Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "word28-01-2019.doc.exe"
- [*] File Size: 83968
- [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
- [*] SHA256: "0284b1144191db3726db5c00dacb19f2a760defc740b006bca80c2e06239b37f"
- [*] MD5: "03364237e1b1201385dfc0f79c8c2fab"
- [*] SHA1: "cd2d695e63ba01f4b24c2aa9f39bf8da01a409a6"
- [*] SHA512: "ce178801a06cf890c1f8ab5a87efe4cae503baf78a2b8f4ec91f4c700244e56424dd16672e61aa6d935ff77e085dbee32f86fa54daf865e1f5493889b46e70a4"
- [*] CRC32: "21C6AA8A"
- [*] SSDEEP: "1536:5/NNjBJia0IazMOxBQDh+W/Rf0Sc8IRsvc8Ke2dOLEpvWNSXj8BRbG:fNtJiaQQt+m0Sgs6e2MLEpvJsG"
- [*] Process Execution: [
- "word28-01-2019.doc.exe",
- "doc.exe",
- "netsh.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details": [
- {
- "IP": "197.2.246.95:4545"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "doc.exe tried to sleep 318 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: word28-01-2019.doc.exe, pid: 1116, offset: 0x00000000, length: 0x00014800"
- }
- ]
- },
- {
- "Description": "Drops a binary and executes it",
- "Details": [
- {
- "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe"
- }
- ]
- },
- {
- "Description": "Attempts to mimic the file extension of a Word 97-2003 document by having 'doc' in the file name.",
- "Details": []
- },
- {
- "Description": "Sniffs keystrokes",
- "Details": [
- {
- "GetAsyncKeyState": "Process: doc.exe(1244)"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\f062a1be715f108d3fc891dc39c27c52"
- },
- {
- "data": "\"C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe\" .."
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\f062a1be715f108d3fc891dc39c27c52"
- },
- {
- "data": "\"C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe\" .."
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f062a1be715f108d3fc891dc39c27c52.exe"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f062a1be715f108d3fc891dc39c27c52.exe"
- }
- ]
- },
- {
- "Description": "File has been identified by 46 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.31594522"
- },
- {
- "CAT-QuickHeal": "Trojan.MSIL"
- },
- {
- "McAfee": "RDN/Generic.dx"
- },
- {
- "BitDefender": "Trojan.GenericKD.31594522"
- },
- {
- "K7GW": "Trojan ( 004d89911 )"
- },
- {
- "K7AntiVirus": "Trojan ( 004d89911 )"
- },
- {
- "Cyren": "W32/Trojan.ZHQO-2880"
- },
- {
- "ESET-NOD32": "a variant of MSIL/Kryptik.EMQ"
- },
- {
- "TrendMicro-HouseCall": "TROJ_GEN.R002C0WAU19"
- },
- {
- "Avast": "Win32:Malware-gen"
- },
- {
- "Kaspersky": "HEUR:Trojan.MSIL.Disfa.gen"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Kryptik.fmmngk"
- },
- {
- "AegisLab": "Trojan.MSIL.Disfa.4!c"
- },
- {
- "Rising": "Backdoor.Bladabindi!8.B1F (CLOUD)"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Emsisoft": "Trojan.GenericKD.31594522 (B)"
- },
- {
- "Comodo": "Malware@#gvize6c4c1k0"
- },
- {
- "F-Secure": "Heuristic.HEUR/AGEN.1005106"
- },
- {
- "DrWeb": "Trojan.DownLoader17.52584"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "RDN/Generic.dx"
- },
- {
- "FireEye": "Generic.mg.03364237e1b12013"
- },
- {
- "TheHacker": "Trojan/Kryptik.emq"
- },
- {
- "Ikarus": "Trojan.SuspectCRC"
- },
- {
- "GData": "Trojan.GenericKD.31594522"
- },
- {
- "Avira": "HEUR/AGEN.1005106"
- },
- {
- "MAX": "malware (ai score=86)"
- },
- {
- "Antiy-AVL": "Trojan/MSIL.Disfa"
- },
- {
- "Microsoft": "Backdoor:MSIL/Bladabindi"
- },
- {
- "Arcabit": "Trojan.Generic.D1E2181A"
- },
- {
- "AhnLab-V3": "Malware/Win32.Generic.C674694"
- },
- {
- "ZoneAlarm": "HEUR:Trojan.MSIL.Disfa.gen"
- },
- {
- "Sophos": "Mal/Generic-S"
- },
- {
- "VBA32": "TScope.Trojan.MSIL"
- },
- {
- "ALYac": "Trojan.GenericKD.31594522"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.31594522"
- },
- {
- "Panda": "Trj/GdSda.A"
- },
- {
- "Tencent": "Msil.Trojan.Disfa.Chi"
- },
- {
- "Yandex": "Trojan.Disfa!aB/UjAwPYq0"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "Fortinet": "MSIL/Kryptik.EMQ!tr"
- },
- {
- "AVG": "Win32:Malware-gen"
- },
- {
- "Cybereason": "malicious.e63ba0"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "Qihoo-360": "Win32/Trojan.593"
- }
- ]
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe"
- },
- {
- "copy": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f062a1be715f108d3fc891dc39c27c52.exe"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe ",
- "netsh firewall add allowedprogram \"C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe\" \"doc.exe\" ENABLE"
- ]
- [*] Mutexes: [
- "Global\\CLR_CASOFF_MUTEX",
- "f062a1be715f108d3fc891dc39c27c52",
- "Global\\.net clr networking"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
- "C:\\Users\\user\\AppData\\Local\\Temp\\doc.exe",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f062a1be715f108d3fc891dc39c27c52.exe",
- "\\Device\\Http\\Communication"
- ]
- [*] Deleted Files: [
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.1116.35109765",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1116.35109765",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.1116.35109781"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\di",
- "HKEY_CURRENT_USER\\Environment\\SEE_MASK_NOZONECHECKS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\f062a1be715f108d3fc891dc39c27c52",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\f062a1be715f108d3fc891dc39c27c52",
- "HKEY_CURRENT_USER\\Software\\f062a1be715f108d3fc891dc39c27c52",
- "HKEY_CURRENT_USER\\Software\\f062a1be715f108d3fc891dc39c27c52\\[kl]",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-100",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-101",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-103",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-102",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-1",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-2",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-4",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-3",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-100",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-101",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-102",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-103",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-100",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-101",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-102",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-103"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "secureisrael.ddns.net",
- "answers": [
- {
- "data": "197.2.246.95",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "197.2.246.95",
- "domain": "secureisrael.ddns.net"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "1.0.0.0",
- "name": "word"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "8.0.0.0",
- "name": "Microsoft.VisualBasic"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- }
- ],
- "typerefs": [
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.AuthenticationMode",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.ShutdownEventHandler",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.ShutdownMode",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.User",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.DesignerGeneratedAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.ObjectFlowControl",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.Computer",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Strings",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.Component",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.IContainer",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.ApplicationSettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.SettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.SizeF",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.AutoScaleMode",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ContainerControl",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Form",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.AppDomain",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Boolean",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Hashtable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Convert",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerStepThroughAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Double",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventArgs",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventHandler",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Exception",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int32",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IntPtr",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.InvalidOperationException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCompanyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCopyrightAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyDescriptionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyFileVersionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyProductAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTitleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTrademarkAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.TargetInvocationException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.GuidAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.CipherMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.HashAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.ICryptoTransform",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.PaddingMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.SymmetricAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDES",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Single",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.String",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.Encoding",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ThreadStaticAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Void",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.WeakReference",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00018eac",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x004157ce",
- "timestamp": "2019-01-28 04:04:03",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00013800",
- "entropy": "4.61",
- "raw_address": "0x00000200",
- "virtual_size": "0x000137d4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00016000",
- "size_of_data": "0x00000c00",
- "entropy": "3.71",
- "raw_address": "0x00013a00",
- "virtual_size": "0x00000a90",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00018000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x00014600",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00015780",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000004b"
- },
- {
- "virtual_address": "0x00016000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000a90"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00018000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "kernel32.dll.QueryActCtxW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.IsProcessorFeaturePresent",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll._CorExeMain",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.UnregisterTraceGuids",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "shell32.dll.SHGetFolderPathW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "ole32.dll.CoInitializeEx",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "ole32.dll.CoGetContextToken",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.GetVersionExW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "mscoree.dll.GetMetaDataInternalInterface",
- "mscorwks.dll.GetMetaDataInternalInterface",
- "mscorjit.dll.getJit",
- "user32.dll.RegisterWindowMessageW",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.DuplicateHandle",
- "kernel32.dll.GetCurrentThreadId",
- "user32.dll.GetSystemMetrics",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.GetProcAddress",
- "user32.dll.DefWindowProcW",
- "gdi32.dll.GetStockObject",
- "kernel32.dll.GetUserDefaultUILanguage",
- "user32.dll.RegisterClassW",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "user32.dll.CreateWindowExW",
- "user32.dll.SetWindowLongW",
- "user32.dll.GetWindowLongW",
- "user32.dll.CallWindowProcW",
- "user32.dll.GetClientRect",
- "user32.dll.GetWindowRect",
- "user32.dll.GetParent",
- "uxtheme.dll.IsAppThemed",
- "kernel32.dll.CreateActCtxA",
- "user32.dll.AdjustWindowRectEx",
- "gdi32.dll.CreateCompatibleDC",
- "kernel32.dll.GetSystemDefaultLCID",
- "gdi32.dll.GetObjectW",
- "user32.dll.GetDC",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.FindAtomW",
- "kernel32.dll.AddAtomW",
- "mscoree.dll.LoadLibraryShim",
- "gdiplus.dll.GdiplusStartup",
- "user32.dll.GetWindowInfo",
- "user32.dll.GetAncestor",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.EnumDisplayDevicesA",
- "gdi32.dll.ExtTextOutW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "gdiplus.dll.GdipCreateFontFromLogfontW",
- "kernel32.dll.RegOpenKeyExW",
- "kernel32.dll.RegQueryInfoKeyA",
- "kernel32.dll.RegCloseKey",
- "kernel32.dll.RegCreateKeyExW",
- "kernel32.dll.RegQueryValueExW",
- "kernel32.dll.RegEnumValueW",
- "kernel32.dll.RegQueryInfoKeyW",
- "mscoree.dll.ND_RI2",
- "mscoree.dll.ND_RU1",
- "gdiplus.dll.GdipGetFontUnit",
- "gdiplus.dll.GdipGetFontSize",
- "gdiplus.dll.GdipGetFontStyle",
- "gdiplus.dll.GdipGetFamily",
- "user32.dll.ReleaseDC",
- "gdiplus.dll.GdipCreateFromHDC",
- "gdiplus.dll.GdipGetDpiY",
- "gdiplus.dll.GdipGetFontHeight",
- "gdiplus.dll.GdipGetEmHeight",
- "gdiplus.dll.GdipGetLineSpacing",
- "gdiplus.dll.GdipDeleteGraphics",
- "gdiplus.dll.GdipCreateFont",
- "gdiplus.dll.GdipDeleteFont",
- "gdiplus.dll.GdipGetLogFontW",
- "mscoree.dll.ND_WU1",
- "gdi32.dll.CreateFontIndirectW",
- "gdi32.dll.SelectObject",
- "gdi32.dll.GetTextMetricsW",
- "gdi32.dll.GetTextExtentPoint32W",
- "gdi32.dll.DeleteDC",
- "kernel32.dll.GetCurrentActCtx",
- "kernel32.dll.ActivateActCtx",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "user32.dll.SetWindowTextW",
- "user32.dll.GetProcessWindowStation",
- "user32.dll.GetUserObjectInformationA",
- "kernel32.dll.SetConsoleCtrlHandler",
- "user32.dll.GetClassInfoW",
- "kernel32.dll.GetStartupInfoW",
- "gdi32.dll.GetDeviceCaps",
- "user32.dll.CreateIconFromResourceEx",
- "user32.dll.SendMessageW",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "gdi32.dll.GetTextFaceAliasW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "user32.dll.GetSystemMenu",
- "user32.dll.GetWindowPlacement",
- "user32.dll.EnableMenuItem",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.GetWindowTextW",
- "user32.dll.SetWindowPos",
- "user32.dll.RedrawWindow",
- "user32.dll.ShowWindow",
- "user32.dll.GetFocus",
- "user32.dll.EnumThreadWindows",
- "user32.dll.DestroyWindow",
- "user32.dll.SetLayeredWindowAttributes",
- "bcrypt.dll.BCryptGetFipsAlgorithmMode",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptCreateHash",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptDestroyHash",
- "cryptsp.dll.CryptGetProvParam",
- "cryptsp.dll.CryptGenRandom",
- "cryptsp.dll.CryptImportKey",
- "cryptsp.dll.CryptSetKeyParam",
- "cryptsp.dll.CryptDecrypt",
- "cryptsp.dll.CryptEncrypt",
- "advapi32.dll.RegSetValueExW",
- "kernel32.dll.ReleaseMutex",
- "kernel32.dll.CreateMutexW",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetFileType",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.ReadFile",
- "kernel32.dll.WriteFile",
- "kernel32.dll.LocalAlloc",
- "kernel32.dll.RtlMoveMemory",
- "shell32.dll.ShellExecuteEx",
- "shell32.dll.ShellExecuteExW",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "comctl32.dll.#386",
- "kernel32.dll.LocalFree",
- "ole32.dll.CoWaitForMultipleHandles",
- "sechost.dll.LookupAccountNameLocalW",
- "user32.dll.SetClassLongW",
- "user32.dll.PostMessageW",
- "user32.dll.UnregisterClassW",
- "kernel32.dll.DeleteAtom",
- "user32.dll.IsWindow",
- "user32.dll.DestroyIcon",
- "gdi32.dll.DeleteObject",
- "cryptsp.dll.CryptDestroyKey",
- "cryptsp.dll.CryptReleaseContext",
- "advapi32.dll.LookupAccountSidW",
- "sechost.dll.LookupAccountSidLocalW",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
- "comctl32.dll.#321",
- "kernel32.dll.CreateActCtxW",
- "kernel32.dll.AddRefActCtx",
- "kernel32.dll.ReleaseActCtx",
- "kernel32.dll.DeactivateActCtx",
- "kernel32.dll.SwitchToThread",
- "user32.dll.SendMessageTimeoutA",
- "user32.dll.SystemParametersInfoW",
- "kernel32.dll.lstrcpy",
- "kernel32.dll.lstrcpyW",
- "kernel32.dll.CreateProcessW",
- "kernel32.dll.WaitForSingleObject",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.CopyFileW",
- "user32.dll.GetAsyncKeyState",
- "user32.dll.GetKeyState",
- "user32.dll.GetKeyboardState",
- "user32.dll.MapVirtualKeyA",
- "user32.dll.GetForegroundWindow",
- "user32.dll.GetWindowThreadProcessId",
- "user32.dll.GetKeyboardLayout",
- "user32.dll.ToUnicodeEx",
- "ole32.dll.OleInitialize",
- "ole32.dll.CoRegisterMessageFilter",
- "user32.dll.PeekMessageW",
- "user32.dll.IsWindowUnicode",
- "user32.dll.GetMessageW",
- "user32.dll.TranslateMessage",
- "user32.dll.DispatchMessageW",
- "version.dll.GetFileVersionInfoSizeW",
- "version.dll.GetFileVersionInfoW",
- "version.dll.VerQueryValueW",
- "version.dll.VerLanguageNameW",
- "user32.dll.BeginPaint",
- "gdiplus.dll.GdipCreateHalftonePalette",
- "gdi32.dll.SelectPalette",
- "user32.dll.EndPaint",
- "ws2_32.dll.WSAStartup",
- "ws2_32.dll.WSASocketW",
- "ws2_32.dll.setsockopt",
- "ws2_32.dll.WSAEventSelect",
- "ws2_32.dll.ioctlsocket",
- "ws2_32.dll.closesocket",
- "kernel32.dll.GetComputerNameW",
- "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "kernel32.dll.CreateFileMappingW",
- "kernel32.dll.MapViewOfFile",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.VirtualQuery",
- "advapi32.dll.CreateWellKnownSid",
- "kernel32.dll.OpenMutexW",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.GetProcessTimes",
- "ws2_32.dll.getaddrinfo",
- "ws2_32.dll.freeaddrinfo",
- "ws2_32.dll.WSAConnect",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "kernel32.dll.GetExitCodeProcess",
- "kernel32.dll.GetProcessWorkingSetSize",
- "kernel32.dll.SetProcessWorkingSetSize",
- "user32.dll.GetWindowTextLengthA",
- "user32.dll.GetWindowTextA",
- "advapi32.dll.RegCreateKeyExW",
- "kernel32.dll.FormatMessageW",
- "ws2_32.dll.shutdown",
- "kernel32.dll.GlobalMemoryStatusEx",
- "rasmontr.dll.InitHelperDll",
- "nshwfp.dll.InitHelperDll",
- "dhcpcmonitor.dll.InitHelperDll",
- "wshelper.dll.InitHelperDll",
- "nshhttp.dll.InitHelperDll",
- "fwcfg.dll.InitHelperDll",
- "authfwcfg.dll.InitHelperDll",
- "ifmon.dll.InitHelperDll",
- "netiohlp.dll.InitHelperDll",
- "whhelper.dll.InitHelperDll",
- "hnetmon.dll.InitHelperDll",
- "rpcnsh.dll.InitHelperDll",
- "dot3cfg.dll.InitHelperDll",
- "napmontr.dll.InitHelperDll",
- "nshipsec.dll.InitHelperDll",
- "p2pnetsh.dll.InitHelperDll",
- "wlancfg.dll.InitHelperDll",
- "peerdistsh.dll.InitHelperDll",
- "cryptsp.dll.CryptEnumProvidersW",
- "user32.dll.LoadStringW",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.QueryServiceConfigW",
- "sechost.dll.CloseServiceHandle",
- "sechost.dll.QueryServiceStatus",
- "httpapi.dll.HttpInitialize",
- "userenv.dll.RegisterGPNotification",
- "userenv.dll.UnregisterGPNotification",
- "gpapi.dll.RegisterGPNotificationInternal",
- "bcryptprimitives.dll.GetHashInterface",
- "bcryptprimitives.dll.GetCipherInterface",
- "kernel32.dll.SetThreadUILanguage",
- "oleaut32.dll.#7",
- "shlwapi.dll.PathCanonicalizeW",
- "ole32.dll.CoCreateGuid",
- "ole32.dll.StringFromGUID2",
- "ole32.dll.CoUninitialize",
- "oleaut32.dll.#500",
- "httpapi.dll.HttpTerminate",
- "gpapi.dll.UnregisterGPNotificationInternal",
- "oleaut32.dll.#9",
- "comctl32.dll.#388"
- ]
- [*] Static Analysis: {
- "dotnet": {
- "customattrs": null,
- "assemblyinfo": {
- "version": "1.0.0.0",
- "name": "word"
- },
- "assemblyrefs": [
- {
- "version": "2.0.0.0",
- "name": "mscorlib"
- },
- {
- "version": "8.0.0.0",
- "name": "Microsoft.VisualBasic"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Windows.Forms"
- },
- {
- "version": "2.0.0.0",
- "name": "System"
- },
- {
- "version": "2.0.0.0",
- "name": "System.Drawing"
- }
- ],
- "typerefs": [
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.AuthenticationMode",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.ShutdownEventHandler",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.ShutdownMode",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.User",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Conversions",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.DesignerGeneratedAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.NewLateBinding",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.ObjectFlowControl",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.ProjectData",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.CompilerServices.Utils",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Devices.Computer",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.HideModuleNameAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.MyGroupCollectionAttribute",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "Microsoft.VisualBasic.Strings",
- "assembly": "Microsoft.VisualBasic"
- },
- {
- "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.Component",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.Design.HelpKeywordAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableAttribute",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.EditorBrowsableState",
- "assembly": "System"
- },
- {
- "typename": "System.ComponentModel.IContainer",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.ApplicationSettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Configuration.SettingsBase",
- "assembly": "System"
- },
- {
- "typename": "System.Drawing.Size",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Drawing.SizeF",
- "assembly": "System.Drawing"
- },
- {
- "typename": "System.Windows.Forms.Application",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.AutoScaleMode",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.ContainerControl",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Control",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Windows.Forms.Form",
- "assembly": "System.Windows.Forms"
- },
- {
- "typename": "System.Activator",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.AppDomain",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ArgumentException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Boolean",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Byte",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Generic.List`1",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Collections.Hashtable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Convert",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerHiddenAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Diagnostics.DebuggerStepThroughAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Double",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventArgs",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.EventHandler",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Exception",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Globalization.CultureInfo",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IDisposable",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Int32",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.IntPtr",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.InvalidOperationException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Object",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.Assembly",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCompanyAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyCopyrightAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyDescriptionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyFileVersionAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyProductAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTitleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.AssemblyTrademarkAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Reflection.TargetInvocationException",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Resources.ResourceManager",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Runtime.InteropServices.GuidAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.RuntimeTypeHandle",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.STAThreadAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.CipherMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.HashAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.ICryptoTransform",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.MD5CryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.PaddingMode",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.SymmetricAlgorithm",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDES",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Security.Cryptography.TripleDESCryptoServiceProvider",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Single",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.String",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Text.Encoding",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.ThreadStaticAttribute",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Threading.Monitor",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Type",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.Void",
- "assembly": "mscorlib"
- },
- {
- "typename": "System.WeakReference",
- "assembly": "mscorlib"
- }
- ]
- },
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "_CorExeMain",
- "address": "0x402000"
- }
- ],
- "dll": "mscoree.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00018eac",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x004157ce",
- "timestamp": "2019-01-28 04:04:03",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00013800",
- "entropy": "4.61",
- "raw_address": "0x00000200",
- "virtual_size": "0x000137d4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00016000",
- "size_of_data": "0x00000c00",
- "entropy": "3.71",
- "raw_address": "0x00013a00",
- "virtual_size": "0x00000a90",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00018000",
- "size_of_data": "0x00000200",
- "entropy": "0.10",
- "raw_address": "0x00014600",
- "virtual_size": "0x0000000c",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00015780",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000004b"
- },
- {
- "virtual_address": "0x00016000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000a90"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00018000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000000c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000008"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00002008",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000048"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement