Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Malicious"
- [*] MalScore: 10.0
- [*] File Name: "Exes_ece5126182642514e9e00e21a5bab7a5.exe"
- [*] File Size: 330707
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive"
- [*] SHA256: "f2100ded40728ca9d9eab4a81ed5f701c3c18b91de8bdfb710afd91b9646df08"
- [*] MD5: "ece5126182642514e9e00e21a5bab7a5"
- [*] SHA1: "ab40ab81fd721ed51621d03b294e82d9898663e0"
- [*] SHA512: "38647fd1d96e5528bb41219232757509c4d96ae3b8ddc3621bd004ff3377c985a87ba9957e3386b1015f0b148df245b4bfbdc1d87bcdbeeeecab2210c6d97275"
- [*] CRC32: "96EC2440"
- [*] SSDEEP: "6144:nwc5ps3fsOutUeOaM2wV4iQtp1KKj7NUFNYlfkKH9zTLUAQ1Yks0EFGykz2blm:nSkypaBwKRp1Tqqk+zTLUKks0Eiz28"
- [*] Process Execution: [
- "Exes_ece5126182642514e9e00e21a5bab7a5.exe",
- "cmd.exe",
- "rundll32.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
- "Details": [
- {
- "IP": "205.185.216.42:80"
- },
- {
- "IP": "192.35.177.64:80"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details": [
- {
- "process": "rundll32.exe, PID 2208"
- }
- ]
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "rundll32.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Reads data out of its own binary image",
- "Details": [
- {
- "self_read": "process: Exes_ece5126182642514e9e00e21a5bab7a5.exe, pid: 2748, offset: 0x00000000, length: 0x00050bcf"
- },
- {
- "self_read": "process: Exes_ece5126182642514e9e00e21a5bab7a5.exe, pid: 2748, offset: 0x0000ca1c, length: 0x000441b7"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://apps.identrust.com/roots/dstrootcax3.p7c"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- }
- ]
- },
- {
- "Description": "Steals private information from local Internet browsers",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@doubleclick[1].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@advertising[1].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.bing[2].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.google[1].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[5].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[4].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[3].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[1].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.msn[2].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@msn[1].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.msn[2].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@media[2].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@3lift[1].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@atwola[2].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@scorecardresearch[2].txt"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@bing[2].txt"
- }
- ]
- },
- {
- "Description": "File has been identified by 17 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "Bkav": "HW32.Packed."
- },
- {
- "FireEye": "Generic.mg.ece5126182642514"
- },
- {
- "Cybereason": "malicious.1fd721"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "ClamAV": "Win.Malware.Razy-6895206-0"
- },
- {
- "Kaspersky": "HEUR:Trojan-PSW.Win32.Kpot.gen"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.fc"
- },
- {
- "Avira": "HEUR/AGEN.1039925"
- },
- {
- "Microsoft": "Trojan:Win32/Wacatac.B!ml"
- },
- {
- "ZoneAlarm": "HEUR:Trojan-PSW.Win32.Kpot.gen"
- },
- {
- "AhnLab-V3": "Dropper/Win32.CoinMiner.R226072"
- },
- {
- "VBA32": "Heur.Trojan.Hlux"
- },
- {
- "ESET-NOD32": "a variant of Win32/Spy.Agent.PRU"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "CrowdStrike": "win/malicious_confidence_60% (D)"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"cmd.exe\" /c rundll32.exe C:\\Users\\user\\AppData\\Local\\Temp\\browserconf.dll, load",
- "rundll32.exe C:\\Users\\user\\AppData\\Local\\Temp\\browserconf.dll, load"
- ]
- [*] Mutexes: []
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\help332.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\browserconf.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\start.lnk",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp\\nsExec.dll",
- "\\Device\\NamedPipe",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\E0F5C59F9FA661F6F4C50B87FEF3A15A",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\E0F5C59F9FA661F6F4C50B87FEF3A15A",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\nsrE731.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp\\nsExec.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp\\"
- ]
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "krtk.icu",
- "answers": [
- {
- "data": "94.158.245.63",
- "type": "A"
- }
- ]
- },
- {
- "type": "A",
- "request": "apps.identrust.com",
- "answers": [
- {
- "data": "192.35.177.64",
- "type": "A"
- },
- {
- "data": "apps.digsigtrust.com",
- "type": "CNAME"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "192.35.177.64",
- "domain": "apps.identrust.com"
- },
- {
- "ip": "94.158.245.63",
- "domain": "krtk.icu"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://apps.identrust.com/roots/dstrootcax3.p7c",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "apps.identrust.com",
- "version": "1.1",
- "path": "/roots/dstrootcax3.p7c",
- "data": "GET /roots/dstrootcax3.p7c HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: apps.identrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "GetTempPathA",
- "address": "0x407070"
- },
- {
- "name": "GetFileSize",
- "address": "0x407074"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x407078"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40707c"
- },
- {
- "name": "CopyFileA",
- "address": "0x407080"
- },
- {
- "name": "ExitProcess",
- "address": "0x407084"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x407088"
- },
- {
- "name": "Sleep",
- "address": "0x40708c"
- },
- {
- "name": "GetTickCount",
- "address": "0x407090"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x407094"
- },
- {
- "name": "lstrlenA",
- "address": "0x407098"
- },
- {
- "name": "GetVersion",
- "address": "0x40709c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x4070a0"
- },
- {
- "name": "lstrcpynA",
- "address": "0x4070a4"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x4070a8"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x4070ac"
- },
- {
- "name": "GetWindowsDirectoryA",
- "address": "0x4070b0"
- },
- {
- "name": "SetCurrentDirectoryA",
- "address": "0x4070b4"
- },
- {
- "name": "GetLastError",
- "address": "0x4070b8"
- },
- {
- "name": "CreateDirectoryA",
- "address": "0x4070bc"
- },
- {
- "name": "CreateProcessA",
- "address": "0x4070c0"
- },
- {
- "name": "RemoveDirectoryA",
- "address": "0x4070c4"
- },
- {
- "name": "CreateFileA",
- "address": "0x4070c8"
- },
- {
- "name": "GetTempFileNameA",
- "address": "0x4070cc"
- },
- {
- "name": "ReadFile",
- "address": "0x4070d0"
- },
- {
- "name": "WriteFile",
- "address": "0x4070d4"
- },
- {
- "name": "lstrcpyA",
- "address": "0x4070d8"
- },
- {
- "name": "MoveFileExA",
- "address": "0x4070dc"
- },
- {
- "name": "lstrcatA",
- "address": "0x4070e0"
- },
- {
- "name": "GetSystemDirectoryA",
- "address": "0x4070e4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4070e8"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x4070ec"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x4070f0"
- },
- {
- "name": "CompareFileTime",
- "address": "0x4070f4"
- },
- {
- "name": "SetFileAttributesA",
- "address": "0x4070f8"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x4070fc"
- },
- {
- "name": "GetShortPathNameA",
- "address": "0x407100"
- },
- {
- "name": "MoveFileA",
- "address": "0x407104"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x407108"
- },
- {
- "name": "SetFileTime",
- "address": "0x40710c"
- },
- {
- "name": "SearchPathA",
- "address": "0x407110"
- },
- {
- "name": "CloseHandle",
- "address": "0x407114"
- },
- {
- "name": "lstrcmpiA",
- "address": "0x407118"
- },
- {
- "name": "CreateThread",
- "address": "0x40711c"
- },
- {
- "name": "GlobalLock",
- "address": "0x407120"
- },
- {
- "name": "lstrcmpA",
- "address": "0x407124"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x407128"
- },
- {
- "name": "FindNextFileA",
- "address": "0x40712c"
- },
- {
- "name": "DeleteFileA",
- "address": "0x407130"
- },
- {
- "name": "SetFilePointer",
- "address": "0x407134"
- },
- {
- "name": "GetPrivateProfileStringA",
- "address": "0x407138"
- },
- {
- "name": "FindClose",
- "address": "0x40713c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x407140"
- },
- {
- "name": "FreeLibrary",
- "address": "0x407144"
- },
- {
- "name": "MulDiv",
- "address": "0x407148"
- },
- {
- "name": "WritePrivateProfileStringA",
- "address": "0x40714c"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x407150"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x407154"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x407158"
- },
- {
- "name": "GlobalFree",
- "address": "0x40715c"
- },
- {
- "name": "ExpandEnvironmentStringsA",
- "address": "0x407160"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "ScreenToClient",
- "address": "0x407184"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x407188"
- },
- {
- "name": "SetClassLongA",
- "address": "0x40718c"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x407190"
- },
- {
- "name": "SetWindowPos",
- "address": "0x407194"
- },
- {
- "name": "GetSysColor",
- "address": "0x407198"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x40719c"
- },
- {
- "name": "SetCursor",
- "address": "0x4071a0"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4071a4"
- },
- {
- "name": "CheckDlgButton",
- "address": "0x4071a8"
- },
- {
- "name": "GetMessagePos",
- "address": "0x4071ac"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x4071b0"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x4071b4"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x4071b8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x4071bc"
- },
- {
- "name": "SetClipboardData",
- "address": "0x4071c0"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x4071c4"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4071c8"
- },
- {
- "name": "GetWindowRect",
- "address": "0x4071cc"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x4071d0"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4071d4"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4071d8"
- },
- {
- "name": "SetDlgItemTextA",
- "address": "0x4071dc"
- },
- {
- "name": "GetDlgItemTextA",
- "address": "0x4071e0"
- },
- {
- "name": "MessageBoxIndirectA",
- "address": "0x4071e4"
- },
- {
- "name": "CharPrevA",
- "address": "0x4071e8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4071ec"
- },
- {
- "name": "PeekMessageA",
- "address": "0x4071f0"
- },
- {
- "name": "ReleaseDC",
- "address": "0x4071f4"
- },
- {
- "name": "EnableWindow",
- "address": "0x4071f8"
- },
- {
- "name": "InvalidateRect",
- "address": "0x4071fc"
- },
- {
- "name": "SendMessageA",
- "address": "0x407200"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x407204"
- },
- {
- "name": "BeginPaint",
- "address": "0x407208"
- },
- {
- "name": "GetClientRect",
- "address": "0x40720c"
- },
- {
- "name": "FillRect",
- "address": "0x407210"
- },
- {
- "name": "DrawTextA",
- "address": "0x407214"
- },
- {
- "name": "EndDialog",
- "address": "0x407218"
- },
- {
- "name": "RegisterClassA",
- "address": "0x40721c"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x407220"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x407224"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x407228"
- },
- {
- "name": "DialogBoxParamA",
- "address": "0x40722c"
- },
- {
- "name": "CharNextA",
- "address": "0x407230"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x407234"
- },
- {
- "name": "GetDC",
- "address": "0x407238"
- },
- {
- "name": "CreateDialogParamA",
- "address": "0x40723c"
- },
- {
- "name": "SetTimer",
- "address": "0x407240"
- },
- {
- "name": "GetDlgItem",
- "address": "0x407244"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x407248"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x40724c"
- },
- {
- "name": "LoadImageA",
- "address": "0x407250"
- },
- {
- "name": "IsWindow",
- "address": "0x407254"
- },
- {
- "name": "SendMessageTimeoutA",
- "address": "0x407258"
- },
- {
- "name": "FindWindowExA",
- "address": "0x40725c"
- },
- {
- "name": "OpenClipboard",
- "address": "0x407260"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x407264"
- },
- {
- "name": "AppendMenuA",
- "address": "0x407268"
- },
- {
- "name": "EndPaint",
- "address": "0x40726c"
- },
- {
- "name": "DestroyWindow",
- "address": "0x407270"
- },
- {
- "name": "wsprintfA",
- "address": "0x407274"
- },
- {
- "name": "ShowWindow",
- "address": "0x407278"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x40727c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "SelectObject",
- "address": "0x40704c"
- },
- {
- "name": "SetBkMode",
- "address": "0x407050"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x407054"
- },
- {
- "name": "SetTextColor",
- "address": "0x407058"
- },
- {
- "name": "DeleteObject",
- "address": "0x40705c"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x407060"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x407064"
- },
- {
- "name": "SetBkColor",
- "address": "0x407068"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "SHGetSpecialFolderLocation",
- "address": "0x407168"
- },
- {
- "name": "ShellExecuteExA",
- "address": "0x40716c"
- },
- {
- "name": "SHGetPathFromIDListA",
- "address": "0x407170"
- },
- {
- "name": "SHBrowseForFolderA",
- "address": "0x407174"
- },
- {
- "name": "SHGetFileInfoA",
- "address": "0x407178"
- },
- {
- "name": "SHFileOperationA",
- "address": "0x40717c"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x407000"
- },
- {
- "name": "RegCreateKeyExA",
- "address": "0x407004"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x407008"
- },
- {
- "name": "SetFileSecurityA",
- "address": "0x40700c"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x407010"
- },
- {
- "name": "LookupPrivilegeValueA",
- "address": "0x407014"
- },
- {
- "name": "RegEnumValueA",
- "address": "0x407018"
- },
- {
- "name": "RegDeleteKeyA",
- "address": "0x40701c"
- },
- {
- "name": "RegDeleteValueA",
- "address": "0x407020"
- },
- {
- "name": "RegCloseKey",
- "address": "0x407024"
- },
- {
- "name": "RegSetValueExA",
- "address": "0x407028"
- },
- {
- "name": "RegQueryValueExA",
- "address": "0x40702c"
- },
- {
- "name": "RegEnumKeyA",
- "address": "0x407030"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Create",
- "address": "0x407038"
- },
- {
- "name": "ImageList_AddMasked",
- "address": "0x40703c"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x407040"
- },
- {
- "name": null,
- "address": "0x407044"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "OleUninitialize",
- "address": "0x407284"
- },
- {
- "name": "OleInitialize",
- "address": "0x407288"
- },
- {
- "name": "CoTaskMemFree",
- "address": "0x40728c"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x407290"
- }
- ],
- "dll": "ole32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0005ac52",
- "overlay": {
- "size": "0x000441d3",
- "offset": "0x0000ca00"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x004031d6",
- "timestamp": "2018-12-15 22:24:22",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00006000",
- "entropy": "6.45",
- "raw_address": "0x00000400",
- "virtual_size": "0x00005f0d",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00007000",
- "size_of_data": "0x00001400",
- "entropy": "5.00",
- "raw_address": "0x00006400",
- "virtual_size": "0x00001250",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00009000",
- "size_of_data": "0x00000400",
- "entropy": "5.13",
- "raw_address": "0x00007800",
- "virtual_size": "0x0001a818",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".ndata",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00024000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00008000",
- "characteristics_raw": "0xc0000080"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0002c000",
- "size_of_data": "0x00004e00",
- "entropy": "5.08",
- "raw_address": "0x00007c00",
- "virtual_size": "0x00004c38",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00007430",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000a0"
- },
- {
- "virtual_address": "0x0002c000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00004c38"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00007000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000298"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "3abe302b6d9a1256e6a915429af4ffd2",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 7,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "version.dll.GetFileVersionInfoA",
- "shfolder.dll.SHGetFolderPathA",
- "shlwapi.dll.#437",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "kernel32.dll.GetUserDefaultUILanguage",
- "propsys.dll.PSCreateMemoryPropertyStore",
- "shell32.dll.#680",
- "nsexec.dll.Exec",
- "kernel32.dll.IsWow64Process",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "oleaut32.dll.#500",
- "advapi32.dll.UnregisterTraceGuids",
- "comctl32.dll.#321",
- "kernel32.dll.SetThreadUILanguage",
- "kernel32.dll.CopyFileExW",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.SetConsoleInputExeNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.VirtualProtect",
- "user32.dll.MessageBoxA",
- "user32.dll.wsprintfA",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.EnterCriticalSection",
- "kernel32.dll.GetACP",
- "kernel32.dll.LocalFree",
- "kernel32.dll.SuspendThread",
- "kernel32.dll.TlsAlloc",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.HeapAlloc",
- "kernel32.dll.GetStartupInfoW",
- "kernel32.dll.InitializeCriticalSection",
- "kernel32.dll.GetCPInfoExW",
- "kernel32.dll.GetThreadPriority",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.SetThreadPriority",
- "kernel32.dll.RtlUnwind",
- "kernel32.dll.GetCPInfo",
- "kernel32.dll.GetCommandLineW",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.ResumeThread",
- "kernel32.dll.GetProcAddress",
- "kernel32.dll.LeaveCriticalSection",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.VerifyVersionInfoW",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.FreeLibrary",
- "kernel32.dll.HeapCreate",
- "kernel32.dll.HeapDestroy",
- "kernel32.dll.GetDiskFreeSpaceW",
- "kernel32.dll.VerSetConditionMask",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.TlsFree",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.GetLastError",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.CompareStringW",
- "kernel32.dll.CreateThread",
- "kernel32.dll.HeapFree",
- "kernel32.dll.WideCharToMultiByte",
- "kernel32.dll.MultiByteToWideChar",
- "kernel32.dll.FindClose",
- "kernel32.dll.LoadLibraryW",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.ResetEvent",
- "kernel32.dll.SetEvent",
- "kernel32.dll.GetLocaleInfoW",
- "kernel32.dll.GetVersion",
- "kernel32.dll.RaiseException",
- "kernel32.dll.FormatMessageW",
- "kernel32.dll.SwitchToThread",
- "kernel32.dll.GetExitCodeThread",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.GetLocalTime",
- "kernel32.dll.WaitForSingleObject",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.WriteFile",
- "kernel32.dll.ExitThread",
- "kernel32.dll.DeleteCriticalSection",
- "kernel32.dll.GetDateFormatW",
- "kernel32.dll.TlsGetValue",
- "kernel32.dll.IsValidLocale",
- "kernel32.dll.TlsSetValue",
- "kernel32.dll.LoadLibraryExW",
- "kernel32.dll.GetSystemDefaultUILanguage",
- "kernel32.dll.EnumCalendarInfoW",
- "kernel32.dll.LocalAlloc",
- "kernel32.dll.GetCurrentThreadId",
- "kernel32.dll.UnhandledExceptionFilter",
- "kernel32.dll.VirtualQuery",
- "kernel32.dll.CreateEventW",
- "kernel32.dll.VirtualQueryEx",
- "kernel32.dll.GetThreadLocale",
- "kernel32.dll.Sleep",
- "kernel32.dll.SetThreadLocale",
- "version.dll.GetFileVersionInfoSizeW",
- "version.dll.VerQueryValueW",
- "version.dll.GetFileVersionInfoW",
- "user32.dll.CharNextW",
- "user32.dll.MsgWaitForMultipleObjects",
- "user32.dll.CharLowerBuffW",
- "user32.dll.LoadStringW",
- "user32.dll.CharUpperW",
- "user32.dll.PeekMessageW",
- "user32.dll.GetSystemMetrics",
- "user32.dll.MessageBoxW",
- "oleaut32.dll.SysAllocStringLen",
- "oleaut32.dll.SafeArrayPtrOfIndex",
- "oleaut32.dll.VariantCopy",
- "oleaut32.dll.SafeArrayGetLBound",
- "oleaut32.dll.SafeArrayGetUBound",
- "oleaut32.dll.VariantInit",
- "oleaut32.dll.VariantClear",
- "oleaut32.dll.SysFreeString",
- "oleaut32.dll.SysReAllocStringLen",
- "oleaut32.dll.VariantChangeType",
- "oleaut32.dll.SafeArrayCreate",
- "netapi32.dll.NetWkstaGetInfo",
- "netapi32.dll.NetApiBufferFree",
- "advapi32.dll.RegQueryValueExW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegOpenKeyExW",
- "kernel32.dll.GetThreadPreferredUILanguages",
- "kernel32.dll.SetThreadPreferredUILanguages",
- "kernel32.dll.GetThreadUILanguage",
- "kernel32.dll.GetNativeSystemInfo",
- "kernel32.dll.GetLogicalProcessorInformation",
- "oleaut32.dll.VariantChangeTypeEx",
- "oleaut32.dll.VarNeg",
- "oleaut32.dll.VarNot",
- "oleaut32.dll.VarAdd",
- "oleaut32.dll.VarSub",
- "oleaut32.dll.VarMul",
- "oleaut32.dll.VarDiv",
- "oleaut32.dll.VarIdiv",
- "oleaut32.dll.VarMod",
- "oleaut32.dll.VarAnd",
- "oleaut32.dll.VarOr",
- "oleaut32.dll.VarXor",
- "oleaut32.dll.VarCmp",
- "oleaut32.dll.VarI4FromStr",
- "oleaut32.dll.VarR4FromStr",
- "oleaut32.dll.VarR8FromStr",
- "oleaut32.dll.VarDateFromStr",
- "oleaut32.dll.VarCyFromStr",
- "oleaut32.dll.VarBoolFromStr",
- "oleaut32.dll.VarBstrFromCy",
- "oleaut32.dll.VarBstrFromDate",
- "oleaut32.dll.VarBstrFromBool",
- "browserconf.dll.load",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "rasapi32.dll.RasConnectionNotificationW",
- "sechost.dll.NotifyServiceStatusChangeA",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpCrackUrl",
- "shlwapi.dll.StrCmpNW",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpSetStatusCallback",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "winhttp.dll.WinHttpSendRequest",
- "ws2_32.dll.GetAddrInfoW",
- "ws2_32.dll.WSASocketW",
- "ws2_32.dll.#2",
- "ws2_32.dll.#21",
- "ws2_32.dll.#9",
- "ws2_32.dll.WSAIoctl",
- "ws2_32.dll.FreeAddrInfoW",
- "ws2_32.dll.#6",
- "ws2_32.dll.#5",
- "ws2_32.dll.WSARecv",
- "ws2_32.dll.WSASend",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpQueryHeaders",
- "shlwapi.dll.StrStrIW",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpReadData",
- "cryptsp.dll.CryptAcquireContextA",
- "winhttp.dll.WinHttpCloseHandle",
- "rpcrt4.dll.RpcBindingFree",
- "winhttp.dll.WinHttpTimeFromSystemTime",
- "ncrypt.dll.SslFreeObject"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "GetTempPathA",
- "address": "0x407070"
- },
- {
- "name": "GetFileSize",
- "address": "0x407074"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x407078"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x40707c"
- },
- {
- "name": "CopyFileA",
- "address": "0x407080"
- },
- {
- "name": "ExitProcess",
- "address": "0x407084"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x407088"
- },
- {
- "name": "Sleep",
- "address": "0x40708c"
- },
- {
- "name": "GetTickCount",
- "address": "0x407090"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x407094"
- },
- {
- "name": "lstrlenA",
- "address": "0x407098"
- },
- {
- "name": "GetVersion",
- "address": "0x40709c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x4070a0"
- },
- {
- "name": "lstrcpynA",
- "address": "0x4070a4"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x4070a8"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x4070ac"
- },
- {
- "name": "GetWindowsDirectoryA",
- "address": "0x4070b0"
- },
- {
- "name": "SetCurrentDirectoryA",
- "address": "0x4070b4"
- },
- {
- "name": "GetLastError",
- "address": "0x4070b8"
- },
- {
- "name": "CreateDirectoryA",
- "address": "0x4070bc"
- },
- {
- "name": "CreateProcessA",
- "address": "0x4070c0"
- },
- {
- "name": "RemoveDirectoryA",
- "address": "0x4070c4"
- },
- {
- "name": "CreateFileA",
- "address": "0x4070c8"
- },
- {
- "name": "GetTempFileNameA",
- "address": "0x4070cc"
- },
- {
- "name": "ReadFile",
- "address": "0x4070d0"
- },
- {
- "name": "WriteFile",
- "address": "0x4070d4"
- },
- {
- "name": "lstrcpyA",
- "address": "0x4070d8"
- },
- {
- "name": "MoveFileExA",
- "address": "0x4070dc"
- },
- {
- "name": "lstrcatA",
- "address": "0x4070e0"
- },
- {
- "name": "GetSystemDirectoryA",
- "address": "0x4070e4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4070e8"
- },
- {
- "name": "GetExitCodeProcess",
- "address": "0x4070ec"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x4070f0"
- },
- {
- "name": "CompareFileTime",
- "address": "0x4070f4"
- },
- {
- "name": "SetFileAttributesA",
- "address": "0x4070f8"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x4070fc"
- },
- {
- "name": "GetShortPathNameA",
- "address": "0x407100"
- },
- {
- "name": "MoveFileA",
- "address": "0x407104"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x407108"
- },
- {
- "name": "SetFileTime",
- "address": "0x40710c"
- },
- {
- "name": "SearchPathA",
- "address": "0x407110"
- },
- {
- "name": "CloseHandle",
- "address": "0x407114"
- },
- {
- "name": "lstrcmpiA",
- "address": "0x407118"
- },
- {
- "name": "CreateThread",
- "address": "0x40711c"
- },
- {
- "name": "GlobalLock",
- "address": "0x407120"
- },
- {
- "name": "lstrcmpA",
- "address": "0x407124"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x407128"
- },
- {
- "name": "FindNextFileA",
- "address": "0x40712c"
- },
- {
- "name": "DeleteFileA",
- "address": "0x407130"
- },
- {
- "name": "SetFilePointer",
- "address": "0x407134"
- },
- {
- "name": "GetPrivateProfileStringA",
- "address": "0x407138"
- },
- {
- "name": "FindClose",
- "address": "0x40713c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x407140"
- },
- {
- "name": "FreeLibrary",
- "address": "0x407144"
- },
- {
- "name": "MulDiv",
- "address": "0x407148"
- },
- {
- "name": "WritePrivateProfileStringA",
- "address": "0x40714c"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x407150"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x407154"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x407158"
- },
- {
- "name": "GlobalFree",
- "address": "0x40715c"
- },
- {
- "name": "ExpandEnvironmentStringsA",
- "address": "0x407160"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "ScreenToClient",
- "address": "0x407184"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x407188"
- },
- {
- "name": "SetClassLongA",
- "address": "0x40718c"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x407190"
- },
- {
- "name": "SetWindowPos",
- "address": "0x407194"
- },
- {
- "name": "GetSysColor",
- "address": "0x407198"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x40719c"
- },
- {
- "name": "SetCursor",
- "address": "0x4071a0"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4071a4"
- },
- {
- "name": "CheckDlgButton",
- "address": "0x4071a8"
- },
- {
- "name": "GetMessagePos",
- "address": "0x4071ac"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x4071b0"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x4071b4"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x4071b8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x4071bc"
- },
- {
- "name": "SetClipboardData",
- "address": "0x4071c0"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x4071c4"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4071c8"
- },
- {
- "name": "GetWindowRect",
- "address": "0x4071cc"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x4071d0"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4071d4"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4071d8"
- },
- {
- "name": "SetDlgItemTextA",
- "address": "0x4071dc"
- },
- {
- "name": "GetDlgItemTextA",
- "address": "0x4071e0"
- },
- {
- "name": "MessageBoxIndirectA",
- "address": "0x4071e4"
- },
- {
- "name": "CharPrevA",
- "address": "0x4071e8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4071ec"
- },
- {
- "name": "PeekMessageA",
- "address": "0x4071f0"
- },
- {
- "name": "ReleaseDC",
- "address": "0x4071f4"
- },
- {
- "name": "EnableWindow",
- "address": "0x4071f8"
- },
- {
- "name": "InvalidateRect",
- "address": "0x4071fc"
- },
- {
- "name": "SendMessageA",
- "address": "0x407200"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x407204"
- },
- {
- "name": "BeginPaint",
- "address": "0x407208"
- },
- {
- "name": "GetClientRect",
- "address": "0x40720c"
- },
- {
- "name": "FillRect",
- "address": "0x407210"
- },
- {
- "name": "DrawTextA",
- "address": "0x407214"
- },
- {
- "name": "EndDialog",
- "address": "0x407218"
- },
- {
- "name": "RegisterClassA",
- "address": "0x40721c"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x407220"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x407224"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x407228"
- },
- {
- "name": "DialogBoxParamA",
- "address": "0x40722c"
- },
- {
- "name": "CharNextA",
- "address": "0x407230"
- },
- {
- "name": "ExitWindowsEx",
- "address": "0x407234"
- },
- {
- "name": "GetDC",
- "address": "0x407238"
- },
- {
- "name": "CreateDialogParamA",
- "address": "0x40723c"
- },
- {
- "name": "SetTimer",
- "address": "0x407240"
- },
- {
- "name": "GetDlgItem",
- "address": "0x407244"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x407248"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x40724c"
- },
- {
- "name": "LoadImageA",
- "address": "0x407250"
- },
- {
- "name": "IsWindow",
- "address": "0x407254"
- },
- {
- "name": "SendMessageTimeoutA",
- "address": "0x407258"
- },
- {
- "name": "FindWindowExA",
- "address": "0x40725c"
- },
- {
- "name": "OpenClipboard",
- "address": "0x407260"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x407264"
- },
- {
- "name": "AppendMenuA",
- "address": "0x407268"
- },
- {
- "name": "EndPaint",
- "address": "0x40726c"
- },
- {
- "name": "DestroyWindow",
- "address": "0x407270"
- },
- {
- "name": "wsprintfA",
- "address": "0x407274"
- },
- {
- "name": "ShowWindow",
- "address": "0x407278"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x40727c"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "SelectObject",
- "address": "0x40704c"
- },
- {
- "name": "SetBkMode",
- "address": "0x407050"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x407054"
- },
- {
- "name": "SetTextColor",
- "address": "0x407058"
- },
- {
- "name": "DeleteObject",
- "address": "0x40705c"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x407060"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x407064"
- },
- {
- "name": "SetBkColor",
- "address": "0x407068"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "SHGetSpecialFolderLocation",
- "address": "0x407168"
- },
- {
- "name": "ShellExecuteExA",
- "address": "0x40716c"
- },
- {
- "name": "SHGetPathFromIDListA",
- "address": "0x407170"
- },
- {
- "name": "SHBrowseForFolderA",
- "address": "0x407174"
- },
- {
- "name": "SHGetFileInfoA",
- "address": "0x407178"
- },
- {
- "name": "SHFileOperationA",
- "address": "0x40717c"
- }
- ],
- "dll": "SHELL32.dll"
- },
- {
- "imports": [
- {
- "name": "AdjustTokenPrivileges",
- "address": "0x407000"
- },
- {
- "name": "RegCreateKeyExA",
- "address": "0x407004"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x407008"
- },
- {
- "name": "SetFileSecurityA",
- "address": "0x40700c"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x407010"
- },
- {
- "name": "LookupPrivilegeValueA",
- "address": "0x407014"
- },
- {
- "name": "RegEnumValueA",
- "address": "0x407018"
- },
- {
- "name": "RegDeleteKeyA",
- "address": "0x40701c"
- },
- {
- "name": "RegDeleteValueA",
- "address": "0x407020"
- },
- {
- "name": "RegCloseKey",
- "address": "0x407024"
- },
- {
- "name": "RegSetValueExA",
- "address": "0x407028"
- },
- {
- "name": "RegQueryValueExA",
- "address": "0x40702c"
- },
- {
- "name": "RegEnumKeyA",
- "address": "0x407030"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_Create",
- "address": "0x407038"
- },
- {
- "name": "ImageList_AddMasked",
- "address": "0x40703c"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x407040"
- },
- {
- "name": null,
- "address": "0x407044"
- }
- ],
- "dll": "COMCTL32.dll"
- },
- {
- "imports": [
- {
- "name": "OleUninitialize",
- "address": "0x407284"
- },
- {
- "name": "OleInitialize",
- "address": "0x407288"
- },
- {
- "name": "CoTaskMemFree",
- "address": "0x40728c"
- },
- {
- "name": "CoCreateInstance",
- "address": "0x407290"
- }
- ],
- "dll": "ole32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0005ac52",
- "overlay": {
- "size": "0x000441d3",
- "offset": "0x0000ca00"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x004031d6",
- "timestamp": "2018-12-15 22:24:22",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00006000",
- "entropy": "6.45",
- "raw_address": "0x00000400",
- "virtual_size": "0x00005f0d",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00007000",
- "size_of_data": "0x00001400",
- "entropy": "5.00",
- "raw_address": "0x00006400",
- "virtual_size": "0x00001250",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00009000",
- "size_of_data": "0x00000400",
- "entropy": "5.13",
- "raw_address": "0x00007800",
- "virtual_size": "0x0001a818",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".ndata",
- "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00024000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00008000",
- "characteristics_raw": "0xc0000080"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0002c000",
- "size_of_data": "0x00004e00",
- "entropy": "5.08",
- "raw_address": "0x00007c00",
- "virtual_size": "0x00004c38",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00007430",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000a0"
- },
- {
- "virtual_address": "0x0002c000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00004c38"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00007000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000298"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "3abe302b6d9a1256e6a915429af4ffd2",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 7,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement