API tools faq
paste
Advertisement
paladin316

Exes_ece5126182642514e9e00e21a5bab7a5_exe.json

paladin316
Jun 21st, 2019
1,350
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 76.42 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_ece5126182642514e9e00e21a5bab7a5.exe"
  7. [*] File Size: 330707
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive"
  9. [*] SHA256: "f2100ded40728ca9d9eab4a81ed5f701c3c18b91de8bdfb710afd91b9646df08"
  10. [*] MD5: "ece5126182642514e9e00e21a5bab7a5"
  11. [*] SHA1: "ab40ab81fd721ed51621d03b294e82d9898663e0"
  12. [*] SHA512: "38647fd1d96e5528bb41219232757509c4d96ae3b8ddc3621bd004ff3377c985a87ba9957e3386b1015f0b148df245b4bfbdc1d87bcdbeeeecab2210c6d97275"
  13. [*] CRC32: "96EC2440"
  14. [*] SSDEEP: "6144:nwc5ps3fsOutUeOaM2wV4iQtp1KKj7NUFNYlfkKH9zTLUAQ1Yks0EFGykz2blm:nSkypaBwKRp1Tqqk+zTLUKks0Eiz28"
  15.  
  16. [*] Process Execution: [
  17. "Exes_ece5126182642514e9e00e21a5bab7a5.exe",
  18. "cmd.exe",
  19. "rundll32.exe"
  20. ]
  21.  
  22. [*] Signatures Detected: [
  23. {
  24. "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
  25. "Details": [
  26. {
  27. "IP": "205.185.216.42:80"
  28. },
  29. {
  30. "IP": "192.35.177.64:80"
  31. }
  32. ]
  33. },
  34. {
  35. "Description": "Creates RWX memory",
  36. "Details": []
  37. },
  38. {
  39. "Description": "Possible date expiration check, exits too soon after checking local time",
  40. "Details": [
  41. {
  42. "process": "rundll32.exe, PID 2208"
  43. }
  44. ]
  45. },
  46. {
  47. "Description": "A process attempted to delay the analysis task.",
  48. "Details": [
  49. {
  50. "Process": "rundll32.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds"
  51. }
  52. ]
  53. },
  54. {
  55. "Description": "Reads data out of its own binary image",
  56. "Details": [
  57. {
  58. "self_read": "process: Exes_ece5126182642514e9e00e21a5bab7a5.exe, pid: 2748, offset: 0x00000000, length: 0x00050bcf"
  59. },
  60. {
  61. "self_read": "process: Exes_ece5126182642514e9e00e21a5bab7a5.exe, pid: 2748, offset: 0x0000ca1c, length: 0x000441b7"
  62. }
  63. ]
  64. },
  65. {
  66. "Description": "Performs some HTTP requests",
  67. "Details": [
  68. {
  69. "url": "http://apps.identrust.com/roots/dstrootcax3.p7c"
  70. },
  71. {
  72. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  73. },
  74. {
  75. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  76. },
  77. {
  78. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  79. },
  80. {
  81. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  82. }
  83. ]
  84. },
  85. {
  86. "Description": "Steals private information from local Internet browsers",
  87. "Details": [
  88. {
  89. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@doubleclick[1].txt"
  90. },
  91. {
  92. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@advertising[1].txt"
  93. },
  94. {
  95. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.bing[2].txt"
  96. },
  97. {
  98. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.google[1].txt"
  99. },
  100. {
  101. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[5].txt"
  102. },
  103. {
  104. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[4].txt"
  105. },
  106. {
  107. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[3].txt"
  108. },
  109. {
  110. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[1].txt"
  111. },
  112. {
  113. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.msn[2].txt"
  114. },
  115. {
  116. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@msn[1].txt"
  117. },
  118. {
  119. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.msn[2].txt"
  120. },
  121. {
  122. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@media[2].txt"
  123. },
  124. {
  125. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@3lift[1].txt"
  126. },
  127. {
  128. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@atwola[2].txt"
  129. },
  130. {
  131. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@scorecardresearch[2].txt"
  132. },
  133. {
  134. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@bing[2].txt"
  135. }
  136. ]
  137. },
  138. {
  139. "Description": "File has been identified by 17 Antiviruses on VirusTotal as malicious",
  140. "Details": [
  141. {
  142. "Bkav": "HW32.Packed."
  143. },
  144. {
  145. "FireEye": "Generic.mg.ece5126182642514"
  146. },
  147. {
  148. "Cybereason": "malicious.1fd721"
  149. },
  150. {
  151. "APEX": "Malicious"
  152. },
  153. {
  154. "Paloalto": "generic.ml"
  155. },
  156. {
  157. "ClamAV": "Win.Malware.Razy-6895206-0"
  158. },
  159. {
  160. "Kaspersky": "HEUR:Trojan-PSW.Win32.Kpot.gen"
  161. },
  162. {
  163. "Endgame": "malicious (high confidence)"
  164. },
  165. {
  166. "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.fc"
  167. },
  168. {
  169. "Avira": "HEUR/AGEN.1039925"
  170. },
  171. {
  172. "Microsoft": "Trojan:Win32/Wacatac.B!ml"
  173. },
  174. {
  175. "ZoneAlarm": "HEUR:Trojan-PSW.Win32.Kpot.gen"
  176. },
  177. {
  178. "AhnLab-V3": "Dropper/Win32.CoinMiner.R226072"
  179. },
  180. {
  181. "VBA32": "Heur.Trojan.Hlux"
  182. },
  183. {
  184. "ESET-NOD32": "a variant of Win32/Spy.Agent.PRU"
  185. },
  186. {
  187. "SentinelOne": "DFI - Suspicious PE"
  188. },
  189. {
  190. "CrowdStrike": "win/malicious_confidence_60% (D)"
  191. }
  192. ]
  193. }
  194. ]
  195.  
  196. [*] Started Service: []
  197.  
  198. [*] Executed Commands: [
  199. "\"cmd.exe\" /c rundll32.exe C:\\Users\\user\\AppData\\Local\\Temp\\browserconf.dll, load",
  200. "rundll32.exe C:\\Users\\user\\AppData\\Local\\Temp\\browserconf.dll, load"
  201. ]
  202.  
  203. [*] Mutexes: []
  204.  
  205. [*] Modified Files: [
  206. "C:\\Users\\user\\AppData\\Local\\Temp\\help332.txt",
  207. "C:\\Users\\user\\AppData\\Local\\Temp\\browserconf.dll",
  208. "C:\\Users\\user\\AppData\\Local\\Temp\\start.lnk",
  209. "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp\\nsExec.dll",
  210. "\\Device\\NamedPipe",
  211. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\E0F5C59F9FA661F6F4C50B87FEF3A15A",
  212. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\E0F5C59F9FA661F6F4C50B87FEF3A15A",
  213. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
  214. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015"
  215. ]
  216.  
  217. [*] Deleted Files: [
  218. "C:\\Users\\user\\AppData\\Local\\Temp\\nsrE731.tmp",
  219. "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp",
  220. "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp\\nsExec.dll",
  221. "C:\\Users\\user\\AppData\\Local\\Temp\\nscE7BF.tmp\\"
  222. ]
  223.  
  224. [*] Modified Registry Keys: []
  225.  
  226. [*] Deleted Registry Keys: []
  227.  
  228. [*] DNS Communications: [
  229. {
  230. "type": "A",
  231. "request": "krtk.icu",
  232. "answers": [
  233. {
  234. "data": "94.158.245.63",
  235. "type": "A"
  236. }
  237. ]
  238. },
  239. {
  240. "type": "A",
  241. "request": "apps.identrust.com",
  242. "answers": [
  243. {
  244. "data": "192.35.177.64",
  245. "type": "A"
  246. },
  247. {
  248. "data": "apps.digsigtrust.com",
  249. "type": "CNAME"
  250. }
  251. ]
  252. }
  253. ]
  254.  
  255. [*] Domains: [
  256. {
  257. "ip": "192.35.177.64",
  258. "domain": "apps.identrust.com"
  259. },
  260. {
  261. "ip": "94.158.245.63",
  262. "domain": "krtk.icu"
  263. }
  264. ]
  265.  
  266. [*] Network Communication - ICMP: []
  267.  
  268. [*] Network Communication - HTTP: [
  269. {
  270. "count": 1,
  271. "body": "",
  272. "uri": "http://apps.identrust.com/roots/dstrootcax3.p7c",
  273. "user-agent": "Microsoft-CryptoAPI/6.1",
  274. "method": "GET",
  275. "host": "apps.identrust.com",
  276. "version": "1.1",
  277. "path": "/roots/dstrootcax3.p7c",
  278. "data": "GET /roots/dstrootcax3.p7c HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: apps.identrust.com\r\n\r\n",
  279. "port": 80
  280. },
  281. {
  282. "count": 1,
  283. "body": "",
  284. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  285. "user-agent": "Microsoft-CryptoAPI/6.1",
  286. "method": "GET",
  287. "host": "www.download.windowsupdate.com",
  288. "version": "1.1",
  289. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  290. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  291. "port": 80
  292. },
  293. {
  294. "count": 1,
  295. "body": "",
  296. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  297. "user-agent": "Microsoft-CryptoAPI/6.1",
  298. "method": "GET",
  299. "host": "ocsp.digicert.com",
  300. "version": "1.1",
  301. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  302. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  303. "port": 80
  304. },
  305. {
  306. "count": 1,
  307. "body": "",
  308. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  309. "user-agent": "Microsoft-CryptoAPI/6.1",
  310. "method": "GET",
  311. "host": "ocsp.digicert.com",
  312. "version": "1.1",
  313. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  314. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  315. "port": 80
  316. },
  317. {
  318. "count": 1,
  319. "body": "",
  320. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  321. "user-agent": "Microsoft-CryptoAPI/6.1",
  322. "method": "GET",
  323. "host": "ocsp.digicert.com",
  324. "version": "1.1",
  325. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  326. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  327. "port": 80
  328. }
  329. ]
  330.  
  331. [*] Network Communication - SMTP: []
  332.  
  333. [*] Network Communication - Hosts: []
  334.  
  335. [*] Network Communication - IRC: []
  336.  
  337. [*] Static Analysis: {
  338. "pe": {
  339. "peid_signatures": null,
  340. "imports": [
  341. {
  342. "imports": [
  343. {
  344. "name": "GetTempPathA",
  345. "address": "0x407070"
  346. },
  347. {
  348. "name": "GetFileSize",
  349. "address": "0x407074"
  350. },
  351. {
  352. "name": "GetModuleFileNameA",
  353. "address": "0x407078"
  354. },
  355. {
  356. "name": "GetCurrentProcess",
  357. "address": "0x40707c"
  358. },
  359. {
  360. "name": "CopyFileA",
  361. "address": "0x407080"
  362. },
  363. {
  364. "name": "ExitProcess",
  365. "address": "0x407084"
  366. },
  367. {
  368. "name": "SetEnvironmentVariableA",
  369. "address": "0x407088"
  370. },
  371. {
  372. "name": "Sleep",
  373. "address": "0x40708c"
  374. },
  375. {
  376. "name": "GetTickCount",
  377. "address": "0x407090"
  378. },
  379. {
  380. "name": "GetCommandLineA",
  381. "address": "0x407094"
  382. },
  383. {
  384. "name": "lstrlenA",
  385. "address": "0x407098"
  386. },
  387. {
  388. "name": "GetVersion",
  389. "address": "0x40709c"
  390. },
  391. {
  392. "name": "SetErrorMode",
  393. "address": "0x4070a0"
  394. },
  395. {
  396. "name": "lstrcpynA",
  397. "address": "0x4070a4"
  398. },
  399. {
  400. "name": "GetDiskFreeSpaceA",
  401. "address": "0x4070a8"
  402. },
  403. {
  404. "name": "GlobalUnlock",
  405. "address": "0x4070ac"
  406. },
  407. {
  408. "name": "GetWindowsDirectoryA",
  409. "address": "0x4070b0"
  410. },
  411. {
  412. "name": "SetCurrentDirectoryA",
  413. "address": "0x4070b4"
  414. },
  415. {
  416. "name": "GetLastError",
  417. "address": "0x4070b8"
  418. },
  419. {
  420. "name": "CreateDirectoryA",
  421. "address": "0x4070bc"
  422. },
  423. {
  424. "name": "CreateProcessA",
  425. "address": "0x4070c0"
  426. },
  427. {
  428. "name": "RemoveDirectoryA",
  429. "address": "0x4070c4"
  430. },
  431. {
  432. "name": "CreateFileA",
  433. "address": "0x4070c8"
  434. },
  435. {
  436. "name": "GetTempFileNameA",
  437. "address": "0x4070cc"
  438. },
  439. {
  440. "name": "ReadFile",
  441. "address": "0x4070d0"
  442. },
  443. {
  444. "name": "WriteFile",
  445. "address": "0x4070d4"
  446. },
  447. {
  448. "name": "lstrcpyA",
  449. "address": "0x4070d8"
  450. },
  451. {
  452. "name": "MoveFileExA",
  453. "address": "0x4070dc"
  454. },
  455. {
  456. "name": "lstrcatA",
  457. "address": "0x4070e0"
  458. },
  459. {
  460. "name": "GetSystemDirectoryA",
  461. "address": "0x4070e4"
  462. },
  463. {
  464. "name": "GetProcAddress",
  465. "address": "0x4070e8"
  466. },
  467. {
  468. "name": "GetExitCodeProcess",
  469. "address": "0x4070ec"
  470. },
  471. {
  472. "name": "WaitForSingleObject",
  473. "address": "0x4070f0"
  474. },
  475. {
  476. "name": "CompareFileTime",
  477. "address": "0x4070f4"
  478. },
  479. {
  480. "name": "SetFileAttributesA",
  481. "address": "0x4070f8"
  482. },
  483. {
  484. "name": "GetFileAttributesA",
  485. "address": "0x4070fc"
  486. },
  487. {
  488. "name": "GetShortPathNameA",
  489. "address": "0x407100"
  490. },
  491. {
  492. "name": "MoveFileA",
  493. "address": "0x407104"
  494. },
  495. {
  496. "name": "GetFullPathNameA",
  497. "address": "0x407108"
  498. },
  499. {
  500. "name": "SetFileTime",
  501. "address": "0x40710c"
  502. },
  503. {
  504. "name": "SearchPathA",
  505. "address": "0x407110"
  506. },
  507. {
  508. "name": "CloseHandle",
  509. "address": "0x407114"
  510. },
  511. {
  512. "name": "lstrcmpiA",
  513. "address": "0x407118"
  514. },
  515. {
  516. "name": "CreateThread",
  517. "address": "0x40711c"
  518. },
  519. {
  520. "name": "GlobalLock",
  521. "address": "0x407120"
  522. },
  523. {
  524. "name": "lstrcmpA",
  525. "address": "0x407124"
  526. },
  527. {
  528. "name": "FindFirstFileA",
  529. "address": "0x407128"
  530. },
  531. {
  532. "name": "FindNextFileA",
  533. "address": "0x40712c"
  534. },
  535. {
  536. "name": "DeleteFileA",
  537. "address": "0x407130"
  538. },
  539. {
  540. "name": "SetFilePointer",
  541. "address": "0x407134"
  542. },
  543. {
  544. "name": "GetPrivateProfileStringA",
  545. "address": "0x407138"
  546. },
  547. {
  548. "name": "FindClose",
  549. "address": "0x40713c"
  550. },
  551. {
  552. "name": "MultiByteToWideChar",
  553. "address": "0x407140"
  554. },
  555. {
  556. "name": "FreeLibrary",
  557. "address": "0x407144"
  558. },
  559. {
  560. "name": "MulDiv",
  561. "address": "0x407148"
  562. },
  563. {
  564. "name": "WritePrivateProfileStringA",
  565. "address": "0x40714c"
  566. },
  567. {
  568. "name": "LoadLibraryExA",
  569. "address": "0x407150"
  570. },
  571. {
  572. "name": "GetModuleHandleA",
  573. "address": "0x407154"
  574. },
  575. {
  576. "name": "GlobalAlloc",
  577. "address": "0x407158"
  578. },
  579. {
  580. "name": "GlobalFree",
  581. "address": "0x40715c"
  582. },
  583. {
  584. "name": "ExpandEnvironmentStringsA",
  585. "address": "0x407160"
  586. }
  587. ],
  588. "dll": "KERNEL32.dll"
  589. },
  590. {
  591. "imports": [
  592. {
  593. "name": "ScreenToClient",
  594. "address": "0x407184"
  595. },
  596. {
  597. "name": "GetSystemMenu",
  598. "address": "0x407188"
  599. },
  600. {
  601. "name": "SetClassLongA",
  602. "address": "0x40718c"
  603. },
  604. {
  605. "name": "IsWindowEnabled",
  606. "address": "0x407190"
  607. },
  608. {
  609. "name": "SetWindowPos",
  610. "address": "0x407194"
  611. },
  612. {
  613. "name": "GetSysColor",
  614. "address": "0x407198"
  615. },
  616. {
  617. "name": "GetWindowLongA",
  618. "address": "0x40719c"
  619. },
  620. {
  621. "name": "SetCursor",
  622. "address": "0x4071a0"
  623. },
  624. {
  625. "name": "LoadCursorA",
  626. "address": "0x4071a4"
  627. },
  628. {
  629. "name": "CheckDlgButton",
  630. "address": "0x4071a8"
  631. },
  632. {
  633. "name": "GetMessagePos",
  634. "address": "0x4071ac"
  635. },
  636. {
  637. "name": "LoadBitmapA",
  638. "address": "0x4071b0"
  639. },
  640. {
  641. "name": "CallWindowProcA",
  642. "address": "0x4071b4"
  643. },
  644. {
  645. "name": "IsWindowVisible",
  646. "address": "0x4071b8"
  647. },
  648. {
  649. "name": "CloseClipboard",
  650. "address": "0x4071bc"
  651. },
  652. {
  653. "name": "SetClipboardData",
  654. "address": "0x4071c0"
  655. },
  656. {
  657. "name": "EmptyClipboard",
  658. "address": "0x4071c4"
  659. },
  660. {
  661. "name": "PostQuitMessage",
  662. "address": "0x4071c8"
  663. },
  664. {
  665. "name": "GetWindowRect",
  666. "address": "0x4071cc"
  667. },
  668. {
  669. "name": "EnableMenuItem",
  670. "address": "0x4071d0"
  671. },
  672. {
  673. "name": "CreatePopupMenu",
  674. "address": "0x4071d4"
  675. },
  676. {
  677. "name": "GetSystemMetrics",
  678. "address": "0x4071d8"
  679. },
  680. {
  681. "name": "SetDlgItemTextA",
  682. "address": "0x4071dc"
  683. },
  684. {
  685. "name": "GetDlgItemTextA",
  686. "address": "0x4071e0"
  687. },
  688. {
  689. "name": "MessageBoxIndirectA",
  690. "address": "0x4071e4"
  691. },
  692. {
  693. "name": "CharPrevA",
  694. "address": "0x4071e8"
  695. },
  696. {
  697. "name": "DispatchMessageA",
  698. "address": "0x4071ec"
  699. },
  700. {
  701. "name": "PeekMessageA",
  702. "address": "0x4071f0"
  703. },
  704. {
  705. "name": "ReleaseDC",
  706. "address": "0x4071f4"
  707. },
  708. {
  709. "name": "EnableWindow",
  710. "address": "0x4071f8"
  711. },
  712. {
  713. "name": "InvalidateRect",
  714. "address": "0x4071fc"
  715. },
  716. {
  717. "name": "SendMessageA",
  718. "address": "0x407200"
  719. },
  720. {
  721. "name": "DefWindowProcA",
  722. "address": "0x407204"
  723. },
  724. {
  725. "name": "BeginPaint",
  726. "address": "0x407208"
  727. },
  728. {
  729. "name": "GetClientRect",
  730. "address": "0x40720c"
  731. },
  732. {
  733. "name": "FillRect",
  734. "address": "0x407210"
  735. },
  736. {
  737. "name": "DrawTextA",
  738. "address": "0x407214"
  739. },
  740. {
  741. "name": "EndDialog",
  742. "address": "0x407218"
  743. },
  744. {
  745. "name": "RegisterClassA",
  746. "address": "0x40721c"
  747. },
  748. {
  749. "name": "SystemParametersInfoA",
  750. "address": "0x407220"
  751. },
  752. {
  753. "name": "CreateWindowExA",
  754. "address": "0x407224"
  755. },
  756. {
  757. "name": "GetClassInfoA",
  758. "address": "0x407228"
  759. },
  760. {
  761. "name": "DialogBoxParamA",
  762. "address": "0x40722c"
  763. },
  764. {
  765. "name": "CharNextA",
  766. "address": "0x407230"
  767. },
  768. {
  769. "name": "ExitWindowsEx",
  770. "address": "0x407234"
  771. },
  772. {
  773. "name": "GetDC",
  774. "address": "0x407238"
  775. },
  776. {
  777. "name": "CreateDialogParamA",
  778. "address": "0x40723c"
  779. },
  780. {
  781. "name": "SetTimer",
  782. "address": "0x407240"
  783. },
  784. {
  785. "name": "GetDlgItem",
  786. "address": "0x407244"
  787. },
  788. {
  789. "name": "SetWindowLongA",
  790. "address": "0x407248"
  791. },
  792. {
  793. "name": "SetForegroundWindow",
  794. "address": "0x40724c"
  795. },
  796. {
  797. "name": "LoadImageA",
  798. "address": "0x407250"
  799. },
  800. {
  801. "name": "IsWindow",
  802. "address": "0x407254"
  803. },
  804. {
  805. "name": "SendMessageTimeoutA",
  806. "address": "0x407258"
  807. },
  808. {
  809. "name": "FindWindowExA",
  810. "address": "0x40725c"
  811. },
  812. {
  813. "name": "OpenClipboard",
  814. "address": "0x407260"
  815. },
  816. {
  817. "name": "TrackPopupMenu",
  818. "address": "0x407264"
  819. },
  820. {
  821. "name": "AppendMenuA",
  822. "address": "0x407268"
  823. },
  824. {
  825. "name": "EndPaint",
  826. "address": "0x40726c"
  827. },
  828. {
  829. "name": "DestroyWindow",
  830. "address": "0x407270"
  831. },
  832. {
  833. "name": "wsprintfA",
  834. "address": "0x407274"
  835. },
  836. {
  837. "name": "ShowWindow",
  838. "address": "0x407278"
  839. },
  840. {
  841. "name": "SetWindowTextA",
  842. "address": "0x40727c"
  843. }
  844. ],
  845. "dll": "USER32.dll"
  846. },
  847. {
  848. "imports": [
  849. {
  850. "name": "SelectObject",
  851. "address": "0x40704c"
  852. },
  853. {
  854. "name": "SetBkMode",
  855. "address": "0x407050"
  856. },
  857. {
  858. "name": "CreateFontIndirectA",
  859. "address": "0x407054"
  860. },
  861. {
  862. "name": "SetTextColor",
  863. "address": "0x407058"
  864. },
  865. {
  866. "name": "DeleteObject",
  867. "address": "0x40705c"
  868. },
  869. {
  870. "name": "GetDeviceCaps",
  871. "address": "0x407060"
  872. },
  873. {
  874. "name": "CreateBrushIndirect",
  875. "address": "0x407064"
  876. },
  877. {
  878. "name": "SetBkColor",
  879. "address": "0x407068"
  880. }
  881. ],
  882. "dll": "GDI32.dll"
  883. },
  884. {
  885. "imports": [
  886. {
  887. "name": "SHGetSpecialFolderLocation",
  888. "address": "0x407168"
  889. },
  890. {
  891. "name": "ShellExecuteExA",
  892. "address": "0x40716c"
  893. },
  894. {
  895. "name": "SHGetPathFromIDListA",
  896. "address": "0x407170"
  897. },
  898. {
  899. "name": "SHBrowseForFolderA",
  900. "address": "0x407174"
  901. },
  902. {
  903. "name": "SHGetFileInfoA",
  904. "address": "0x407178"
  905. },
  906. {
  907. "name": "SHFileOperationA",
  908. "address": "0x40717c"
  909. }
  910. ],
  911. "dll": "SHELL32.dll"
  912. },
  913. {
  914. "imports": [
  915. {
  916. "name": "AdjustTokenPrivileges",
  917. "address": "0x407000"
  918. },
  919. {
  920. "name": "RegCreateKeyExA",
  921. "address": "0x407004"
  922. },
  923. {
  924. "name": "RegOpenKeyExA",
  925. "address": "0x407008"
  926. },
  927. {
  928. "name": "SetFileSecurityA",
  929. "address": "0x40700c"
  930. },
  931. {
  932. "name": "OpenProcessToken",
  933. "address": "0x407010"
  934. },
  935. {
  936. "name": "LookupPrivilegeValueA",
  937. "address": "0x407014"
  938. },
  939. {
  940. "name": "RegEnumValueA",
  941. "address": "0x407018"
  942. },
  943. {
  944. "name": "RegDeleteKeyA",
  945. "address": "0x40701c"
  946. },
  947. {
  948. "name": "RegDeleteValueA",
  949. "address": "0x407020"
  950. },
  951. {
  952. "name": "RegCloseKey",
  953. "address": "0x407024"
  954. },
  955. {
  956. "name": "RegSetValueExA",
  957. "address": "0x407028"
  958. },
  959. {
  960. "name": "RegQueryValueExA",
  961. "address": "0x40702c"
  962. },
  963. {
  964. "name": "RegEnumKeyA",
  965. "address": "0x407030"
  966. }
  967. ],
  968. "dll": "ADVAPI32.dll"
  969. },
  970. {
  971. "imports": [
  972. {
  973. "name": "ImageList_Create",
  974. "address": "0x407038"
  975. },
  976. {
  977. "name": "ImageList_AddMasked",
  978. "address": "0x40703c"
  979. },
  980. {
  981. "name": "ImageList_Destroy",
  982. "address": "0x407040"
  983. },
  984. {
  985. "name": null,
  986. "address": "0x407044"
  987. }
  988. ],
  989. "dll": "COMCTL32.dll"
  990. },
  991. {
  992. "imports": [
  993. {
  994. "name": "OleUninitialize",
  995. "address": "0x407284"
  996. },
  997. {
  998. "name": "OleInitialize",
  999. "address": "0x407288"
  1000. },
  1001. {
  1002. "name": "CoTaskMemFree",
  1003. "address": "0x40728c"
  1004. },
  1005. {
  1006. "name": "CoCreateInstance",
  1007. "address": "0x407290"
  1008. }
  1009. ],
  1010. "dll": "ole32.dll"
  1011. }
  1012. ],
  1013. "digital_signers": null,
  1014. "exported_dll_name": null,
  1015. "actual_checksum": "0x0005ac52",
  1016. "overlay": {
  1017. "size": "0x000441d3",
  1018. "offset": "0x0000ca00"
  1019. },
  1020. "imagebase": "0x00400000",
  1021. "reported_checksum": "0x00000000",
  1022. "icon_hash": null,
  1023. "entrypoint": "0x004031d6",
  1024. "timestamp": "2018-12-15 22:24:22",
  1025. "osversion": "4.0",
  1026. "sections": [
  1027. {
  1028. "name": ".text",
  1029. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1030. "virtual_address": "0x00001000",
  1031. "size_of_data": "0x00006000",
  1032. "entropy": "6.45",
  1033. "raw_address": "0x00000400",
  1034. "virtual_size": "0x00005f0d",
  1035. "characteristics_raw": "0x60000020"
  1036. },
  1037. {
  1038. "name": ".rdata",
  1039. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1040. "virtual_address": "0x00007000",
  1041. "size_of_data": "0x00001400",
  1042. "entropy": "5.00",
  1043. "raw_address": "0x00006400",
  1044. "virtual_size": "0x00001250",
  1045. "characteristics_raw": "0x40000040"
  1046. },
  1047. {
  1048. "name": ".data",
  1049. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1050. "virtual_address": "0x00009000",
  1051. "size_of_data": "0x00000400",
  1052. "entropy": "5.13",
  1053. "raw_address": "0x00007800",
  1054. "virtual_size": "0x0001a818",
  1055. "characteristics_raw": "0xc0000040"
  1056. },
  1057. {
  1058. "name": ".ndata",
  1059. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1060. "virtual_address": "0x00024000",
  1061. "size_of_data": "0x00000000",
  1062. "entropy": "0.00",
  1063. "raw_address": "0x00000000",
  1064. "virtual_size": "0x00008000",
  1065. "characteristics_raw": "0xc0000080"
  1066. },
  1067. {
  1068. "name": ".rsrc",
  1069. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1070. "virtual_address": "0x0002c000",
  1071. "size_of_data": "0x00004e00",
  1072. "entropy": "5.08",
  1073. "raw_address": "0x00007c00",
  1074. "virtual_size": "0x00004c38",
  1075. "characteristics_raw": "0x40000040"
  1076. }
  1077. ],
  1078. "resources": [],
  1079. "dirents": [
  1080. {
  1081. "virtual_address": "0x00000000",
  1082. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1083. "size": "0x00000000"
  1084. },
  1085. {
  1086. "virtual_address": "0x00007430",
  1087. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1088. "size": "0x000000a0"
  1089. },
  1090. {
  1091. "virtual_address": "0x0002c000",
  1092. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1093. "size": "0x00004c38"
  1094. },
  1095. {
  1096. "virtual_address": "0x00000000",
  1097. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1098. "size": "0x00000000"
  1099. },
  1100. {
  1101. "virtual_address": "0x00000000",
  1102. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1103. "size": "0x00000000"
  1104. },
  1105. {
  1106. "virtual_address": "0x00000000",
  1107. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1108. "size": "0x00000000"
  1109. },
  1110. {
  1111. "virtual_address": "0x00000000",
  1112. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1113. "size": "0x00000000"
  1114. },
  1115. {
  1116. "virtual_address": "0x00000000",
  1117. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1118. "size": "0x00000000"
  1119. },
  1120. {
  1121. "virtual_address": "0x00000000",
  1122. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1123. "size": "0x00000000"
  1124. },
  1125. {
  1126. "virtual_address": "0x00000000",
  1127. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1128. "size": "0x00000000"
  1129. },
  1130. {
  1131. "virtual_address": "0x00000000",
  1132. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1133. "size": "0x00000000"
  1134. },
  1135. {
  1136. "virtual_address": "0x00000000",
  1137. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1138. "size": "0x00000000"
  1139. },
  1140. {
  1141. "virtual_address": "0x00007000",
  1142. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1143. "size": "0x00000298"
  1144. },
  1145. {
  1146. "virtual_address": "0x00000000",
  1147. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1148. "size": "0x00000000"
  1149. },
  1150. {
  1151. "virtual_address": "0x00000000",
  1152. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1153. "size": "0x00000000"
  1154. },
  1155. {
  1156. "virtual_address": "0x00000000",
  1157. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1158. "size": "0x00000000"
  1159. }
  1160. ],
  1161. "exports": [],
  1162. "guest_signers": {},
  1163. "imphash": "3abe302b6d9a1256e6a915429af4ffd2",
  1164. "icon_fuzzy": null,
  1165. "icon": null,
  1166. "pdbpath": null,
  1167. "imported_dll_count": 7,
  1168. "versioninfo": []
  1169. }
  1170. }
  1171.  
  1172. [*] Resolved APIs: [
  1173. "version.dll.GetFileVersionInfoA",
  1174. "shfolder.dll.SHGetFolderPathA",
  1175. "shlwapi.dll.#437",
  1176. "cryptbase.dll.SystemFunction036",
  1177. "uxtheme.dll.ThemeInitApiHook",
  1178. "user32.dll.IsProcessDPIAware",
  1179. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
  1180. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
  1181. "kernel32.dll.GetUserDefaultUILanguage",
  1182. "propsys.dll.PSCreateMemoryPropertyStore",
  1183. "shell32.dll.#680",
  1184. "nsexec.dll.Exec",
  1185. "kernel32.dll.IsWow64Process",
  1186. "ole32.dll.CoRevokeInitializeSpy",
  1187. "comctl32.dll.#388",
  1188. "ole32.dll.NdrOleInitializeExtension",
  1189. "ole32.dll.CoGetClassObject",
  1190. "ole32.dll.CoGetMarshalSizeMax",
  1191. "ole32.dll.CoMarshalInterface",
  1192. "ole32.dll.CoUnmarshalInterface",
  1193. "ole32.dll.StringFromIID",
  1194. "ole32.dll.CoGetPSClsid",
  1195. "ole32.dll.CoTaskMemAlloc",
  1196. "ole32.dll.CoTaskMemFree",
  1197. "ole32.dll.CoCreateInstance",
  1198. "ole32.dll.CoReleaseMarshalData",
  1199. "ole32.dll.DcomChannelSetHResult",
  1200. "oleaut32.dll.#500",
  1201. "advapi32.dll.UnregisterTraceGuids",
  1202. "comctl32.dll.#321",
  1203. "kernel32.dll.SetThreadUILanguage",
  1204. "kernel32.dll.CopyFileExW",
  1205. "kernel32.dll.IsDebuggerPresent",
  1206. "kernel32.dll.SetConsoleInputExeNameW",
  1207. "kernel32.dll.SortGetHandle",
  1208. "kernel32.dll.SortCloseHandle",
  1209. "kernel32.dll.ExitProcess",
  1210. "kernel32.dll.GetModuleHandleA",
  1211. "kernel32.dll.CloseHandle",
  1212. "kernel32.dll.OpenProcess",
  1213. "kernel32.dll.VirtualProtect",
  1214. "user32.dll.MessageBoxA",
  1215. "user32.dll.wsprintfA",
  1216. "kernel32.dll.VirtualAlloc",
  1217. "kernel32.dll.EnterCriticalSection",
  1218. "kernel32.dll.GetACP",
  1219. "kernel32.dll.LocalFree",
  1220. "kernel32.dll.SuspendThread",
  1221. "kernel32.dll.TlsAlloc",
  1222. "kernel32.dll.GetTickCount",
  1223. "kernel32.dll.VirtualFree",
  1224. "kernel32.dll.HeapAlloc",
  1225. "kernel32.dll.GetStartupInfoW",
  1226. "kernel32.dll.InitializeCriticalSection",
  1227. "kernel32.dll.GetCPInfoExW",
  1228. "kernel32.dll.GetThreadPriority",
  1229. "kernel32.dll.GetCurrentProcess",
  1230. "kernel32.dll.SetThreadPriority",
  1231. "kernel32.dll.RtlUnwind",
  1232. "kernel32.dll.GetCPInfo",
  1233. "kernel32.dll.GetCommandLineW",
  1234. "kernel32.dll.GetSystemInfo",
  1235. "kernel32.dll.ResumeThread",
  1236. "kernel32.dll.GetProcAddress",
  1237. "kernel32.dll.LeaveCriticalSection",
  1238. "kernel32.dll.GetStdHandle",
  1239. "kernel32.dll.GetVersionExW",
  1240. "kernel32.dll.VerifyVersionInfoW",
  1241. "kernel32.dll.GetModuleHandleW",
  1242. "kernel32.dll.FreeLibrary",
  1243. "kernel32.dll.HeapCreate",
  1244. "kernel32.dll.HeapDestroy",
  1245. "kernel32.dll.GetDiskFreeSpaceW",
  1246. "kernel32.dll.VerSetConditionMask",
  1247. "kernel32.dll.FindFirstFileW",
  1248. "kernel32.dll.TlsFree",
  1249. "kernel32.dll.GetModuleFileNameW",
  1250. "kernel32.dll.GetLastError",
  1251. "kernel32.dll.lstrlenW",
  1252. "kernel32.dll.CompareStringW",
  1253. "kernel32.dll.CreateThread",
  1254. "kernel32.dll.HeapFree",
  1255. "kernel32.dll.WideCharToMultiByte",
  1256. "kernel32.dll.MultiByteToWideChar",
  1257. "kernel32.dll.FindClose",
  1258. "kernel32.dll.LoadLibraryW",
  1259. "kernel32.dll.LoadLibraryA",
  1260. "kernel32.dll.ResetEvent",
  1261. "kernel32.dll.SetEvent",
  1262. "kernel32.dll.GetLocaleInfoW",
  1263. "kernel32.dll.GetVersion",
  1264. "kernel32.dll.RaiseException",
  1265. "kernel32.dll.FormatMessageW",
  1266. "kernel32.dll.SwitchToThread",
  1267. "kernel32.dll.GetExitCodeThread",
  1268. "kernel32.dll.GetEnvironmentVariableW",
  1269. "kernel32.dll.GetLocalTime",
  1270. "kernel32.dll.WaitForSingleObject",
  1271. "kernel32.dll.GetCurrentThread",
  1272. "kernel32.dll.WriteFile",
  1273. "kernel32.dll.ExitThread",
  1274. "kernel32.dll.DeleteCriticalSection",
  1275. "kernel32.dll.GetDateFormatW",
  1276. "kernel32.dll.TlsGetValue",
  1277. "kernel32.dll.IsValidLocale",
  1278. "kernel32.dll.TlsSetValue",
  1279. "kernel32.dll.LoadLibraryExW",
  1280. "kernel32.dll.GetSystemDefaultUILanguage",
  1281. "kernel32.dll.EnumCalendarInfoW",
  1282. "kernel32.dll.LocalAlloc",
  1283. "kernel32.dll.GetCurrentThreadId",
  1284. "kernel32.dll.UnhandledExceptionFilter",
  1285. "kernel32.dll.VirtualQuery",
  1286. "kernel32.dll.CreateEventW",
  1287. "kernel32.dll.VirtualQueryEx",
  1288. "kernel32.dll.GetThreadLocale",
  1289. "kernel32.dll.Sleep",
  1290. "kernel32.dll.SetThreadLocale",
  1291. "version.dll.GetFileVersionInfoSizeW",
  1292. "version.dll.VerQueryValueW",
  1293. "version.dll.GetFileVersionInfoW",
  1294. "user32.dll.CharNextW",
  1295. "user32.dll.MsgWaitForMultipleObjects",
  1296. "user32.dll.CharLowerBuffW",
  1297. "user32.dll.LoadStringW",
  1298. "user32.dll.CharUpperW",
  1299. "user32.dll.PeekMessageW",
  1300. "user32.dll.GetSystemMetrics",
  1301. "user32.dll.MessageBoxW",
  1302. "oleaut32.dll.SysAllocStringLen",
  1303. "oleaut32.dll.SafeArrayPtrOfIndex",
  1304. "oleaut32.dll.VariantCopy",
  1305. "oleaut32.dll.SafeArrayGetLBound",
  1306. "oleaut32.dll.SafeArrayGetUBound",
  1307. "oleaut32.dll.VariantInit",
  1308. "oleaut32.dll.VariantClear",
  1309. "oleaut32.dll.SysFreeString",
  1310. "oleaut32.dll.SysReAllocStringLen",
  1311. "oleaut32.dll.VariantChangeType",
  1312. "oleaut32.dll.SafeArrayCreate",
  1313. "netapi32.dll.NetWkstaGetInfo",
  1314. "netapi32.dll.NetApiBufferFree",
  1315. "advapi32.dll.RegQueryValueExW",
  1316. "advapi32.dll.RegCloseKey",
  1317. "advapi32.dll.RegOpenKeyExW",
  1318. "kernel32.dll.GetThreadPreferredUILanguages",
  1319. "kernel32.dll.SetThreadPreferredUILanguages",
  1320. "kernel32.dll.GetThreadUILanguage",
  1321. "kernel32.dll.GetNativeSystemInfo",
  1322. "kernel32.dll.GetLogicalProcessorInformation",
  1323. "oleaut32.dll.VariantChangeTypeEx",
  1324. "oleaut32.dll.VarNeg",
  1325. "oleaut32.dll.VarNot",
  1326. "oleaut32.dll.VarAdd",
  1327. "oleaut32.dll.VarSub",
  1328. "oleaut32.dll.VarMul",
  1329. "oleaut32.dll.VarDiv",
  1330. "oleaut32.dll.VarIdiv",
  1331. "oleaut32.dll.VarMod",
  1332. "oleaut32.dll.VarAnd",
  1333. "oleaut32.dll.VarOr",
  1334. "oleaut32.dll.VarXor",
  1335. "oleaut32.dll.VarCmp",
  1336. "oleaut32.dll.VarI4FromStr",
  1337. "oleaut32.dll.VarR4FromStr",
  1338. "oleaut32.dll.VarR8FromStr",
  1339. "oleaut32.dll.VarDateFromStr",
  1340. "oleaut32.dll.VarCyFromStr",
  1341. "oleaut32.dll.VarBoolFromStr",
  1342. "oleaut32.dll.VarBstrFromCy",
  1343. "oleaut32.dll.VarBstrFromDate",
  1344. "oleaut32.dll.VarBstrFromBool",
  1345. "browserconf.dll.load",
  1346. "dwmapi.dll.DwmIsCompositionEnabled",
  1347. "rasapi32.dll.RasConnectionNotificationW",
  1348. "sechost.dll.NotifyServiceStatusChangeA",
  1349. "winhttp.dll.WinHttpOpen",
  1350. "winhttp.dll.WinHttpSetTimeouts",
  1351. "winhttp.dll.WinHttpSetOption",
  1352. "winhttp.dll.WinHttpCrackUrl",
  1353. "shlwapi.dll.StrCmpNW",
  1354. "winhttp.dll.WinHttpConnect",
  1355. "winhttp.dll.WinHttpOpenRequest",
  1356. "winhttp.dll.WinHttpSetStatusCallback",
  1357. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
  1358. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
  1359. "winhttp.dll.WinHttpSendRequest",
  1360. "ws2_32.dll.GetAddrInfoW",
  1361. "ws2_32.dll.WSASocketW",
  1362. "ws2_32.dll.#2",
  1363. "ws2_32.dll.#21",
  1364. "ws2_32.dll.#9",
  1365. "ws2_32.dll.WSAIoctl",
  1366. "ws2_32.dll.FreeAddrInfoW",
  1367. "ws2_32.dll.#6",
  1368. "ws2_32.dll.#5",
  1369. "ws2_32.dll.WSARecv",
  1370. "ws2_32.dll.WSASend",
  1371. "winhttp.dll.WinHttpReceiveResponse",
  1372. "winhttp.dll.WinHttpQueryHeaders",
  1373. "shlwapi.dll.StrStrIW",
  1374. "winhttp.dll.WinHttpQueryDataAvailable",
  1375. "winhttp.dll.WinHttpReadData",
  1376. "cryptsp.dll.CryptAcquireContextA",
  1377. "winhttp.dll.WinHttpCloseHandle",
  1378. "rpcrt4.dll.RpcBindingFree",
  1379. "winhttp.dll.WinHttpTimeFromSystemTime",
  1380. "ncrypt.dll.SslFreeObject"
  1381. ]
  1382.  
  1383. [*] Static Analysis: {
  1384. "pe": {
  1385. "peid_signatures": null,
  1386. "imports": [
  1387. {
  1388. "imports": [
  1389. {
  1390. "name": "GetTempPathA",
  1391. "address": "0x407070"
  1392. },
  1393. {
  1394. "name": "GetFileSize",
  1395. "address": "0x407074"
  1396. },
  1397. {
  1398. "name": "GetModuleFileNameA",
  1399. "address": "0x407078"
  1400. },
  1401. {
  1402. "name": "GetCurrentProcess",
  1403. "address": "0x40707c"
  1404. },
  1405. {
  1406. "name": "CopyFileA",
  1407. "address": "0x407080"
  1408. },
  1409. {
  1410. "name": "ExitProcess",
  1411. "address": "0x407084"
  1412. },
  1413. {
  1414. "name": "SetEnvironmentVariableA",
  1415. "address": "0x407088"
  1416. },
  1417. {
  1418. "name": "Sleep",
  1419. "address": "0x40708c"
  1420. },
  1421. {
  1422. "name": "GetTickCount",
  1423. "address": "0x407090"
  1424. },
  1425. {
  1426. "name": "GetCommandLineA",
  1427. "address": "0x407094"
  1428. },
  1429. {
  1430. "name": "lstrlenA",
  1431. "address": "0x407098"
  1432. },
  1433. {
  1434. "name": "GetVersion",
  1435. "address": "0x40709c"
  1436. },
  1437. {
  1438. "name": "SetErrorMode",
  1439. "address": "0x4070a0"
  1440. },
  1441. {
  1442. "name": "lstrcpynA",
  1443. "address": "0x4070a4"
  1444. },
  1445. {
  1446. "name": "GetDiskFreeSpaceA",
  1447. "address": "0x4070a8"
  1448. },
  1449. {
  1450. "name": "GlobalUnlock",
  1451. "address": "0x4070ac"
  1452. },
  1453. {
  1454. "name": "GetWindowsDirectoryA",
  1455. "address": "0x4070b0"
  1456. },
  1457. {
  1458. "name": "SetCurrentDirectoryA",
  1459. "address": "0x4070b4"
  1460. },
  1461. {
  1462. "name": "GetLastError",
  1463. "address": "0x4070b8"
  1464. },
  1465. {
  1466. "name": "CreateDirectoryA",
  1467. "address": "0x4070bc"
  1468. },
  1469. {
  1470. "name": "CreateProcessA",
  1471. "address": "0x4070c0"
  1472. },
  1473. {
  1474. "name": "RemoveDirectoryA",
  1475. "address": "0x4070c4"
  1476. },
  1477. {
  1478. "name": "CreateFileA",
  1479. "address": "0x4070c8"
  1480. },
  1481. {
  1482. "name": "GetTempFileNameA",
  1483. "address": "0x4070cc"
  1484. },
  1485. {
  1486. "name": "ReadFile",
  1487. "address": "0x4070d0"
  1488. },
  1489. {
  1490. "name": "WriteFile",
  1491. "address": "0x4070d4"
  1492. },
  1493. {
  1494. "name": "lstrcpyA",
  1495. "address": "0x4070d8"
  1496. },
  1497. {
  1498. "name": "MoveFileExA",
  1499. "address": "0x4070dc"
  1500. },
  1501. {
  1502. "name": "lstrcatA",
  1503. "address": "0x4070e0"
  1504. },
  1505. {
  1506. "name": "GetSystemDirectoryA",
  1507. "address": "0x4070e4"
  1508. },
  1509. {
  1510. "name": "GetProcAddress",
  1511. "address": "0x4070e8"
  1512. },
  1513. {
  1514. "name": "GetExitCodeProcess",
  1515. "address": "0x4070ec"
  1516. },
  1517. {
  1518. "name": "WaitForSingleObject",
  1519. "address": "0x4070f0"
  1520. },
  1521. {
  1522. "name": "CompareFileTime",
  1523. "address": "0x4070f4"
  1524. },
  1525. {
  1526. "name": "SetFileAttributesA",
  1527. "address": "0x4070f8"
  1528. },
  1529. {
  1530. "name": "GetFileAttributesA",
  1531. "address": "0x4070fc"
  1532. },
  1533. {
  1534. "name": "GetShortPathNameA",
  1535. "address": "0x407100"
  1536. },
  1537. {
  1538. "name": "MoveFileA",
  1539. "address": "0x407104"
  1540. },
  1541. {
  1542. "name": "GetFullPathNameA",
  1543. "address": "0x407108"
  1544. },
  1545. {
  1546. "name": "SetFileTime",
  1547. "address": "0x40710c"
  1548. },
  1549. {
  1550. "name": "SearchPathA",
  1551. "address": "0x407110"
  1552. },
  1553. {
  1554. "name": "CloseHandle",
  1555. "address": "0x407114"
  1556. },
  1557. {
  1558. "name": "lstrcmpiA",
  1559. "address": "0x407118"
  1560. },
  1561. {
  1562. "name": "CreateThread",
  1563. "address": "0x40711c"
  1564. },
  1565. {
  1566. "name": "GlobalLock",
  1567. "address": "0x407120"
  1568. },
  1569. {
  1570. "name": "lstrcmpA",
  1571. "address": "0x407124"
  1572. },
  1573. {
  1574. "name": "FindFirstFileA",
  1575. "address": "0x407128"
  1576. },
  1577. {
  1578. "name": "FindNextFileA",
  1579. "address": "0x40712c"
  1580. },
  1581. {
  1582. "name": "DeleteFileA",
  1583. "address": "0x407130"
  1584. },
  1585. {
  1586. "name": "SetFilePointer",
  1587. "address": "0x407134"
  1588. },
  1589. {
  1590. "name": "GetPrivateProfileStringA",
  1591. "address": "0x407138"
  1592. },
  1593. {
  1594. "name": "FindClose",
  1595. "address": "0x40713c"
  1596. },
  1597. {
  1598. "name": "MultiByteToWideChar",
  1599. "address": "0x407140"
  1600. },
  1601. {
  1602. "name": "FreeLibrary",
  1603. "address": "0x407144"
  1604. },
  1605. {
  1606. "name": "MulDiv",
  1607. "address": "0x407148"
  1608. },
  1609. {
  1610. "name": "WritePrivateProfileStringA",
  1611. "address": "0x40714c"
  1612. },
  1613. {
  1614. "name": "LoadLibraryExA",
  1615. "address": "0x407150"
  1616. },
  1617. {
  1618. "name": "GetModuleHandleA",
  1619. "address": "0x407154"
  1620. },
  1621. {
  1622. "name": "GlobalAlloc",
  1623. "address": "0x407158"
  1624. },
  1625. {
  1626. "name": "GlobalFree",
  1627. "address": "0x40715c"
  1628. },
  1629. {
  1630. "name": "ExpandEnvironmentStringsA",
  1631. "address": "0x407160"
  1632. }
  1633. ],
  1634. "dll": "KERNEL32.dll"
  1635. },
  1636. {
  1637. "imports": [
  1638. {
  1639. "name": "ScreenToClient",
  1640. "address": "0x407184"
  1641. },
  1642. {
  1643. "name": "GetSystemMenu",
  1644. "address": "0x407188"
  1645. },
  1646. {
  1647. "name": "SetClassLongA",
  1648. "address": "0x40718c"
  1649. },
  1650. {
  1651. "name": "IsWindowEnabled",
  1652. "address": "0x407190"
  1653. },
  1654. {
  1655. "name": "SetWindowPos",
  1656. "address": "0x407194"
  1657. },
  1658. {
  1659. "name": "GetSysColor",
  1660. "address": "0x407198"
  1661. },
  1662. {
  1663. "name": "GetWindowLongA",
  1664. "address": "0x40719c"
  1665. },
  1666. {
  1667. "name": "SetCursor",
  1668. "address": "0x4071a0"
  1669. },
  1670. {
  1671. "name": "LoadCursorA",
  1672. "address": "0x4071a4"
  1673. },
  1674. {
  1675. "name": "CheckDlgButton",
  1676. "address": "0x4071a8"
  1677. },
  1678. {
  1679. "name": "GetMessagePos",
  1680. "address": "0x4071ac"
  1681. },
  1682. {
  1683. "name": "LoadBitmapA",
  1684. "address": "0x4071b0"
  1685. },
  1686. {
  1687. "name": "CallWindowProcA",
  1688. "address": "0x4071b4"
  1689. },
  1690. {
  1691. "name": "IsWindowVisible",
  1692. "address": "0x4071b8"
  1693. },
  1694. {
  1695. "name": "CloseClipboard",
  1696. "address": "0x4071bc"
  1697. },
  1698. {
  1699. "name": "SetClipboardData",
  1700. "address": "0x4071c0"
  1701. },
  1702. {
  1703. "name": "EmptyClipboard",
  1704. "address": "0x4071c4"
  1705. },
  1706. {
  1707. "name": "PostQuitMessage",
  1708. "address": "0x4071c8"
  1709. },
  1710. {
  1711. "name": "GetWindowRect",
  1712. "address": "0x4071cc"
  1713. },
  1714. {
  1715. "name": "EnableMenuItem",
  1716. "address": "0x4071d0"
  1717. },
  1718. {
  1719. "name": "CreatePopupMenu",
  1720. "address": "0x4071d4"
  1721. },
  1722. {
  1723. "name": "GetSystemMetrics",
  1724. "address": "0x4071d8"
  1725. },
  1726. {
  1727. "name": "SetDlgItemTextA",
  1728. "address": "0x4071dc"
  1729. },
  1730. {
  1731. "name": "GetDlgItemTextA",
  1732. "address": "0x4071e0"
  1733. },
  1734. {
  1735. "name": "MessageBoxIndirectA",
  1736. "address": "0x4071e4"
  1737. },
  1738. {
  1739. "name": "CharPrevA",
  1740. "address": "0x4071e8"
  1741. },
  1742. {
  1743. "name": "DispatchMessageA",
  1744. "address": "0x4071ec"
  1745. },
  1746. {
  1747. "name": "PeekMessageA",
  1748. "address": "0x4071f0"
  1749. },
  1750. {
  1751. "name": "ReleaseDC",
  1752. "address": "0x4071f4"
  1753. },
  1754. {
  1755. "name": "EnableWindow",
  1756. "address": "0x4071f8"
  1757. },
  1758. {
  1759. "name": "InvalidateRect",
  1760. "address": "0x4071fc"
  1761. },
  1762. {
  1763. "name": "SendMessageA",
  1764. "address": "0x407200"
  1765. },
  1766. {
  1767. "name": "DefWindowProcA",
  1768. "address": "0x407204"
  1769. },
  1770. {
  1771. "name": "BeginPaint",
  1772. "address": "0x407208"
  1773. },
  1774. {
  1775. "name": "GetClientRect",
  1776. "address": "0x40720c"
  1777. },
  1778. {
  1779. "name": "FillRect",
  1780. "address": "0x407210"
  1781. },
  1782. {
  1783. "name": "DrawTextA",
  1784. "address": "0x407214"
  1785. },
  1786. {
  1787. "name": "EndDialog",
  1788. "address": "0x407218"
  1789. },
  1790. {
  1791. "name": "RegisterClassA",
  1792. "address": "0x40721c"
  1793. },
  1794. {
  1795. "name": "SystemParametersInfoA",
  1796. "address": "0x407220"
  1797. },
  1798. {
  1799. "name": "CreateWindowExA",
  1800. "address": "0x407224"
  1801. },
  1802. {
  1803. "name": "GetClassInfoA",
  1804. "address": "0x407228"
  1805. },
  1806. {
  1807. "name": "DialogBoxParamA",
  1808. "address": "0x40722c"
  1809. },
  1810. {
  1811. "name": "CharNextA",
  1812. "address": "0x407230"
  1813. },
  1814. {
  1815. "name": "ExitWindowsEx",
  1816. "address": "0x407234"
  1817. },
  1818. {
  1819. "name": "GetDC",
  1820. "address": "0x407238"
  1821. },
  1822. {
  1823. "name": "CreateDialogParamA",
  1824. "address": "0x40723c"
  1825. },
  1826. {
  1827. "name": "SetTimer",
  1828. "address": "0x407240"
  1829. },
  1830. {
  1831. "name": "GetDlgItem",
  1832. "address": "0x407244"
  1833. },
  1834. {
  1835. "name": "SetWindowLongA",
  1836. "address": "0x407248"
  1837. },
  1838. {
  1839. "name": "SetForegroundWindow",
  1840. "address": "0x40724c"
  1841. },
  1842. {
  1843. "name": "LoadImageA",
  1844. "address": "0x407250"
  1845. },
  1846. {
  1847. "name": "IsWindow",
  1848. "address": "0x407254"
  1849. },
  1850. {
  1851. "name": "SendMessageTimeoutA",
  1852. "address": "0x407258"
  1853. },
  1854. {
  1855. "name": "FindWindowExA",
  1856. "address": "0x40725c"
  1857. },
  1858. {
  1859. "name": "OpenClipboard",
  1860. "address": "0x407260"
  1861. },
  1862. {
  1863. "name": "TrackPopupMenu",
  1864. "address": "0x407264"
  1865. },
  1866. {
  1867. "name": "AppendMenuA",
  1868. "address": "0x407268"
  1869. },
  1870. {
  1871. "name": "EndPaint",
  1872. "address": "0x40726c"
  1873. },
  1874. {
  1875. "name": "DestroyWindow",
  1876. "address": "0x407270"
  1877. },
  1878. {
  1879. "name": "wsprintfA",
  1880. "address": "0x407274"
  1881. },
  1882. {
  1883. "name": "ShowWindow",
  1884. "address": "0x407278"
  1885. },
  1886. {
  1887. "name": "SetWindowTextA",
  1888. "address": "0x40727c"
  1889. }
  1890. ],
  1891. "dll": "USER32.dll"
  1892. },
  1893. {
  1894. "imports": [
  1895. {
  1896. "name": "SelectObject",
  1897. "address": "0x40704c"
  1898. },
  1899. {
  1900. "name": "SetBkMode",
  1901. "address": "0x407050"
  1902. },
  1903. {
  1904. "name": "CreateFontIndirectA",
  1905. "address": "0x407054"
  1906. },
  1907. {
  1908. "name": "SetTextColor",
  1909. "address": "0x407058"
  1910. },
  1911. {
  1912. "name": "DeleteObject",
  1913. "address": "0x40705c"
  1914. },
  1915. {
  1916. "name": "GetDeviceCaps",
  1917. "address": "0x407060"
  1918. },
  1919. {
  1920. "name": "CreateBrushIndirect",
  1921. "address": "0x407064"
  1922. },
  1923. {
  1924. "name": "SetBkColor",
  1925. "address": "0x407068"
  1926. }
  1927. ],
  1928. "dll": "GDI32.dll"
  1929. },
  1930. {
  1931. "imports": [
  1932. {
  1933. "name": "SHGetSpecialFolderLocation",
  1934. "address": "0x407168"
  1935. },
  1936. {
  1937. "name": "ShellExecuteExA",
  1938. "address": "0x40716c"
  1939. },
  1940. {
  1941. "name": "SHGetPathFromIDListA",
  1942. "address": "0x407170"
  1943. },
  1944. {
  1945. "name": "SHBrowseForFolderA",
  1946. "address": "0x407174"
  1947. },
  1948. {
  1949. "name": "SHGetFileInfoA",
  1950. "address": "0x407178"
  1951. },
  1952. {
  1953. "name": "SHFileOperationA",
  1954. "address": "0x40717c"
  1955. }
  1956. ],
  1957. "dll": "SHELL32.dll"
  1958. },
  1959. {
  1960. "imports": [
  1961. {
  1962. "name": "AdjustTokenPrivileges",
  1963. "address": "0x407000"
  1964. },
  1965. {
  1966. "name": "RegCreateKeyExA",
  1967. "address": "0x407004"
  1968. },
  1969. {
  1970. "name": "RegOpenKeyExA",
  1971. "address": "0x407008"
  1972. },
  1973. {
  1974. "name": "SetFileSecurityA",
  1975. "address": "0x40700c"
  1976. },
  1977. {
  1978. "name": "OpenProcessToken",
  1979. "address": "0x407010"
  1980. },
  1981. {
  1982. "name": "LookupPrivilegeValueA",
  1983. "address": "0x407014"
  1984. },
  1985. {
  1986. "name": "RegEnumValueA",
  1987. "address": "0x407018"
  1988. },
  1989. {
  1990. "name": "RegDeleteKeyA",
  1991. "address": "0x40701c"
  1992. },
  1993. {
  1994. "name": "RegDeleteValueA",
  1995. "address": "0x407020"
  1996. },
  1997. {
  1998. "name": "RegCloseKey",
  1999. "address": "0x407024"
  2000. },
  2001. {
  2002. "name": "RegSetValueExA",
  2003. "address": "0x407028"
  2004. },
  2005. {
  2006. "name": "RegQueryValueExA",
  2007. "address": "0x40702c"
  2008. },
  2009. {
  2010. "name": "RegEnumKeyA",
  2011. "address": "0x407030"
  2012. }
  2013. ],
  2014. "dll": "ADVAPI32.dll"
  2015. },
  2016. {
  2017. "imports": [
  2018. {
  2019. "name": "ImageList_Create",
  2020. "address": "0x407038"
  2021. },
  2022. {
  2023. "name": "ImageList_AddMasked",
  2024. "address": "0x40703c"
  2025. },
  2026. {
  2027. "name": "ImageList_Destroy",
  2028. "address": "0x407040"
  2029. },
  2030. {
  2031. "name": null,
  2032. "address": "0x407044"
  2033. }
  2034. ],
  2035. "dll": "COMCTL32.dll"
  2036. },
  2037. {
  2038. "imports": [
  2039. {
  2040. "name": "OleUninitialize",
  2041. "address": "0x407284"
  2042. },
  2043. {
  2044. "name": "OleInitialize",
  2045. "address": "0x407288"
  2046. },
  2047. {
  2048. "name": "CoTaskMemFree",
  2049. "address": "0x40728c"
  2050. },
  2051. {
  2052. "name": "CoCreateInstance",
  2053. "address": "0x407290"
  2054. }
  2055. ],
  2056. "dll": "ole32.dll"
  2057. }
  2058. ],
  2059. "digital_signers": null,
  2060. "exported_dll_name": null,
  2061. "actual_checksum": "0x0005ac52",
  2062. "overlay": {
  2063. "size": "0x000441d3",
  2064. "offset": "0x0000ca00"
  2065. },
  2066. "imagebase": "0x00400000",
  2067. "reported_checksum": "0x00000000",
  2068. "icon_hash": null,
  2069. "entrypoint": "0x004031d6",
  2070. "timestamp": "2018-12-15 22:24:22",
  2071. "osversion": "4.0",
  2072. "sections": [
  2073. {
  2074. "name": ".text",
  2075. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  2076. "virtual_address": "0x00001000",
  2077. "size_of_data": "0x00006000",
  2078. "entropy": "6.45",
  2079. "raw_address": "0x00000400",
  2080. "virtual_size": "0x00005f0d",
  2081. "characteristics_raw": "0x60000020"
  2082. },
  2083. {
  2084. "name": ".rdata",
  2085. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  2086. "virtual_address": "0x00007000",
  2087. "size_of_data": "0x00001400",
  2088. "entropy": "5.00",
  2089. "raw_address": "0x00006400",
  2090. "virtual_size": "0x00001250",
  2091. "characteristics_raw": "0x40000040"
  2092. },
  2093. {
  2094. "name": ".data",
  2095. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  2096. "virtual_address": "0x00009000",
  2097. "size_of_data": "0x00000400",
  2098. "entropy": "5.13",
  2099. "raw_address": "0x00007800",
  2100. "virtual_size": "0x0001a818",
  2101. "characteristics_raw": "0xc0000040"
  2102. },
  2103. {
  2104. "name": ".ndata",
  2105. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  2106. "virtual_address": "0x00024000",
  2107. "size_of_data": "0x00000000",
  2108. "entropy": "0.00",
  2109. "raw_address": "0x00000000",
  2110. "virtual_size": "0x00008000",
  2111. "characteristics_raw": "0xc0000080"
  2112. },
  2113. {
  2114. "name": ".rsrc",
  2115. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  2116. "virtual_address": "0x0002c000",
  2117. "size_of_data": "0x00004e00",
  2118. "entropy": "5.08",
  2119. "raw_address": "0x00007c00",
  2120. "virtual_size": "0x00004c38",
  2121. "characteristics_raw": "0x40000040"
  2122. }
  2123. ],
  2124. "resources": [],
  2125. "dirents": [
  2126. {
  2127. "virtual_address": "0x00000000",
  2128. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  2129. "size": "0x00000000"
  2130. },
  2131. {
  2132. "virtual_address": "0x00007430",
  2133. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  2134. "size": "0x000000a0"
  2135. },
  2136. {
  2137. "virtual_address": "0x0002c000",
  2138. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  2139. "size": "0x00004c38"
  2140. },
  2141. {
  2142. "virtual_address": "0x00000000",
  2143. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  2144. "size": "0x00000000"
  2145. },
  2146. {
  2147. "virtual_address": "0x00000000",
  2148. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  2149. "size": "0x00000000"
  2150. },
  2151. {
  2152. "virtual_address": "0x00000000",
  2153. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  2154. "size": "0x00000000"
  2155. },
  2156. {
  2157. "virtual_address": "0x00000000",
  2158. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  2159. "size": "0x00000000"
  2160. },
  2161. {
  2162. "virtual_address": "0x00000000",
  2163. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  2164. "size": "0x00000000"
  2165. },
  2166. {
  2167. "virtual_address": "0x00000000",
  2168. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  2169. "size": "0x00000000"
  2170. },
  2171. {
  2172. "virtual_address": "0x00000000",
  2173. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  2174. "size": "0x00000000"
  2175. },
  2176. {
  2177. "virtual_address": "0x00000000",
  2178. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  2179. "size": "0x00000000"
  2180. },
  2181. {
  2182. "virtual_address": "0x00000000",
  2183. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  2184. "size": "0x00000000"
  2185. },
  2186. {
  2187. "virtual_address": "0x00007000",
  2188. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  2189. "size": "0x00000298"
  2190. },
  2191. {
  2192. "virtual_address": "0x00000000",
  2193. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  2194. "size": "0x00000000"
  2195. },
  2196. {
  2197. "virtual_address": "0x00000000",
  2198. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  2199. "size": "0x00000000"
  2200. },
  2201. {
  2202. "virtual_address": "0x00000000",
  2203. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  2204. "size": "0x00000000"
  2205. }
  2206. ],
  2207. "exports": [],
  2208. "guest_signers": {},
  2209. "imphash": "3abe302b6d9a1256e6a915429af4ffd2",
  2210. "icon_fuzzy": null,
  2211. "icon": null,
  2212. "pdbpath": null,
  2213. "imported_dll_count": 7,
  2214. "versioninfo": []
  2215. }
  2216. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!