advapi32.dll.DuplicateTokenEx",
- "advapi32.dll.CheckTokenMembership",
- "kernel32.dll.GetConsoleTitleW",
- "mscorjit.dll.getJit",
- "kernel32.dll.SetConsoleTitleW",
- "kernel32.dll.SetConsoleCtrlHandler",
- "kernel32.dll.CreateEventW",
- "ntdll.dll.WinSqmIsOptedIn",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.SetEnvironmentVariableW",
- "kernel32.dll.GetACP",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.GetFileType",
- "kernel32.dll.ReadFile",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.VirtualQuery",
- "secur32.dll.GetUserNameExW",
- "advapi32.dll.GetUserNameW",
- "kernel32.dll.ReleaseMutex",
- "advapi32.dll.RegisterEventSourceW",
- "advapi32.dll.DeregisterEventSource",
- "advapi32.dll.ReportEventW",
- "kernel32.dll.GetLogicalDrives",
- "kernel32.dll.GetDriveTypeW",
- "kernel32.dll.GetVolumeInformationW",
- "kernel32.dll.GetCurrentDirectoryW",
- "kernel32.dll.GetLastError",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.GetConsoleMode",
- "kernel32.dll.SetEvent",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindClose",
- "mscoree.dll.DllGetClassObject",
- "diasymreader.dll.DllGetClassObjectInternal",
- "kernel32.dll.GetConsoleOutputCP",
- "gdi32.dll.TranslateCharsetInfo",
- "kernel32.dll.SetConsoleTextAttribute",
- "kernel32.dll.WriteConsoleW",
- "mscoree.dll.CorExitProcess",
- "mscorwks.dll.CorExitProcess",
- "mscorwks.dll._CorDllMain",
- "kernel32.dll.CreateActCtxW",
- "kernel32.dll.AddRefActCtx",
- "kernel32.dll.ReleaseActCtx",
- "kernel32.dll.ActivateActCtx",
- "kernel32.dll.DeactivateActCtx",
- "kernel32.dll.GetCurrentActCtx",
- "kernel32.dll.QueryActCtxW",
- "netutils.dll.NetApiBufferFree",
- "kernel32.dll.IsProcessorFeaturePresent",
- "ntdll.dll.RtlUnwind",
- "mscoree.dll._CorExeMain",
- "mscoree.dll._CorImageUnloading",
- "mscoree.dll._CorValidateImage",
- "cryptsp.dll.CryptExportKey",
- "cryptsp.dll.CryptCreateHash",
- "kernel32.dll.SwitchToThread",
- "rpcrt4.dll.UuidFromStringW",
- "rpcrt4.dll.RpcBindingCreateW",
- "rpcrt4.dll.RpcBindingBind",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.StartServiceW",
- "sechost.dll.CloseServiceHandle"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "InitCommonControlsEx",
- "address": "0x404008"
- },
- {
- "name": null,
- "address": "0x40400c"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "IsDebuggerPresent",
- "address": "0x404044"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x404048"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x40404c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x404050"
- },
- {
- "name": "TerminateProcess",
- "address": "0x404054"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x404058"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x40405c"
- },
- {
- "name": "Sleep",
- "address": "0x404060"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x404064"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x404068"
- },
- {
- "name": "LocalFree",
- "address": "0x40406c"
- },
- {
- "name": "FormatMessageA",
- "address": "0x404070"
- },
- {
- "name": "GetLastError",
- "address": "0x404074"
- },
- {
- "name": "ReadFile",
- "address": "0x404078"
- },
- {
- "name": "GetTickCount",
- "address": "0x40407c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x404080"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x404084"
- },
- {
- "name": "CreateFileMappingW",
- "address": "0x404088"
- },
- {
- "name": "MapViewOfFile",
- "address": "0x40408c"
- },
- {
- "name": "CreateFileA",
- "address": "0x404090"
- },
- {
- "name": "GetFileSize",
- "address": "0x404094"
- },
- {
- "name": "InterlockedCompareExchange",
- "address": "0x404098"
- },
- {
- "name": "CloseHandle",
- "address": "0x40409c"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "ShowCursor",
- "address": "0x40413c"
- },
- {
- "name": "SetCursor",
- "address": "0x404140"
- },
- {
- "name": "LoadCursorA",
- "address": "0x404144"
- },
- {
- "name": "InvalidateRect",
- "address": "0x404148"
- },
- {
- "name": "MoveWindow",
- "address": "0x40414c"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x404150"
- },
- {
- "name": "SendMessageA",
- "address": "0x404154"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x404158"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x40415c"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x404160"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x404164"
- },
- {
- "name": "RegisterClassA",
- "address": "0x404168"
- },
- {
- "name": "LoadIconA",
- "address": "0x40416c"
- },
- {
- "name": "ShowWindow",
- "address": "0x404170"
- },
- {
- "name": "TranslateMessage",
- "address": "0x404174"
- },
- {
- "name": "GetMessageA",
- "address": "0x404178"
- },
- {
- "name": "GetDC",
- "address": "0x40417c"
- },
- {
- "name": "CreateMenu",
- "address": "0x404180"
- },
- {
- "name": "AppendMenuA",
- "address": "0x404184"
- },
- {
- "name": "SetMenu",
- "address": "0x404188"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x40418c"
- },
- {
- "name": "UpdateWindow",
- "address": "0x404190"
- },
- {
- "name": "BeginPaint",
- "address": "0x404194"
- },
- {
- "name": "GetClientRect",
- "address": "0x404198"
- },
- {
- "name": "FillRect",
- "address": "0x40419c"
- },
- {
- "name": "EndPaint",
- "address": "0x4041a0"
- },
- {
- "name": "ScrollWindowEx",
- "address": "0x4041a4"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x4041a8"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4041ac"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4041b0"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "BitBlt",
- "address": "0x40401c"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x404020"
- },
- {
- "name": "SetDIBitsToDevice",
- "address": "0x404024"
- },
- {
- "name": "SelectObject",
- "address": "0x404028"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x40402c"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x404030"
- },
- {
- "name": "DeleteDC",
- "address": "0x404034"
- },
- {
- "name": "GetStockObject",
- "address": "0x404038"
- },
- {
- "name": "DeleteObject",
- "address": "0x40403c"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameA",
- "address": "0x404014"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "CryptAcquireContextA",
- "address": "0x404000"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ",
- "address": "0x4040a4"
- },
- {
- "name": "??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ",
- "address": "0x4040a8"
- },
- {
- "name": "??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z",
- "address": "0x4040ac"
- },
- {
- "name": "??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z",
- "address": "0x4040b0"
- },
- {
- "name": "??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z",
- "address": "0x4040b4"
- }
- ],
- "dll": "MSVCP90.dll"
- },
- {
- "imports": [
- {
- "name": "_lock",
- "address": "0x4040bc"
- },
- {
- "name": "__dllonexit",
- "address": "0x4040c0"
- },
- {
- "name": "_unlock",
- "address": "0x4040c4"
- },
- {
- "name": "?terminate@@YAXXZ",
- "address": "0x4040c8"
- },
- {
- "name": "_crt_debugger_hook",
- "address": "0x4040cc"
- },
- {
- "name": "_onexit",
- "address": "0x4040d0"
- },
- {
- "name": "__set_app_type",
- "address": "0x4040d4"
- },
- {
- "name": "_encode_pointer",
- "address": "0x4040d8"
- },
- {
- "name": "__p__fmode",
- "address": "0x4040dc"
- },
- {
- "name": "__p__commode",
- "address": "0x4040e0"
- },
- {
- "name": "_adjust_fdiv",
- "address": "0x4040e4"
- },
- {
- "name": "__setusermatherr",
- "address": "0x4040e8"
- },
- {
- "name": "_decode_pointer",
- "address": "0x4040ec"
- },
- {
- "name": "_except_handler4_common",
- "address": "0x4040f0"
- },
- {
- "name": "_invoke_watson",
- "address": "0x4040f4"
- },
- {
- "name": "_controlfp_s",
- "address": "0x4040f8"
- },
- {
- "name": "malloc",
- "address": "0x4040fc"
- },
- {
- "name": "free",
- "address": "0x404100"
- },
- {
- "name": "sprintf",
- "address": "0x404104"
- },
- {
- "name": "__CxxFrameHandler3",
- "address": "0x404108"
- },
- {
- "name": "_amsg_exit",
- "address": "0x40410c"
- },
- {
- "name": "__getmainargs",
- "address": "0x404110"
- },
- {
- "name": "_cexit",
- "address": "0x404114"
- },
- {
- "name": "_exit",
- "address": "0x404118"
- },
- {
- "name": "_XcptFilter",
- "address": "0x40411c"
- },
- {
- "name": "_ismbblead",
- "address": "0x404120"
- },
- {
- "name": "exit",
- "address": "0x404124"
- },
- {
- "name": "_acmdln",
- "address": "0x404128"
- },
- {
- "name": "_initterm",
- "address": "0x40412c"
- },
- {
- "name": "_initterm_e",
- "address": "0x404130"
- },
- {
- "name": "_configthreadlocale",
- "address": "0x404134"
- }
- ],
- "dll": "MSVCR90.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00057a06",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00057a06",
- "icon_hash": null,
- "entrypoint": "0x00402a57",
- "timestamp": "2019-06-25 13:41:15",
- "osversion": "5.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00002200",
- "entropy": "6.20",
- "raw_address": "0x00000400",
- "virtual_size": "0x00002164",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00004000",
- "size_of_data": "0x00039e00",
- "entropy": "6.06",
- "raw_address": "0x00002600",
- "virtual_size": "0x00039c8e",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0003e000",
- "size_of_data": "0x00000200",
- "entropy": "0.81",
- "raw_address": "0x0003c400",
- "virtual_size": "0x00000744",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0003f000",
- "size_of_data": "0x00013c00",
- "entropy": "4.81",
- "raw_address": "0x0003c600",
- "virtual_size": "0x00013a42",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0003d1cc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000b4"
- },
- {
- "virtual_address": "0x0003f000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00013a42"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000041e0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0003cff8",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00004000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001b8"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "e7090938ed62dc17f7da4646537d15ac",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "000000000000000000000000000000000000000000000000000000000000",
- "imported_dll_count": 8,
- "versioninfo": []
- }
- }
Add Comment
Please, Sign In to add comment