API tools faq
paste
Advertisement
paladin316

Exes_41791113_exe.json

paladin316
Jun 17th, 2019
1,279
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.59 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_41791113.exe"
  7. [*] File Size: 249424
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "361bd552b278cf0d956b787abd984b6c86413d668492613782f856040d8200a0"
  10. [*] MD5: "e222299ef243f72a0d45db64601146d3"
  11. [*] SHA1: "e87bdc834dddd85b5b9b931eaccac03a5caabf81"
  12. [*] SHA512: "683c5879edd98b9ed0b71c11bfc0857b2fe2a240d73105e78600c24352c094ceb0cdb6eb78fe22a721d4d1946c034afc0d0240b61f62038a5fd4c1bfb80dae14"
  13. [*] CRC32: "41791113"
  14. [*] SSDEEP: "6144:nz8PozQ7aGHY0E/p0VTJq+9wm0/UH0Of:nz8QJGHY0ExGq+9wmV"
  15.  
  16. [*] Process Execution: [
  17. "Exes_41791113.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Performs some HTTP requests",
  23. "Details": [
  24. {
  25. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  26. },
  27. {
  28. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  29. },
  30. {
  31. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  32. }
  33. ]
  34. },
  35. {
  36. "Description": "The binary likely contains encrypted or compressed data.",
  37. "Details": [
  38. {
  39. "section": "name: .text, entropy: 7.55, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0003a800, virtual_size: 0x0003a734"
  40. }
  41. ]
  42. },
  43. {
  44. "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
  45. "Details": [
  46. {
  47. "FireEye": "Generic.mg.e222299ef243f72a"
  48. },
  49. {
  50. "Qihoo-360": "HEUR/QVM03.0.CD1F.Malware.Gen"
  51. },
  52. {
  53. "McAfee": "RDN/Generic.dx"
  54. },
  55. {
  56. "Cylance": "Unsafe"
  57. },
  58. {
  59. "AegisLab": "Trojan.Multi.Generic.4!c"
  60. },
  61. {
  62. "Alibaba": "Trojan:Win32/Malmail.ali1000112"
  63. },
  64. {
  65. "Cybereason": "malicious.34dddd"
  66. },
  67. {
  68. "Symantec": "ML.Attribute.HighConfidence"
  69. },
  70. {
  71. "APEX": "Malicious"
  72. },
  73. {
  74. "Paloalto": "generic.ml"
  75. },
  76. {
  77. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
  78. },
  79. {
  80. "Endgame": "malicious (high confidence)"
  81. },
  82. {
  83. "Invincea": "heuristic"
  84. },
  85. {
  86. "McAfee-GW-Edition": "Artemis!Trojan"
  87. },
  88. {
  89. "Trapmine": "suspicious.low.ml.score"
  90. },
  91. {
  92. "SentinelOne": "DFI - Malicious PE"
  93. },
  94. {
  95. "Microsoft": "Trojan:Win32/Fuerboos.A!cl"
  96. },
  97. {
  98. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
  99. },
  100. {
  101. "ESET-NOD32": "a variant of MSIL/Kryptik.RPQ"
  102. },
  103. {
  104. "Acronis": "suspicious"
  105. },
  106. {
  107. "Panda": "Trj/Genetic.gen"
  108. },
  109. {
  110. "eGambit": "PE.Heur.InvalidSig"
  111. },
  112. {
  113. "AVG": "FileRepMalware"
  114. },
  115. {
  116. "CrowdStrike": "win/malicious_confidence_90% (W)"
  117. }
  118. ]
  119. }
  120. ]
  121.  
  122. [*] Started Service: []
  123.  
  124. [*] Executed Commands: []
  125.  
  126. [*] Mutexes: []
  127.  
  128. [*] Modified Files: []
  129.  
  130. [*] Deleted Files: []
  131.  
  132. [*] Modified Registry Keys: []
  133.  
  134. [*] Deleted Registry Keys: []
  135.  
  136. [*] DNS Communications: []
  137.  
  138. [*] Domains: []
  139.  
  140. [*] Network Communication - ICMP: []
  141.  
  142. [*] Network Communication - HTTP: [
  143. {
  144. "count": 1,
  145. "body": "",
  146. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  147. "user-agent": "Microsoft-CryptoAPI/6.1",
  148. "method": "GET",
  149. "host": "ocsp.digicert.com",
  150. "version": "1.1",
  151. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  152. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  153. "port": 80
  154. },
  155. {
  156. "count": 1,
  157. "body": "",
  158. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  159. "user-agent": "Microsoft-CryptoAPI/6.1",
  160. "method": "GET",
  161. "host": "ocsp.digicert.com",
  162. "version": "1.1",
  163. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  164. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  165. "port": 80
  166. },
  167. {
  168. "count": 1,
  169. "body": "",
  170. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  171. "user-agent": "Microsoft-CryptoAPI/6.1",
  172. "method": "GET",
  173. "host": "ocsp.digicert.com",
  174. "version": "1.1",
  175. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  176. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  177. "port": 80
  178. }
  179. ]
  180.  
  181. [*] Network Communication - SMTP: []
  182.  
  183. [*] Network Communication - Hosts: []
  184.  
  185. [*] Network Communication - IRC: []
  186.  
  187. [*] Static Analysis: {
  188. "dotnet": {
  189. "customattrs": [
  190. {
  191. "type": "Assembly",
  192. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  193. "value": "3.5.6"
  194. },
  195. {
  196. "type": "Assembly",
  197. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  198. "value": "a81bbd62-66f2-4cca-875a-d8f4e7d254"
  199. },
  200. {
  201. "type": "Assembly",
  202. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  203. "value": "ocajetuq"
  204. },
  205. {
  206. "type": "Assembly",
  207. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  208. "value": "ocajetuq"
  209. },
  210. {
  211. "type": "Assembly",
  212. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  213. "value": "Copyright \\xc2\\xa9 20"
  214. },
  215. {
  216. "type": "Assembly",
  217. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  218. "value": "itenobadoqutixaq"
  219. },
  220. {
  221. "type": "Assembly",
  222. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  223. "value": "egagigotefowic"
  224. },
  225. {
  226. "type": "Property",
  227. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  228. "value": ""
  229. },
  230. {
  231. "type": "Property",
  232. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  233. "value": "10"
  234. }
  235. ],
  236. "assemblyinfo": {
  237. "version": "1.0.0.0",
  238. "name": "Ee5wspujSyfTSwNplYaweoOnKA=="
  239. },
  240. "assemblyrefs": [
  241. {
  242. "version": "4.0.0.0",
  243. "name": "mscorlib"
  244. },
  245. {
  246. "version": "4.0.0.0",
  247. "name": "System"
  248. },
  249. {
  250. "version": "1.0.0.1",
  251. "name": "gdi32"
  252. }
  253. ],
  254. "typerefs": [
  255. {
  256. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  257. "assembly": "System"
  258. },
  259. {
  260. "typename": "System.Collections.Specialized.StringDictionary",
  261. "assembly": "System"
  262. },
  263. {
  264. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  265. "assembly": "System"
  266. },
  267. {
  268. "typename": "System.ComponentModel.EditorBrowsableState",
  269. "assembly": "System"
  270. },
  271. {
  272. "typename": "System.Configuration.ApplicationSettingsBase",
  273. "assembly": "System"
  274. },
  275. {
  276. "typename": "System.Configuration.DefaultSettingValueAttribute",
  277. "assembly": "System"
  278. },
  279. {
  280. "typename": "System.Configuration.SettingsBase",
  281. "assembly": "System"
  282. },
  283. {
  284. "typename": "System.Configuration.UserScopedSettingAttribute",
  285. "assembly": "System"
  286. },
  287. {
  288. "typename": "gdi32.Program",
  289. "assembly": "gdi32"
  290. },
  291. {
  292. "typename": "System.AppDomain",
  293. "assembly": "mscorlib"
  294. },
  295. {
  296. "typename": "System.Array",
  297. "assembly": "mscorlib"
  298. },
  299. {
  300. "typename": "System.AsyncCallback",
  301. "assembly": "mscorlib"
  302. },
  303. {
  304. "typename": "System.Boolean",
  305. "assembly": "mscorlib"
  306. },
  307. {
  308. "typename": "System.Buffer",
  309. "assembly": "mscorlib"
  310. },
  311. {
  312. "typename": "System.Byte",
  313. "assembly": "mscorlib"
  314. },
  315. {
  316. "typename": "System.Char",
  317. "assembly": "mscorlib"
  318. },
  319. {
  320. "typename": "System.CharEnumerator",
  321. "assembly": "mscorlib"
  322. },
  323. {
  324. "typename": "System.Collections.ICollection",
  325. "assembly": "mscorlib"
  326. },
  327. {
  328. "typename": "System.Collections.IEnumerable",
  329. "assembly": "mscorlib"
  330. },
  331. {
  332. "typename": "System.Console",
  333. "assembly": "mscorlib"
  334. },
  335. {
  336. "typename": "System.DBNull",
  337. "assembly": "mscorlib"
  338. },
  339. {
  340. "typename": "System.DateTime",
  341. "assembly": "mscorlib"
  342. },
  343. {
  344. "typename": "System.Delegate",
  345. "assembly": "mscorlib"
  346. },
  347. {
  348. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  349. "assembly": "mscorlib"
  350. },
  351. {
  352. "typename": "System.Enum",
  353. "assembly": "mscorlib"
  354. },
  355. {
  356. "typename": "System.Exception",
  357. "assembly": "mscorlib"
  358. },
  359. {
  360. "typename": "System.Globalization.CultureInfo",
  361. "assembly": "mscorlib"
  362. },
  363. {
  364. "typename": "System.Globalization.NumberStyles",
  365. "assembly": "mscorlib"
  366. },
  367. {
  368. "typename": "System.Globalization.UnicodeCategory",
  369. "assembly": "mscorlib"
  370. },
  371. {
  372. "typename": "System.IAsyncResult",
  373. "assembly": "mscorlib"
  374. },
  375. {
  376. "typename": "System.IComparable",
  377. "assembly": "mscorlib"
  378. },
  379. {
  380. "typename": "System.IFormatProvider",
  381. "assembly": "mscorlib"
  382. },
  383. {
  384. "typename": "System.Int16",
  385. "assembly": "mscorlib"
  386. },
  387. {
  388. "typename": "System.Int32",
  389. "assembly": "mscorlib"
  390. },
  391. {
  392. "typename": "System.Int64",
  393. "assembly": "mscorlib"
  394. },
  395. {
  396. "typename": "System.MulticastDelegate",
  397. "assembly": "mscorlib"
  398. },
  399. {
  400. "typename": "System.NotSupportedException",
  401. "assembly": "mscorlib"
  402. },
  403. {
  404. "typename": "System.Object",
  405. "assembly": "mscorlib"
  406. },
  407. {
  408. "typename": "System.Reflection.Assembly",
  409. "assembly": "mscorlib"
  410. },
  411. {
  412. "typename": "System.Reflection.AssemblyCompanyAttribute",
  413. "assembly": "mscorlib"
  414. },
  415. {
  416. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  417. "assembly": "mscorlib"
  418. },
  419. {
  420. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  421. "assembly": "mscorlib"
  422. },
  423. {
  424. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  425. "assembly": "mscorlib"
  426. },
  427. {
  428. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  429. "assembly": "mscorlib"
  430. },
  431. {
  432. "typename": "System.Reflection.AssemblyProductAttribute",
  433. "assembly": "mscorlib"
  434. },
  435. {
  436. "typename": "System.Reflection.AssemblyTitleAttribute",
  437. "assembly": "mscorlib"
  438. },
  439. {
  440. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  441. "assembly": "mscorlib"
  442. },
  443. {
  444. "typename": "System.Reflection.BindingFlags",
  445. "assembly": "mscorlib"
  446. },
  447. {
  448. "typename": "System.Reflection.CallingConventions",
  449. "assembly": "mscorlib"
  450. },
  451. {
  452. "typename": "System.Reflection.MethodBase",
  453. "assembly": "mscorlib"
  454. },
  455. {
  456. "typename": "System.Reflection.MethodInfo",
  457. "assembly": "mscorlib"
  458. },
  459. {
  460. "typename": "System.Reflection.ParameterInfo",
  461. "assembly": "mscorlib"
  462. },
  463. {
  464. "typename": "System.Reflection.ParameterModifier",
  465. "assembly": "mscorlib"
  466. },
  467. {
  468. "typename": "System.Reflection.PropertyInfo",
  469. "assembly": "mscorlib"
  470. },
  471. {
  472. "typename": "System.ResolveEventArgs",
  473. "assembly": "mscorlib"
  474. },
  475. {
  476. "typename": "System.ResolveEventHandler",
  477. "assembly": "mscorlib"
  478. },
  479. {
  480. "typename": "System.Resources.ResourceManager",
  481. "assembly": "mscorlib"
  482. },
  483. {
  484. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  485. "assembly": "mscorlib"
  486. },
  487. {
  488. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  489. "assembly": "mscorlib"
  490. },
  491. {
  492. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  493. "assembly": "mscorlib"
  494. },
  495. {
  496. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  497. "assembly": "mscorlib"
  498. },
  499. {
  500. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  501. "assembly": "mscorlib"
  502. },
  503. {
  504. "typename": "System.Runtime.InteropServices.GuidAttribute",
  505. "assembly": "mscorlib"
  506. },
  507. {
  508. "typename": "System.Runtime.InteropServices._Type",
  509. "assembly": "mscorlib"
  510. },
  511. {
  512. "typename": "System.Runtime.Remoting.ObjectHandle",
  513. "assembly": "mscorlib"
  514. },
  515. {
  516. "typename": "System.Runtime.Serialization.ISerializable",
  517. "assembly": "mscorlib"
  518. },
  519. {
  520. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  521. "assembly": "mscorlib"
  522. },
  523. {
  524. "typename": "System.RuntimeFieldHandle",
  525. "assembly": "mscorlib"
  526. },
  527. {
  528. "typename": "System.RuntimeTypeHandle",
  529. "assembly": "mscorlib"
  530. },
  531. {
  532. "typename": "System.SByte",
  533. "assembly": "mscorlib"
  534. },
  535. {
  536. "typename": "System.STAThreadAttribute",
  537. "assembly": "mscorlib"
  538. },
  539. {
  540. "typename": "System.String",
  541. "assembly": "mscorlib"
  542. },
  543. {
  544. "typename": "System.StringComparison",
  545. "assembly": "mscorlib"
  546. },
  547. {
  548. "typename": "System.StringSplitOptions",
  549. "assembly": "mscorlib"
  550. },
  551. {
  552. "typename": "System.Text.StringBuilder",
  553. "assembly": "mscorlib"
  554. },
  555. {
  556. "typename": "System.Threading.Thread",
  557. "assembly": "mscorlib"
  558. },
  559. {
  560. "typename": "System.TimeSpan",
  561. "assembly": "mscorlib"
  562. },
  563. {
  564. "typename": "System.Type",
  565. "assembly": "mscorlib"
  566. },
  567. {
  568. "typename": "System.TypeCode",
  569. "assembly": "mscorlib"
  570. },
  571. {
  572. "typename": "System.UInt16",
  573. "assembly": "mscorlib"
  574. },
  575. {
  576. "typename": "System.UInt32",
  577. "assembly": "mscorlib"
  578. },
  579. {
  580. "typename": "System.UInt64",
  581. "assembly": "mscorlib"
  582. },
  583. {
  584. "typename": "System.ValueType",
  585. "assembly": "mscorlib"
  586. },
  587. {
  588. "typename": "System.Void",
  589. "assembly": "mscorlib"
  590. }
  591. ]
  592. },
  593. "pe": {
  594. "peid_signatures": null,
  595. "imports": [
  596. {
  597. "imports": [
  598. {
  599. "name": "_CorExeMain",
  600. "address": "0x402000"
  601. }
  602. ],
  603. "dll": "mscoree.dll"
  604. }
  605. ],
  606. "digital_signers": null,
  607. "exported_dll_name": null,
  608. "actual_checksum": "0x000435b0",
  609. "overlay": {
  610. "size": "0x00001c50",
  611. "offset": "0x0003b200"
  612. },
  613. "imagebase": "0x00400000",
  614. "reported_checksum": "0x00000000",
  615. "icon_hash": null,
  616. "entrypoint": "0x0043c72e",
  617. "timestamp": "2006-04-13 05:55:54",
  618. "osversion": "4.0",
  619. "sections": [
  620. {
  621. "name": ".text",
  622. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  623. "virtual_address": "0x00002000",
  624. "size_of_data": "0x0003a800",
  625. "entropy": "7.55",
  626. "raw_address": "0x00000200",
  627. "virtual_size": "0x0003a734",
  628. "characteristics_raw": "0x60000020"
  629. },
  630. {
  631. "name": ".rsrc",
  632. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  633. "virtual_address": "0x0003e000",
  634. "size_of_data": "0x00000600",
  635. "entropy": "4.45",
  636. "raw_address": "0x0003aa00",
  637. "virtual_size": "0x00000600",
  638. "characteristics_raw": "0x40000040"
  639. },
  640. {
  641. "name": ".reloc",
  642. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  643. "virtual_address": "0x00040000",
  644. "size_of_data": "0x00000200",
  645. "entropy": "0.10",
  646. "raw_address": "0x0003b000",
  647. "virtual_size": "0x0000000c",
  648. "characteristics_raw": "0x42000040"
  649. }
  650. ],
  651. "resources": [],
  652. "dirents": [
  653. {
  654. "virtual_address": "0x00000000",
  655. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  656. "size": "0x00000000"
  657. },
  658. {
  659. "virtual_address": "0x0003c6dc",
  660. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  661. "size": "0x0000004f"
  662. },
  663. {
  664. "virtual_address": "0x0003e000",
  665. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  666. "size": "0x00000600"
  667. },
  668. {
  669. "virtual_address": "0x00000000",
  670. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  671. "size": "0x00000000"
  672. },
  673. {
  674. "virtual_address": "0x0003b200",
  675. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  676. "size": "0x00001c50"
  677. },
  678. {
  679. "virtual_address": "0x00040000",
  680. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  681. "size": "0x0000000c"
  682. },
  683. {
  684. "virtual_address": "0x00000000",
  685. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  686. "size": "0x00000000"
  687. },
  688. {
  689. "virtual_address": "0x00000000",
  690. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  691. "size": "0x00000000"
  692. },
  693. {
  694. "virtual_address": "0x00000000",
  695. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  696. "size": "0x00000000"
  697. },
  698. {
  699. "virtual_address": "0x00000000",
  700. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  701. "size": "0x00000000"
  702. },
  703. {
  704. "virtual_address": "0x00000000",
  705. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  706. "size": "0x00000000"
  707. },
  708. {
  709. "virtual_address": "0x00000000",
  710. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  711. "size": "0x00000000"
  712. },
  713. {
  714. "virtual_address": "0x00002000",
  715. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  716. "size": "0x00000008"
  717. },
  718. {
  719. "virtual_address": "0x00000000",
  720. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  721. "size": "0x00000000"
  722. },
  723. {
  724. "virtual_address": "0x00002008",
  725. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  726. "size": "0x00000048"
  727. },
  728. {
  729. "virtual_address": "0x00000000",
  730. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  731. "size": "0x00000000"
  732. }
  733. ],
  734. "exports": [],
  735. "guest_signers": {},
  736. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  737. "icon_fuzzy": null,
  738. "icon": null,
  739. "pdbpath": null,
  740. "imported_dll_count": 1,
  741. "versioninfo": []
  742. }
  743. }
  744.  
  745. [*] Resolved APIs: [
  746. "advapi32.dll.RegOpenKeyExW",
  747. "advapi32.dll.RegQueryInfoKeyW",
  748. "advapi32.dll.RegEnumKeyExW",
  749. "advapi32.dll.RegEnumValueW",
  750. "advapi32.dll.RegCloseKey",
  751. "advapi32.dll.RegQueryValueExW",
  752. "kernel32.dll.QueryActCtxW",
  753. "shlwapi.dll.UrlIsW"
  754. ]
  755.  
  756. [*] Static Analysis: {
  757. "dotnet": {
  758. "customattrs": [
  759. {
  760. "type": "Assembly",
  761. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  762. "value": "3.5.6"
  763. },
  764. {
  765. "type": "Assembly",
  766. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  767. "value": "a81bbd62-66f2-4cca-875a-d8f4e7d254"
  768. },
  769. {
  770. "type": "Assembly",
  771. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  772. "value": "ocajetuq"
  773. },
  774. {
  775. "type": "Assembly",
  776. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  777. "value": "ocajetuq"
  778. },
  779. {
  780. "type": "Assembly",
  781. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  782. "value": "Copyright \\xc2\\xa9 20"
  783. },
  784. {
  785. "type": "Assembly",
  786. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  787. "value": "itenobadoqutixaq"
  788. },
  789. {
  790. "type": "Assembly",
  791. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  792. "value": "egagigotefowic"
  793. },
  794. {
  795. "type": "Property",
  796. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  797. "value": ""
  798. },
  799. {
  800. "type": "Property",
  801. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  802. "value": "10"
  803. }
  804. ],
  805. "assemblyinfo": {
  806. "version": "1.0.0.0",
  807. "name": "Ee5wspujSyfTSwNplYaweoOnKA=="
  808. },
  809. "assemblyrefs": [
  810. {
  811. "version": "4.0.0.0",
  812. "name": "mscorlib"
  813. },
  814. {
  815. "version": "4.0.0.0",
  816. "name": "System"
  817. },
  818. {
  819. "version": "1.0.0.1",
  820. "name": "gdi32"
  821. }
  822. ],
  823. "typerefs": [
  824. {
  825. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  826. "assembly": "System"
  827. },
  828. {
  829. "typename": "System.Collections.Specialized.StringDictionary",
  830. "assembly": "System"
  831. },
  832. {
  833. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  834. "assembly": "System"
  835. },
  836. {
  837. "typename": "System.ComponentModel.EditorBrowsableState",
  838. "assembly": "System"
  839. },
  840. {
  841. "typename": "System.Configuration.ApplicationSettingsBase",
  842. "assembly": "System"
  843. },
  844. {
  845. "typename": "System.Configuration.DefaultSettingValueAttribute",
  846. "assembly": "System"
  847. },
  848. {
  849. "typename": "System.Configuration.SettingsBase",
  850. "assembly": "System"
  851. },
  852. {
  853. "typename": "System.Configuration.UserScopedSettingAttribute",
  854. "assembly": "System"
  855. },
  856. {
  857. "typename": "gdi32.Program",
  858. "assembly": "gdi32"
  859. },
  860. {
  861. "typename": "System.AppDomain",
  862. "assembly": "mscorlib"
  863. },
  864. {
  865. "typename": "System.Array",
  866. "assembly": "mscorlib"
  867. },
  868. {
  869. "typename": "System.AsyncCallback",
  870. "assembly": "mscorlib"
  871. },
  872. {
  873. "typename": "System.Boolean",
  874. "assembly": "mscorlib"
  875. },
  876. {
  877. "typename": "System.Buffer",
  878. "assembly": "mscorlib"
  879. },
  880. {
  881. "typename": "System.Byte",
  882. "assembly": "mscorlib"
  883. },
  884. {
  885. "typename": "System.Char",
  886. "assembly": "mscorlib"
  887. },
  888. {
  889. "typename": "System.CharEnumerator",
  890. "assembly": "mscorlib"
  891. },
  892. {
  893. "typename": "System.Collections.ICollection",
  894. "assembly": "mscorlib"
  895. },
  896. {
  897. "typename": "System.Collections.IEnumerable",
  898. "assembly": "mscorlib"
  899. },
  900. {
  901. "typename": "System.Console",
  902. "assembly": "mscorlib"
  903. },
  904. {
  905. "typename": "System.DBNull",
  906. "assembly": "mscorlib"
  907. },
  908. {
  909. "typename": "System.DateTime",
  910. "assembly": "mscorlib"
  911. },
  912. {
  913. "typename": "System.Delegate",
  914. "assembly": "mscorlib"
  915. },
  916. {
  917. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  918. "assembly": "mscorlib"
  919. },
  920. {
  921. "typename": "System.Enum",
  922. "assembly": "mscorlib"
  923. },
  924. {
  925. "typename": "System.Exception",
  926. "assembly": "mscorlib"
  927. },
  928. {
  929. "typename": "System.Globalization.CultureInfo",
  930. "assembly": "mscorlib"
  931. },
  932. {
  933. "typename": "System.Globalization.NumberStyles",
  934. "assembly": "mscorlib"
  935. },
  936. {
  937. "typename": "System.Globalization.UnicodeCategory",
  938. "assembly": "mscorlib"
  939. },
  940. {
  941. "typename": "System.IAsyncResult",
  942. "assembly": "mscorlib"
  943. },
  944. {
  945. "typename": "System.IComparable",
  946. "assembly": "mscorlib"
  947. },
  948. {
  949. "typename": "System.IFormatProvider",
  950. "assembly": "mscorlib"
  951. },
  952. {
  953. "typename": "System.Int16",
  954. "assembly": "mscorlib"
  955. },
  956. {
  957. "typename": "System.Int32",
  958. "assembly": "mscorlib"
  959. },
  960. {
  961. "typename": "System.Int64",
  962. "assembly": "mscorlib"
  963. },
  964. {
  965. "typename": "System.MulticastDelegate",
  966. "assembly": "mscorlib"
  967. },
  968. {
  969. "typename": "System.NotSupportedException",
  970. "assembly": "mscorlib"
  971. },
  972. {
  973. "typename": "System.Object",
  974. "assembly": "mscorlib"
  975. },
  976. {
  977. "typename": "System.Reflection.Assembly",
  978. "assembly": "mscorlib"
  979. },
  980. {
  981. "typename": "System.Reflection.AssemblyCompanyAttribute",
  982. "assembly": "mscorlib"
  983. },
  984. {
  985. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  986. "assembly": "mscorlib"
  987. },
  988. {
  989. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  990. "assembly": "mscorlib"
  991. },
  992. {
  993. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  994. "assembly": "mscorlib"
  995. },
  996. {
  997. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  998. "assembly": "mscorlib"
  999. },
  1000. {
  1001. "typename": "System.Reflection.AssemblyProductAttribute",
  1002. "assembly": "mscorlib"
  1003. },
  1004. {
  1005. "typename": "System.Reflection.AssemblyTitleAttribute",
  1006. "assembly": "mscorlib"
  1007. },
  1008. {
  1009. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  1010. "assembly": "mscorlib"
  1011. },
  1012. {
  1013. "typename": "System.Reflection.BindingFlags",
  1014. "assembly": "mscorlib"
  1015. },
  1016. {
  1017. "typename": "System.Reflection.CallingConventions",
  1018. "assembly": "mscorlib"
  1019. },
  1020. {
  1021. "typename": "System.Reflection.MethodBase",
  1022. "assembly": "mscorlib"
  1023. },
  1024. {
  1025. "typename": "System.Reflection.MethodInfo",
  1026. "assembly": "mscorlib"
  1027. },
  1028. {
  1029. "typename": "System.Reflection.ParameterInfo",
  1030. "assembly": "mscorlib"
  1031. },
  1032. {
  1033. "typename": "System.Reflection.ParameterModifier",
  1034. "assembly": "mscorlib"
  1035. },
  1036. {
  1037. "typename": "System.Reflection.PropertyInfo",
  1038. "assembly": "mscorlib"
  1039. },
  1040. {
  1041. "typename": "System.ResolveEventArgs",
  1042. "assembly": "mscorlib"
  1043. },
  1044. {
  1045. "typename": "System.ResolveEventHandler",
  1046. "assembly": "mscorlib"
  1047. },
  1048. {
  1049. "typename": "System.Resources.ResourceManager",
  1050. "assembly": "mscorlib"
  1051. },
  1052. {
  1053. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1054. "assembly": "mscorlib"
  1055. },
  1056. {
  1057. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1058. "assembly": "mscorlib"
  1059. },
  1060. {
  1061. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1062. "assembly": "mscorlib"
  1063. },
  1064. {
  1065. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  1066. "assembly": "mscorlib"
  1067. },
  1068. {
  1069. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1070. "assembly": "mscorlib"
  1071. },
  1072. {
  1073. "typename": "System.Runtime.InteropServices.GuidAttribute",
  1074. "assembly": "mscorlib"
  1075. },
  1076. {
  1077. "typename": "System.Runtime.InteropServices._Type",
  1078. "assembly": "mscorlib"
  1079. },
  1080. {
  1081. "typename": "System.Runtime.Remoting.ObjectHandle",
  1082. "assembly": "mscorlib"
  1083. },
  1084. {
  1085. "typename": "System.Runtime.Serialization.ISerializable",
  1086. "assembly": "mscorlib"
  1087. },
  1088. {
  1089. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  1090. "assembly": "mscorlib"
  1091. },
  1092. {
  1093. "typename": "System.RuntimeFieldHandle",
  1094. "assembly": "mscorlib"
  1095. },
  1096. {
  1097. "typename": "System.RuntimeTypeHandle",
  1098. "assembly": "mscorlib"
  1099. },
  1100. {
  1101. "typename": "System.SByte",
  1102. "assembly": "mscorlib"
  1103. },
  1104. {
  1105. "typename": "System.STAThreadAttribute",
  1106. "assembly": "mscorlib"
  1107. },
  1108. {
  1109. "typename": "System.String",
  1110. "assembly": "mscorlib"
  1111. },
  1112. {
  1113. "typename": "System.StringComparison",
  1114. "assembly": "mscorlib"
  1115. },
  1116. {
  1117. "typename": "System.StringSplitOptions",
  1118. "assembly": "mscorlib"
  1119. },
  1120. {
  1121. "typename": "System.Text.StringBuilder",
  1122. "assembly": "mscorlib"
  1123. },
  1124. {
  1125. "typename": "System.Threading.Thread",
  1126. "assembly": "mscorlib"
  1127. },
  1128. {
  1129. "typename": "System.TimeSpan",
  1130. "assembly": "mscorlib"
  1131. },
  1132. {
  1133. "typename": "System.Type",
  1134. "assembly": "mscorlib"
  1135. },
  1136. {
  1137. "typename": "System.TypeCode",
  1138. "assembly": "mscorlib"
  1139. },
  1140. {
  1141. "typename": "System.UInt16",
  1142. "assembly": "mscorlib"
  1143. },
  1144. {
  1145. "typename": "System.UInt32",
  1146. "assembly": "mscorlib"
  1147. },
  1148. {
  1149. "typename": "System.UInt64",
  1150. "assembly": "mscorlib"
  1151. },
  1152. {
  1153. "typename": "System.ValueType",
  1154. "assembly": "mscorlib"
  1155. },
  1156. {
  1157. "typename": "System.Void",
  1158. "assembly": "mscorlib"
  1159. }
  1160. ]
  1161. },
  1162. "pe": {
  1163. "peid_signatures": null,
  1164. "imports": [
  1165. {
  1166. "imports": [
  1167. {
  1168. "name": "_CorExeMain",
  1169. "address": "0x402000"
  1170. }
  1171. ],
  1172. "dll": "mscoree.dll"
  1173. }
  1174. ],
  1175. "digital_signers": null,
  1176. "exported_dll_name": null,
  1177. "actual_checksum": "0x000435b0",
  1178. "overlay": {
  1179. "size": "0x00001c50",
  1180. "offset": "0x0003b200"
  1181. },
  1182. "imagebase": "0x00400000",
  1183. "reported_checksum": "0x00000000",
  1184. "icon_hash": null,
  1185. "entrypoint": "0x0043c72e",
  1186. "timestamp": "2006-04-13 05:55:54",
  1187. "osversion": "4.0",
  1188. "sections": [
  1189. {
  1190. "name": ".text",
  1191. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1192. "virtual_address": "0x00002000",
  1193. "size_of_data": "0x0003a800",
  1194. "entropy": "7.55",
  1195. "raw_address": "0x00000200",
  1196. "virtual_size": "0x0003a734",
  1197. "characteristics_raw": "0x60000020"
  1198. },
  1199. {
  1200. "name": ".rsrc",
  1201. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1202. "virtual_address": "0x0003e000",
  1203. "size_of_data": "0x00000600",
  1204. "entropy": "4.45",
  1205. "raw_address": "0x0003aa00",
  1206. "virtual_size": "0x00000600",
  1207. "characteristics_raw": "0x40000040"
  1208. },
  1209. {
  1210. "name": ".reloc",
  1211. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1212. "virtual_address": "0x00040000",
  1213. "size_of_data": "0x00000200",
  1214. "entropy": "0.10",
  1215. "raw_address": "0x0003b000",
  1216. "virtual_size": "0x0000000c",
  1217. "characteristics_raw": "0x42000040"
  1218. }
  1219. ],
  1220. "resources": [],
  1221. "dirents": [
  1222. {
  1223. "virtual_address": "0x00000000",
  1224. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1225. "size": "0x00000000"
  1226. },
  1227. {
  1228. "virtual_address": "0x0003c6dc",
  1229. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1230. "size": "0x0000004f"
  1231. },
  1232. {
  1233. "virtual_address": "0x0003e000",
  1234. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1235. "size": "0x00000600"
  1236. },
  1237. {
  1238. "virtual_address": "0x00000000",
  1239. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1240. "size": "0x00000000"
  1241. },
  1242. {
  1243. "virtual_address": "0x0003b200",
  1244. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1245. "size": "0x00001c50"
  1246. },
  1247. {
  1248. "virtual_address": "0x00040000",
  1249. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1250. "size": "0x0000000c"
  1251. },
  1252. {
  1253. "virtual_address": "0x00000000",
  1254. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1255. "size": "0x00000000"
  1256. },
  1257. {
  1258. "virtual_address": "0x00000000",
  1259. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1260. "size": "0x00000000"
  1261. },
  1262. {
  1263. "virtual_address": "0x00000000",
  1264. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1265. "size": "0x00000000"
  1266. },
  1267. {
  1268. "virtual_address": "0x00000000",
  1269. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1270. "size": "0x00000000"
  1271. },
  1272. {
  1273. "virtual_address": "0x00000000",
  1274. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1275. "size": "0x00000000"
  1276. },
  1277. {
  1278. "virtual_address": "0x00000000",
  1279. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1280. "size": "0x00000000"
  1281. },
  1282. {
  1283. "virtual_address": "0x00002000",
  1284. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1285. "size": "0x00000008"
  1286. },
  1287. {
  1288. "virtual_address": "0x00000000",
  1289. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1290. "size": "0x00000000"
  1291. },
  1292. {
  1293. "virtual_address": "0x00002008",
  1294. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1295. "size": "0x00000048"
  1296. },
  1297. {
  1298. "virtual_address": "0x00000000",
  1299. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1300. "size": "0x00000000"
  1301. }
  1302. ],
  1303. "exports": [],
  1304. "guest_signers": {},
  1305. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1306. "icon_fuzzy": null,
  1307. "icon": null,
  1308. "pdbpath": null,
  1309. "imported_dll_count": 1,
  1310. "versioninfo": []
  1311. }
  1312. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!