Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Malicious"
- [*] MalScore: 10.0
- [*] File Name: "AZORult_feef0d74.exe"
- [*] File Size: 438272
- [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
- [*] SHA256: "c24a44ad7a2cccc0b48c881087bbcacca2754321110bacd9eb7e71687117a75d"
- [*] MD5: "4397e615d317a9645c9f1b95f50509bf"
- [*] SHA1: "9a37b97ce2b76b2a4b5a82c03f7e1f615824f76b"
- [*] SHA512: "ed40f1419f41e710c141156769eb51d957ee2d47d3f01eb95506039ff2655ceb2a46822f00c6e081b45991f0619a6d617b16ae71f89d6bb54f07e4e5351999a4"
- [*] CRC32: "FEEF0D74"
- [*] SSDEEP: "6144:G8afWfuCiCEfwdciYYx8+W5dF/u+wBkfzBYqVKtplV4UszE7hvriKi:G6ueEMPvWc+6bqVKQUszE7hvxi"
- [*] Process Execution: [
- "AZORult_feef0d74.exe",
- "AZORult_feef0d74.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "AZORult_feef0d74.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\AZORult_feef0d74.exe"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .rsrc, entropy: 6.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00038e00, virtual_size: 0x00038cd5"
- }
- ]
- },
- {
- "Description": "File has been identified by 29 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.Ser.Mikey.443"
- },
- {
- "FireEye": "Generic.mg.4397e615d317a964"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "K7GW": "Trojan ( 0054ff161 )"
- },
- {
- "Arcabit": "Trojan.Ser.Mikey.443"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "APEX": "Malicious"
- },
- {
- "GData": "Gen:Variant.Ser.Mikey.443"
- },
- {
- "Kaspersky": "Trojan-PSW.Win32.Azorult.vny"
- },
- {
- "BitDefender": "Gen:Variant.Ser.Mikey.443"
- },
- {
- "Avast": "Win32:PWSX-gen [Trj]"
- },
- {
- "Rising": "Malware.Heuristic.MLite(84%) (AI-LITE:Gq/p8d8pLCKS2zQB3rl/nA)"
- },
- {
- "Ad-Aware": "Gen:Variant.Ser.Mikey.443"
- },
- {
- "Emsisoft": "Gen:Variant.Ser.Mikey.443 (B)"
- },
- {
- "F-Secure": "Trojan.TR/Crypt.Agent.bjamp"
- },
- {
- "Ikarus": "Trojan.MSIL.Inject"
- },
- {
- "ESET-NOD32": "a variant of Win32/Kryptik.GTXI"
- },
- {
- "Avira": "TR/Crypt.Agent.bjamp"
- },
- {
- "Microsoft": "TrojanSpy:Win32/Banload.AAA!bit"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "ZoneAlarm": "Trojan-PSW.Win32.Azorult.vny"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "Malwarebytes": "Trojan.MalPack.RES"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "Fortinet": "W32/Kryptik.GTWJ!tr"
- },
- {
- "AVG": "Win32:PWSX-gen [Trj]"
- },
- {
- "Cybereason": "malicious.ce2b76"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "Qihoo-360": "HEUR/QVM10.1.D565.Malware.Gen"
- }
- ]
- },
- {
- "Description": "Collects information to fingerprint the system",
- "Details": []
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\AZORult_feef0d74.exe\""
- ]
- [*] Mutexes: [
- "DBWinMutex",
- "A81FB8C60-BBE6E186-FC9B5DB5-36DA4559-33946726"
- ]
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "fdghfghdfghj.ru",
- "answers": [
- {
- "data": "",
- "type": "NXDOMAIN"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "92.242.140.2",
- "domain": "fdghfghdfghj.ru"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "GetProcessHeap",
- "address": "0x41c078"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x41c07c"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x41c080"
- },
- {
- "name": "GetCPInfo",
- "address": "0x41c084"
- },
- {
- "name": "GetOEMCP",
- "address": "0x41c088"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x41c08c"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x41c090"
- },
- {
- "name": "FindNextFileA",
- "address": "0x41c094"
- },
- {
- "name": "FindFirstFileExA",
- "address": "0x41c098"
- },
- {
- "name": "DecodePointer",
- "address": "0x41c09c"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x41c0a0"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x41c0a4"
- },
- {
- "name": "HeapSize",
- "address": "0x41c0a8"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x41c0ac"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x41c0b0"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x41c0b4"
- },
- {
- "name": "ReadFile",
- "address": "0x41c0b8"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x41c0bc"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x41c0c0"
- },
- {
- "name": "VirtualFree",
- "address": "0x41c0c4"
- },
- {
- "name": "VirtualProtect",
- "address": "0x41c0c8"
- },
- {
- "name": "GetPrivateProfileStructA",
- "address": "0x41c0cc"
- },
- {
- "name": "GetEnvironmentVariableW",
- "address": "0x41c0d0"
- },
- {
- "name": "FindClose",
- "address": "0x41c0d4"
- },
- {
- "name": "GetConsoleAliasExesLengthW",
- "address": "0x41c0d8"
- },
- {
- "name": "SetComputerNameA",
- "address": "0x41c0dc"
- },
- {
- "name": "_hread",
- "address": "0x41c0e0"
- },
- {
- "name": "CopyFileExW",
- "address": "0x41c0e4"
- },
- {
- "name": "TlsFree",
- "address": "0x41c0e8"
- },
- {
- "name": "UnregisterWait",
- "address": "0x41c0ec"
- },
- {
- "name": "FillConsoleOutputCharacterW",
- "address": "0x41c0f0"
- },
- {
- "name": "SetConsoleTitleW",
- "address": "0x41c0f4"
- },
- {
- "name": "Process32First",
- "address": "0x41c0f8"
- },
- {
- "name": "RequestWakeupLatency",
- "address": "0x41c0fc"
- },
- {
- "name": "FindNextChangeNotification",
- "address": "0x41c100"
- },
- {
- "name": "SetLocaleInfoA",
- "address": "0x41c104"
- },
- {
- "name": "DisableThreadLibraryCalls",
- "address": "0x41c108"
- },
- {
- "name": "LCMapStringW",
- "address": "0x41c10c"
- },
- {
- "name": "CompareStringW",
- "address": "0x41c110"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x41c114"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x41c118"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x41c11c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x41c120"
- },
- {
- "name": "InitializeSListHead",
- "address": "0x41c124"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x41c128"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x41c12c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x41c130"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x41c134"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x41c138"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x41c13c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x41c140"
- },
- {
- "name": "TerminateProcess",
- "address": "0x41c144"
- },
- {
- "name": "RtlUnwind",
- "address": "0x41c148"
- },
- {
- "name": "VirtualQuery",
- "address": "0x41c14c"
- },
- {
- "name": "GetLastError",
- "address": "0x41c150"
- },
- {
- "name": "SetLastError",
- "address": "0x41c154"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x41c158"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x41c15c"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x41c160"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x41c164"
- },
- {
- "name": "TlsAlloc",
- "address": "0x41c168"
- },
- {
- "name": "TlsGetValue",
- "address": "0x41c16c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x41c170"
- },
- {
- "name": "FreeLibrary",
- "address": "0x41c174"
- },
- {
- "name": "GetProcAddress",
- "address": "0x41c178"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x41c17c"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x41c180"
- },
- {
- "name": "SetEnvironmentVariableW",
- "address": "0x41c184"
- },
- {
- "name": "SetCurrentDirectoryW",
- "address": "0x41c188"
- },
- {
- "name": "GetCurrentDirectoryW",
- "address": "0x41c18c"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x41c190"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x41c194"
- },
- {
- "name": "ReadConsoleInputA",
- "address": "0x41c198"
- },
- {
- "name": "SetConsoleMode",
- "address": "0x41c19c"
- },
- {
- "name": "CloseHandle",
- "address": "0x41c1a0"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x41c1a4"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x41c1a8"
- },
- {
- "name": "CreateProcessA",
- "address": "0x41c1ac"
- },
- {
- "name": "GetLocalTime",
- "address": "0x41c1b0"
- },
- {
- "name": "SetStdHandle",
- "address": "0x41c1b4"
- },
- {
- "name": "GetFileType",
- "address": "0x41c1b8"
- },
- {
- "name": "GetStdHandle",
- "address": "0x41c1bc"
- },
- {
- "name": "WriteFile",
- "address": "0x41c1c0"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x41c1c4"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x41c1c8"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x41c1cc"
- },
- {
- "name": "ExitProcess",
- "address": "0x41c1d0"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x41c1d4"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x41c1d8"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x41c1dc"
- },
- {
- "name": "GetACP",
- "address": "0x41c1e0"
- },
- {
- "name": "HeapFree",
- "address": "0x41c1e4"
- },
- {
- "name": "HeapAlloc",
- "address": "0x41c1e8"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x41c1ec"
- },
- {
- "name": "RaiseException",
- "address": "0x41c1f0"
- },
- {
- "name": "CreateFileW",
- "address": "0x41c1f4"
- },
- {
- "name": "GetFileAttributesExW",
- "address": "0x41c1f8"
- },
- {
- "name": "ReadConsoleW",
- "address": "0x41c1fc"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "GetUpdateRect",
- "address": "0x41c204"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x41c208"
- },
- {
- "name": "SetMenuItemBitmaps",
- "address": "0x41c20c"
- },
- {
- "name": "MoveWindow",
- "address": "0x41c210"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x41c214"
- },
- {
- "name": "SetProcessWindowStation",
- "address": "0x41c218"
- },
- {
- "name": "PostThreadMessageW",
- "address": "0x41c21c"
- },
- {
- "name": "GetTabbedTextExtentW",
- "address": "0x41c220"
- },
- {
- "name": "DeleteMenu",
- "address": "0x41c224"
- },
- {
- "name": "RealGetWindowClass",
- "address": "0x41c228"
- },
- {
- "name": "BroadcastSystemMessageW",
- "address": "0x41c22c"
- },
- {
- "name": "GetClassInfoExW",
- "address": "0x41c230"
- },
- {
- "name": "WINNLSEnableIME",
- "address": "0x41c234"
- },
- {
- "name": "SetWindowsHookA",
- "address": "0x41c238"
- },
- {
- "name": "WaitForInputIdle",
- "address": "0x41c23c"
- },
- {
- "name": "DdeDisconnect",
- "address": "0x41c240"
- },
- {
- "name": "FlashWindowEx",
- "address": "0x41c244"
- },
- {
- "name": "InSendMessage",
- "address": "0x41c248"
- },
- {
- "name": "GetNextDlgTabItem",
- "address": "0x41c24c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateFontIndirectExA",
- "address": "0x41c038"
- },
- {
- "name": "GetColorSpace",
- "address": "0x41c03c"
- },
- {
- "name": "UpdateColors",
- "address": "0x41c040"
- },
- {
- "name": "CreatePalette",
- "address": "0x41c044"
- },
- {
- "name": "EqualRgn",
- "address": "0x41c048"
- },
- {
- "name": "GetRgnBox",
- "address": "0x41c04c"
- },
- {
- "name": "SetPixel",
- "address": "0x41c050"
- },
- {
- "name": "RemoveFontResourceExW",
- "address": "0x41c054"
- },
- {
- "name": "GetTextFaceW",
- "address": "0x41c058"
- },
- {
- "name": "GetGraphicsMode",
- "address": "0x41c05c"
- },
- {
- "name": "SelectObject",
- "address": "0x41c060"
- },
- {
- "name": "GetGlyphOutlineA",
- "address": "0x41c064"
- },
- {
- "name": "SetWindowExtEx",
- "address": "0x41c068"
- },
- {
- "name": "GdiGetPageHandle",
- "address": "0x41c06c"
- },
- {
- "name": "GetFontLanguageInfo",
- "address": "0x41c070"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "SetPrinterW",
- "address": "0x41c254"
- },
- {
- "name": "GetPrinterDataExW",
- "address": "0x41c258"
- },
- {
- "name": "EnumPortsW",
- "address": "0x41c25c"
- }
- ],
- "dll": "WINSPOOL.DRV"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameA",
- "address": "0x41c030"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "LsaOpenTrustedDomain",
- "address": "0x41c000"
- },
- {
- "name": "AreAnyAccessesGranted",
- "address": "0x41c004"
- },
- {
- "name": "LsaLookupPrivilegeName",
- "address": "0x41c008"
- },
- {
- "name": "QueryServiceConfigA",
- "address": "0x41c00c"
- },
- {
- "name": "LookupAccountNameW",
- "address": "0x41c010"
- },
- {
- "name": "SystemFunction031",
- "address": "0x41c014"
- },
- {
- "name": "AllocateAndInitializeSid",
- "address": "0x41c018"
- },
- {
- "name": "RegSaveKeyA",
- "address": "0x41c01c"
- },
- {
- "name": "BuildExplicitAccessWithNameW",
- "address": "0x41c020"
- },
- {
- "name": "CryptEnumProvidersA",
- "address": "0x41c024"
- },
- {
- "name": "AddUsersToEncryptedFile",
- "address": "0x41c028"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "CLSIDFromString",
- "address": "0x41c264"
- },
- {
- "name": "HWND_UserUnmarshal",
- "address": "0x41c268"
- },
- {
- "name": "OleCreateFromData",
- "address": "0x41c26c"
- },
- {
- "name": "CoAddRefServerProcess",
- "address": "0x41c270"
- },
- {
- "name": "ReadClassStg",
- "address": "0x41c274"
- },
- {
- "name": "WriteClassStg",
- "address": "0x41c278"
- }
- ],
- "dll": "ole32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00079b31",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00403bf9",
- "timestamp": "2019-06-11 13:23:14",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0001b000",
- "entropy": "6.69",
- "raw_address": "0x00000400",
- "virtual_size": "0x0001af27",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001c000",
- "size_of_data": "0x00008c00",
- "entropy": "5.16",
- "raw_address": "0x0001b400",
- "virtual_size": "0x00008b96",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00025000",
- "size_of_data": "0x0000b800",
- "entropy": "6.27",
- "raw_address": "0x00024000",
- "virtual_size": "0x0000c280",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".gfids",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00032000",
- "size_of_data": "0x00000600",
- "entropy": "2.89",
- "raw_address": "0x0002f800",
- "virtual_size": "0x000004b0",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00033000",
- "size_of_data": "0x00038e00",
- "entropy": "6.98",
- "raw_address": "0x0002fe00",
- "virtual_size": "0x00038cd5",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0006c000",
- "size_of_data": "0x00002400",
- "entropy": "6.62",
- "raw_address": "0x00068c00",
- "virtual_size": "0x00002300",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00023c9c",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000a0"
- },
- {
- "virtual_address": "0x00033000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00038cd5"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0006c000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00002300"
- },
- {
- "virtual_address": "0x00023410",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00023430",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001c000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000280"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f9828a7115467336fc1f5ae8124ddad0",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 7,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.LCMapStringEx",
- "crypt32.dll.CryptUnprotectData",
- "crtdll.dll.wcscmp",
- "gdiplus.dll.GdiplusStartup",
- "gdiplus.dll.GdiplusShutdown",
- "gdiplus.dll.GdipCreateBitmapFromHBITMAP",
- "gdiplus.dll.GdipGetImageEncodersSize",
- "gdiplus.dll.GdipGetImageEncoders",
- "gdiplus.dll.GdipDisposeImage",
- "gdiplus.dll.GdipSaveImageToStream",
- "ole32.dll.CreateStreamOnHGlobal",
- "ole32.dll.GetHGlobalFromStream",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "kernel32.dll.GetComputerNameW",
- "kernel32.dll.GlobalMemoryStatus",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.ReadFile",
- "kernel32.dll.GetFileAttributesW",
- "kernel32.dll.CreateMutexA",
- "kernel32.dll.ReleaseMutex",
- "kernel32.dll.GetLastError",
- "kernel32.dll.GetCurrentDirectoryW",
- "kernel32.dll.SetEnvironmentVariableW",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.SetCurrentDirectoryW",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindNextFileW",
- "kernel32.dll.LocalFree",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.CopyFileW",
- "kernel32.dll.FindClose",
- "kernel32.dll.GlobalMemoryStatusEx",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.Process32FirstW",
- "kernel32.dll.Process32NextW",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.SetDllDirectoryW",
- "kernel32.dll.GetLocaleInfoA",
- "kernel32.dll.GetLocalTime",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.RemoveDirectoryW",
- "kernel32.dll.DeleteFileW",
- "kernel32.dll.GetLogicalDriveStringsA",
- "kernel32.dll.GetDriveTypeA",
- "kernel32.dll.CreateProcessW",
- "advapi32.dll.GetUserNameW",
- "advapi32.dll.RegCreateKeyExW",
- "advapi32.dll.RegQueryValueExW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.LookupAccountSidA",
- "advapi32.dll.CreateProcessAsUserW",
- "advapi32.dll.CheckTokenMembership",
- "advapi32.dll.RegOpenKeyW",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptReleaseContext",
- "user32.dll.EnumDisplayDevicesW",
- "user32.dll.wvsprintfA",
- "user32.dll.GetKeyboardLayoutList",
- "shell32.dll.ShellExecuteExW",
- "ntdll.dll.RtlComputeCrc32",
- "sechost.dll.LookupAccountSidLocalA",
- "wininet.dll.InternetOpenA",
- "wininet.dll.InternetConnectA",
- "wininet.dll.HttpOpenRequestA",
- "wininet.dll.HttpAddRequestHeadersA",
- "wininet.dll.HttpSendRequestA",
- "wininet.dll.InternetReadFile",
- "wininet.dll.InternetCloseHandle",
- "wininet.dll.InternetCrackUrlA",
- "wininet.dll.InternetSetOptionA",
- "rasapi32.dll.RasConnectionNotificationW",
- "sechost.dll.NotifyServiceStatusChangeA",
- "cryptbase.dll.SystemFunction036",
- "wsock32.dll.WSAStartup",
- "wsock32.dll.gethostbyname",
- "wsock32.dll.socket",
- "wsock32.dll.send",
- "wsock32.dll.recv",
- "wsock32.dll.htons",
- "wsock32.dll.connect",
- "wsock32.dll.closesocket",
- "rpcrt4.dll.RpcBindingFree"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "GetProcessHeap",
- "address": "0x41c078"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x41c07c"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x41c080"
- },
- {
- "name": "GetCPInfo",
- "address": "0x41c084"
- },
- {
- "name": "GetOEMCP",
- "address": "0x41c088"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x41c08c"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x41c090"
- },
- {
- "name": "FindNextFileA",
- "address": "0x41c094"
- },
- {
- "name": "FindFirstFileExA",
- "address": "0x41c098"
- },
- {
- "name": "DecodePointer",
- "address": "0x41c09c"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x41c0a0"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x41c0a4"
- },
- {
- "name": "HeapSize",
- "address": "0x41c0a8"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x41c0ac"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x41c0b0"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x41c0b4"
- },
- {
- "name": "ReadFile",
- "address": "0x41c0b8"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x41c0bc"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x41c0c0"
- },
- {
- "name": "VirtualFree",
- "address": "0x41c0c4"
- },
- {
- "name": "VirtualProtect",
- "address": "0x41c0c8"
- },
- {
- "name": "GetPrivateProfileStructA",
- "address": "0x41c0cc"
- },
- {
- "name": "GetEnvironmentVariableW",
- "address": "0x41c0d0"
- },
- {
- "name": "FindClose",
- "address": "0x41c0d4"
- },
- {
- "name": "GetConsoleAliasExesLengthW",
- "address": "0x41c0d8"
- },
- {
- "name": "SetComputerNameA",
- "address": "0x41c0dc"
- },
- {
- "name": "_hread",
- "address": "0x41c0e0"
- },
- {
- "name": "CopyFileExW",
- "address": "0x41c0e4"
- },
- {
- "name": "TlsFree",
- "address": "0x41c0e8"
- },
- {
- "name": "UnregisterWait",
- "address": "0x41c0ec"
- },
- {
- "name": "FillConsoleOutputCharacterW",
- "address": "0x41c0f0"
- },
- {
- "name": "SetConsoleTitleW",
- "address": "0x41c0f4"
- },
- {
- "name": "Process32First",
- "address": "0x41c0f8"
- },
- {
- "name": "RequestWakeupLatency",
- "address": "0x41c0fc"
- },
- {
- "name": "FindNextChangeNotification",
- "address": "0x41c100"
- },
- {
- "name": "SetLocaleInfoA",
- "address": "0x41c104"
- },
- {
- "name": "DisableThreadLibraryCalls",
- "address": "0x41c108"
- },
- {
- "name": "LCMapStringW",
- "address": "0x41c10c"
- },
- {
- "name": "CompareStringW",
- "address": "0x41c110"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x41c114"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x41c118"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x41c11c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x41c120"
- },
- {
- "name": "InitializeSListHead",
- "address": "0x41c124"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x41c128"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x41c12c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x41c130"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x41c134"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x41c138"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x41c13c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x41c140"
- },
- {
- "name": "TerminateProcess",
- "address": "0x41c144"
- },
- {
- "name": "RtlUnwind",
- "address": "0x41c148"
- },
- {
- "name": "VirtualQuery",
- "address": "0x41c14c"
- },
- {
- "name": "GetLastError",
- "address": "0x41c150"
- },
- {
- "name": "SetLastError",
- "address": "0x41c154"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x41c158"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x41c15c"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x41c160"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x41c164"
- },
- {
- "name": "TlsAlloc",
- "address": "0x41c168"
- },
- {
- "name": "TlsGetValue",
- "address": "0x41c16c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x41c170"
- },
- {
- "name": "FreeLibrary",
- "address": "0x41c174"
- },
- {
- "name": "GetProcAddress",
- "address": "0x41c178"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x41c17c"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x41c180"
- },
- {
- "name": "SetEnvironmentVariableW",
- "address": "0x41c184"
- },
- {
- "name": "SetCurrentDirectoryW",
- "address": "0x41c188"
- },
- {
- "name": "GetCurrentDirectoryW",
- "address": "0x41c18c"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x41c190"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x41c194"
- },
- {
- "name": "ReadConsoleInputA",
- "address": "0x41c198"
- },
- {
- "name": "SetConsoleMode",
- "address": "0x41c19c"
- },
- {
- "name": "CloseHandle",
- "address": "0x41c1a0"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x41c1a4"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x41c1a8"
- },
- {
- "name": "CreateProcessA",
- "address": "0x41c1ac"
- },
- {
- "name": "GetLocalTime",
- "address": "0x41c1b0"
- },
- {
- "name": "SetStdHandle",
- "address": "0x41c1b4"
- },
- {
- "name": "GetFileType",
- "address": "0x41c1b8"
- },
- {
- "name": "GetStdHandle",
- "address": "0x41c1bc"
- },
- {
- "name": "WriteFile",
- "address": "0x41c1c0"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x41c1c4"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x41c1c8"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x41c1cc"
- },
- {
- "name": "ExitProcess",
- "address": "0x41c1d0"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x41c1d4"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x41c1d8"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x41c1dc"
- },
- {
- "name": "GetACP",
- "address": "0x41c1e0"
- },
- {
- "name": "HeapFree",
- "address": "0x41c1e4"
- },
- {
- "name": "HeapAlloc",
- "address": "0x41c1e8"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x41c1ec"
- },
- {
- "name": "RaiseException",
- "address": "0x41c1f0"
- },
- {
- "name": "CreateFileW",
- "address": "0x41c1f4"
- },
- {
- "name": "GetFileAttributesExW",
- "address": "0x41c1f8"
- },
- {
- "name": "ReadConsoleW",
- "address": "0x41c1fc"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "GetUpdateRect",
- "address": "0x41c204"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x41c208"
- },
- {
- "name": "SetMenuItemBitmaps",
- "address": "0x41c20c"
- },
- {
- "name": "MoveWindow",
- "address": "0x41c210"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x41c214"
- },
- {
- "name": "SetProcessWindowStation",
- "address": "0x41c218"
- },
- {
- "name": "PostThreadMessageW",
- "address": "0x41c21c"
- },
- {
- "name": "GetTabbedTextExtentW",
- "address": "0x41c220"
- },
- {
- "name": "DeleteMenu",
- "address": "0x41c224"
- },
- {
- "name": "RealGetWindowClass",
- "address": "0x41c228"
- },
- {
- "name": "BroadcastSystemMessageW",
- "address": "0x41c22c"
- },
- {
- "name": "GetClassInfoExW",
- "address": "0x41c230"
- },
- {
- "name": "WINNLSEnableIME",
- "address": "0x41c234"
- },
- {
- "name": "SetWindowsHookA",
- "address": "0x41c238"
- },
- {
- "name": "WaitForInputIdle",
- "address": "0x41c23c"
- },
- {
- "name": "DdeDisconnect",
- "address": "0x41c240"
- },
- {
- "name": "FlashWindowEx",
- "address": "0x41c244"
- },
- {
- "name": "InSendMessage",
- "address": "0x41c248"
- },
- {
- "name": "GetNextDlgTabItem",
- "address": "0x41c24c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateFontIndirectExA",
- "address": "0x41c038"
- },
- {
- "name": "GetColorSpace",
- "address": "0x41c03c"
- },
- {
- "name": "UpdateColors",
- "address": "0x41c040"
- },
- {
- "name": "CreatePalette",
- "address": "0x41c044"
- },
- {
- "name": "EqualRgn",
- "address": "0x41c048"
- },
- {
- "name": "GetRgnBox",
- "address": "0x41c04c"
- },
- {
- "name": "SetPixel",
- "address": "0x41c050"
- },
- {
- "name": "RemoveFontResourceExW",
- "address": "0x41c054"
- },
- {
- "name": "GetTextFaceW",
- "address": "0x41c058"
- },
- {
- "name": "GetGraphicsMode",
- "address": "0x41c05c"
- },
- {
- "name": "SelectObject",
- "address": "0x41c060"
- },
- {
- "name": "GetGlyphOutlineA",
- "address": "0x41c064"
- },
- {
- "name": "SetWindowExtEx",
- "address": "0x41c068"
- },
- {
- "name": "GdiGetPageHandle",
- "address": "0x41c06c"
- },
- {
- "name": "GetFontLanguageInfo",
- "address": "0x41c070"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "SetPrinterW",
- "address": "0x41c254"
- },
- {
- "name": "GetPrinterDataExW",
- "address": "0x41c258"
- },
- {
- "name": "EnumPortsW",
- "address": "0x41c25c"
- }
- ],
- "dll": "WINSPOOL.DRV"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameA",
- "address": "0x41c030"
- }
- ],
- "dll": "COMDLG32.dll"
- },
- {
- "imports": [
- {
- "name": "LsaOpenTrustedDomain",
- "address": "0x41c000"
- },
- {
- "name": "AreAnyAccessesGranted",
- "address": "0x41c004"
- },
- {
- "name": "LsaLookupPrivilegeName",
- "address": "0x41c008"
- },
- {
- "name": "QueryServiceConfigA",
- "address": "0x41c00c"
- },
- {
- "name": "LookupAccountNameW",
- "address": "0x41c010"
- },
- {
- "name": "SystemFunction031",
- "address": "0x41c014"
- },
- {
- "name": "AllocateAndInitializeSid",
- "address": "0x41c018"
- },
- {
- "name": "RegSaveKeyA",
- "address": "0x41c01c"
- },
- {
- "name": "BuildExplicitAccessWithNameW",
- "address": "0x41c020"
- },
- {
- "name": "CryptEnumProvidersA",
- "address": "0x41c024"
- },
- {
- "name": "AddUsersToEncryptedFile",
- "address": "0x41c028"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "CLSIDFromString",
- "address": "0x41c264"
- },
- {
- "name": "HWND_UserUnmarshal",
- "address": "0x41c268"
- },
- {
- "name": "OleCreateFromData",
- "address": "0x41c26c"
- },
- {
- "name": "CoAddRefServerProcess",
- "address": "0x41c270"
- },
- {
- "name": "ReadClassStg",
- "address": "0x41c274"
- },
- {
- "name": "WriteClassStg",
- "address": "0x41c278"
- }
- ],
- "dll": "ole32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00079b31",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00403bf9",
- "timestamp": "2019-06-11 13:23:14",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0001b000",
- "entropy": "6.69",
- "raw_address": "0x00000400",
- "virtual_size": "0x0001af27",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001c000",
- "size_of_data": "0x00008c00",
- "entropy": "5.16",
- "raw_address": "0x0001b400",
- "virtual_size": "0x00008b96",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00025000",
- "size_of_data": "0x0000b800",
- "entropy": "6.27",
- "raw_address": "0x00024000",
- "virtual_size": "0x0000c280",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".gfids",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00032000",
- "size_of_data": "0x00000600",
- "entropy": "2.89",
- "raw_address": "0x0002f800",
- "virtual_size": "0x000004b0",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00033000",
- "size_of_data": "0x00038e00",
- "entropy": "6.98",
- "raw_address": "0x0002fe00",
- "virtual_size": "0x00038cd5",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0006c000",
- "size_of_data": "0x00002400",
- "entropy": "6.62",
- "raw_address": "0x00068c00",
- "virtual_size": "0x00002300",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00023c9c",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000a0"
- },
- {
- "virtual_address": "0x00033000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00038cd5"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0006c000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00002300"
- },
- {
- "virtual_address": "0x00023410",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00023430",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0001c000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000280"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f9828a7115467336fc1f5ae8124ddad0",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 7,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement