Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_ffdc7e68.1"
- [*] File Size: 265216
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "4f85cd4bc4743dad3c0dffa0f90eb9359e8924a03307904949548af183caa431"
- [*] MD5: "29d3c08d5f9fcbbef6ea5493907f91d8"
- [*] SHA1: "7bd1a9c718eed2a9283deaad8cd1421436f3445a"
- [*] SHA512: "3b603f0cee8643b5dc50dc1a4d018f4c474ccb767e222440a54e393179e326897a512c045a61042e185ab804b344d2cf77065ba6ff224627597836ceb93f28e7"
- [*] CRC32: "FFDC7E68"
- [*] SSDEEP: "3072:MNKaFoZXyneDiIPNzApGXwAT/ModCV9Ztkkp6ioTp3l0/wJBVpKWxw0UEkwfx:coZCneu8NEKkodCpbfo1S4iWxwBKfx"
- [*] Process Execution: [
- "Exes_ffdc7e68.1",
- "winpojg.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details": [
- {
- "IP": "98.137.159.25:25"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details": [
- {
- "process": "winpojg.exe, PID 2764"
- }
- ]
- },
- {
- "Description": "Drops a binary and executes it",
- "Details": [
- {
- "binary": "C:\\Windows\\3143782112822236\\winpojg.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "winpojg.exe (2764) called API GlobalMemoryStatus 2165386 times"
- },
- {
- "Spam": "Exes_ffdc7e68.1 (1748) called API GlobalMemoryStatus 2165386 times"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 8970679586"
- },
- {
- "data": "C:\\Windows\\3143782112822236\\winpojg.exe"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 8970679586"
- },
- {
- "data": "C:\\Windows\\3143782112822236\\winpojg.exe"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Windows\\3143782112822236"
- },
- {
- "file": "C:\\Windows\\3143782112822236\\winpojg.exe"
- }
- ]
- },
- {
- "Description": "File has been identified by 37 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.32054066"
- },
- {
- "Qihoo-360": "HEUR/QVM10.2.D05B.Malware.Gen"
- },
- {
- "McAfee": "RDN/Generic.dx"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "K7GW": "Riskware ( 0040eff71 )"
- },
- {
- "Symantec": "ML.Attribute.HighConfidence"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Kaspersky": "Trojan.Win32.Zonidel.egu"
- },
- {
- "BitDefender": "Trojan.GenericKD.32054066"
- },
- {
- "ViRobot": "Trojan.Win32.Z.Zonidel.265216"
- },
- {
- "AegisLab": "Trojan.Multi.Generic.4!c"
- },
- {
- "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Sophos": "Mal/Generic-S"
- },
- {
- "F-Secure": "Trojan.TR/AD.Phorpiex.efijh"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "Artemis!Trojan"
- },
- {
- "FireEye": "Generic.mg.29d3c08d5f9fcbbe"
- },
- {
- "Emsisoft": "Trojan.GenericKD.32054066 (B)"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "Webroot": "W32.Trojan.Gen"
- },
- {
- "Avira": "TR/AD.Phorpiex.efijh"
- },
- {
- "Microsoft": "Trojan:Win32/Gandcrab.AF"
- },
- {
- "Arcabit": "Trojan.Generic.D1E91B32"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Crypted.R275704"
- },
- {
- "ZoneAlarm": "Trojan.Win32.Zonidel.egu"
- },
- {
- "GData": "Trojan.GenericKD.32054066"
- },
- {
- "ESET-NOD32": "a variant of Win32/Kryptik.GTYE"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.32054066"
- },
- {
- "Tencent": "Win32.Trojan.Zonidel.Hufz"
- },
- {
- "Ikarus": "Trojan.Win32.Krypt"
- },
- {
- "Fortinet": "W32/Kryptik.GTVG!tr"
- },
- {
- "AVG": "FileRepMalware"
- },
- {
- "Avast": "FileRepMalware"
- },
- {
- "CrowdStrike": "win/malicious_confidence_80% (W)"
- }
- ]
- },
- {
- "Description": "Operates on local firewall's policies and settings",
- "Details": []
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\Windows\\3143782112822236\\winpojg.exe"
- }
- ]
- },
- {
- "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_ffdc7e68.1:Zone.Iduentifier"
- },
- {
- "file": "C:\\Windows\\3143782112822236\\winpojg.exe:Zone.Iduentifier"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "C:\\Windows\\3143782112822236\\winpojg.exe"
- ]
- [*] Mutexes: [
- "8970679586"
- ]
- [*] Modified Files: [
- "C:\\Windows\\3143782112822236\\winpojg.exe"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_ffdc7e68.1:Zone.Iduentifier",
- "C:\\Windows\\3143782112822236\\winpojg.exe:Zone.Iduentifier"
- ]
- [*] Modified Registry Keys: [
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 8970679586",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 8970679586"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "MX",
- "request": "yahoo.com",
- "answers": [
- {
- "data": "mta5.am0.yahoodns.net",
- "type": "MX"
- },
- {
- "data": "mta7.am0.yahoodns.net",
- "type": "MX"
- },
- {
- "data": "mta6.am0.yahoodns.net",
- "type": "MX"
- }
- ]
- },
- {
- "type": "A",
- "request": "mta7.am0.yahoodns.net",
- "answers": [
- {
- "data": "74.6.137.63",
- "type": "A"
- },
- {
- "data": "74.6.137.65",
- "type": "A"
- },
- {
- "data": "66.218.85.52",
- "type": "A"
- },
- {
- "data": "98.137.159.27",
- "type": "A"
- },
- {
- "data": "98.137.159.25",
- "type": "A"
- },
- {
- "data": "98.137.159.24",
- "type": "A"
- },
- {
- "data": "98.137.159.28",
- "type": "A"
- },
- {
- "data": "67.195.228.111",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "98.137.159.27",
- "domain": "mta7.am0.yahoodns.net"
- },
- {
- "ip": "98.137.246.8",
- "domain": "yahoo.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "UnlockFile",
- "address": "0x426014"
- },
- {
- "name": "GetNumberFormatA",
- "address": "0x426018"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x42601c"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x426020"
- },
- {
- "name": "GetBinaryTypeA",
- "address": "0x426024"
- },
- {
- "name": "ReplaceFileW",
- "address": "0x426028"
- },
- {
- "name": "lstrlenW",
- "address": "0x42602c"
- },
- {
- "name": "SetHandleInformation",
- "address": "0x426030"
- },
- {
- "name": "GetProcAddress",
- "address": "0x426034"
- },
- {
- "name": "PeekConsoleInputW",
- "address": "0x426038"
- },
- {
- "name": "VirtualProtect",
- "address": "0x42603c"
- },
- {
- "name": "CreateToolhelp32Snapshot",
- "address": "0x426040"
- },
- {
- "name": "DuplicateHandle",
- "address": "0x426044"
- },
- {
- "name": "CloseHandle",
- "address": "0x426048"
- },
- {
- "name": "lstrcpynA",
- "address": "0x42604c"
- },
- {
- "name": "DebugActiveProcessStop",
- "address": "0x426050"
- },
- {
- "name": "GlobalMemoryStatus",
- "address": "0x426054"
- },
- {
- "name": "Module32First",
- "address": "0x426058"
- },
- {
- "name": "ExitProcess",
- "address": "0x42605c"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x426060"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x426064"
- },
- {
- "name": "EnumSystemLocalesW",
- "address": "0x426068"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x42606c"
- },
- {
- "name": "IsValidLocale",
- "address": "0x426070"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x426074"
- },
- {
- "name": "EncodePointer",
- "address": "0x426078"
- },
- {
- "name": "DecodePointer",
- "address": "0x42607c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x426080"
- },
- {
- "name": "RaiseException",
- "address": "0x426084"
- },
- {
- "name": "RtlUnwind",
- "address": "0x426088"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x42608c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x426090"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x426094"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x426098"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x42609c"
- },
- {
- "name": "GetLastError",
- "address": "0x4260a0"
- },
- {
- "name": "WriteFile",
- "address": "0x4260a4"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x4260a8"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x4260ac"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x4260b0"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4260b4"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x4260b8"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x4260bc"
- },
- {
- "name": "AreFileApisANSI",
- "address": "0x4260c0"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x4260c4"
- },
- {
- "name": "HeapSize",
- "address": "0x4260c8"
- },
- {
- "name": "HeapFree",
- "address": "0x4260cc"
- },
- {
- "name": "HeapAlloc",
- "address": "0x4260d0"
- },
- {
- "name": "SetLastError",
- "address": "0x4260d4"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4260d8"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4260dc"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x4260e0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4260e4"
- },
- {
- "name": "GetFileType",
- "address": "0x4260e8"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x4260ec"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4260f0"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x4260f4"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x4260f8"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4260fc"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x426100"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x426104"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x426108"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x42610c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x426110"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x426114"
- },
- {
- "name": "CreateEventW",
- "address": "0x426118"
- },
- {
- "name": "Sleep",
- "address": "0x42611c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x426120"
- },
- {
- "name": "TerminateProcess",
- "address": "0x426124"
- },
- {
- "name": "TlsAlloc",
- "address": "0x426128"
- },
- {
- "name": "TlsGetValue",
- "address": "0x42612c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x426130"
- },
- {
- "name": "TlsFree",
- "address": "0x426134"
- },
- {
- "name": "GetTickCount",
- "address": "0x426138"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x42613c"
- },
- {
- "name": "CreateSemaphoreW",
- "address": "0x426140"
- },
- {
- "name": "SetStdHandle",
- "address": "0x426144"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x426148"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x42614c"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x426150"
- },
- {
- "name": "FreeLibrary",
- "address": "0x426154"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x426158"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x42615c"
- },
- {
- "name": "GetACP",
- "address": "0x426160"
- },
- {
- "name": "GetOEMCP",
- "address": "0x426164"
- },
- {
- "name": "GetCPInfo",
- "address": "0x426168"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x42616c"
- },
- {
- "name": "GetDateFormatW",
- "address": "0x426170"
- },
- {
- "name": "GetTimeFormatW",
- "address": "0x426174"
- },
- {
- "name": "CompareStringW",
- "address": "0x426178"
- },
- {
- "name": "LCMapStringW",
- "address": "0x42617c"
- },
- {
- "name": "CreateFileW",
- "address": "0x426180"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "NotifyBootConfigStatus",
- "address": "0x426000"
- },
- {
- "name": "RegQueryInfoKeyA",
- "address": "0x426004"
- },
- {
- "name": "RegCreateKeyExW",
- "address": "0x426008"
- },
- {
- "name": "SetServiceStatus",
- "address": "0x42600c"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "WinHttpConnect",
- "address": "0x426194"
- },
- {
- "name": "WinHttpOpen",
- "address": "0x426198"
- }
- ],
- "dll": "WINHTTP.dll"
- },
- {
- "imports": [
- {
- "name": "GradientFill",
- "address": "0x426188"
- },
- {
- "name": "TransparentBlt",
- "address": "0x42618c"
- }
- ],
- "dll": "MSIMG32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "ciponoyega.exe",
- "actual_checksum": "0x00042ae5",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00042ae5",
- "icon_hash": null,
- "entrypoint": "0x00403a81",
- "timestamp": "2018-10-15 06:33:45",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00025000",
- "entropy": "6.73",
- "raw_address": "0x00000400",
- "virtual_size": "0x00024fcd",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00026000",
- "size_of_data": "0x00010c00",
- "entropy": "6.03",
- "raw_address": "0x00025400",
- "virtual_size": "0x00010aae",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00037000",
- "size_of_data": "0x00001a00",
- "entropy": "3.42",
- "raw_address": "0x00036000",
- "virtual_size": "0x04e5d9ec",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".lesupoj",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x04e95000",
- "size_of_data": "0x00000600",
- "entropy": "0.00",
- "raw_address": "0x00037a00",
- "virtual_size": "0x00001400",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e97000",
- "size_of_data": "0x00006c00",
- "entropy": "6.13",
- "raw_address": "0x00038000",
- "virtual_size": "0x00006a28",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e9e000",
- "size_of_data": "0x00002000",
- "entropy": "6.63",
- "raw_address": "0x0003ec00",
- "virtual_size": "0x00001ff8",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x000360f0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x0000004e"
- },
- {
- "virtual_address": "0x00036140",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x04e97000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00006a28"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x04e9e000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00001ff8"
- },
- {
- "virtual_address": "0x00026200",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000038"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00026000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001a0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "MyFunc165@@4",
- "address": "0x425ec0"
- }
- ],
- "guest_signers": {},
- "imphash": "044e9d5eff89a58f097d20d545b5ede9",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "C:\\liz.pdb\\x00\\crypt_server\\runtime\\crypt\\tmp_2127232380\\bin\\ciponoyega.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x86C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\xfcOC\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01",
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsFree",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.InitializeCriticalSectionEx",
- "kernel32.dll.CreateEventExW",
- "kernel32.dll.CreateSemaphoreExW",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.CreateThreadpoolTimer",
- "kernel32.dll.SetThreadpoolTimer",
- "kernel32.dll.WaitForThreadpoolTimerCallbacks",
- "kernel32.dll.CloseThreadpoolTimer",
- "kernel32.dll.CreateThreadpoolWait",
- "kernel32.dll.SetThreadpoolWait",
- "kernel32.dll.CloseThreadpoolWait",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.FreeLibraryWhenCallbackReturns",
- "kernel32.dll.GetCurrentProcessorNumber",
- "kernel32.dll.GetLogicalProcessorInformation",
- "kernel32.dll.CreateSymbolicLinkW",
- "kernel32.dll.EnumSystemLocalesEx",
- "kernel32.dll.CompareStringEx",
- "kernel32.dll.GetDateFormatEx",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.GetTimeFormatEx",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.IsValidLocaleName",
- "kernel32.dll.LCMapStringEx",
- "kernel32.dll.GetTickCount64",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.VirtualProtect",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.GetVersionExA",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.SetErrorMode",
- "msvcrt.dll._except_handler3",
- "msvcrt.dll.__set_app_type",
- "msvcrt.dll.__p__fmode",
- "msvcrt.dll.__p__commode",
- "msvcrt.dll._adjust_fdiv",
- "msvcrt.dll.__setusermatherr",
- "msvcrt.dll._initterm",
- "msvcrt.dll.__getmainargs",
- "msvcrt.dll._acmdln",
- "msvcrt.dll.exit",
- "msvcrt.dll._XcptFilter",
- "msvcrt.dll._exit",
- "msvcrt.dll.wcsstr",
- "msvcrt.dll.wcslen",
- "msvcrt.dll.mbstowcs",
- "msvcrt.dll.atoi",
- "msvcrt.dll._snwprintf",
- "msvcrt.dll._wfopen",
- "msvcrt.dll.fgets",
- "msvcrt.dll.fclose",
- "msvcrt.dll.strtok",
- "msvcrt.dll.strchr",
- "msvcrt.dll.strcpy",
- "msvcrt.dll.strcat",
- "msvcrt.dll.strlen",
- "msvcrt.dll.strstr",
- "msvcrt.dll._snprintf",
- "msvcrt.dll.memset",
- "msvcrt.dll.malloc",
- "msvcrt.dll.srand",
- "msvcrt.dll.rand",
- "msvcrt.dll._controlfp",
- "msvcrt.dll.sprintf",
- "ws2_32.dll.#9",
- "ws2_32.dll.#16",
- "ws2_32.dll.#115",
- "ws2_32.dll.#19",
- "ws2_32.dll.#23",
- "ws2_32.dll.#4",
- "ws2_32.dll.#11",
- "ws2_32.dll.#52",
- "ws2_32.dll.#3",
- "wininet.dll.InternetOpenUrlW",
- "wininet.dll.InternetReadFile",
- "wininet.dll.InternetOpenA",
- "wininet.dll.InternetOpenUrlA",
- "wininet.dll.InternetOpenW",
- "wininet.dll.InternetCloseHandle",
- "shlwapi.dll.PathFindFileNameW",
- "dnsapi.dll.DnsQuery_A",
- "dnsapi.dll.DnsFree",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.FileTimeToSystemTime",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.WriteFile",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "kernel32.dll.FileTimeToLocalFileTime",
- "kernel32.dll.CopyFileW",
- "kernel32.dll.CreateDirectoryW",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.GetLastError",
- "kernel32.dll.Sleep",
- "kernel32.dll.CreateMutexA",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.GetStartupInfoA",
- "kernel32.dll.GetLocalTime",
- "kernel32.dll.CreateProcessW",
- "kernel32.dll.SetFileAttributesW",
- "kernel32.dll.DeleteFileW",
- "kernel32.dll.ExitThread",
- "kernel32.dll.CreateThread",
- "user32.dll.wsprintfA",
- "advapi32.dll.RegSetValueExW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegOpenKeyExW",
- "shell32.dll.ShellExecuteW",
- "msvcr100.dll.atexit"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "UnlockFile",
- "address": "0x426014"
- },
- {
- "name": "GetNumberFormatA",
- "address": "0x426018"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x42601c"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x426020"
- },
- {
- "name": "GetBinaryTypeA",
- "address": "0x426024"
- },
- {
- "name": "ReplaceFileW",
- "address": "0x426028"
- },
- {
- "name": "lstrlenW",
- "address": "0x42602c"
- },
- {
- "name": "SetHandleInformation",
- "address": "0x426030"
- },
- {
- "name": "GetProcAddress",
- "address": "0x426034"
- },
- {
- "name": "PeekConsoleInputW",
- "address": "0x426038"
- },
- {
- "name": "VirtualProtect",
- "address": "0x42603c"
- },
- {
- "name": "CreateToolhelp32Snapshot",
- "address": "0x426040"
- },
- {
- "name": "DuplicateHandle",
- "address": "0x426044"
- },
- {
- "name": "CloseHandle",
- "address": "0x426048"
- },
- {
- "name": "lstrcpynA",
- "address": "0x42604c"
- },
- {
- "name": "DebugActiveProcessStop",
- "address": "0x426050"
- },
- {
- "name": "GlobalMemoryStatus",
- "address": "0x426054"
- },
- {
- "name": "Module32First",
- "address": "0x426058"
- },
- {
- "name": "ExitProcess",
- "address": "0x42605c"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x426060"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x426064"
- },
- {
- "name": "EnumSystemLocalesW",
- "address": "0x426068"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x42606c"
- },
- {
- "name": "IsValidLocale",
- "address": "0x426070"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x426074"
- },
- {
- "name": "EncodePointer",
- "address": "0x426078"
- },
- {
- "name": "DecodePointer",
- "address": "0x42607c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x426080"
- },
- {
- "name": "RaiseException",
- "address": "0x426084"
- },
- {
- "name": "RtlUnwind",
- "address": "0x426088"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x42608c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x426090"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x426094"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x426098"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x42609c"
- },
- {
- "name": "GetLastError",
- "address": "0x4260a0"
- },
- {
- "name": "WriteFile",
- "address": "0x4260a4"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x4260a8"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x4260ac"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x4260b0"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4260b4"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x4260b8"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x4260bc"
- },
- {
- "name": "AreFileApisANSI",
- "address": "0x4260c0"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x4260c4"
- },
- {
- "name": "HeapSize",
- "address": "0x4260c8"
- },
- {
- "name": "HeapFree",
- "address": "0x4260cc"
- },
- {
- "name": "HeapAlloc",
- "address": "0x4260d0"
- },
- {
- "name": "SetLastError",
- "address": "0x4260d4"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4260d8"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4260dc"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x4260e0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4260e4"
- },
- {
- "name": "GetFileType",
- "address": "0x4260e8"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x4260ec"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4260f0"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x4260f4"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x4260f8"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4260fc"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x426100"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x426104"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x426108"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x42610c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x426110"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x426114"
- },
- {
- "name": "CreateEventW",
- "address": "0x426118"
- },
- {
- "name": "Sleep",
- "address": "0x42611c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x426120"
- },
- {
- "name": "TerminateProcess",
- "address": "0x426124"
- },
- {
- "name": "TlsAlloc",
- "address": "0x426128"
- },
- {
- "name": "TlsGetValue",
- "address": "0x42612c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x426130"
- },
- {
- "name": "TlsFree",
- "address": "0x426134"
- },
- {
- "name": "GetTickCount",
- "address": "0x426138"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x42613c"
- },
- {
- "name": "CreateSemaphoreW",
- "address": "0x426140"
- },
- {
- "name": "SetStdHandle",
- "address": "0x426144"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x426148"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x42614c"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x426150"
- },
- {
- "name": "FreeLibrary",
- "address": "0x426154"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x426158"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x42615c"
- },
- {
- "name": "GetACP",
- "address": "0x426160"
- },
- {
- "name": "GetOEMCP",
- "address": "0x426164"
- },
- {
- "name": "GetCPInfo",
- "address": "0x426168"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x42616c"
- },
- {
- "name": "GetDateFormatW",
- "address": "0x426170"
- },
- {
- "name": "GetTimeFormatW",
- "address": "0x426174"
- },
- {
- "name": "CompareStringW",
- "address": "0x426178"
- },
- {
- "name": "LCMapStringW",
- "address": "0x42617c"
- },
- {
- "name": "CreateFileW",
- "address": "0x426180"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "NotifyBootConfigStatus",
- "address": "0x426000"
- },
- {
- "name": "RegQueryInfoKeyA",
- "address": "0x426004"
- },
- {
- "name": "RegCreateKeyExW",
- "address": "0x426008"
- },
- {
- "name": "SetServiceStatus",
- "address": "0x42600c"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "WinHttpConnect",
- "address": "0x426194"
- },
- {
- "name": "WinHttpOpen",
- "address": "0x426198"
- }
- ],
- "dll": "WINHTTP.dll"
- },
- {
- "imports": [
- {
- "name": "GradientFill",
- "address": "0x426188"
- },
- {
- "name": "TransparentBlt",
- "address": "0x42618c"
- }
- ],
- "dll": "MSIMG32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "ciponoyega.exe",
- "actual_checksum": "0x00042ae5",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00042ae5",
- "icon_hash": null,
- "entrypoint": "0x00403a81",
- "timestamp": "2018-10-15 06:33:45",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00025000",
- "entropy": "6.73",
- "raw_address": "0x00000400",
- "virtual_size": "0x00024fcd",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00026000",
- "size_of_data": "0x00010c00",
- "entropy": "6.03",
- "raw_address": "0x00025400",
- "virtual_size": "0x00010aae",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00037000",
- "size_of_data": "0x00001a00",
- "entropy": "3.42",
- "raw_address": "0x00036000",
- "virtual_size": "0x04e5d9ec",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".lesupoj",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x04e95000",
- "size_of_data": "0x00000600",
- "entropy": "0.00",
- "raw_address": "0x00037a00",
- "virtual_size": "0x00001400",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e97000",
- "size_of_data": "0x00006c00",
- "entropy": "6.13",
- "raw_address": "0x00038000",
- "virtual_size": "0x00006a28",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e9e000",
- "size_of_data": "0x00002000",
- "entropy": "6.63",
- "raw_address": "0x0003ec00",
- "virtual_size": "0x00001ff8",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x000360f0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x0000004e"
- },
- {
- "virtual_address": "0x00036140",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x04e97000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00006a28"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x04e9e000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00001ff8"
- },
- {
- "virtual_address": "0x00026200",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000038"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00026000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001a0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "MyFunc165@@4",
- "address": "0x425ec0"
- }
- ],
- "guest_signers": {},
- "imphash": "044e9d5eff89a58f097d20d545b5ede9",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "C:\\liz.pdb\\x00\\crypt_server\\runtime\\crypt\\tmp_2127232380\\bin\\ciponoyega.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x86C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\xfcOC\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01",
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement