Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Zonidel"
- [*] MalScore: 10.0
- [*] File Name: "Exes_ed741296.exe"
- [*] File Size: 266752
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "77f2b84f93c3151a8b264d11a47cbf5925132ca353f62ba2d999e51ee035dd18"
- [*] MD5: "ffc6b2b54d3f6651278e2a42eed243c4"
- [*] SHA1: "00951d6fba436f895d0e389f8029b1f7f6ffc717"
- [*] SHA512: "66bbe1ce53ed8968f6a93c65c7ab8f956d929d714f7ceb008df2074eb3c4e9c9f95464a12c263089d3906569f3734fb889fd19095272d1f0c6050ab040c951c7"
- [*] CRC32: "ED741296"
- [*] SSDEEP: "6144:wcvLyLfIFA+1tjGkn0v/ZPzuKLJFtrj6Wsx56:wcWLfM1VGk0HZP6Kbt/6Nx56"
- [*] Process Execution: [
- "Exes_ed741296.exe",
- "windxit.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details": [
- {
- "IP": "74.6.137.63:25"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details": [
- {
- "process": "windxit.exe, PID 2176"
- }
- ]
- },
- {
- "Description": "Drops a binary and executes it",
- "Details": [
- {
- "binary": "C:\\Windows\\3429179713321391\\windxit.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe"
- },
- {
- "url": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "Exes_ed741296.exe (1752) called API GlobalMemoryStatus 2165386 times"
- },
- {
- "Spam": "windxit.exe (2176) called API GlobalMemoryStatus 2165386 times"
- }
- ]
- },
- {
- "Description": "Installs itself for autorun at Windows startup",
- "Details": [
- {
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 2462742724"
- },
- {
- "data": "C:\\Windows\\3429179713321391\\windxit.exe"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 2462742724"
- },
- {
- "data": "C:\\Windows\\3429179713321391\\windxit.exe"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Windows\\3429179713321391"
- },
- {
- "file": "C:\\Windows\\3429179713321391\\windxit.exe"
- }
- ]
- },
- {
- "Description": "File has been identified by 39 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.32054074"
- },
- {
- "McAfee": "Artemis!FFC6B2B54D3F"
- },
- {
- "AegisLab": "Trojan.Win32.Zonidel.4!c"
- },
- {
- "BitDefender": "Trojan.GenericKD.32054074"
- },
- {
- "K7GW": "Riskware ( 0040eff71 )"
- },
- {
- "ESET-NOD32": "a variant of Win32/Kryptik.GTYE"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "GData": "Trojan.GenericKD.32054074"
- },
- {
- "Kaspersky": "Trojan.Win32.Zonidel.egt"
- },
- {
- "Tencent": "Win32.Trojan.Zonidel.Eili"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Emsisoft": "Trojan.GenericKD.32054074 (B)"
- },
- {
- "Comodo": "Malware@#xqm6zfx65n78"
- },
- {
- "F-Secure": "Trojan.TR/AD.Phorpiex.gwmgy"
- },
- {
- "VIPRE": "Trojan.Win32.Generic!BT"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "Artemis"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "FireEye": "Generic.mg.ffc6b2b54d3f6651"
- },
- {
- "Sophos": "Mal/Generic-S"
- },
- {
- "Ikarus": "Trojan.Win32.Krypt"
- },
- {
- "Avira": "TR/AD.Phorpiex.gwmgy"
- },
- {
- "Arcabit": "Trojan.Generic.D1E91B3A"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Crypted.R275704"
- },
- {
- "ZoneAlarm": "Trojan.Win32.Zonidel.egt"
- },
- {
- "Microsoft": "Trojan:Win32/Gandcrab.AF"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "ALYac": "Trojan.GenericKD.32054074"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.32054074"
- },
- {
- "Malwarebytes": "Trojan.MalPack.GS"
- },
- {
- "Panda": "Trj/GdSda.A"
- },
- {
- "TrendMicro-HouseCall": "TROJ_GEN.R03FC0WFD19"
- },
- {
- "Rising": "Malware.Heuristic.MLite(94%) (AI-LITE:uEgW6/MPn1b+FDScVK5Pvg)"
- },
- {
- "Fortinet": "W32/GenKryptik.DKOO!tr"
- },
- {
- "Webroot": "W32.Trojan.Gen"
- },
- {
- "AVG": "FileRepMalware"
- },
- {
- "Avast": "FileRepMalware"
- },
- {
- "CrowdStrike": "win/malicious_confidence_70% (W)"
- }
- ]
- },
- {
- "Description": "Operates on local firewall's policies and settings",
- "Details": []
- },
- {
- "Description": "Creates a copy of itself",
- "Details": [
- {
- "copy": "C:\\Windows\\3429179713321391\\windxit.exe"
- }
- ]
- },
- {
- "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_ed741296.exe:Zone.Iduentifier"
- },
- {
- "file": "C:\\Windows\\3429179713321391\\windxit.exe:Zone.Iduentifier"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "C:\\Windows\\3429179713321391\\windxit.exe"
- ]
- [*] Mutexes: [
- "2462742724"
- ]
- [*] Modified Files: [
- "C:\\Windows\\3429179713321391\\windxit.exe"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_ed741296.exe:Zone.Iduentifier",
- "C:\\Windows\\3429179713321391\\windxit.exe:Zone.Iduentifier"
- ]
- [*] Modified Registry Keys: [
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 2462742724",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update 2462742724"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: [
- {
- "type": "MX",
- "request": "yahoo.com",
- "answers": [
- {
- "data": "mta5.am0.yahoodns.net",
- "type": "MX"
- },
- {
- "data": "mta7.am0.yahoodns.net",
- "type": "MX"
- },
- {
- "data": "mta6.am0.yahoodns.net",
- "type": "MX"
- }
- ]
- },
- {
- "type": "A",
- "request": "mta6.am0.yahoodns.net",
- "answers": [
- {
- "data": "67.195.228.94",
- "type": "A"
- },
- {
- "data": "66.218.85.139",
- "type": "A"
- },
- {
- "data": "74.6.137.65",
- "type": "A"
- },
- {
- "data": "67.195.228.109",
- "type": "A"
- },
- {
- "data": "98.137.159.26",
- "type": "A"
- },
- {
- "data": "98.137.159.25",
- "type": "A"
- },
- {
- "data": "74.6.137.63",
- "type": "A"
- },
- {
- "data": "67.195.228.106",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "67.195.228.106",
- "domain": "mta6.am0.yahoodns.net"
- },
- {
- "ip": "98.138.219.231",
- "domain": "yahoo.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=0-6913\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=6914-17673\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=17674-27522\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=27523-37529\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=37530-58426\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=58427-101399\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=101400-131332\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=131333-312387\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=312388-569715\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=569716-1295319\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=1295320-2732173\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=2732174-5611124\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=5611125-11372756\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=11372757-21628567\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r2---sn-bvvbax-2ims.gvt1.com/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r2---sn-bvvbax-2ims.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/AO3hQFiic1uW_75.0.3770.90/75.0.3770.90_74.0.3729.169_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ims&ms=nvh&mt=1560482553&mv=m&nh=EAM&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 22:15:46 GMT\r\nRange: bytes=21628568-30355199\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r2---sn-bvvbax-2ims.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "SetVolumeMountPointW",
- "address": "0x427018"
- },
- {
- "name": "UnlockFile",
- "address": "0x42701c"
- },
- {
- "name": "GetNumberFormatA",
- "address": "0x427020"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x427024"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x427028"
- },
- {
- "name": "DnsHostnameToComputerNameW",
- "address": "0x42702c"
- },
- {
- "name": "GetBinaryTypeA",
- "address": "0x427030"
- },
- {
- "name": "lstrlenW",
- "address": "0x427034"
- },
- {
- "name": "SetHandleInformation",
- "address": "0x427038"
- },
- {
- "name": "GetProcAddress",
- "address": "0x42703c"
- },
- {
- "name": "PeekConsoleInputW",
- "address": "0x427040"
- },
- {
- "name": "LocalLock",
- "address": "0x427044"
- },
- {
- "name": "VirtualProtect",
- "address": "0x427048"
- },
- {
- "name": "CreateToolhelp32Snapshot",
- "address": "0x42704c"
- },
- {
- "name": "DuplicateHandle",
- "address": "0x427050"
- },
- {
- "name": "CloseHandle",
- "address": "0x427054"
- },
- {
- "name": "ZombifyActCtx",
- "address": "0x427058"
- },
- {
- "name": "lstrcpynA",
- "address": "0x42705c"
- },
- {
- "name": "DebugActiveProcessStop",
- "address": "0x427060"
- },
- {
- "name": "GlobalMemoryStatus",
- "address": "0x427064"
- },
- {
- "name": "Module32First",
- "address": "0x427068"
- },
- {
- "name": "ExitProcess",
- "address": "0x42706c"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x427070"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x427074"
- },
- {
- "name": "EnumSystemLocalesW",
- "address": "0x427078"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x42707c"
- },
- {
- "name": "IsValidLocale",
- "address": "0x427080"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x427084"
- },
- {
- "name": "EncodePointer",
- "address": "0x427088"
- },
- {
- "name": "DecodePointer",
- "address": "0x42708c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x427090"
- },
- {
- "name": "RaiseException",
- "address": "0x427094"
- },
- {
- "name": "RtlUnwind",
- "address": "0x427098"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x42709c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x4270a0"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x4270a4"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x4270a8"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x4270ac"
- },
- {
- "name": "GetLastError",
- "address": "0x4270b0"
- },
- {
- "name": "WriteFile",
- "address": "0x4270b4"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x4270b8"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x4270bc"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x4270c0"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4270c4"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x4270c8"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x4270cc"
- },
- {
- "name": "AreFileApisANSI",
- "address": "0x4270d0"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x4270d4"
- },
- {
- "name": "HeapSize",
- "address": "0x4270d8"
- },
- {
- "name": "HeapFree",
- "address": "0x4270dc"
- },
- {
- "name": "HeapAlloc",
- "address": "0x4270e0"
- },
- {
- "name": "SetLastError",
- "address": "0x4270e4"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4270e8"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4270ec"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x4270f0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4270f4"
- },
- {
- "name": "GetFileType",
- "address": "0x4270f8"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x4270fc"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x427100"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x427104"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x427108"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x42710c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x427110"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x427114"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x427118"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x42711c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x427120"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x427124"
- },
- {
- "name": "CreateEventW",
- "address": "0x427128"
- },
- {
- "name": "Sleep",
- "address": "0x42712c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x427130"
- },
- {
- "name": "TerminateProcess",
- "address": "0x427134"
- },
- {
- "name": "TlsAlloc",
- "address": "0x427138"
- },
- {
- "name": "TlsGetValue",
- "address": "0x42713c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x427140"
- },
- {
- "name": "TlsFree",
- "address": "0x427144"
- },
- {
- "name": "GetTickCount",
- "address": "0x427148"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x42714c"
- },
- {
- "name": "CreateSemaphoreW",
- "address": "0x427150"
- },
- {
- "name": "SetStdHandle",
- "address": "0x427154"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x427158"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x42715c"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x427160"
- },
- {
- "name": "FreeLibrary",
- "address": "0x427164"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x427168"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x42716c"
- },
- {
- "name": "GetACP",
- "address": "0x427170"
- },
- {
- "name": "GetOEMCP",
- "address": "0x427174"
- },
- {
- "name": "GetCPInfo",
- "address": "0x427178"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x42717c"
- },
- {
- "name": "GetDateFormatW",
- "address": "0x427180"
- },
- {
- "name": "GetTimeFormatW",
- "address": "0x427184"
- },
- {
- "name": "CompareStringW",
- "address": "0x427188"
- },
- {
- "name": "LCMapStringW",
- "address": "0x42718c"
- },
- {
- "name": "CreateFileW",
- "address": "0x427190"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "AbortSystemShutdownA",
- "address": "0x427000"
- },
- {
- "name": "AddAuditAccessObjectAce",
- "address": "0x427004"
- },
- {
- "name": "RegCreateKeyExW",
- "address": "0x427008"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x42700c"
- },
- {
- "name": "RegEnumKeyExW",
- "address": "0x427010"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "WinHttpWriteData",
- "address": "0x4271a4"
- },
- {
- "name": "WinHttpOpen",
- "address": "0x4271a8"
- }
- ],
- "dll": "WINHTTP.dll"
- },
- {
- "imports": [
- {
- "name": "GradientFill",
- "address": "0x427198"
- },
- {
- "name": "TransparentBlt",
- "address": "0x42719c"
- }
- ],
- "dll": "MSIMG32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "cubusemono.exe",
- "actual_checksum": "0x0004b223",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0004b223",
- "icon_hash": null,
- "entrypoint": "0x00403aa1",
- "timestamp": "2017-12-19 04:28:11",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00025200",
- "entropy": "6.72",
- "raw_address": "0x00000400",
- "virtual_size": "0x0002502d",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00027000",
- "size_of_data": "0x00010e00",
- "entropy": "6.05",
- "raw_address": "0x00025600",
- "virtual_size": "0x00010cd6",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00038000",
- "size_of_data": "0x00001a00",
- "entropy": "3.42",
- "raw_address": "0x00036400",
- "virtual_size": "0x04e5d9ec",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".sasa",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x04e96000",
- "size_of_data": "0x00000600",
- "entropy": "0.00",
- "raw_address": "0x00037e00",
- "virtual_size": "0x00001400",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e98000",
- "size_of_data": "0x00006c00",
- "entropy": "6.33",
- "raw_address": "0x00038400",
- "virtual_size": "0x00006a28",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e9f000",
- "size_of_data": "0x00002200",
- "entropy": "6.47",
- "raw_address": "0x0003f000",
- "virtual_size": "0x00002004",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x000372b0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x0000004e"
- },
- {
- "virtual_address": "0x00037300",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x04e98000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00006a28"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x04e9f000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00002004"
- },
- {
- "virtual_address": "0x00027210",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000038"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00027000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001b0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "MyFunc165@@4",
- "address": "0x425f20"
- }
- ],
- "guest_signers": {},
- "imphash": "42eb97f8f9223841094c685084b30abf",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "C:\\walukafomow-gozonixo\\fozuje.pdb\\x00ypt\\tmp_213048127\\bin\\cubusemono.pdb\\x00\\x00\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x96C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff",
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsFree",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.InitializeCriticalSectionEx",
- "kernel32.dll.CreateEventExW",
- "kernel32.dll.CreateSemaphoreExW",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.CreateThreadpoolTimer",
- "kernel32.dll.SetThreadpoolTimer",
- "kernel32.dll.WaitForThreadpoolTimerCallbacks",
- "kernel32.dll.CloseThreadpoolTimer",
- "kernel32.dll.CreateThreadpoolWait",
- "kernel32.dll.SetThreadpoolWait",
- "kernel32.dll.CloseThreadpoolWait",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.FreeLibraryWhenCallbackReturns",
- "kernel32.dll.GetCurrentProcessorNumber",
- "kernel32.dll.GetLogicalProcessorInformation",
- "kernel32.dll.CreateSymbolicLinkW",
- "kernel32.dll.EnumSystemLocalesEx",
- "kernel32.dll.CompareStringEx",
- "kernel32.dll.GetDateFormatEx",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.GetTimeFormatEx",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.IsValidLocaleName",
- "kernel32.dll.LCMapStringEx",
- "kernel32.dll.GetTickCount64",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.VirtualProtect",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.GetVersionExA",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.SetErrorMode",
- "msvcrt.dll._except_handler3",
- "msvcrt.dll.__set_app_type",
- "msvcrt.dll.__p__fmode",
- "msvcrt.dll.__p__commode",
- "msvcrt.dll._adjust_fdiv",
- "msvcrt.dll.__setusermatherr",
- "msvcrt.dll._initterm",
- "msvcrt.dll.__getmainargs",
- "msvcrt.dll._acmdln",
- "msvcrt.dll.exit",
- "msvcrt.dll._XcptFilter",
- "msvcrt.dll._exit",
- "msvcrt.dll.wcsstr",
- "msvcrt.dll.wcslen",
- "msvcrt.dll.mbstowcs",
- "msvcrt.dll.atoi",
- "msvcrt.dll._snwprintf",
- "msvcrt.dll._wfopen",
- "msvcrt.dll.fgets",
- "msvcrt.dll.fclose",
- "msvcrt.dll.strtok",
- "msvcrt.dll.strchr",
- "msvcrt.dll.strcpy",
- "msvcrt.dll.strcat",
- "msvcrt.dll.strlen",
- "msvcrt.dll.strstr",
- "msvcrt.dll._snprintf",
- "msvcrt.dll.memset",
- "msvcrt.dll.malloc",
- "msvcrt.dll.srand",
- "msvcrt.dll.rand",
- "msvcrt.dll._controlfp",
- "msvcrt.dll.sprintf",
- "ws2_32.dll.#9",
- "ws2_32.dll.#16",
- "ws2_32.dll.#115",
- "ws2_32.dll.#19",
- "ws2_32.dll.#23",
- "ws2_32.dll.#4",
- "ws2_32.dll.#11",
- "ws2_32.dll.#52",
- "ws2_32.dll.#3",
- "wininet.dll.InternetOpenUrlW",
- "wininet.dll.InternetReadFile",
- "wininet.dll.InternetOpenA",
- "wininet.dll.InternetOpenUrlA",
- "wininet.dll.InternetOpenW",
- "wininet.dll.InternetCloseHandle",
- "shlwapi.dll.PathFindFileNameW",
- "dnsapi.dll.DnsQuery_A",
- "dnsapi.dll.DnsFree",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.FileTimeToSystemTime",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.WriteFile",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "kernel32.dll.FileTimeToLocalFileTime",
- "kernel32.dll.CopyFileW",
- "kernel32.dll.CreateDirectoryW",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.GetLastError",
- "kernel32.dll.Sleep",
- "kernel32.dll.CreateMutexA",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.GetStartupInfoA",
- "kernel32.dll.GetLocalTime",
- "kernel32.dll.CreateProcessW",
- "kernel32.dll.SetFileAttributesW",
- "kernel32.dll.DeleteFileW",
- "kernel32.dll.ExitThread",
- "kernel32.dll.CreateThread",
- "user32.dll.wsprintfA",
- "advapi32.dll.RegSetValueExW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegOpenKeyExW",
- "shell32.dll.ShellExecuteW",
- "msvcr100.dll.atexit"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "SetVolumeMountPointW",
- "address": "0x427018"
- },
- {
- "name": "UnlockFile",
- "address": "0x42701c"
- },
- {
- "name": "GetNumberFormatA",
- "address": "0x427020"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x427024"
- },
- {
- "name": "LoadLibraryW",
- "address": "0x427028"
- },
- {
- "name": "DnsHostnameToComputerNameW",
- "address": "0x42702c"
- },
- {
- "name": "GetBinaryTypeA",
- "address": "0x427030"
- },
- {
- "name": "lstrlenW",
- "address": "0x427034"
- },
- {
- "name": "SetHandleInformation",
- "address": "0x427038"
- },
- {
- "name": "GetProcAddress",
- "address": "0x42703c"
- },
- {
- "name": "PeekConsoleInputW",
- "address": "0x427040"
- },
- {
- "name": "LocalLock",
- "address": "0x427044"
- },
- {
- "name": "VirtualProtect",
- "address": "0x427048"
- },
- {
- "name": "CreateToolhelp32Snapshot",
- "address": "0x42704c"
- },
- {
- "name": "DuplicateHandle",
- "address": "0x427050"
- },
- {
- "name": "CloseHandle",
- "address": "0x427054"
- },
- {
- "name": "ZombifyActCtx",
- "address": "0x427058"
- },
- {
- "name": "lstrcpynA",
- "address": "0x42705c"
- },
- {
- "name": "DebugActiveProcessStop",
- "address": "0x427060"
- },
- {
- "name": "GlobalMemoryStatus",
- "address": "0x427064"
- },
- {
- "name": "Module32First",
- "address": "0x427068"
- },
- {
- "name": "ExitProcess",
- "address": "0x42706c"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x427070"
- },
- {
- "name": "OutputDebugStringW",
- "address": "0x427074"
- },
- {
- "name": "EnumSystemLocalesW",
- "address": "0x427078"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x42707c"
- },
- {
- "name": "IsValidLocale",
- "address": "0x427080"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x427084"
- },
- {
- "name": "EncodePointer",
- "address": "0x427088"
- },
- {
- "name": "DecodePointer",
- "address": "0x42708c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x427090"
- },
- {
- "name": "RaiseException",
- "address": "0x427094"
- },
- {
- "name": "RtlUnwind",
- "address": "0x427098"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x42709c"
- },
- {
- "name": "IsProcessorFeaturePresent",
- "address": "0x4270a0"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x4270a4"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x4270a8"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x4270ac"
- },
- {
- "name": "GetLastError",
- "address": "0x4270b0"
- },
- {
- "name": "WriteFile",
- "address": "0x4270b4"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x4270b8"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x4270bc"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x4270c0"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4270c4"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x4270c8"
- },
- {
- "name": "GetModuleHandleExW",
- "address": "0x4270cc"
- },
- {
- "name": "AreFileApisANSI",
- "address": "0x4270d0"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x4270d4"
- },
- {
- "name": "HeapSize",
- "address": "0x4270d8"
- },
- {
- "name": "HeapFree",
- "address": "0x4270dc"
- },
- {
- "name": "HeapAlloc",
- "address": "0x4270e0"
- },
- {
- "name": "SetLastError",
- "address": "0x4270e4"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x4270e8"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4270ec"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x4270f0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4270f4"
- },
- {
- "name": "GetFileType",
- "address": "0x4270f8"
- },
- {
- "name": "GetStartupInfoW",
- "address": "0x4270fc"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x427100"
- },
- {
- "name": "GetModuleFileNameW",
- "address": "0x427104"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x427108"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x42710c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x427110"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x427114"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x427118"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x42711c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x427120"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x427124"
- },
- {
- "name": "CreateEventW",
- "address": "0x427128"
- },
- {
- "name": "Sleep",
- "address": "0x42712c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x427130"
- },
- {
- "name": "TerminateProcess",
- "address": "0x427134"
- },
- {
- "name": "TlsAlloc",
- "address": "0x427138"
- },
- {
- "name": "TlsGetValue",
- "address": "0x42713c"
- },
- {
- "name": "TlsSetValue",
- "address": "0x427140"
- },
- {
- "name": "TlsFree",
- "address": "0x427144"
- },
- {
- "name": "GetTickCount",
- "address": "0x427148"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x42714c"
- },
- {
- "name": "CreateSemaphoreW",
- "address": "0x427150"
- },
- {
- "name": "SetStdHandle",
- "address": "0x427154"
- },
- {
- "name": "SetFilePointerEx",
- "address": "0x427158"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x42715c"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x427160"
- },
- {
- "name": "FreeLibrary",
- "address": "0x427164"
- },
- {
- "name": "LoadLibraryExW",
- "address": "0x427168"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x42716c"
- },
- {
- "name": "GetACP",
- "address": "0x427170"
- },
- {
- "name": "GetOEMCP",
- "address": "0x427174"
- },
- {
- "name": "GetCPInfo",
- "address": "0x427178"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x42717c"
- },
- {
- "name": "GetDateFormatW",
- "address": "0x427180"
- },
- {
- "name": "GetTimeFormatW",
- "address": "0x427184"
- },
- {
- "name": "CompareStringW",
- "address": "0x427188"
- },
- {
- "name": "LCMapStringW",
- "address": "0x42718c"
- },
- {
- "name": "CreateFileW",
- "address": "0x427190"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "AbortSystemShutdownA",
- "address": "0x427000"
- },
- {
- "name": "AddAuditAccessObjectAce",
- "address": "0x427004"
- },
- {
- "name": "RegCreateKeyExW",
- "address": "0x427008"
- },
- {
- "name": "OpenProcessToken",
- "address": "0x42700c"
- },
- {
- "name": "RegEnumKeyExW",
- "address": "0x427010"
- }
- ],
- "dll": "ADVAPI32.dll"
- },
- {
- "imports": [
- {
- "name": "WinHttpWriteData",
- "address": "0x4271a4"
- },
- {
- "name": "WinHttpOpen",
- "address": "0x4271a8"
- }
- ],
- "dll": "WINHTTP.dll"
- },
- {
- "imports": [
- {
- "name": "GradientFill",
- "address": "0x427198"
- },
- {
- "name": "TransparentBlt",
- "address": "0x42719c"
- }
- ],
- "dll": "MSIMG32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "cubusemono.exe",
- "actual_checksum": "0x0004b223",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0004b223",
- "icon_hash": null,
- "entrypoint": "0x00403aa1",
- "timestamp": "2017-12-19 04:28:11",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00025200",
- "entropy": "6.72",
- "raw_address": "0x00000400",
- "virtual_size": "0x0002502d",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00027000",
- "size_of_data": "0x00010e00",
- "entropy": "6.05",
- "raw_address": "0x00025600",
- "virtual_size": "0x00010cd6",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00038000",
- "size_of_data": "0x00001a00",
- "entropy": "3.42",
- "raw_address": "0x00036400",
- "virtual_size": "0x04e5d9ec",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".sasa",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x04e96000",
- "size_of_data": "0x00000600",
- "entropy": "0.00",
- "raw_address": "0x00037e00",
- "virtual_size": "0x00001400",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e98000",
- "size_of_data": "0x00006c00",
- "entropy": "6.33",
- "raw_address": "0x00038400",
- "virtual_size": "0x00006a28",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x04e9f000",
- "size_of_data": "0x00002200",
- "entropy": "6.47",
- "raw_address": "0x0003f000",
- "virtual_size": "0x00002004",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x000372b0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x0000004e"
- },
- {
- "virtual_address": "0x00037300",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000064"
- },
- {
- "virtual_address": "0x04e98000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00006a28"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x04e9f000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00002004"
- },
- {
- "virtual_address": "0x00027210",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000038"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00027000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000001b0"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "MyFunc165@@4",
- "address": "0x425f20"
- }
- ],
- "guest_signers": {},
- "imphash": "42eb97f8f9223841094c685084b30abf",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "C:\\walukafomow-gozonixo\\fozuje.pdb\\x00ypt\\tmp_213048127\\bin\\cubusemono.pdb\\x00\\x00\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x9d\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\x96C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff",
- "imported_dll_count": 4,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement