Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_002e36e3.exe"
- [*] File Size: 398336
- [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
- [*] SHA256: "b570044467d187690dd6f46e9246d470437651465f9b4d2baa7091a63a5ac214"
- [*] MD5: "018e72343ac60f2b405944eb8380e0fe"
- [*] SHA1: "e8aa5f6619adb7637605ed723c2d64c745cf4e8d"
- [*] SHA512: "60b0d7ae6741f09343be3f908ba2c021be7d760d0ad935581b912487604eba2cf9d982454db027dbd0900bdc807853070820885f35d33fb1ed4b6da1dd00d132"
- [*] CRC32: "002E36E3"
- [*] SSDEEP: "6144:XTkJkvRAhoED0x8YbkaxBpRH9BgrllentW217UmCi4jn:XwCAhdYbNxj2jer1Yn"
- [*] Process Execution: [
- "Exes_002e36e3.exe",
- "Exes_002e36e3.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "Exes_002e36e3.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_002e36e3.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- }
- ]
- },
- {
- "Description": "File has been identified by 41 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.Mikey.99065"
- },
- {
- "Qihoo-360": "Win32/Trojan.c69"
- },
- {
- "McAfee": "RDN/Generic.com"
- },
- {
- "Malwarebytes": "Trojan.MalPack.RES"
- },
- {
- "CrowdStrike": "win/malicious_confidence_80% (W)"
- },
- {
- "BitDefender": "Gen:Variant.Mikey.99065"
- },
- {
- "K7GW": "Trojan ( 0054fcdf1 )"
- },
- {
- "K7AntiVirus": "Trojan ( 0054fcdf1 )"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Bsymem.frdpmk"
- },
- {
- "Symantec": "Trojan.Gen.MBT"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Rising": "Malware.Heuristic.MLite(95%) (AI-LITE:+i4+5cAKCdMkooNaLvwruA)"
- },
- {
- "Ad-Aware": "Gen:Variant.Mikey.99065"
- },
- {
- "Sophos": "Mal/Generic-S"
- },
- {
- "F-Secure": "Trojan.TR/AD.MoksSteal.bfng"
- },
- {
- "McAfee-GW-Edition": "Artemis!Trojan"
- },
- {
- "Trapmine": "malicious.moderate.ml.score"
- },
- {
- "FireEye": "Generic.mg.018e72343ac60f2b"
- },
- {
- "Emsisoft": "Gen:Variant.Mikey.99065 (B)"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Webroot": "W32.Trojan.Gen"
- },
- {
- "Avira": "TR/AD.MoksSteal.bfng"
- },
- {
- "Fortinet": "W32/GenKryptik.DKGQ!tr"
- },
- {
- "Arcabit": "Trojan.Mikey.D182F9"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Agent.C3286130"
- },
- {
- "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
- },
- {
- "Microsoft": "TrojanSpy:Win32/Banload.AAA!bit"
- },
- {
- "ESET-NOD32": "a variant of Win32/GenKryptik.DKGQ"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "ALYac": "Gen:Variant.Mikey.99065"
- },
- {
- "MAX": "malware (ai score=84)"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "TrendMicro-HouseCall": "TROJ_GEN.R020H0CFA19"
- },
- {
- "Yandex": "Trojan.GenKryptik!"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "eGambit": "Unsafe.AI_Score_95%"
- },
- {
- "GData": "Gen:Variant.Mikey.99065"
- },
- {
- "AVG": "Win32:RansomX-gen [Ransom]"
- },
- {
- "Avast": "Win32:RansomX-gen [Ransom]"
- }
- ]
- },
- {
- "Description": "Collects information to fingerprint the system",
- "Details": []
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_002e36e3.exe\""
- ]
- [*] Mutexes: [
- "DBWinMutex",
- "A81FB8C60-BBE6E186-FC9B5DB5-36DA4559-33946726"
- ]
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "fdghfghdfghj.ru",
- "answers": [
- {
- "data": "",
- "type": "NXDOMAIN"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "92.242.140.2",
- "domain": "fdghfghdfghj.ru"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "LCMapStringW",
- "address": "0x40d04c"
- },
- {
- "name": "CompareStringW",
- "address": "0x40d050"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x40d054"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x40d058"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x40d05c"
- },
- {
- "name": "GetCPInfo",
- "address": "0x40d060"
- },
- {
- "name": "GetOEMCP",
- "address": "0x40d064"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x40d068"
- },
- {
- "name": "FindNextFileA",
- "address": "0x40d06c"
- },
- {
- "name": "FindFirstFileExA",
- "address": "0x40d070"
- },
- {
- "name": "FindClose",
- "address": "0x40d074"
- },
- {
- "name": "CloseHandle",
- "address": "0x40d078"
- },
- {
- "name": "HeapAlloc",
- "address": "0x40d07c"
- },
- {
- "name": "HeapFree",
- "address": "0x40d080"
- },
- {
- "name": "GetACP",
- "address": "0x40d084"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x40d088"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40d08c"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x40d090"
- },
- {
- "name": "ExitProcess",
- "address": "0x40d094"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x40d098"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x40d09c"
- },
- {
- "name": "WriteFile",
- "address": "0x40d0a0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40d0a4"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x40d0a8"
- },
- {
- "name": "GetProcAddress",
- "address": "0x40d0ac"
- },
- {
- "name": "FreeLibrary",
- "address": "0x40d0b0"
- },
- {
- "name": "TlsFree",
- "address": "0x40d0b4"
- },
- {
- "name": "TlsSetValue",
- "address": "0x40d0b8"
- },
- {
- "name": "TlsGetValue",
- "address": "0x40d0bc"
- },
- {
- "name": "TlsAlloc",
- "address": "0x40d0c0"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x40d0c4"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x40d0c8"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x40d0cc"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40d0d0"
- },
- {
- "name": "SetLastError",
- "address": "0x40d0d4"
- },
- {
- "name": "GetLastError",
- "address": "0x40d0d8"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40d0dc"
- },
- {
- "name": "TerminateProcess",
- "address": "0x40d0e0"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40d0e4"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x40d0e8"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x40d0ec"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x40d0f0"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x40d0f4"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x40d0f8"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x40d0fc"
- },
- {
- "name": "InitializeSListHead",
- "address": "0x40d100"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x40d104"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x40d108"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x40d10c"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x40d110"
- },
- {
- "name": "SetStdHandle",
- "address": "0x40d114"
- },
- {
- "name": "GetFileType",
- "address": "0x40d118"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x40d11c"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x40d120"
- },
- {
- "name": "HeapSize",
- "address": "0x40d124"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x40d128"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x40d12c"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x40d130"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x40d134"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x40d138"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x40d13c"
- },
- {
- "name": "DecodePointer",
- "address": "0x40d140"
- },
- {
- "name": "CreateFileW",
- "address": "0x40d144"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x40d148"
- },
- {
- "name": "RaiseException",
- "address": "0x40d14c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x40d150"
- },
- {
- "name": "VirtualProtect",
- "address": "0x40d154"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateMDIWindowA",
- "address": "0x40d1c4"
- },
- {
- "name": "ImpersonateDdeClientWindow",
- "address": "0x40d1c8"
- },
- {
- "name": "SetKeyboardState",
- "address": "0x40d1cc"
- },
- {
- "name": "CreateCursor",
- "address": "0x40d1d0"
- },
- {
- "name": "LockWindowUpdate",
- "address": "0x40d1d4"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x40d1d8"
- },
- {
- "name": "ReuseDDElParam",
- "address": "0x40d1dc"
- },
- {
- "name": "EqualRect",
- "address": "0x40d1e0"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x40d1e4"
- },
- {
- "name": "CreateIcon",
- "address": "0x40d1e8"
- },
- {
- "name": "IsCharAlphaA",
- "address": "0x40d1ec"
- },
- {
- "name": "ChangeDisplaySettingsExA",
- "address": "0x40d1f0"
- },
- {
- "name": "GetUserObjectSecurity",
- "address": "0x40d1f4"
- },
- {
- "name": "SetMessageExtraInfo",
- "address": "0x40d1f8"
- },
- {
- "name": "DdeQueryStringW",
- "address": "0x40d1fc"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x40d200"
- },
- {
- "name": "AnyPopup",
- "address": "0x40d204"
- },
- {
- "name": "CharLowerBuffW",
- "address": "0x40d208"
- },
- {
- "name": "VkKeyScanExW",
- "address": "0x40d20c"
- },
- {
- "name": "UnhookWinEvent",
- "address": "0x40d210"
- },
- {
- "name": "IsCharUpperW",
- "address": "0x40d214"
- },
- {
- "name": "OpenWindowStationA",
- "address": "0x40d218"
- },
- {
- "name": "TranslateAcceleratorW",
- "address": "0x40d21c"
- },
- {
- "name": "ChangeDisplaySettingsExW",
- "address": "0x40d220"
- },
- {
- "name": "ToUnicodeEx",
- "address": "0x40d224"
- },
- {
- "name": "CreateWindowStationA",
- "address": "0x40d228"
- },
- {
- "name": "UnregisterHotKey",
- "address": "0x40d22c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "DocumentPropertySheets",
- "address": "0x40d288"
- },
- {
- "name": "EnumJobsW",
- "address": "0x40d28c"
- },
- {
- "name": "AddJobA",
- "address": "0x40d290"
- },
- {
- "name": "EnumPrintProcessorsA",
- "address": "0x40d294"
- },
- {
- "name": "GetFormW",
- "address": "0x40d298"
- },
- {
- "name": null,
- "address": "0x40d29c"
- },
- {
- "name": "GetSpoolFileHandle",
- "address": "0x40d2a0"
- },
- {
- "name": "PrinterProperties",
- "address": "0x40d2a4"
- },
- {
- "name": "DeleteMonitorW",
- "address": "0x40d2a8"
- },
- {
- "name": "EnumPrinterDriversW",
- "address": "0x40d2ac"
- },
- {
- "name": "EnumPrinterDriversA",
- "address": "0x40d2b0"
- },
- {
- "name": "CloseSpoolFileHandle",
- "address": "0x40d2b4"
- },
- {
- "name": "DeletePrintProcessorA",
- "address": "0x40d2b8"
- },
- {
- "name": "EnumPrintersA",
- "address": "0x40d2bc"
- },
- {
- "name": "GetPrinterA",
- "address": "0x40d2c0"
- },
- {
- "name": "AddPrintProcessorW",
- "address": "0x40d2c4"
- },
- {
- "name": null,
- "address": "0x40d2c8"
- },
- {
- "name": "DeletePrinterKeyA",
- "address": "0x40d2cc"
- },
- {
- "name": "DeletePrinterDriverA",
- "address": "0x40d2d0"
- },
- {
- "name": "PlayGdiScriptOnPrinterIC",
- "address": "0x40d2d4"
- },
- {
- "name": "DeletePrintProcessorW",
- "address": "0x40d2d8"
- },
- {
- "name": "FindClosePrinterChangeNotification",
- "address": "0x40d2dc"
- },
- {
- "name": null,
- "address": "0x40d2e0"
- },
- {
- "name": "DeletePrinterDataExW",
- "address": "0x40d2e4"
- },
- {
- "name": "XcvDataW",
- "address": "0x40d2e8"
- }
- ],
- "dll": "WINSPOOL.DRV"
- },
- {
- "imports": [
- {
- "name": "InternetCloseHandle",
- "address": "0x40d234"
- },
- {
- "name": "HttpSendRequestA",
- "address": "0x40d238"
- },
- {
- "name": "InternetCrackUrlA",
- "address": "0x40d23c"
- },
- {
- "name": "FindNextUrlCacheContainerW",
- "address": "0x40d240"
- },
- {
- "name": "ParseX509EncodedCertificateForListBoxEntry",
- "address": "0x40d244"
- },
- {
- "name": "GetUrlCacheConfigInfoW",
- "address": "0x40d248"
- },
- {
- "name": "GopherCreateLocatorA",
- "address": "0x40d24c"
- },
- {
- "name": "FtpCreateDirectoryA",
- "address": "0x40d250"
- },
- {
- "name": "InternetCombineUrlA",
- "address": "0x40d254"
- },
- {
- "name": "SetUrlCacheEntryInfoA",
- "address": "0x40d258"
- },
- {
- "name": "InternetConnectW",
- "address": "0x40d25c"
- },
- {
- "name": "UnlockUrlCacheEntryFile",
- "address": "0x40d260"
- },
- {
- "name": "RetrieveUrlCacheEntryStreamA",
- "address": "0x40d264"
- },
- {
- "name": "InternetWriteFileExA",
- "address": "0x40d268"
- },
- {
- "name": "GetUrlCacheConfigInfoA",
- "address": "0x40d26c"
- },
- {
- "name": "InternetSetCookieA",
- "address": "0x40d270"
- },
- {
- "name": "GetUrlCacheHeaderData",
- "address": "0x40d274"
- },
- {
- "name": "HttpOpenRequestA",
- "address": "0x40d278"
- },
- {
- "name": "GopherGetAttributeW",
- "address": "0x40d27c"
- },
- {
- "name": "FindFirstUrlCacheContainerA",
- "address": "0x40d280"
- }
- ],
- "dll": "WININET.dll"
- },
- {
- "imports": [
- {
- "name": "PathIsContentTypeW",
- "address": "0x40d15c"
- },
- {
- "name": "StrChrIA",
- "address": "0x40d160"
- },
- {
- "name": "SHDeleteKeyA",
- "address": "0x40d164"
- },
- {
- "name": "UrlGetLocationW",
- "address": "0x40d168"
- },
- {
- "name": "UrlUnescapeA",
- "address": "0x40d16c"
- },
- {
- "name": "StrCSpnA",
- "address": "0x40d170"
- },
- {
- "name": "StrFormatByteSizeA",
- "address": "0x40d174"
- },
- {
- "name": "SHRegCreateUSKeyA",
- "address": "0x40d178"
- },
- {
- "name": "UrlCanonicalizeW",
- "address": "0x40d17c"
- },
- {
- "name": "PathUnquoteSpacesA",
- "address": "0x40d180"
- },
- {
- "name": "SHRegWriteUSValueW",
- "address": "0x40d184"
- },
- {
- "name": "StrSpnW",
- "address": "0x40d188"
- },
- {
- "name": "PathRemoveBackslashW",
- "address": "0x40d18c"
- },
- {
- "name": "PathIsDirectoryW",
- "address": "0x40d190"
- },
- {
- "name": "PathParseIconLocationA",
- "address": "0x40d194"
- },
- {
- "name": "PathUnquoteSpacesW",
- "address": "0x40d198"
- },
- {
- "name": "PathCompactPathExW",
- "address": "0x40d19c"
- },
- {
- "name": "PathCombineW",
- "address": "0x40d1a0"
- },
- {
- "name": "SHEnumValueA",
- "address": "0x40d1a4"
- },
- {
- "name": "PathStripPathA",
- "address": "0x40d1a8"
- },
- {
- "name": "StrCatW",
- "address": "0x40d1ac"
- },
- {
- "name": "SHRegDeleteEmptyUSKeyA",
- "address": "0x40d1b0"
- },
- {
- "name": "StrStrIW",
- "address": "0x40d1b4"
- },
- {
- "name": "SHEnumKeyExA",
- "address": "0x40d1b8"
- },
- {
- "name": "StrCmpW",
- "address": "0x40d1bc"
- }
- ],
- "dll": "SHLWAPI.dll"
- },
- {
- "imports": [
- {
- "name": "CryptHashPublicKeyInfo",
- "address": "0x40d000"
- },
- {
- "name": "CertAddSerializedElementToStore",
- "address": "0x40d004"
- },
- {
- "name": "CertDuplicateCRLContext",
- "address": "0x40d008"
- },
- {
- "name": "CertEnumCertificatesInStore",
- "address": "0x40d00c"
- },
- {
- "name": "CertAddEncodedCRLToStore",
- "address": "0x40d010"
- },
- {
- "name": "CertGetIntendedKeyUsage",
- "address": "0x40d014"
- },
- {
- "name": "CertSerializeCertificateStoreElement",
- "address": "0x40d018"
- },
- {
- "name": "CertIsRDNAttrsInCertificateName",
- "address": "0x40d01c"
- },
- {
- "name": "CryptImportPublicKeyInfo",
- "address": "0x40d020"
- },
- {
- "name": "CryptVerifyCertificateSignature",
- "address": "0x40d024"
- },
- {
- "name": "CertDeleteCTLFromStore",
- "address": "0x40d028"
- },
- {
- "name": "CryptFormatObject",
- "address": "0x40d02c"
- },
- {
- "name": "CryptExportPublicKeyInfo",
- "address": "0x40d030"
- },
- {
- "name": "CertSetEnhancedKeyUsage",
- "address": "0x40d034"
- },
- {
- "name": "CertAddCRLContextToStore",
- "address": "0x40d038"
- },
- {
- "name": "CertCompareCertificate",
- "address": "0x40d03c"
- },
- {
- "name": "CertCreateCTLContext",
- "address": "0x40d040"
- },
- {
- "name": "CryptSignAndEncryptMessage",
- "address": "0x40d044"
- }
- ],
- "dll": "CRYPT32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00064204",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00402055",
- "timestamp": "2019-06-08 12:45:24",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0000be00",
- "entropy": "6.65",
- "raw_address": "0x00000400",
- "virtual_size": "0x0000bd87",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0000d000",
- "size_of_data": "0x00006600",
- "entropy": "5.09",
- "raw_address": "0x0000c200",
- "virtual_size": "0x000065b2",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00014000",
- "size_of_data": "0x00007800",
- "entropy": "6.76",
- "raw_address": "0x00012800",
- "virtual_size": "0x00008120",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".gfids",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001d000",
- "size_of_data": "0x00000200",
- "entropy": "1.41",
- "raw_address": "0x0001a000",
- "virtual_size": "0x000000ac",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001e000",
- "size_of_data": "0x00045a00",
- "entropy": "6.22",
- "raw_address": "0x0001a200",
- "virtual_size": "0x000458f9",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00064000",
- "size_of_data": "0x00001800",
- "entropy": "6.30",
- "raw_address": "0x0005fc00",
- "virtual_size": "0x00001628",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00012384",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000008c"
- },
- {
- "virtual_address": "0x0001e000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000458f9"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00064000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00001628"
- },
- {
- "virtual_address": "0x00011cc0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00011ce0",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000002f0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "1263d471a0f2e9a98846386838077c21",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 6,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.LCMapStringEx",
- "crypt32.dll.CryptUnprotectData",
- "crtdll.dll.wcscmp",
- "gdiplus.dll.GdiplusStartup",
- "gdiplus.dll.GdiplusShutdown",
- "gdiplus.dll.GdipCreateBitmapFromHBITMAP",
- "gdiplus.dll.GdipGetImageEncodersSize",
- "gdiplus.dll.GdipGetImageEncoders",
- "gdiplus.dll.GdipDisposeImage",
- "gdiplus.dll.GdipSaveImageToStream",
- "ole32.dll.CreateStreamOnHGlobal",
- "ole32.dll.GetHGlobalFromStream",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "kernel32.dll.GetComputerNameW",
- "kernel32.dll.GlobalMemoryStatus",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.ReadFile",
- "kernel32.dll.GetFileAttributesW",
- "kernel32.dll.CreateMutexA",
- "kernel32.dll.ReleaseMutex",
- "kernel32.dll.GetLastError",
- "kernel32.dll.GetCurrentDirectoryW",
- "kernel32.dll.SetEnvironmentVariableW",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.SetCurrentDirectoryW",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindNextFileW",
- "kernel32.dll.LocalFree",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.CopyFileW",
- "kernel32.dll.FindClose",
- "kernel32.dll.GlobalMemoryStatusEx",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.Process32FirstW",
- "kernel32.dll.Process32NextW",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.SetDllDirectoryW",
- "kernel32.dll.GetLocaleInfoA",
- "kernel32.dll.GetLocalTime",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.RemoveDirectoryW",
- "kernel32.dll.DeleteFileW",
- "kernel32.dll.GetLogicalDriveStringsA",
- "kernel32.dll.GetDriveTypeA",
- "kernel32.dll.CreateProcessW",
- "advapi32.dll.GetUserNameW",
- "advapi32.dll.RegCreateKeyExW",
- "advapi32.dll.RegQueryValueExW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.LookupAccountSidA",
- "advapi32.dll.CreateProcessAsUserW",
- "advapi32.dll.CheckTokenMembership",
- "advapi32.dll.RegOpenKeyW",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptReleaseContext",
- "user32.dll.EnumDisplayDevicesW",
- "user32.dll.wvsprintfA",
- "user32.dll.GetKeyboardLayoutList",
- "shell32.dll.ShellExecuteExW",
- "ntdll.dll.RtlComputeCrc32",
- "sechost.dll.LookupAccountSidLocalA",
- "wininet.dll.InternetOpenA",
- "wininet.dll.InternetConnectA",
- "wininet.dll.HttpOpenRequestA",
- "wininet.dll.HttpAddRequestHeadersA",
- "wininet.dll.HttpSendRequestA",
- "wininet.dll.InternetReadFile",
- "wininet.dll.InternetCloseHandle",
- "wininet.dll.InternetCrackUrlA",
- "wininet.dll.InternetSetOptionA",
- "rasapi32.dll.RasConnectionNotificationW",
- "sechost.dll.NotifyServiceStatusChangeA",
- "cryptbase.dll.SystemFunction036",
- "wsock32.dll.WSAStartup",
- "wsock32.dll.gethostbyname",
- "wsock32.dll.socket",
- "wsock32.dll.send",
- "wsock32.dll.recv",
- "wsock32.dll.htons",
- "wsock32.dll.connect",
- "wsock32.dll.closesocket",
- "rpcrt4.dll.RpcBindingFree"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "LCMapStringW",
- "address": "0x40d04c"
- },
- {
- "name": "CompareStringW",
- "address": "0x40d050"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x40d054"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x40d058"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x40d05c"
- },
- {
- "name": "GetCPInfo",
- "address": "0x40d060"
- },
- {
- "name": "GetOEMCP",
- "address": "0x40d064"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x40d068"
- },
- {
- "name": "FindNextFileA",
- "address": "0x40d06c"
- },
- {
- "name": "FindFirstFileExA",
- "address": "0x40d070"
- },
- {
- "name": "FindClose",
- "address": "0x40d074"
- },
- {
- "name": "CloseHandle",
- "address": "0x40d078"
- },
- {
- "name": "HeapAlloc",
- "address": "0x40d07c"
- },
- {
- "name": "HeapFree",
- "address": "0x40d080"
- },
- {
- "name": "GetACP",
- "address": "0x40d084"
- },
- {
- "name": "GetCommandLineW",
- "address": "0x40d088"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x40d08c"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x40d090"
- },
- {
- "name": "ExitProcess",
- "address": "0x40d094"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x40d098"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x40d09c"
- },
- {
- "name": "WriteFile",
- "address": "0x40d0a0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x40d0a4"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x40d0a8"
- },
- {
- "name": "GetProcAddress",
- "address": "0x40d0ac"
- },
- {
- "name": "FreeLibrary",
- "address": "0x40d0b0"
- },
- {
- "name": "TlsFree",
- "address": "0x40d0b4"
- },
- {
- "name": "TlsSetValue",
- "address": "0x40d0b8"
- },
- {
- "name": "TlsGetValue",
- "address": "0x40d0bc"
- },
- {
- "name": "TlsAlloc",
- "address": "0x40d0c0"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x40d0c4"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x40d0c8"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x40d0cc"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x40d0d0"
- },
- {
- "name": "SetLastError",
- "address": "0x40d0d4"
- },
- {
- "name": "GetLastError",
- "address": "0x40d0d8"
- },
- {
- "name": "RtlUnwind",
- "address": "0x40d0dc"
- },
- {
- "name": "TerminateProcess",
- "address": "0x40d0e0"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40d0e4"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x40d0e8"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x40d0ec"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x40d0f0"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x40d0f4"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x40d0f8"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x40d0fc"
- },
- {
- "name": "InitializeSListHead",
- "address": "0x40d100"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x40d104"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x40d108"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x40d10c"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x40d110"
- },
- {
- "name": "SetStdHandle",
- "address": "0x40d114"
- },
- {
- "name": "GetFileType",
- "address": "0x40d118"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x40d11c"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x40d120"
- },
- {
- "name": "HeapSize",
- "address": "0x40d124"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x40d128"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x40d12c"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x40d130"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x40d134"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x40d138"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x40d13c"
- },
- {
- "name": "DecodePointer",
- "address": "0x40d140"
- },
- {
- "name": "CreateFileW",
- "address": "0x40d144"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x40d148"
- },
- {
- "name": "RaiseException",
- "address": "0x40d14c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x40d150"
- },
- {
- "name": "VirtualProtect",
- "address": "0x40d154"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateMDIWindowA",
- "address": "0x40d1c4"
- },
- {
- "name": "ImpersonateDdeClientWindow",
- "address": "0x40d1c8"
- },
- {
- "name": "SetKeyboardState",
- "address": "0x40d1cc"
- },
- {
- "name": "CreateCursor",
- "address": "0x40d1d0"
- },
- {
- "name": "LockWindowUpdate",
- "address": "0x40d1d4"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x40d1d8"
- },
- {
- "name": "ReuseDDElParam",
- "address": "0x40d1dc"
- },
- {
- "name": "EqualRect",
- "address": "0x40d1e0"
- },
- {
- "name": "DefWindowProcW",
- "address": "0x40d1e4"
- },
- {
- "name": "CreateIcon",
- "address": "0x40d1e8"
- },
- {
- "name": "IsCharAlphaA",
- "address": "0x40d1ec"
- },
- {
- "name": "ChangeDisplaySettingsExA",
- "address": "0x40d1f0"
- },
- {
- "name": "GetUserObjectSecurity",
- "address": "0x40d1f4"
- },
- {
- "name": "SetMessageExtraInfo",
- "address": "0x40d1f8"
- },
- {
- "name": "DdeQueryStringW",
- "address": "0x40d1fc"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x40d200"
- },
- {
- "name": "AnyPopup",
- "address": "0x40d204"
- },
- {
- "name": "CharLowerBuffW",
- "address": "0x40d208"
- },
- {
- "name": "VkKeyScanExW",
- "address": "0x40d20c"
- },
- {
- "name": "UnhookWinEvent",
- "address": "0x40d210"
- },
- {
- "name": "IsCharUpperW",
- "address": "0x40d214"
- },
- {
- "name": "OpenWindowStationA",
- "address": "0x40d218"
- },
- {
- "name": "TranslateAcceleratorW",
- "address": "0x40d21c"
- },
- {
- "name": "ChangeDisplaySettingsExW",
- "address": "0x40d220"
- },
- {
- "name": "ToUnicodeEx",
- "address": "0x40d224"
- },
- {
- "name": "CreateWindowStationA",
- "address": "0x40d228"
- },
- {
- "name": "UnregisterHotKey",
- "address": "0x40d22c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "DocumentPropertySheets",
- "address": "0x40d288"
- },
- {
- "name": "EnumJobsW",
- "address": "0x40d28c"
- },
- {
- "name": "AddJobA",
- "address": "0x40d290"
- },
- {
- "name": "EnumPrintProcessorsA",
- "address": "0x40d294"
- },
- {
- "name": "GetFormW",
- "address": "0x40d298"
- },
- {
- "name": null,
- "address": "0x40d29c"
- },
- {
- "name": "GetSpoolFileHandle",
- "address": "0x40d2a0"
- },
- {
- "name": "PrinterProperties",
- "address": "0x40d2a4"
- },
- {
- "name": "DeleteMonitorW",
- "address": "0x40d2a8"
- },
- {
- "name": "EnumPrinterDriversW",
- "address": "0x40d2ac"
- },
- {
- "name": "EnumPrinterDriversA",
- "address": "0x40d2b0"
- },
- {
- "name": "CloseSpoolFileHandle",
- "address": "0x40d2b4"
- },
- {
- "name": "DeletePrintProcessorA",
- "address": "0x40d2b8"
- },
- {
- "name": "EnumPrintersA",
- "address": "0x40d2bc"
- },
- {
- "name": "GetPrinterA",
- "address": "0x40d2c0"
- },
- {
- "name": "AddPrintProcessorW",
- "address": "0x40d2c4"
- },
- {
- "name": null,
- "address": "0x40d2c8"
- },
- {
- "name": "DeletePrinterKeyA",
- "address": "0x40d2cc"
- },
- {
- "name": "DeletePrinterDriverA",
- "address": "0x40d2d0"
- },
- {
- "name": "PlayGdiScriptOnPrinterIC",
- "address": "0x40d2d4"
- },
- {
- "name": "DeletePrintProcessorW",
- "address": "0x40d2d8"
- },
- {
- "name": "FindClosePrinterChangeNotification",
- "address": "0x40d2dc"
- },
- {
- "name": null,
- "address": "0x40d2e0"
- },
- {
- "name": "DeletePrinterDataExW",
- "address": "0x40d2e4"
- },
- {
- "name": "XcvDataW",
- "address": "0x40d2e8"
- }
- ],
- "dll": "WINSPOOL.DRV"
- },
- {
- "imports": [
- {
- "name": "InternetCloseHandle",
- "address": "0x40d234"
- },
- {
- "name": "HttpSendRequestA",
- "address": "0x40d238"
- },
- {
- "name": "InternetCrackUrlA",
- "address": "0x40d23c"
- },
- {
- "name": "FindNextUrlCacheContainerW",
- "address": "0x40d240"
- },
- {
- "name": "ParseX509EncodedCertificateForListBoxEntry",
- "address": "0x40d244"
- },
- {
- "name": "GetUrlCacheConfigInfoW",
- "address": "0x40d248"
- },
- {
- "name": "GopherCreateLocatorA",
- "address": "0x40d24c"
- },
- {
- "name": "FtpCreateDirectoryA",
- "address": "0x40d250"
- },
- {
- "name": "InternetCombineUrlA",
- "address": "0x40d254"
- },
- {
- "name": "SetUrlCacheEntryInfoA",
- "address": "0x40d258"
- },
- {
- "name": "InternetConnectW",
- "address": "0x40d25c"
- },
- {
- "name": "UnlockUrlCacheEntryFile",
- "address": "0x40d260"
- },
- {
- "name": "RetrieveUrlCacheEntryStreamA",
- "address": "0x40d264"
- },
- {
- "name": "InternetWriteFileExA",
- "address": "0x40d268"
- },
- {
- "name": "GetUrlCacheConfigInfoA",
- "address": "0x40d26c"
- },
- {
- "name": "InternetSetCookieA",
- "address": "0x40d270"
- },
- {
- "name": "GetUrlCacheHeaderData",
- "address": "0x40d274"
- },
- {
- "name": "HttpOpenRequestA",
- "address": "0x40d278"
- },
- {
- "name": "GopherGetAttributeW",
- "address": "0x40d27c"
- },
- {
- "name": "FindFirstUrlCacheContainerA",
- "address": "0x40d280"
- }
- ],
- "dll": "WININET.dll"
- },
- {
- "imports": [
- {
- "name": "PathIsContentTypeW",
- "address": "0x40d15c"
- },
- {
- "name": "StrChrIA",
- "address": "0x40d160"
- },
- {
- "name": "SHDeleteKeyA",
- "address": "0x40d164"
- },
- {
- "name": "UrlGetLocationW",
- "address": "0x40d168"
- },
- {
- "name": "UrlUnescapeA",
- "address": "0x40d16c"
- },
- {
- "name": "StrCSpnA",
- "address": "0x40d170"
- },
- {
- "name": "StrFormatByteSizeA",
- "address": "0x40d174"
- },
- {
- "name": "SHRegCreateUSKeyA",
- "address": "0x40d178"
- },
- {
- "name": "UrlCanonicalizeW",
- "address": "0x40d17c"
- },
- {
- "name": "PathUnquoteSpacesA",
- "address": "0x40d180"
- },
- {
- "name": "SHRegWriteUSValueW",
- "address": "0x40d184"
- },
- {
- "name": "StrSpnW",
- "address": "0x40d188"
- },
- {
- "name": "PathRemoveBackslashW",
- "address": "0x40d18c"
- },
- {
- "name": "PathIsDirectoryW",
- "address": "0x40d190"
- },
- {
- "name": "PathParseIconLocationA",
- "address": "0x40d194"
- },
- {
- "name": "PathUnquoteSpacesW",
- "address": "0x40d198"
- },
- {
- "name": "PathCompactPathExW",
- "address": "0x40d19c"
- },
- {
- "name": "PathCombineW",
- "address": "0x40d1a0"
- },
- {
- "name": "SHEnumValueA",
- "address": "0x40d1a4"
- },
- {
- "name": "PathStripPathA",
- "address": "0x40d1a8"
- },
- {
- "name": "StrCatW",
- "address": "0x40d1ac"
- },
- {
- "name": "SHRegDeleteEmptyUSKeyA",
- "address": "0x40d1b0"
- },
- {
- "name": "StrStrIW",
- "address": "0x40d1b4"
- },
- {
- "name": "SHEnumKeyExA",
- "address": "0x40d1b8"
- },
- {
- "name": "StrCmpW",
- "address": "0x40d1bc"
- }
- ],
- "dll": "SHLWAPI.dll"
- },
- {
- "imports": [
- {
- "name": "CryptHashPublicKeyInfo",
- "address": "0x40d000"
- },
- {
- "name": "CertAddSerializedElementToStore",
- "address": "0x40d004"
- },
- {
- "name": "CertDuplicateCRLContext",
- "address": "0x40d008"
- },
- {
- "name": "CertEnumCertificatesInStore",
- "address": "0x40d00c"
- },
- {
- "name": "CertAddEncodedCRLToStore",
- "address": "0x40d010"
- },
- {
- "name": "CertGetIntendedKeyUsage",
- "address": "0x40d014"
- },
- {
- "name": "CertSerializeCertificateStoreElement",
- "address": "0x40d018"
- },
- {
- "name": "CertIsRDNAttrsInCertificateName",
- "address": "0x40d01c"
- },
- {
- "name": "CryptImportPublicKeyInfo",
- "address": "0x40d020"
- },
- {
- "name": "CryptVerifyCertificateSignature",
- "address": "0x40d024"
- },
- {
- "name": "CertDeleteCTLFromStore",
- "address": "0x40d028"
- },
- {
- "name": "CryptFormatObject",
- "address": "0x40d02c"
- },
- {
- "name": "CryptExportPublicKeyInfo",
- "address": "0x40d030"
- },
- {
- "name": "CertSetEnhancedKeyUsage",
- "address": "0x40d034"
- },
- {
- "name": "CertAddCRLContextToStore",
- "address": "0x40d038"
- },
- {
- "name": "CertCompareCertificate",
- "address": "0x40d03c"
- },
- {
- "name": "CertCreateCTLContext",
- "address": "0x40d040"
- },
- {
- "name": "CryptSignAndEncryptMessage",
- "address": "0x40d044"
- }
- ],
- "dll": "CRYPT32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00064204",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00402055",
- "timestamp": "2019-06-08 12:45:24",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0000be00",
- "entropy": "6.65",
- "raw_address": "0x00000400",
- "virtual_size": "0x0000bd87",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0000d000",
- "size_of_data": "0x00006600",
- "entropy": "5.09",
- "raw_address": "0x0000c200",
- "virtual_size": "0x000065b2",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00014000",
- "size_of_data": "0x00007800",
- "entropy": "6.76",
- "raw_address": "0x00012800",
- "virtual_size": "0x00008120",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".gfids",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001d000",
- "size_of_data": "0x00000200",
- "entropy": "1.41",
- "raw_address": "0x0001a000",
- "virtual_size": "0x000000ac",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0001e000",
- "size_of_data": "0x00045a00",
- "entropy": "6.22",
- "raw_address": "0x0001a200",
- "virtual_size": "0x000458f9",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00064000",
- "size_of_data": "0x00001800",
- "entropy": "6.30",
- "raw_address": "0x0005fc00",
- "virtual_size": "0x00001628",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00012384",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000008c"
- },
- {
- "virtual_address": "0x0001e000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000458f9"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00064000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00001628"
- },
- {
- "virtual_address": "0x00011cc0",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00011ce0",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0000d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000002f0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "1263d471a0f2e9a98846386838077c21",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 6,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement