Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 1.6
- [*] File Name: "atpbtqwlcs.exe"
- [*] File Size: 1105975
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "7b9747384f7f5732e6fb3bc12c3f96bcab53ed8d066d064e465bf9f51bb88618"
- [*] MD5: "a1efbe65547fd9a8a533eb788eadf155"
- [*] SHA1: "8aa18ff2560f212e2e1f776673aa1c1c86a75bae"
- [*] SHA512: "5292b87e3f239a96499e74bfb301e6446773ea0390c9564e9781fd1afcd78a1c993f951e58908668fef1505749d2dd7ae3e695d003e7e3b10557e294a17433b7"
- [*] CRC32: "4B914204"
- [*] SSDEEP: "24576:7yKzMHUZ7Ng4RvFjEvTaVSFCf1+K4gaHWtRwrho61/u:eiZu4RvFjg7gfgKNk8RwNT1/u"
- [*] Process Execution: [
- "atpbtqwlcs.exe",
- "atpbtqwlcs.tmp"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: atpbtqwlcs.exe, pid: 748, offset: 0x000c32f3, length: 0x0000187e"
- },
- {
- "self_read": "process: atpbtqwlcs.exe, pid: 748, offset: 0x000c4c4b, length: 0x000493ec"
- }
- ]
- },
- {
- "Description": "Drops a binary and executes it",
- "Details": [
- {
- "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\is-C7HDA.tmp\\atpbtqwlcs.tmp"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\is-C7HDA.tmp\\atpbtqwlcs.tmp\" /SL5=\"$130166,799475,54272,C:\\Users\\user\\AppData\\Local\\Temp\\atpbtqwlcs.exe\""
- ]
- [*] Mutexes: [
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1",
- "Local\\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511",
- "Local\\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000",
- "DefaultTabtip-MainUI"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\is-C7HDA.tmp\\atpbtqwlcs.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\is-OUDOH.tmp\\_isetup\\_RegDLL.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\is-OUDOH.tmp\\_isetup\\_setup64.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\is-OUDOH.tmp\\_isetup\\_shfoldr.dll"
- ]
- [*] Deleted Files: []
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Owner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\SessionHash",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x40d0b4"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x40d0b8"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40d0bc"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x40d0c0"
- },
- {
- "name": "VirtualFree",
- "address": "0x40d0c4"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x40d0c8"
- },
- {
- "name": "LocalFree",
- "address": "0x40d0cc"
- },
- {
- "name": "LocalAlloc",
- "address": "0x40d0d0"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x40d0d4"
- },
- {
- "name": "TlsSetValue",
- "address": "0x40d0d8"
- },
- {
- "name": "TlsGetValue",
- "address": "0x40d0dc"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x40d0e0"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x40d0e4"
- },
- {
- "name": "GetLastError",
- "address": "0x40d0e8"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40d0ec"
- },
- {
- "name": "WriteFile",
- "address": "0x40d0f0"
- },
- {
- "name": "SetFilePointer",
- "address": "0x40d0f4"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x40d0f8"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40d0fc"
- },
- {
- "name": "ReadFile",
- "address": "0x40d100"
- },
- {
- "name": "RaiseException",
- "address": "0x40d104"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40d108"
- },
- {
- "name": "GetFileSize",
- "address": "0x40d10c"
- },
- {
- "name": "GetSystemTime",
- "address": "0x40d110"
- },
- {
- "name": "GetFileType",
- "address": "0x40d114"
- },
- {
- "name": "ExitProcess",
- "address": "0x40d118"
- },
- {
- "name": "CreateFileA",
- "address": "0x40d11c"
- },
- {
- "name": "CloseHandle",
- "address": "0x40d120"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "MessageBoxA",
- "address": "0x40d128"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "VariantChangeTypeEx",
- "address": "0x40d130"
- },
- {
- "name": "VariantCopyInd",
- "address": "0x40d134"
- },
- {
- "name": "VariantClear",
- "address": "0x40d138"
- },
- {
- "name": "SysStringLen",
- "address": "0x40d13c"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x40d140"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x40d148"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x40d14c"
- },
- {
- "name": "RegCloseKey",
- "address": "0x40d150"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x40d154"
- },
- {
- "name": "LookupPrivilegeValueA",
- "address": "0x40d158"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "WriteFile",
- "address": "0x40d160"
- },
- {
- "name": "VirtualQuery",
- "address": "0x40d164"
- },
- {
- "name": "VirtualProtect",
- "address": "0x40d168"
- },
- {
- "name": "VirtualFree",
- "address": "0x40d16c"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x40d170"
- },
- {
- "name": "Sleep",
- "address": "0x40d174"
- },
- {
- "name": "SizeofResource",
- "address": "0x40d178"
- },
- {
- "name": "SetLastError",
- "address": "0x40d17c"
- },
- {
- "name": "SetFilePointer",
- "address": "0x40d180"
- },
- {
- "name": "SetErrorMode",
- "address": "0x40d184"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x40d188"
- },
- {
- "name": "RemoveDirectoryA",
- "address": "0x40d18c"
- },
- {
- "name": "ReadFile",
- "address": "0x40d190"
- },
- {
- "name": "LockResource",
- "address": "0x40d194"
- },
- {
- "name": "LoadResource",
- "address": "0x40d198"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x40d19c"
- },
- {
- "name": "IsDBCSLeadByte",
- "address": "0x40d1a0"
- },
- {
- "name": "GetWindowsDirectoryA",
- "address": "0x40d1a4"
- },
- {
- "name": "GetVersionExA",
- "address": "0x40d1a8"
- },
- {
- "name": "GetUserDefaultLangID",
- "address": "0x40d1ac"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x40d1b0"
- },
- {
- "name": "GetSystemDefaultLCID",
- "address": "0x40d1b4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x40d1b8"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x40d1bc"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x40d1c0"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x40d1c4"
- },
- {
- "name": "GetLastError",
- "address": "0x40d1c8"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x40d1cc"
- },
- {
- "name": "GetFileSize",
- "address": "0x40d1d0"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x40d1d4"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x40d1d8"
- },
- {
- "name": "GetEnvironmentVariableA",
- "address": "0x40d1dc"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40d1e0"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40d1e4"
- },
- {
- "name": "GetACP",
- "address": "0x40d1e8"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x40d1ec"
- },
- {
- "name": "FormatMessageA",
- "address": "0x40d1f0"
- },
- {
- "name": "FindResourceA",
- "address": "0x40d1f4"
- },
- {
- "name": "DeleteFileA",
- "address": "0x40d1f8"
- },
- {
- "name": "CreateProcessA",
- "address": "0x40d1fc"
- },
- {
- "name": "CreateFileA",
- "address": "0x40d200"
- },
- {
- "name": "CreateDirectoryA",
- "address": "0x40d204"
- },
- {
- "name": "CloseHandle",
- "address": "0x40d208"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "TranslateMessage",
- "address": "0x40d210"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x40d214"
- },
- {
- "name": "PeekMessageA",
- "address": "0x40d218"
- },
- {
- "name": "MsgWaitForMultipleObjects",
- "address": "0x40d21c"
- },
- {
- "name": "MessageBoxA",
- "address": "0x40d220"
- },
- {
- "name": "LoadStringA",
- "address": "0x40d224"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x40d228"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x40d22c"
- },
- {
- "name": "DestroyWindow",
- "address": "0x40d230"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x40d234"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x40d238"
- },
- {
- "name": "CharPrevA",
- "address": "0x40d23c"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "InitCommonControls",
- "address": "0x40d244"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x40d24c"
- }
- ],
- "dll": "advapi32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00119d21",
- "overlay": {
- "size": "0x00100c37",
- "offset": "0x0000d400"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00409c14",
- "timestamp": "1992-06-19 22:22:17",
- "osversion": "1.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00009400",
- "entropy": "6.56",
- "raw_address": "0x00000400",
- "virtual_size": "0x00009338",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000b000",
- "size_of_data": "0x00000400",
- "entropy": "2.74",
- "raw_address": "0x00009800",
- "virtual_size": "0x0000024c",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000c000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00009c00",
- "virtual_size": "0x00000e8c",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000d000",
- "size_of_data": "0x00000a00",
- "entropy": "4.43",
- "raw_address": "0x00009c00",
- "virtual_size": "0x00000950",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000e000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0000a600",
- "virtual_size": "0x00000008",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0000f000",
- "size_of_data": "0x00000200",
- "entropy": "0.20",
- "raw_address": "0x0000a600",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00010000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0000a800",
- "virtual_size": "0x000008b0",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00011000",
- "size_of_data": "0x00002c00",
- "entropy": "4.47",
- "raw_address": "0x0000a800",
- "virtual_size": "0x00002c00",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000950"
- },
- {
- "virtual_address": "0x00011000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00002c00"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000f000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "884310b1928934402ea6fec1dbd3cf5e",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 8,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.SetDllDirectoryW",
- "kernel32.dll.SetSearchPathMode",
- "kernel32.dll.SetProcessDEPPolicy",
- "kernel32.dll.Wow64DisableWow64FsRedirection",
- "kernel32.dll.Wow64RevertWow64FsRedirection",
- "kernel32.dll.GetUserDefaultUILanguage",
- "comctl32.dll.RegisterClassNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "uxtheme.dll.EnableThemeDialogTexture",
- "uxtheme.dll.OpenThemeData",
- "uxtheme.dll.CloseThemeData",
- "uxtheme.dll.DrawThemeBackground",
- "uxtheme.dll.DrawThemeText",
- "uxtheme.dll.GetThemeBackgroundContentRect",
- "uxtheme.dll.GetThemePartSize",
- "uxtheme.dll.GetThemeTextExtent",
- "uxtheme.dll.GetThemeTextMetrics",
- "uxtheme.dll.GetThemeBackgroundRegion",
- "uxtheme.dll.HitTestThemeBackground",
- "uxtheme.dll.DrawThemeEdge",
- "uxtheme.dll.DrawThemeIcon",
- "uxtheme.dll.IsThemePartDefined",
- "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
- "uxtheme.dll.GetThemeColor",
- "uxtheme.dll.GetThemeMetric",
- "uxtheme.dll.GetThemeString",
- "uxtheme.dll.GetThemeBool",
- "uxtheme.dll.GetThemeInt",
- "uxtheme.dll.GetThemeEnumValue",
- "uxtheme.dll.GetThemePosition",
- "uxtheme.dll.GetThemeFont",
- "uxtheme.dll.GetThemeRect",
- "uxtheme.dll.GetThemeMargins",
- "uxtheme.dll.GetThemeIntList",
- "uxtheme.dll.GetThemePropertyOrigin",
- "uxtheme.dll.SetWindowTheme",
- "uxtheme.dll.GetThemeFilename",
- "uxtheme.dll.GetThemeSysColor",
- "uxtheme.dll.GetThemeSysColorBrush",
- "uxtheme.dll.GetThemeSysBool",
- "uxtheme.dll.GetThemeSysSize",
- "uxtheme.dll.GetThemeSysFont",
- "uxtheme.dll.GetThemeSysString",
- "uxtheme.dll.GetThemeSysInt",
- "uxtheme.dll.IsThemeActive",
- "uxtheme.dll.IsAppThemed",
- "uxtheme.dll.GetWindowTheme",
- "uxtheme.dll.IsThemeDialogTextureEnabled",
- "uxtheme.dll.GetThemeAppProperties",
- "uxtheme.dll.SetThemeAppProperties",
- "uxtheme.dll.GetCurrentThemeName",
- "uxtheme.dll.GetThemeDocumentationProperty",
- "uxtheme.dll.DrawThemeParentBackground",
- "uxtheme.dll.EnableTheming",
- "user32.dll.NotifyWinEvent",
- "cryptbase.dll.SystemFunction036",
- "shell32.dll.SHCreateItemFromParsingName",
- "shell32.dll.SHPathPrepareForWriteA",
- "kernel32.dll.VerSetConditionMask",
- "kernel32.dll.VerifyVersionInfoW",
- "kernel32.dll.GetNativeSystemInfo",
- "kernel32.dll.IsWow64Process",
- "kernel32.dll.GetSystemWow64DirectoryA",
- "advapi32.dll.RegDeleteKeyExA",
- "user32.dll.AnimateWindow",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll._TrackMouseEvent",
- "msimg32.dll.TransparentBlt",
- "user32.dll.DisableProcessWindowsGhosting",
- "advapi32.dll.CheckTokenMembership",
- "user32.dll.ShutdownBlockReasonDestroy",
- "user32.dll.ShutdownBlockReasonCreate",
- "shfolder.dll.SHGetFolderPathA",
- "rstrtmgr.dll.RmStartSession",
- "rstrtmgr.dll.RmRegisterResources",
- "rstrtmgr.dll.RmGetList",
- "rstrtmgr.dll.RmShutdown",
- "rstrtmgr.dll.RmRestart",
- "rstrtmgr.dll.RmEndSession",
- "bcryptprimitives.dll.GetHashInterface",
- "comctl32.dll.HIMAGELIST_QueryInterface",
- "comctl32.dll.DrawShadowText",
- "comctl32.dll.DrawSizeBox",
- "comctl32.dll.DrawScrollBar",
- "comctl32.dll.SizeBoxHwnd",
- "comctl32.dll.ScrollBar_MouseMove",
- "comctl32.dll.ScrollBar_Menu",
- "comctl32.dll.HandleScrollCmd",
- "comctl32.dll.DetachScrollBars",
- "comctl32.dll.AttachScrollBars",
- "comctl32.dll.CCSetScrollInfo",
- "comctl32.dll.CCGetScrollInfo",
- "comctl32.dll.CCEnableScrollBar",
- "comctl32.dll.QuerySystemGestureStatus",
- "uxtheme.dll.#49",
- "user32.dll.ChangeWindowMessageFilterEx",
- "gdi32.dll.GetTextExtentExPointWPri",
- "imm32.dll.ImmIsIME",
- "imm32.dll.ImmGetContext",
- "imm32.dll.ImmReleaseContext",
- "imm32.dll.ImmAssociateContext",
- "user32.dll.MonitorFromRect",
- "user32.dll.GetMonitorInfoA",
- "shlwapi.dll.SHAutoComplete",
- "ole32.dll.CoCreateInstance",
- "comctl32.dll.#411",
- "comctl32.dll.#410",
- "ole32.dll.CLSIDFromString",
- "comctl32.dll.#413",
- "uxtheme.dll.BufferedPaintInit",
- "uxtheme.dll.BufferedPaintRenderAnimation",
- "uxtheme.dll.GetThemeTransitionDuration",
- "uxtheme.dll.BeginBufferedAnimation",
- "uxtheme.dll.EndBufferedAnimation"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x40d0b4"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x40d0b8"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40d0bc"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x40d0c0"
- },
- {
- "name": "VirtualFree",
- "address": "0x40d0c4"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x40d0c8"
- },
- {
- "name": "LocalFree",
- "address": "0x40d0cc"
- },
- {
- "name": "LocalAlloc",
- "address": "0x40d0d0"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x40d0d4"
- },
- {
- "name": "TlsSetValue",
- "address": "0x40d0d8"
- },
- {
- "name": "TlsGetValue",
- "address": "0x40d0dc"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x40d0e0"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x40d0e4"
- },
- {
- "name": "GetLastError",
- "address": "0x40d0e8"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40d0ec"
- },
- {
- "name": "WriteFile",
- "address": "0x40d0f0"
- },
- {
- "name": "SetFilePointer",
- "address": "0x40d0f4"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x40d0f8"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40d0fc"
- },
- {
- "name": "ReadFile",
- "address": "0x40d100"
- },
- {
- "name": "RaiseException",
- "address": "0x40d104"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40d108"
- },
- {
- "name": "GetFileSize",
- "address": "0x40d10c"
- },
- {
- "name": "GetSystemTime",
- "address": "0x40d110"
- },
- {
- "name": "GetFileType",
- "address": "0x40d114"
- },
- {
- "name": "ExitProcess",
- "address": "0x40d118"
- },
- {
- "name": "CreateFileA",
- "address": "0x40d11c"
- },
- {
- "name": "CloseHandle",
- "address": "0x40d120"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "MessageBoxA",
- "address": "0x40d128"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "VariantChangeTypeEx",
- "address": "0x40d130"
- },
- {
- "name": "VariantCopyInd",
- "address": "0x40d134"
- },
- {
- "name": "VariantClear",
- "address": "0x40d138"
- },
- {
- "name": "SysStringLen",
- "address": "0x40d13c"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x40d140"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x40d148"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x40d14c"
- },
- {
- "name": "RegCloseKey",
- "address": "0x40d150"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x40d154"
- },
- {
- "name": "LookupPrivilegeValueA",
- "address": "0x40d158"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "WriteFile",
- "address": "0x40d160"
- },
- {
- "name": "VirtualQuery",
- "address": "0x40d164"
- },
- {
- "name": "VirtualProtect",
- "address": "0x40d168"
- },
- {
- "name": "VirtualFree",
- "address": "0x40d16c"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x40d170"
- },
- {
- "name": "Sleep",
- "address": "0x40d174"
- },
- {
- "name": "SizeofResource",
- "address": "0x40d178"
- },
- {
- "name": "SetLastError",
- "address": "0x40d17c"
- },
- {
- "name": "SetFilePointer",
- "address": "0x40d180"
- },
- {
- "name": "SetErrorMode",
- "address": "0x40d184"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x40d188"
- },
- {
- "name": "RemoveDirectoryA",
- "address": "0x40d18c"
- },
- {
- "name": "ReadFile",
- "address": "0x40d190"
- },
- {
- "name": "LockResource",
- "address": "0x40d194"
- },
- {
- "name": "LoadResource",
- "address": "0x40d198"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x40d19c"
- },
- {
- "name": "IsDBCSLeadByte",
- "address": "0x40d1a0"
- },
- {
- "name": "GetWindowsDirectoryA",
- "address": "0x40d1a4"
- },
- {
- "name": "GetVersionExA",
- "address": "0x40d1a8"
- },
- {
- "name": "GetUserDefaultLangID",
- "address": "0x40d1ac"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x40d1b0"
- },
- {
- "name": "GetSystemDefaultLCID",
- "address": "0x40d1b4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x40d1b8"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x40d1bc"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x40d1c0"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x40d1c4"
- },
- {
- "name": "GetLastError",
- "address": "0x40d1c8"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x40d1cc"
- },
- {
- "name": "GetFileSize",
- "address": "0x40d1d0"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x40d1d4"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x40d1d8"
- },
- {
- "name": "GetEnvironmentVariableA",
- "address": "0x40d1dc"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40d1e0"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40d1e4"
- },
- {
- "name": "GetACP",
- "address": "0x40d1e8"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x40d1ec"
- },
- {
- "name": "FormatMessageA",
- "address": "0x40d1f0"
- },
- {
- "name": "FindResourceA",
- "address": "0x40d1f4"
- },
- {
- "name": "DeleteFileA",
- "address": "0x40d1f8"
- },
- {
- "name": "CreateProcessA",
- "address": "0x40d1fc"
- },
- {
- "name": "CreateFileA",
- "address": "0x40d200"
- },
- {
- "name": "CreateDirectoryA",
- "address": "0x40d204"
- },
- {
- "name": "CloseHandle",
- "address": "0x40d208"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "TranslateMessage",
- "address": "0x40d210"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x40d214"
- },
- {
- "name": "PeekMessageA",
- "address": "0x40d218"
- },
- {
- "name": "MsgWaitForMultipleObjects",
- "address": "0x40d21c"
- },
- {
- "name": "MessageBoxA",
- "address": "0x40d220"
- },
- {
- "name": "LoadStringA",
- "address": "0x40d224"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x40d228"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x40d22c"
- },
- {
- "name": "DestroyWindow",
- "address": "0x40d230"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x40d234"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x40d238"
- },
- {
- "name": "CharPrevA",
- "address": "0x40d23c"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "InitCommonControls",
- "address": "0x40d244"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x40d24c"
- }
- ],
- "dll": "advapi32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00119d21",
- "overlay": {
- "size": "0x00100c37",
- "offset": "0x0000d400"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00409c14",
- "timestamp": "1992-06-19 22:22:17",
- "osversion": "1.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00009400",
- "entropy": "6.56",
- "raw_address": "0x00000400",
- "virtual_size": "0x00009338",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000b000",
- "size_of_data": "0x00000400",
- "entropy": "2.74",
- "raw_address": "0x00009800",
- "virtual_size": "0x0000024c",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000c000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00009c00",
- "virtual_size": "0x00000e8c",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000d000",
- "size_of_data": "0x00000a00",
- "entropy": "4.43",
- "raw_address": "0x00009c00",
- "virtual_size": "0x00000950",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0000e000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0000a600",
- "virtual_size": "0x00000008",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0000f000",
- "size_of_data": "0x00000200",
- "entropy": "0.20",
- "raw_address": "0x0000a600",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00010000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0000a800",
- "virtual_size": "0x000008b0",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00011000",
- "size_of_data": "0x00002c00",
- "entropy": "4.47",
- "raw_address": "0x0000a800",
- "virtual_size": "0x00002c00",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000950"
- },
- {
- "virtual_address": "0x00011000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00002c00"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000f000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "884310b1928934402ea6fec1dbd3cf5e",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 8,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement