API tools faq
paste
Advertisement
paladin316

Desktops_exe.json

paladin316
Jun 17th, 2019
1,435
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 64.45 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 0.0
  5.  
  6. [*] File Name: "Desktops.exe"
  7. [*] File Size: 116824
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "5a4605c2bd6e363d92723bf54b0ae2c131ea9741373e66558e42220d2f79ba9c"
  10. [*] MD5: "1b389656d41d458413fb9e09f42105f5"
  11. [*] SHA1: "c415d6904ac23599ea53b4f8ee4acbba8bfeb0f2"
  12. [*] SHA512: "46a340986d6c1b77ba67a366edfff2d24419803c3f1177967cbf294af543729d7f34e93605cdb7a3dcb2e8cc00fb29259faf968b9f91562a5610c095c30700ea"
  13. [*] CRC32: "B51CBEC6"
  14. [*] SSDEEP: "1536:GeBT/Xgp1/wARe4wf10R72GRh1DPRtkFnFK/lXpXWFE2Ys+40RjlpRZHl+:GeB7gIB4HKm/lgYs+4ylD+"
  15.  
  16. [*] Process Execution: [
  17. "Desktops.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: []
  21.  
  22. [*] Started Service: []
  23.  
  24. [*] Executed Commands: []
  25.  
  26. [*] Mutexes: [
  27. "CicLoadWinStaWinSta0",
  28. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
  29. ]
  30.  
  31. [*] Modified Files: []
  32.  
  33. [*] Deleted Files: []
  34.  
  35. [*] Modified Registry Keys: [
  36. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Desktops",
  37. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Desktops\\EulaAccepted",
  38. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Desktops\\OptionsShown",
  39. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Desktops\\HotkeyModifiers",
  40. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Desktops\\HotkeyIsFunction"
  41. ]
  42.  
  43. [*] Deleted Registry Keys: [
  44. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Sysinternals Desktops"
  45. ]
  46.  
  47. [*] DNS Communications: []
  48.  
  49. [*] Domains: []
  50.  
  51. [*] Network Communication - ICMP: []
  52.  
  53. [*] Network Communication - HTTP: []
  54.  
  55. [*] Network Communication - SMTP: []
  56.  
  57. [*] Network Communication - Hosts: []
  58.  
  59. [*] Network Communication - IRC: []
  60.  
  61. [*] Static Analysis: {
  62. "pe": {
  63. "peid_signatures": null,
  64. "imports": [
  65. {
  66. "imports": [
  67. {
  68. "name": "GetStringTypeA",
  69. "address": "0x412088"
  70. },
  71. {
  72. "name": "LCMapStringW",
  73. "address": "0x41208c"
  74. },
  75. {
  76. "name": "LCMapStringA",
  77. "address": "0x412090"
  78. },
  79. {
  80. "name": "LoadLibraryA",
  81. "address": "0x412094"
  82. },
  83. {
  84. "name": "RtlUnwind",
  85. "address": "0x412098"
  86. },
  87. {
  88. "name": "InitializeCriticalSectionAndSpinCount",
  89. "address": "0x41209c"
  90. },
  91. {
  92. "name": "MultiByteToWideChar",
  93. "address": "0x4120a0"
  94. },
  95. {
  96. "name": "GetConsoleMode",
  97. "address": "0x4120a4"
  98. },
  99. {
  100. "name": "GetConsoleCP",
  101. "address": "0x4120a8"
  102. },
  103. {
  104. "name": "SetFilePointer",
  105. "address": "0x4120ac"
  106. },
  107. {
  108. "name": "GetSystemTimeAsFileTime",
  109. "address": "0x4120b0"
  110. },
  111. {
  112. "name": "GetCurrentProcessId",
  113. "address": "0x4120b4"
  114. },
  115. {
  116. "name": "GetTickCount",
  117. "address": "0x4120b8"
  118. },
  119. {
  120. "name": "QueryPerformanceCounter",
  121. "address": "0x4120bc"
  122. },
  123. {
  124. "name": "GetFileType",
  125. "address": "0x4120c0"
  126. },
  127. {
  128. "name": "SetHandleCount",
  129. "address": "0x4120c4"
  130. },
  131. {
  132. "name": "GetEnvironmentStringsW",
  133. "address": "0x4120c8"
  134. },
  135. {
  136. "name": "GetStringTypeW",
  137. "address": "0x4120cc"
  138. },
  139. {
  140. "name": "GetCommandLineW",
  141. "address": "0x4120d0"
  142. },
  143. {
  144. "name": "GetEnvironmentStrings",
  145. "address": "0x4120d4"
  146. },
  147. {
  148. "name": "FreeEnvironmentStringsA",
  149. "address": "0x4120d8"
  150. },
  151. {
  152. "name": "GetModuleFileNameA",
  153. "address": "0x4120dc"
  154. },
  155. {
  156. "name": "GetStdHandle",
  157. "address": "0x4120e0"
  158. },
  159. {
  160. "name": "WriteFile",
  161. "address": "0x4120e4"
  162. },
  163. {
  164. "name": "IsValidCodePage",
  165. "address": "0x4120e8"
  166. },
  167. {
  168. "name": "GetOEMCP",
  169. "address": "0x4120ec"
  170. },
  171. {
  172. "name": "GetACP",
  173. "address": "0x4120f0"
  174. },
  175. {
  176. "name": "GetCPInfo",
  177. "address": "0x4120f4"
  178. },
  179. {
  180. "name": "HeapSize",
  181. "address": "0x4120f8"
  182. },
  183. {
  184. "name": "ExitProcess",
  185. "address": "0x4120fc"
  186. },
  187. {
  188. "name": "InterlockedDecrement",
  189. "address": "0x412100"
  190. },
  191. {
  192. "name": "GetCurrentThreadId",
  193. "address": "0x412104"
  194. },
  195. {
  196. "name": "SetLastError",
  197. "address": "0x412108"
  198. },
  199. {
  200. "name": "InterlockedIncrement",
  201. "address": "0x41210c"
  202. },
  203. {
  204. "name": "TlsFree",
  205. "address": "0x412110"
  206. },
  207. {
  208. "name": "TlsSetValue",
  209. "address": "0x412114"
  210. },
  211. {
  212. "name": "TlsAlloc",
  213. "address": "0x412118"
  214. },
  215. {
  216. "name": "TlsGetValue",
  217. "address": "0x41211c"
  218. },
  219. {
  220. "name": "GetLocaleInfoA",
  221. "address": "0x412120"
  222. },
  223. {
  224. "name": "SetStdHandle",
  225. "address": "0x412124"
  226. },
  227. {
  228. "name": "WriteConsoleA",
  229. "address": "0x412128"
  230. },
  231. {
  232. "name": "GetConsoleOutputCP",
  233. "address": "0x41212c"
  234. },
  235. {
  236. "name": "WriteConsoleW",
  237. "address": "0x412130"
  238. },
  239. {
  240. "name": "CreateFileA",
  241. "address": "0x412134"
  242. },
  243. {
  244. "name": "FlushFileBuffers",
  245. "address": "0x412138"
  246. },
  247. {
  248. "name": "WideCharToMultiByte",
  249. "address": "0x41213c"
  250. },
  251. {
  252. "name": "LocalAlloc",
  253. "address": "0x412140"
  254. },
  255. {
  256. "name": "LocalFree",
  257. "address": "0x412144"
  258. },
  259. {
  260. "name": "CreateProcessW",
  261. "address": "0x412148"
  262. },
  263. {
  264. "name": "GetVersion",
  265. "address": "0x41214c"
  266. },
  267. {
  268. "name": "CloseHandle",
  269. "address": "0x412150"
  270. },
  271. {
  272. "name": "CreateEventW",
  273. "address": "0x412154"
  274. },
  275. {
  276. "name": "GetProcAddress",
  277. "address": "0x412158"
  278. },
  279. {
  280. "name": "GetLastError",
  281. "address": "0x41215c"
  282. },
  283. {
  284. "name": "GetModuleFileNameW",
  285. "address": "0x412160"
  286. },
  287. {
  288. "name": "FormatMessageW",
  289. "address": "0x412164"
  290. },
  291. {
  292. "name": "Sleep",
  293. "address": "0x412168"
  294. },
  295. {
  296. "name": "LoadLibraryW",
  297. "address": "0x41216c"
  298. },
  299. {
  300. "name": "GetModuleHandleW",
  301. "address": "0x412170"
  302. },
  303. {
  304. "name": "GetSystemWindowsDirectoryW",
  305. "address": "0x412174"
  306. },
  307. {
  308. "name": "FreeEnvironmentStringsW",
  309. "address": "0x412178"
  310. },
  311. {
  312. "name": "HeapReAlloc",
  313. "address": "0x41217c"
  314. },
  315. {
  316. "name": "VirtualAlloc",
  317. "address": "0x412180"
  318. },
  319. {
  320. "name": "EnterCriticalSection",
  321. "address": "0x412184"
  322. },
  323. {
  324. "name": "HeapFree",
  325. "address": "0x412188"
  326. },
  327. {
  328. "name": "ExitThread",
  329. "address": "0x41218c"
  330. },
  331. {
  332. "name": "ResumeThread",
  333. "address": "0x412190"
  334. },
  335. {
  336. "name": "CreateThread",
  337. "address": "0x412194"
  338. },
  339. {
  340. "name": "HeapAlloc",
  341. "address": "0x412198"
  342. },
  343. {
  344. "name": "GetCommandLineA",
  345. "address": "0x41219c"
  346. },
  347. {
  348. "name": "GetStartupInfoA",
  349. "address": "0x4121a0"
  350. },
  351. {
  352. "name": "TerminateProcess",
  353. "address": "0x4121a4"
  354. },
  355. {
  356. "name": "GetCurrentProcess",
  357. "address": "0x4121a8"
  358. },
  359. {
  360. "name": "UnhandledExceptionFilter",
  361. "address": "0x4121ac"
  362. },
  363. {
  364. "name": "SetUnhandledExceptionFilter",
  365. "address": "0x4121b0"
  366. },
  367. {
  368. "name": "IsDebuggerPresent",
  369. "address": "0x4121b4"
  370. },
  371. {
  372. "name": "HeapCreate",
  373. "address": "0x4121b8"
  374. },
  375. {
  376. "name": "VirtualFree",
  377. "address": "0x4121bc"
  378. },
  379. {
  380. "name": "DeleteCriticalSection",
  381. "address": "0x4121c0"
  382. },
  383. {
  384. "name": "LeaveCriticalSection",
  385. "address": "0x4121c4"
  386. },
  387. {
  388. "name": "GetModuleHandleA",
  389. "address": "0x4121c8"
  390. }
  391. ],
  392. "dll": "KERNEL32.dll"
  393. },
  394. {
  395. "imports": [
  396. {
  397. "name": "DialogBoxIndirectParamW",
  398. "address": "0x4121dc"
  399. },
  400. {
  401. "name": "InflateRect",
  402. "address": "0x4121e0"
  403. },
  404. {
  405. "name": "SetWindowTextW",
  406. "address": "0x4121e4"
  407. },
  408. {
  409. "name": "CreateDesktopW",
  410. "address": "0x4121e8"
  411. },
  412. {
  413. "name": "DestroyWindow",
  414. "address": "0x4121ec"
  415. },
  416. {
  417. "name": "SetCursor",
  418. "address": "0x4121f0"
  419. },
  420. {
  421. "name": "TranslateAcceleratorW",
  422. "address": "0x4121f4"
  423. },
  424. {
  425. "name": "GetWindowRect",
  426. "address": "0x4121f8"
  427. },
  428. {
  429. "name": "SetActiveWindow",
  430. "address": "0x4121fc"
  431. },
  432. {
  433. "name": "GetMessageW",
  434. "address": "0x412200"
  435. },
  436. {
  437. "name": "PostQuitMessage",
  438. "address": "0x412204"
  439. },
  440. {
  441. "name": "TrackPopupMenu",
  442. "address": "0x412208"
  443. },
  444. {
  445. "name": "RegisterWindowMessageW",
  446. "address": "0x41220c"
  447. },
  448. {
  449. "name": "PostMessageW",
  450. "address": "0x412210"
  451. },
  452. {
  453. "name": "GetKeyState",
  454. "address": "0x412214"
  455. },
  456. {
  457. "name": "SetForegroundWindow",
  458. "address": "0x412218"
  459. },
  460. {
  461. "name": "DialogBoxParamW",
  462. "address": "0x41221c"
  463. },
  464. {
  465. "name": "LoadCursorW",
  466. "address": "0x412220"
  467. },
  468. {
  469. "name": "CallNextHookEx",
  470. "address": "0x412224"
  471. },
  472. {
  473. "name": "OpenDesktopW",
  474. "address": "0x412228"
  475. },
  476. {
  477. "name": "FindWindowW",
  478. "address": "0x41222c"
  479. },
  480. {
  481. "name": "GetClientRect",
  482. "address": "0x412230"
  483. },
  484. {
  485. "name": "SetFocus",
  486. "address": "0x412234"
  487. },
  488. {
  489. "name": "GetDC",
  490. "address": "0x412238"
  491. },
  492. {
  493. "name": "TranslateMessage",
  494. "address": "0x41223c"
  495. },
  496. {
  497. "name": "LoadAcceleratorsW",
  498. "address": "0x412240"
  499. },
  500. {
  501. "name": "ChildWindowFromPoint",
  502. "address": "0x412244"
  503. },
  504. {
  505. "name": "LoadIconW",
  506. "address": "0x412248"
  507. },
  508. {
  509. "name": "OffsetRect",
  510. "address": "0x41224c"
  511. },
  512. {
  513. "name": "InvalidateRect",
  514. "address": "0x412250"
  515. },
  516. {
  517. "name": "BringWindowToTop",
  518. "address": "0x412254"
  519. },
  520. {
  521. "name": "SystemParametersInfoW",
  522. "address": "0x412258"
  523. },
  524. {
  525. "name": "ReleaseDC",
  526. "address": "0x41225c"
  527. },
  528. {
  529. "name": "GetDlgItem",
  530. "address": "0x412260"
  531. },
  532. {
  533. "name": "EndDialog",
  534. "address": "0x412264"
  535. },
  536. {
  537. "name": "GetSysColor",
  538. "address": "0x412268"
  539. },
  540. {
  541. "name": "SetWindowPos",
  542. "address": "0x41226c"
  543. },
  544. {
  545. "name": "GetCursorPos",
  546. "address": "0x412270"
  547. },
  548. {
  549. "name": "CheckDlgButton",
  550. "address": "0x412274"
  551. },
  552. {
  553. "name": "ShowWindow",
  554. "address": "0x412278"
  555. },
  556. {
  557. "name": "CreatePopupMenu",
  558. "address": "0x41227c"
  559. },
  560. {
  561. "name": "GetSysColorBrush",
  562. "address": "0x412280"
  563. },
  564. {
  565. "name": "IsDlgButtonChecked",
  566. "address": "0x412284"
  567. },
  568. {
  569. "name": "SwitchDesktop",
  570. "address": "0x412288"
  571. },
  572. {
  573. "name": "SetThreadDesktop",
  574. "address": "0x41228c"
  575. },
  576. {
  577. "name": "CreateWindowExW",
  578. "address": "0x412290"
  579. },
  580. {
  581. "name": "InsertMenuW",
  582. "address": "0x412294"
  583. },
  584. {
  585. "name": "SetWindowsHookExW",
  586. "address": "0x412298"
  587. },
  588. {
  589. "name": "MessageBoxW",
  590. "address": "0x41229c"
  591. },
  592. {
  593. "name": "RegisterClassW",
  594. "address": "0x4122a0"
  595. },
  596. {
  597. "name": "GetSystemMetrics",
  598. "address": "0x4122a4"
  599. },
  600. {
  601. "name": "SendMessageW",
  602. "address": "0x4122a8"
  603. },
  604. {
  605. "name": "UnregisterHotKey",
  606. "address": "0x4122ac"
  607. },
  608. {
  609. "name": "DestroyMenu",
  610. "address": "0x4122b0"
  611. },
  612. {
  613. "name": "RegisterHotKey",
  614. "address": "0x4122b4"
  615. },
  616. {
  617. "name": "DefWindowProcW",
  618. "address": "0x4122b8"
  619. },
  620. {
  621. "name": "MoveWindow",
  622. "address": "0x4122bc"
  623. },
  624. {
  625. "name": "DispatchMessageW",
  626. "address": "0x4122c0"
  627. },
  628. {
  629. "name": "GetWindowPlacement",
  630. "address": "0x4122c4"
  631. }
  632. ],
  633. "dll": "USER32.dll"
  634. },
  635. {
  636. "imports": [
  637. {
  638. "name": "StartPage",
  639. "address": "0x412038"
  640. },
  641. {
  642. "name": "GetDeviceCaps",
  643. "address": "0x41203c"
  644. },
  645. {
  646. "name": "SetMapMode",
  647. "address": "0x412040"
  648. },
  649. {
  650. "name": "StartDocW",
  651. "address": "0x412044"
  652. },
  653. {
  654. "name": "EndDoc",
  655. "address": "0x412048"
  656. },
  657. {
  658. "name": "BitBlt",
  659. "address": "0x41204c"
  660. },
  661. {
  662. "name": "SetTextColor",
  663. "address": "0x412050"
  664. },
  665. {
  666. "name": "DeleteDC",
  667. "address": "0x412054"
  668. },
  669. {
  670. "name": "CreateFontIndirectW",
  671. "address": "0x412058"
  672. },
  673. {
  674. "name": "StretchBlt",
  675. "address": "0x41205c"
  676. },
  677. {
  678. "name": "SetBkMode",
  679. "address": "0x412060"
  680. },
  681. {
  682. "name": "DeleteObject",
  683. "address": "0x412064"
  684. },
  685. {
  686. "name": "SelectObject",
  687. "address": "0x412068"
  688. },
  689. {
  690. "name": "CreateCompatibleDC",
  691. "address": "0x41206c"
  692. },
  693. {
  694. "name": "CreateCompatibleBitmap",
  695. "address": "0x412070"
  696. },
  697. {
  698. "name": "GetObjectW",
  699. "address": "0x412074"
  700. },
  701. {
  702. "name": "SetStretchBltMode",
  703. "address": "0x412078"
  704. },
  705. {
  706. "name": "GetStockObject",
  707. "address": "0x41207c"
  708. },
  709. {
  710. "name": "EndPage",
  711. "address": "0x412080"
  712. }
  713. ],
  714. "dll": "GDI32.dll"
  715. },
  716. {
  717. "imports": [
  718. {
  719. "name": "PrintDlgW",
  720. "address": "0x412030"
  721. }
  722. ],
  723. "dll": "COMDLG32.dll"
  724. },
  725. {
  726. "imports": [
  727. {
  728. "name": "RegCreateKeyW",
  729. "address": "0x412000"
  730. },
  731. {
  732. "name": "RegSetValueExW",
  733. "address": "0x412004"
  734. },
  735. {
  736. "name": "RegCloseKey",
  737. "address": "0x412008"
  738. },
  739. {
  740. "name": "GetSecurityDescriptorSacl",
  741. "address": "0x41200c"
  742. },
  743. {
  744. "name": "RegOpenKeyExW",
  745. "address": "0x412010"
  746. },
  747. {
  748. "name": "SetSecurityInfo",
  749. "address": "0x412014"
  750. },
  751. {
  752. "name": "ConvertStringSecurityDescriptorToSecurityDescriptorW",
  753. "address": "0x412018"
  754. },
  755. {
  756. "name": "RegDeleteValueW",
  757. "address": "0x41201c"
  758. },
  759. {
  760. "name": "RegOpenKeyW",
  761. "address": "0x412020"
  762. },
  763. {
  764. "name": "RegQueryValueExW",
  765. "address": "0x412024"
  766. },
  767. {
  768. "name": "RegCreateKeyExW",
  769. "address": "0x412028"
  770. }
  771. ],
  772. "dll": "ADVAPI32.dll"
  773. },
  774. {
  775. "imports": [
  776. {
  777. "name": "ShellExecuteW",
  778. "address": "0x4121d0"
  779. },
  780. {
  781. "name": "Shell_NotifyIconW",
  782. "address": "0x4121d4"
  783. }
  784. ],
  785. "dll": "SHELL32.dll"
  786. }
  787. ],
  788. "digital_signers": null,
  789. "exported_dll_name": null,
  790. "actual_checksum": "0x00025bb5",
  791. "overlay": {
  792. "size": "0x00001a58",
  793. "offset": "0x0001ae00"
  794. },
  795. "imagebase": "0x00400000",
  796. "reported_checksum": "0x00025bb5",
  797. "icon_hash": null,
  798. "entrypoint": "0x004046c6",
  799. "timestamp": "2012-10-16 23:17:52",
  800. "osversion": "5.0",
  801. "sections": [
  802. {
  803. "name": ".text",
  804. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  805. "virtual_address": "0x00001000",
  806. "size_of_data": "0x00010200",
  807. "entropy": "6.66",
  808. "raw_address": "0x00000400",
  809. "virtual_size": "0x0001014d",
  810. "characteristics_raw": "0x60000020"
  811. },
  812. {
  813. "name": ".rdata",
  814. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  815. "virtual_address": "0x00012000",
  816. "size_of_data": "0x00005800",
  817. "entropy": "5.39",
  818. "raw_address": "0x00010600",
  819. "virtual_size": "0x000056a6",
  820. "characteristics_raw": "0x40000040"
  821. },
  822. {
  823. "name": ".data",
  824. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  825. "virtual_address": "0x00018000",
  826. "size_of_data": "0x00001400",
  827. "entropy": "3.32",
  828. "raw_address": "0x00015e00",
  829. "virtual_size": "0x00002fd8",
  830. "characteristics_raw": "0xc0000040"
  831. },
  832. {
  833. "name": ".rsrc",
  834. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  835. "virtual_address": "0x0001b000",
  836. "size_of_data": "0x00002400",
  837. "entropy": "3.87",
  838. "raw_address": "0x00017200",
  839. "virtual_size": "0x000023c4",
  840. "characteristics_raw": "0x40000040"
  841. },
  842. {
  843. "name": ".reloc",
  844. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  845. "virtual_address": "0x0001e000",
  846. "size_of_data": "0x00001800",
  847. "entropy": "4.86",
  848. "raw_address": "0x00019600",
  849. "virtual_size": "0x00001684",
  850. "characteristics_raw": "0x42000040"
  851. }
  852. ],
  853. "resources": [],
  854. "dirents": [
  855. {
  856. "virtual_address": "0x00000000",
  857. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  858. "size": "0x00000000"
  859. },
  860. {
  861. "virtual_address": "0x0001670c",
  862. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  863. "size": "0x0000008c"
  864. },
  865. {
  866. "virtual_address": "0x0001b000",
  867. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  868. "size": "0x000023c4"
  869. },
  870. {
  871. "virtual_address": "0x00000000",
  872. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  873. "size": "0x00000000"
  874. },
  875. {
  876. "virtual_address": "0x0001ae00",
  877. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  878. "size": "0x00001a58"
  879. },
  880. {
  881. "virtual_address": "0x0001e000",
  882. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  883. "size": "0x00000e5c"
  884. },
  885. {
  886. "virtual_address": "0x00012320",
  887. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  888. "size": "0x0000001c"
  889. },
  890. {
  891. "virtual_address": "0x00000000",
  892. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  893. "size": "0x00000000"
  894. },
  895. {
  896. "virtual_address": "0x00000000",
  897. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  898. "size": "0x00000000"
  899. },
  900. {
  901. "virtual_address": "0x00000000",
  902. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  903. "size": "0x00000000"
  904. },
  905. {
  906. "virtual_address": "0x00016280",
  907. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  908. "size": "0x00000040"
  909. },
  910. {
  911. "virtual_address": "0x00000000",
  912. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  913. "size": "0x00000000"
  914. },
  915. {
  916. "virtual_address": "0x00012000",
  917. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  918. "size": "0x000002cc"
  919. },
  920. {
  921. "virtual_address": "0x00000000",
  922. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  923. "size": "0x00000000"
  924. },
  925. {
  926. "virtual_address": "0x00000000",
  927. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  928. "size": "0x00000000"
  929. },
  930. {
  931. "virtual_address": "0x00000000",
  932. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  933. "size": "0x00000000"
  934. }
  935. ],
  936. "exports": [],
  937. "guest_signers": {},
  938. "imphash": "c8681af63c4b3bc7041fe674efea6dd2",
  939. "icon_fuzzy": null,
  940. "icon": null,
  941. "pdbpath": "c:\\src\\Desktops\\Release\\Desktops.pdb",
  942. "imported_dll_count": 6,
  943. "versioninfo": []
  944. }
  945. }
  946.  
  947. [*] Resolved APIs: [
  948. "kernel32.dll.FlsAlloc",
  949. "kernel32.dll.FlsGetValue",
  950. "kernel32.dll.FlsSetValue",
  951. "kernel32.dll.FlsFree",
  952. "kernel32.dll.IsProcessorFeaturePresent",
  953. "shell32.dll.CommandLineToArgvW",
  954. "uxtheme.dll.ThemeInitApiHook",
  955. "user32.dll.IsProcessDPIAware",
  956. "dwmapi.dll.DwmIsCompositionEnabled",
  957. "comctl32.dll.RegisterClassNameW",
  958. "uxtheme.dll.EnableThemeDialogTexture",
  959. "uxtheme.dll.OpenThemeData",
  960. "uxtheme.dll.GetThemeBool",
  961. "comctl32.dll.HIMAGELIST_QueryInterface",
  962. "comctl32.dll.DrawShadowText",
  963. "comctl32.dll.DrawSizeBox",
  964. "comctl32.dll.DrawScrollBar",
  965. "comctl32.dll.SizeBoxHwnd",
  966. "comctl32.dll.ScrollBar_MouseMove",
  967. "comctl32.dll.ScrollBar_Menu",
  968. "comctl32.dll.HandleScrollCmd",
  969. "comctl32.dll.DetachScrollBars",
  970. "comctl32.dll.AttachScrollBars",
  971. "comctl32.dll.CCSetScrollInfo",
  972. "comctl32.dll.CCGetScrollInfo",
  973. "comctl32.dll.CCEnableScrollBar",
  974. "comctl32.dll.QuerySystemGestureStatus",
  975. "uxtheme.dll.#49",
  976. "uxtheme.dll.CloseThemeData",
  977. "gdi32.dll.GetLayout",
  978. "gdi32.dll.GdiRealizationInfo",
  979. "gdi32.dll.FontIsLinked",
  980. "advapi32.dll.RegOpenKeyExW",
  981. "advapi32.dll.RegQueryInfoKeyW",
  982. "gdi32.dll.GetTextFaceAliasW",
  983. "advapi32.dll.RegEnumValueW",
  984. "advapi32.dll.RegCloseKey",
  985. "advapi32.dll.RegQueryValueExW",
  986. "gdi32.dll.GetFontAssocStatus",
  987. "advapi32.dll.RegQueryValueExA",
  988. "advapi32.dll.RegEnumKeyExW",
  989. "gdi32.dll.GdiIsMetaPrintDC",
  990. "ole32.dll.CoInitializeEx",
  991. "ole32.dll.CoUninitialize",
  992. "cryptbase.dll.SystemFunction036",
  993. "ole32.dll.CoRegisterInitializeSpy",
  994. "ole32.dll.CoRevokeInitializeSpy",
  995. "uxtheme.dll.BufferedPaintInit",
  996. "uxtheme.dll.BufferedPaintRenderAnimation",
  997. "uxtheme.dll.GetThemeTransitionDuration",
  998. "uxtheme.dll.BeginBufferedAnimation",
  999. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
  1000. "uxtheme.dll.DrawThemeParentBackground",
  1001. "uxtheme.dll.DrawThemeBackground",
  1002. "uxtheme.dll.GetThemeBackgroundContentRect",
  1003. "uxtheme.dll.DrawThemeText",
  1004. "uxtheme.dll.EndBufferedAnimation",
  1005. "uxtheme.dll.GetThemePartSize",
  1006. "uxtheme.dll.BufferedPaintStopAllAnimations",
  1007. "uxtheme.dll.BufferedPaintUnInit",
  1008. "user32.dll.SetProcessDPIAware",
  1009. "shell32.dll.#66",
  1010. "ole32.dll.CoTaskMemFree",
  1011. "kernel32.dll.Wow64EnableWow64FsRedirection",
  1012. "kernel32.dll.Wow64DisableWow64FsRedirection",
  1013. "user32.dll.SwitchDesktopWithFade"
  1014. ]
  1015.  
  1016. [*] Static Analysis: {
  1017. "pe": {
  1018. "peid_signatures": null,
  1019. "imports": [
  1020. {
  1021. "imports": [
  1022. {
  1023. "name": "GetStringTypeA",
  1024. "address": "0x412088"
  1025. },
  1026. {
  1027. "name": "LCMapStringW",
  1028. "address": "0x41208c"
  1029. },
  1030. {
  1031. "name": "LCMapStringA",
  1032. "address": "0x412090"
  1033. },
  1034. {
  1035. "name": "LoadLibraryA",
  1036. "address": "0x412094"
  1037. },
  1038. {
  1039. "name": "RtlUnwind",
  1040. "address": "0x412098"
  1041. },
  1042. {
  1043. "name": "InitializeCriticalSectionAndSpinCount",
  1044. "address": "0x41209c"
  1045. },
  1046. {
  1047. "name": "MultiByteToWideChar",
  1048. "address": "0x4120a0"
  1049. },
  1050. {
  1051. "name": "GetConsoleMode",
  1052. "address": "0x4120a4"
  1053. },
  1054. {
  1055. "name": "GetConsoleCP",
  1056. "address": "0x4120a8"
  1057. },
  1058. {
  1059. "name": "SetFilePointer",
  1060. "address": "0x4120ac"
  1061. },
  1062. {
  1063. "name": "GetSystemTimeAsFileTime",
  1064. "address": "0x4120b0"
  1065. },
  1066. {
  1067. "name": "GetCurrentProcessId",
  1068. "address": "0x4120b4"
  1069. },
  1070. {
  1071. "name": "GetTickCount",
  1072. "address": "0x4120b8"
  1073. },
  1074. {
  1075. "name": "QueryPerformanceCounter",
  1076. "address": "0x4120bc"
  1077. },
  1078. {
  1079. "name": "GetFileType",
  1080. "address": "0x4120c0"
  1081. },
  1082. {
  1083. "name": "SetHandleCount",
  1084. "address": "0x4120c4"
  1085. },
  1086. {
  1087. "name": "GetEnvironmentStringsW",
  1088. "address": "0x4120c8"
  1089. },
  1090. {
  1091. "name": "GetStringTypeW",
  1092. "address": "0x4120cc"
  1093. },
  1094. {
  1095. "name": "GetCommandLineW",
  1096. "address": "0x4120d0"
  1097. },
  1098. {
  1099. "name": "GetEnvironmentStrings",
  1100. "address": "0x4120d4"
  1101. },
  1102. {
  1103. "name": "FreeEnvironmentStringsA",
  1104. "address": "0x4120d8"
  1105. },
  1106. {
  1107. "name": "GetModuleFileNameA",
  1108. "address": "0x4120dc"
  1109. },
  1110. {
  1111. "name": "GetStdHandle",
  1112. "address": "0x4120e0"
  1113. },
  1114. {
  1115. "name": "WriteFile",
  1116. "address": "0x4120e4"
  1117. },
  1118. {
  1119. "name": "IsValidCodePage",
  1120. "address": "0x4120e8"
  1121. },
  1122. {
  1123. "name": "GetOEMCP",
  1124. "address": "0x4120ec"
  1125. },
  1126. {
  1127. "name": "GetACP",
  1128. "address": "0x4120f0"
  1129. },
  1130. {
  1131. "name": "GetCPInfo",
  1132. "address": "0x4120f4"
  1133. },
  1134. {
  1135. "name": "HeapSize",
  1136. "address": "0x4120f8"
  1137. },
  1138. {
  1139. "name": "ExitProcess",
  1140. "address": "0x4120fc"
  1141. },
  1142. {
  1143. "name": "InterlockedDecrement",
  1144. "address": "0x412100"
  1145. },
  1146. {
  1147. "name": "GetCurrentThreadId",
  1148. "address": "0x412104"
  1149. },
  1150. {
  1151. "name": "SetLastError",
  1152. "address": "0x412108"
  1153. },
  1154. {
  1155. "name": "InterlockedIncrement",
  1156. "address": "0x41210c"
  1157. },
  1158. {
  1159. "name": "TlsFree",
  1160. "address": "0x412110"
  1161. },
  1162. {
  1163. "name": "TlsSetValue",
  1164. "address": "0x412114"
  1165. },
  1166. {
  1167. "name": "TlsAlloc",
  1168. "address": "0x412118"
  1169. },
  1170. {
  1171. "name": "TlsGetValue",
  1172. "address": "0x41211c"
  1173. },
  1174. {
  1175. "name": "GetLocaleInfoA",
  1176. "address": "0x412120"
  1177. },
  1178. {
  1179. "name": "SetStdHandle",
  1180. "address": "0x412124"
  1181. },
  1182. {
  1183. "name": "WriteConsoleA",
  1184. "address": "0x412128"
  1185. },
  1186. {
  1187. "name": "GetConsoleOutputCP",
  1188. "address": "0x41212c"
  1189. },
  1190. {
  1191. "name": "WriteConsoleW",
  1192. "address": "0x412130"
  1193. },
  1194. {
  1195. "name": "CreateFileA",
  1196. "address": "0x412134"
  1197. },
  1198. {
  1199. "name": "FlushFileBuffers",
  1200. "address": "0x412138"
  1201. },
  1202. {
  1203. "name": "WideCharToMultiByte",
  1204. "address": "0x41213c"
  1205. },
  1206. {
  1207. "name": "LocalAlloc",
  1208. "address": "0x412140"
  1209. },
  1210. {
  1211. "name": "LocalFree",
  1212. "address": "0x412144"
  1213. },
  1214. {
  1215. "name": "CreateProcessW",
  1216. "address": "0x412148"
  1217. },
  1218. {
  1219. "name": "GetVersion",
  1220. "address": "0x41214c"
  1221. },
  1222. {
  1223. "name": "CloseHandle",
  1224. "address": "0x412150"
  1225. },
  1226. {
  1227. "name": "CreateEventW",
  1228. "address": "0x412154"
  1229. },
  1230. {
  1231. "name": "GetProcAddress",
  1232. "address": "0x412158"
  1233. },
  1234. {
  1235. "name": "GetLastError",
  1236. "address": "0x41215c"
  1237. },
  1238. {
  1239. "name": "GetModuleFileNameW",
  1240. "address": "0x412160"
  1241. },
  1242. {
  1243. "name": "FormatMessageW",
  1244. "address": "0x412164"
  1245. },
  1246. {
  1247. "name": "Sleep",
  1248. "address": "0x412168"
  1249. },
  1250. {
  1251. "name": "LoadLibraryW",
  1252. "address": "0x41216c"
  1253. },
  1254. {
  1255. "name": "GetModuleHandleW",
  1256. "address": "0x412170"
  1257. },
  1258. {
  1259. "name": "GetSystemWindowsDirectoryW",
  1260. "address": "0x412174"
  1261. },
  1262. {
  1263. "name": "FreeEnvironmentStringsW",
  1264. "address": "0x412178"
  1265. },
  1266. {
  1267. "name": "HeapReAlloc",
  1268. "address": "0x41217c"
  1269. },
  1270. {
  1271. "name": "VirtualAlloc",
  1272. "address": "0x412180"
  1273. },
  1274. {
  1275. "name": "EnterCriticalSection",
  1276. "address": "0x412184"
  1277. },
  1278. {
  1279. "name": "HeapFree",
  1280. "address": "0x412188"
  1281. },
  1282. {
  1283. "name": "ExitThread",
  1284. "address": "0x41218c"
  1285. },
  1286. {
  1287. "name": "ResumeThread",
  1288. "address": "0x412190"
  1289. },
  1290. {
  1291. "name": "CreateThread",
  1292. "address": "0x412194"
  1293. },
  1294. {
  1295. "name": "HeapAlloc",
  1296. "address": "0x412198"
  1297. },
  1298. {
  1299. "name": "GetCommandLineA",
  1300. "address": "0x41219c"
  1301. },
  1302. {
  1303. "name": "GetStartupInfoA",
  1304. "address": "0x4121a0"
  1305. },
  1306. {
  1307. "name": "TerminateProcess",
  1308. "address": "0x4121a4"
  1309. },
  1310. {
  1311. "name": "GetCurrentProcess",
  1312. "address": "0x4121a8"
  1313. },
  1314. {
  1315. "name": "UnhandledExceptionFilter",
  1316. "address": "0x4121ac"
  1317. },
  1318. {
  1319. "name": "SetUnhandledExceptionFilter",
  1320. "address": "0x4121b0"
  1321. },
  1322. {
  1323. "name": "IsDebuggerPresent",
  1324. "address": "0x4121b4"
  1325. },
  1326. {
  1327. "name": "HeapCreate",
  1328. "address": "0x4121b8"
  1329. },
  1330. {
  1331. "name": "VirtualFree",
  1332. "address": "0x4121bc"
  1333. },
  1334. {
  1335. "name": "DeleteCriticalSection",
  1336. "address": "0x4121c0"
  1337. },
  1338. {
  1339. "name": "LeaveCriticalSection",
  1340. "address": "0x4121c4"
  1341. },
  1342. {
  1343. "name": "GetModuleHandleA",
  1344. "address": "0x4121c8"
  1345. }
  1346. ],
  1347. "dll": "KERNEL32.dll"
  1348. },
  1349. {
  1350. "imports": [
  1351. {
  1352. "name": "DialogBoxIndirectParamW",
  1353. "address": "0x4121dc"
  1354. },
  1355. {
  1356. "name": "InflateRect",
  1357. "address": "0x4121e0"
  1358. },
  1359. {
  1360. "name": "SetWindowTextW",
  1361. "address": "0x4121e4"
  1362. },
  1363. {
  1364. "name": "CreateDesktopW",
  1365. "address": "0x4121e8"
  1366. },
  1367. {
  1368. "name": "DestroyWindow",
  1369. "address": "0x4121ec"
  1370. },
  1371. {
  1372. "name": "SetCursor",
  1373. "address": "0x4121f0"
  1374. },
  1375. {
  1376. "name": "TranslateAcceleratorW",
  1377. "address": "0x4121f4"
  1378. },
  1379. {
  1380. "name": "GetWindowRect",
  1381. "address": "0x4121f8"
  1382. },
  1383. {
  1384. "name": "SetActiveWindow",
  1385. "address": "0x4121fc"
  1386. },
  1387. {
  1388. "name": "GetMessageW",
  1389. "address": "0x412200"
  1390. },
  1391. {
  1392. "name": "PostQuitMessage",
  1393. "address": "0x412204"
  1394. },
  1395. {
  1396. "name": "TrackPopupMenu",
  1397. "address": "0x412208"
  1398. },
  1399. {
  1400. "name": "RegisterWindowMessageW",
  1401. "address": "0x41220c"
  1402. },
  1403. {
  1404. "name": "PostMessageW",
  1405. "address": "0x412210"
  1406. },
  1407. {
  1408. "name": "GetKeyState",
  1409. "address": "0x412214"
  1410. },
  1411. {
  1412. "name": "SetForegroundWindow",
  1413. "address": "0x412218"
  1414. },
  1415. {
  1416. "name": "DialogBoxParamW",
  1417. "address": "0x41221c"
  1418. },
  1419. {
  1420. "name": "LoadCursorW",
  1421. "address": "0x412220"
  1422. },
  1423. {
  1424. "name": "CallNextHookEx",
  1425. "address": "0x412224"
  1426. },
  1427. {
  1428. "name": "OpenDesktopW",
  1429. "address": "0x412228"
  1430. },
  1431. {
  1432. "name": "FindWindowW",
  1433. "address": "0x41222c"
  1434. },
  1435. {
  1436. "name": "GetClientRect",
  1437. "address": "0x412230"
  1438. },
  1439. {
  1440. "name": "SetFocus",
  1441. "address": "0x412234"
  1442. },
  1443. {
  1444. "name": "GetDC",
  1445. "address": "0x412238"
  1446. },
  1447. {
  1448. "name": "TranslateMessage",
  1449. "address": "0x41223c"
  1450. },
  1451. {
  1452. "name": "LoadAcceleratorsW",
  1453. "address": "0x412240"
  1454. },
  1455. {
  1456. "name": "ChildWindowFromPoint",
  1457. "address": "0x412244"
  1458. },
  1459. {
  1460. "name": "LoadIconW",
  1461. "address": "0x412248"
  1462. },
  1463. {
  1464. "name": "OffsetRect",
  1465. "address": "0x41224c"
  1466. },
  1467. {
  1468. "name": "InvalidateRect",
  1469. "address": "0x412250"
  1470. },
  1471. {
  1472. "name": "BringWindowToTop",
  1473. "address": "0x412254"
  1474. },
  1475. {
  1476. "name": "SystemParametersInfoW",
  1477. "address": "0x412258"
  1478. },
  1479. {
  1480. "name": "ReleaseDC",
  1481. "address": "0x41225c"
  1482. },
  1483. {
  1484. "name": "GetDlgItem",
  1485. "address": "0x412260"
  1486. },
  1487. {
  1488. "name": "EndDialog",
  1489. "address": "0x412264"
  1490. },
  1491. {
  1492. "name": "GetSysColor",
  1493. "address": "0x412268"
  1494. },
  1495. {
  1496. "name": "SetWindowPos",
  1497. "address": "0x41226c"
  1498. },
  1499. {
  1500. "name": "GetCursorPos",
  1501. "address": "0x412270"
  1502. },
  1503. {
  1504. "name": "CheckDlgButton",
  1505. "address": "0x412274"
  1506. },
  1507. {
  1508. "name": "ShowWindow",
  1509. "address": "0x412278"
  1510. },
  1511. {
  1512. "name": "CreatePopupMenu",
  1513. "address": "0x41227c"
  1514. },
  1515. {
  1516. "name": "GetSysColorBrush",
  1517. "address": "0x412280"
  1518. },
  1519. {
  1520. "name": "IsDlgButtonChecked",
  1521. "address": "0x412284"
  1522. },
  1523. {
  1524. "name": "SwitchDesktop",
  1525. "address": "0x412288"
  1526. },
  1527. {
  1528. "name": "SetThreadDesktop",
  1529. "address": "0x41228c"
  1530. },
  1531. {
  1532. "name": "CreateWindowExW",
  1533. "address": "0x412290"
  1534. },
  1535. {
  1536. "name": "InsertMenuW",
  1537. "address": "0x412294"
  1538. },
  1539. {
  1540. "name": "SetWindowsHookExW",
  1541. "address": "0x412298"
  1542. },
  1543. {
  1544. "name": "MessageBoxW",
  1545. "address": "0x41229c"
  1546. },
  1547. {
  1548. "name": "RegisterClassW",
  1549. "address": "0x4122a0"
  1550. },
  1551. {
  1552. "name": "GetSystemMetrics",
  1553. "address": "0x4122a4"
  1554. },
  1555. {
  1556. "name": "SendMessageW",
  1557. "address": "0x4122a8"
  1558. },
  1559. {
  1560. "name": "UnregisterHotKey",
  1561. "address": "0x4122ac"
  1562. },
  1563. {
  1564. "name": "DestroyMenu",
  1565. "address": "0x4122b0"
  1566. },
  1567. {
  1568. "name": "RegisterHotKey",
  1569. "address": "0x4122b4"
  1570. },
  1571. {
  1572. "name": "DefWindowProcW",
  1573. "address": "0x4122b8"
  1574. },
  1575. {
  1576. "name": "MoveWindow",
  1577. "address": "0x4122bc"
  1578. },
  1579. {
  1580. "name": "DispatchMessageW",
  1581. "address": "0x4122c0"
  1582. },
  1583. {
  1584. "name": "GetWindowPlacement",
  1585. "address": "0x4122c4"
  1586. }
  1587. ],
  1588. "dll": "USER32.dll"
  1589. },
  1590. {
  1591. "imports": [
  1592. {
  1593. "name": "StartPage",
  1594. "address": "0x412038"
  1595. },
  1596. {
  1597. "name": "GetDeviceCaps",
  1598. "address": "0x41203c"
  1599. },
  1600. {
  1601. "name": "SetMapMode",
  1602. "address": "0x412040"
  1603. },
  1604. {
  1605. "name": "StartDocW",
  1606. "address": "0x412044"
  1607. },
  1608. {
  1609. "name": "EndDoc",
  1610. "address": "0x412048"
  1611. },
  1612. {
  1613. "name": "BitBlt",
  1614. "address": "0x41204c"
  1615. },
  1616. {
  1617. "name": "SetTextColor",
  1618. "address": "0x412050"
  1619. },
  1620. {
  1621. "name": "DeleteDC",
  1622. "address": "0x412054"
  1623. },
  1624. {
  1625. "name": "CreateFontIndirectW",
  1626. "address": "0x412058"
  1627. },
  1628. {
  1629. "name": "StretchBlt",
  1630. "address": "0x41205c"
  1631. },
  1632. {
  1633. "name": "SetBkMode",
  1634. "address": "0x412060"
  1635. },
  1636. {
  1637. "name": "DeleteObject",
  1638. "address": "0x412064"
  1639. },
  1640. {
  1641. "name": "SelectObject",
  1642. "address": "0x412068"
  1643. },
  1644. {
  1645. "name": "CreateCompatibleDC",
  1646. "address": "0x41206c"
  1647. },
  1648. {
  1649. "name": "CreateCompatibleBitmap",
  1650. "address": "0x412070"
  1651. },
  1652. {
  1653. "name": "GetObjectW",
  1654. "address": "0x412074"
  1655. },
  1656. {
  1657. "name": "SetStretchBltMode",
  1658. "address": "0x412078"
  1659. },
  1660. {
  1661. "name": "GetStockObject",
  1662. "address": "0x41207c"
  1663. },
  1664. {
  1665. "name": "EndPage",
  1666. "address": "0x412080"
  1667. }
  1668. ],
  1669. "dll": "GDI32.dll"
  1670. },
  1671. {
  1672. "imports": [
  1673. {
  1674. "name": "PrintDlgW",
  1675. "address": "0x412030"
  1676. }
  1677. ],
  1678. "dll": "COMDLG32.dll"
  1679. },
  1680. {
  1681. "imports": [
  1682. {
  1683. "name": "RegCreateKeyW",
  1684. "address": "0x412000"
  1685. },
  1686. {
  1687. "name": "RegSetValueExW",
  1688. "address": "0x412004"
  1689. },
  1690. {
  1691. "name": "RegCloseKey",
  1692. "address": "0x412008"
  1693. },
  1694. {
  1695. "name": "GetSecurityDescriptorSacl",
  1696. "address": "0x41200c"
  1697. },
  1698. {
  1699. "name": "RegOpenKeyExW",
  1700. "address": "0x412010"
  1701. },
  1702. {
  1703. "name": "SetSecurityInfo",
  1704. "address": "0x412014"
  1705. },
  1706. {
  1707. "name": "ConvertStringSecurityDescriptorToSecurityDescriptorW",
  1708. "address": "0x412018"
  1709. },
  1710. {
  1711. "name": "RegDeleteValueW",
  1712. "address": "0x41201c"
  1713. },
  1714. {
  1715. "name": "RegOpenKeyW",
  1716. "address": "0x412020"
  1717. },
  1718. {
  1719. "name": "RegQueryValueExW",
  1720. "address": "0x412024"
  1721. },
  1722. {
  1723. "name": "RegCreateKeyExW",
  1724. "address": "0x412028"
  1725. }
  1726. ],
  1727. "dll": "ADVAPI32.dll"
  1728. },
  1729. {
  1730. "imports": [
  1731. {
  1732. "name": "ShellExecuteW",
  1733. "address": "0x4121d0"
  1734. },
  1735. {
  1736. "name": "Shell_NotifyIconW",
  1737. "address": "0x4121d4"
  1738. }
  1739. ],
  1740. "dll": "SHELL32.dll"
  1741. }
  1742. ],
  1743. "digital_signers": null,
  1744. "exported_dll_name": null,
  1745. "actual_checksum": "0x00025bb5",
  1746. "overlay": {
  1747. "size": "0x00001a58",
  1748. "offset": "0x0001ae00"
  1749. },
  1750. "imagebase": "0x00400000",
  1751. "reported_checksum": "0x00025bb5",
  1752. "icon_hash": null,
  1753. "entrypoint": "0x004046c6",
  1754. "timestamp": "2012-10-16 23:17:52",
  1755. "osversion": "5.0",
  1756. "sections": [
  1757. {
  1758. "name": ".text",
  1759. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1760. "virtual_address": "0x00001000",
  1761. "size_of_data": "0x00010200",
  1762. "entropy": "6.66",
  1763. "raw_address": "0x00000400",
  1764. "virtual_size": "0x0001014d",
  1765. "characteristics_raw": "0x60000020"
  1766. },
  1767. {
  1768. "name": ".rdata",
  1769. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1770. "virtual_address": "0x00012000",
  1771. "size_of_data": "0x00005800",
  1772. "entropy": "5.39",
  1773. "raw_address": "0x00010600",
  1774. "virtual_size": "0x000056a6",
  1775. "characteristics_raw": "0x40000040"
  1776. },
  1777. {
  1778. "name": ".data",
  1779. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1780. "virtual_address": "0x00018000",
  1781. "size_of_data": "0x00001400",
  1782. "entropy": "3.32",
  1783. "raw_address": "0x00015e00",
  1784. "virtual_size": "0x00002fd8",
  1785. "characteristics_raw": "0xc0000040"
  1786. },
  1787. {
  1788. "name": ".rsrc",
  1789. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1790. "virtual_address": "0x0001b000",
  1791. "size_of_data": "0x00002400",
  1792. "entropy": "3.87",
  1793. "raw_address": "0x00017200",
  1794. "virtual_size": "0x000023c4",
  1795. "characteristics_raw": "0x40000040"
  1796. },
  1797. {
  1798. "name": ".reloc",
  1799. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1800. "virtual_address": "0x0001e000",
  1801. "size_of_data": "0x00001800",
  1802. "entropy": "4.86",
  1803. "raw_address": "0x00019600",
  1804. "virtual_size": "0x00001684",
  1805. "characteristics_raw": "0x42000040"
  1806. }
  1807. ],
  1808. "resources": [],
  1809. "dirents": [
  1810. {
  1811. "virtual_address": "0x00000000",
  1812. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1813. "size": "0x00000000"
  1814. },
  1815. {
  1816. "virtual_address": "0x0001670c",
  1817. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1818. "size": "0x0000008c"
  1819. },
  1820. {
  1821. "virtual_address": "0x0001b000",
  1822. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1823. "size": "0x000023c4"
  1824. },
  1825. {
  1826. "virtual_address": "0x00000000",
  1827. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1828. "size": "0x00000000"
  1829. },
  1830. {
  1831. "virtual_address": "0x0001ae00",
  1832. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1833. "size": "0x00001a58"
  1834. },
  1835. {
  1836. "virtual_address": "0x0001e000",
  1837. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1838. "size": "0x00000e5c"
  1839. },
  1840. {
  1841. "virtual_address": "0x00012320",
  1842. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1843. "size": "0x0000001c"
  1844. },
  1845. {
  1846. "virtual_address": "0x00000000",
  1847. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1848. "size": "0x00000000"
  1849. },
  1850. {
  1851. "virtual_address": "0x00000000",
  1852. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1853. "size": "0x00000000"
  1854. },
  1855. {
  1856. "virtual_address": "0x00000000",
  1857. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1858. "size": "0x00000000"
  1859. },
  1860. {
  1861. "virtual_address": "0x00016280",
  1862. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1863. "size": "0x00000040"
  1864. },
  1865. {
  1866. "virtual_address": "0x00000000",
  1867. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1868. "size": "0x00000000"
  1869. },
  1870. {
  1871. "virtual_address": "0x00012000",
  1872. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1873. "size": "0x000002cc"
  1874. },
  1875. {
  1876. "virtual_address": "0x00000000",
  1877. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1878. "size": "0x00000000"
  1879. },
  1880. {
  1881. "virtual_address": "0x00000000",
  1882. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1883. "size": "0x00000000"
  1884. },
  1885. {
  1886. "virtual_address": "0x00000000",
  1887. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1888. "size": "0x00000000"
  1889. }
  1890. ],
  1891. "exports": [],
  1892. "guest_signers": {},
  1893. "imphash": "c8681af63c4b3bc7041fe674efea6dd2",
  1894. "icon_fuzzy": null,
  1895. "icon": null,
  1896. "pdbpath": "c:\\src\\Desktops\\Release\\Desktops.pdb",
  1897. "imported_dll_count": 6,
  1898. "versioninfo": []
  1899. }
  1900. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!