API tools faq
paste
Advertisement
paladin316

Exes_86b04518_exe.json

paladin316
Jun 17th, 2019
1,319
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.22 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_86b04518.exe"
  7. [*] File Size: 439808
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "bdf70143340796eb6300390268cc9aac6808b3225740d19769fe1bc8b621190b"
  10. [*] MD5: "d061cb634c7812ea1f9a76c834da662d"
  11. [*] SHA1: "cb1fe61a1a28cb6ada60061e8b3929e7213bb618"
  12. [*] SHA512: "c4b5d31f9c7c6668f257037acbc258235f70789f9d0bdc391d32365a9a5bc064453fca35800baccca02533270f13fd30cf09ba2b9427d9339c3fc692385ea0e9"
  13. [*] CRC32: "86B04518"
  14. [*] SSDEEP: "12288:2w5rmS75p0eniwybzYa+UgF+2rJ0+KoNKxGq+9wmv:bzltE+UgFlJJpKxc9Z"
  15.  
  16. [*] Process Execution: [
  17. "Exes_86b04518.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "The binary likely contains encrypted or compressed data.",
  23. "Details": [
  24. {
  25. "section": "name: .text, entropy: 7.64, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0006ac00, virtual_size: 0x0006aad4"
  26. }
  27. ]
  28. },
  29. {
  30. "Description": "File has been identified by 25 Antiviruses on VirusTotal as malicious",
  31. "Details": [
  32. {
  33. "FireEye": "Generic.mg.d061cb634c7812ea"
  34. },
  35. {
  36. "Cylance": "Unsafe"
  37. },
  38. {
  39. "Cybereason": "malicious.a1a28c"
  40. },
  41. {
  42. "Invincea": "heuristic"
  43. },
  44. {
  45. "Cyren": "W32/Trojan.SW.gen!Eldorado"
  46. },
  47. {
  48. "Symantec": "ML.Attribute.HighConfidence"
  49. },
  50. {
  51. "APEX": "Malicious"
  52. },
  53. {
  54. "Paloalto": "generic.ml"
  55. },
  56. {
  57. "Alibaba": "Trojan:MSIL/Kryptik.455e9881"
  58. },
  59. {
  60. "Tencent": "Win32.Trojan.Inject.Auto"
  61. },
  62. {
  63. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.gc"
  64. },
  65. {
  66. "Trapmine": "malicious.moderate.ml.score"
  67. },
  68. {
  69. "Ikarus": "Trojan.MSIL.Inject"
  70. },
  71. {
  72. "F-Prot": "W32/Trojan.SW.gen!Eldorado"
  73. },
  74. {
  75. "Endgame": "malicious (high confidence)"
  76. },
  77. {
  78. "Webroot": "W32.Malware.Gen"
  79. },
  80. {
  81. "Fortinet": "MSIL/Kryptik.RZC!tr"
  82. },
  83. {
  84. "Microsoft": "Trojan:Win32/Fuerboos.A!cl"
  85. },
  86. {
  87. "ESET-NOD32": "a variant of MSIL/Kryptik.RZC"
  88. },
  89. {
  90. "Acronis": "suspicious"
  91. },
  92. {
  93. "Panda": "Trj/Genetic.gen"
  94. },
  95. {
  96. "SentinelOne": "DFI - Malicious PE"
  97. },
  98. {
  99. "AVG": "FileRepMetagen [Malware]"
  100. },
  101. {
  102. "CrowdStrike": "win/malicious_confidence_80% (D)"
  103. },
  104. {
  105. "Qihoo-360": "HEUR/QVM03.0.D565.Malware.Gen"
  106. }
  107. ]
  108. },
  109. {
  110. "Description": "Anomalous binary characteristics",
  111. "Details": [
  112. {
  113. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
  114. }
  115. ]
  116. }
  117. ]
  118.  
  119. [*] Started Service: []
  120.  
  121. [*] Executed Commands: []
  122.  
  123. [*] Mutexes: []
  124.  
  125. [*] Modified Files: []
  126.  
  127. [*] Deleted Files: []
  128.  
  129. [*] Modified Registry Keys: []
  130.  
  131. [*] Deleted Registry Keys: []
  132.  
  133. [*] DNS Communications: []
  134.  
  135. [*] Domains: []
  136.  
  137. [*] Network Communication - ICMP: []
  138.  
  139. [*] Network Communication - HTTP: []
  140.  
  141. [*] Network Communication - SMTP: []
  142.  
  143. [*] Network Communication - Hosts: []
  144.  
  145. [*] Network Communication - IRC: []
  146.  
  147. [*] Static Analysis: {
  148. "dotnet": {
  149. "customattrs": [
  150. {
  151. "type": "Assembly",
  152. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  153. "value": "1.1.1"
  154. },
  155. {
  156. "type": "Assembly",
  157. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  158. "value": "2b166653-633b-427e-a3fa-65024403bf"
  159. },
  160. {
  161. "type": "Assembly",
  162. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  163. "value": "iwotom"
  164. },
  165. {
  166. "type": "Assembly",
  167. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  168. "value": "iwotom"
  169. },
  170. {
  171. "type": "Assembly",
  172. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  173. "value": "Copyright \\xc2\\xa9 20"
  174. },
  175. {
  176. "type": "Assembly",
  177. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  178. "value": "efogagutacebek"
  179. },
  180. {
  181. "type": "Assembly",
  182. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  183. "value": "emufujucigiw"
  184. },
  185. {
  186. "type": "Property",
  187. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  188. "value": ""
  189. },
  190. {
  191. "type": "Property",
  192. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  193. "value": "10"
  194. }
  195. ],
  196. "assemblyinfo": {
  197. "version": "1.0.0.0",
  198. "name": "baLCkYOjvvQjtwbWalfXcfOtZJUg54wGC7fffZY85WWZacyHZPaQEQ=="
  199. },
  200. "assemblyrefs": [
  201. {
  202. "version": "4.0.0.0",
  203. "name": "mscorlib"
  204. },
  205. {
  206. "version": "4.0.0.0",
  207. "name": "System"
  208. },
  209. {
  210. "version": "1.0.0.1",
  211. "name": "gdi32"
  212. }
  213. ],
  214. "typerefs": [
  215. {
  216. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  217. "assembly": "System"
  218. },
  219. {
  220. "typename": "System.Collections.Specialized.StringDictionary",
  221. "assembly": "System"
  222. },
  223. {
  224. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  225. "assembly": "System"
  226. },
  227. {
  228. "typename": "System.ComponentModel.EditorBrowsableState",
  229. "assembly": "System"
  230. },
  231. {
  232. "typename": "System.Configuration.ApplicationSettingsBase",
  233. "assembly": "System"
  234. },
  235. {
  236. "typename": "System.Configuration.DefaultSettingValueAttribute",
  237. "assembly": "System"
  238. },
  239. {
  240. "typename": "System.Configuration.SettingsBase",
  241. "assembly": "System"
  242. },
  243. {
  244. "typename": "System.Configuration.UserScopedSettingAttribute",
  245. "assembly": "System"
  246. },
  247. {
  248. "typename": "gdi32.Program",
  249. "assembly": "gdi32"
  250. },
  251. {
  252. "typename": "System.AppDomain",
  253. "assembly": "mscorlib"
  254. },
  255. {
  256. "typename": "System.Array",
  257. "assembly": "mscorlib"
  258. },
  259. {
  260. "typename": "System.AsyncCallback",
  261. "assembly": "mscorlib"
  262. },
  263. {
  264. "typename": "System.Boolean",
  265. "assembly": "mscorlib"
  266. },
  267. {
  268. "typename": "System.Buffer",
  269. "assembly": "mscorlib"
  270. },
  271. {
  272. "typename": "System.Byte",
  273. "assembly": "mscorlib"
  274. },
  275. {
  276. "typename": "System.Char",
  277. "assembly": "mscorlib"
  278. },
  279. {
  280. "typename": "System.CharEnumerator",
  281. "assembly": "mscorlib"
  282. },
  283. {
  284. "typename": "System.Collections.Generic.IEnumerable`1",
  285. "assembly": "mscorlib"
  286. },
  287. {
  288. "typename": "System.Collections.ICollection",
  289. "assembly": "mscorlib"
  290. },
  291. {
  292. "typename": "System.Console",
  293. "assembly": "mscorlib"
  294. },
  295. {
  296. "typename": "System.DBNull",
  297. "assembly": "mscorlib"
  298. },
  299. {
  300. "typename": "System.DateTime",
  301. "assembly": "mscorlib"
  302. },
  303. {
  304. "typename": "System.Delegate",
  305. "assembly": "mscorlib"
  306. },
  307. {
  308. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  309. "assembly": "mscorlib"
  310. },
  311. {
  312. "typename": "System.Enum",
  313. "assembly": "mscorlib"
  314. },
  315. {
  316. "typename": "System.Exception",
  317. "assembly": "mscorlib"
  318. },
  319. {
  320. "typename": "System.Globalization.CompareOptions",
  321. "assembly": "mscorlib"
  322. },
  323. {
  324. "typename": "System.Globalization.CultureInfo",
  325. "assembly": "mscorlib"
  326. },
  327. {
  328. "typename": "System.Globalization.NumberStyles",
  329. "assembly": "mscorlib"
  330. },
  331. {
  332. "typename": "System.Globalization.UnicodeCategory",
  333. "assembly": "mscorlib"
  334. },
  335. {
  336. "typename": "System.IAsyncResult",
  337. "assembly": "mscorlib"
  338. },
  339. {
  340. "typename": "System.IComparable",
  341. "assembly": "mscorlib"
  342. },
  343. {
  344. "typename": "System.IComparable`1",
  345. "assembly": "mscorlib"
  346. },
  347. {
  348. "typename": "System.IConvertible",
  349. "assembly": "mscorlib"
  350. },
  351. {
  352. "typename": "System.IFormatProvider",
  353. "assembly": "mscorlib"
  354. },
  355. {
  356. "typename": "System.Int16",
  357. "assembly": "mscorlib"
  358. },
  359. {
  360. "typename": "System.Int32",
  361. "assembly": "mscorlib"
  362. },
  363. {
  364. "typename": "System.Int64",
  365. "assembly": "mscorlib"
  366. },
  367. {
  368. "typename": "System.MulticastDelegate",
  369. "assembly": "mscorlib"
  370. },
  371. {
  372. "typename": "System.NotSupportedException",
  373. "assembly": "mscorlib"
  374. },
  375. {
  376. "typename": "System.Object",
  377. "assembly": "mscorlib"
  378. },
  379. {
  380. "typename": "System.Reflection.Assembly",
  381. "assembly": "mscorlib"
  382. },
  383. {
  384. "typename": "System.Reflection.AssemblyCompanyAttribute",
  385. "assembly": "mscorlib"
  386. },
  387. {
  388. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  389. "assembly": "mscorlib"
  390. },
  391. {
  392. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  393. "assembly": "mscorlib"
  394. },
  395. {
  396. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  397. "assembly": "mscorlib"
  398. },
  399. {
  400. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  401. "assembly": "mscorlib"
  402. },
  403. {
  404. "typename": "System.Reflection.AssemblyProductAttribute",
  405. "assembly": "mscorlib"
  406. },
  407. {
  408. "typename": "System.Reflection.AssemblyTitleAttribute",
  409. "assembly": "mscorlib"
  410. },
  411. {
  412. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  413. "assembly": "mscorlib"
  414. },
  415. {
  416. "typename": "System.Reflection.BindingFlags",
  417. "assembly": "mscorlib"
  418. },
  419. {
  420. "typename": "System.Reflection.CallingConventions",
  421. "assembly": "mscorlib"
  422. },
  423. {
  424. "typename": "System.Reflection.IReflect",
  425. "assembly": "mscorlib"
  426. },
  427. {
  428. "typename": "System.Reflection.MethodBase",
  429. "assembly": "mscorlib"
  430. },
  431. {
  432. "typename": "System.Reflection.MethodInfo",
  433. "assembly": "mscorlib"
  434. },
  435. {
  436. "typename": "System.Reflection.ParameterInfo",
  437. "assembly": "mscorlib"
  438. },
  439. {
  440. "typename": "System.Reflection.ParameterModifier",
  441. "assembly": "mscorlib"
  442. },
  443. {
  444. "typename": "System.Reflection.PropertyInfo",
  445. "assembly": "mscorlib"
  446. },
  447. {
  448. "typename": "System.ResolveEventArgs",
  449. "assembly": "mscorlib"
  450. },
  451. {
  452. "typename": "System.ResolveEventHandler",
  453. "assembly": "mscorlib"
  454. },
  455. {
  456. "typename": "System.Resources.ResourceManager",
  457. "assembly": "mscorlib"
  458. },
  459. {
  460. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  461. "assembly": "mscorlib"
  462. },
  463. {
  464. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  465. "assembly": "mscorlib"
  466. },
  467. {
  468. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  469. "assembly": "mscorlib"
  470. },
  471. {
  472. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  473. "assembly": "mscorlib"
  474. },
  475. {
  476. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  477. "assembly": "mscorlib"
  478. },
  479. {
  480. "typename": "System.Runtime.InteropServices.GuidAttribute",
  481. "assembly": "mscorlib"
  482. },
  483. {
  484. "typename": "System.Runtime.InteropServices._Type",
  485. "assembly": "mscorlib"
  486. },
  487. {
  488. "typename": "System.Runtime.Remoting.ObjectHandle",
  489. "assembly": "mscorlib"
  490. },
  491. {
  492. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  493. "assembly": "mscorlib"
  494. },
  495. {
  496. "typename": "System.RuntimeFieldHandle",
  497. "assembly": "mscorlib"
  498. },
  499. {
  500. "typename": "System.RuntimeTypeHandle",
  501. "assembly": "mscorlib"
  502. },
  503. {
  504. "typename": "System.SByte",
  505. "assembly": "mscorlib"
  506. },
  507. {
  508. "typename": "System.STAThreadAttribute",
  509. "assembly": "mscorlib"
  510. },
  511. {
  512. "typename": "System.String",
  513. "assembly": "mscorlib"
  514. },
  515. {
  516. "typename": "System.StringComparison",
  517. "assembly": "mscorlib"
  518. },
  519. {
  520. "typename": "System.StringSplitOptions",
  521. "assembly": "mscorlib"
  522. },
  523. {
  524. "typename": "System.Text.StringBuilder",
  525. "assembly": "mscorlib"
  526. },
  527. {
  528. "typename": "System.Threading.Thread",
  529. "assembly": "mscorlib"
  530. },
  531. {
  532. "typename": "System.TimeSpan",
  533. "assembly": "mscorlib"
  534. },
  535. {
  536. "typename": "System.Type",
  537. "assembly": "mscorlib"
  538. },
  539. {
  540. "typename": "System.TypeCode",
  541. "assembly": "mscorlib"
  542. },
  543. {
  544. "typename": "System.UInt16",
  545. "assembly": "mscorlib"
  546. },
  547. {
  548. "typename": "System.UInt32",
  549. "assembly": "mscorlib"
  550. },
  551. {
  552. "typename": "System.UInt64",
  553. "assembly": "mscorlib"
  554. },
  555. {
  556. "typename": "System.ValueType",
  557. "assembly": "mscorlib"
  558. },
  559. {
  560. "typename": "System.Void",
  561. "assembly": "mscorlib"
  562. }
  563. ]
  564. },
  565. "pe": {
  566. "peid_signatures": null,
  567. "imports": [
  568. {
  569. "imports": [
  570. {
  571. "name": "_CorExeMain",
  572. "address": "0x402000"
  573. }
  574. ],
  575. "dll": "mscoree.dll"
  576. }
  577. ],
  578. "digital_signers": null,
  579. "exported_dll_name": null,
  580. "actual_checksum": "0x0007b3dc",
  581. "overlay": null,
  582. "imagebase": "0x00400000",
  583. "reported_checksum": "0x00000000",
  584. "icon_hash": null,
  585. "entrypoint": "0x0046cace",
  586. "timestamp": "1981-10-08 13:10:29",
  587. "osversion": "4.0",
  588. "sections": [
  589. {
  590. "name": ".text",
  591. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  592. "virtual_address": "0x00002000",
  593. "size_of_data": "0x0006ac00",
  594. "entropy": "7.64",
  595. "raw_address": "0x00000200",
  596. "virtual_size": "0x0006aad4",
  597. "characteristics_raw": "0x60000020"
  598. },
  599. {
  600. "name": ".rsrc",
  601. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  602. "virtual_address": "0x0006e000",
  603. "size_of_data": "0x00000600",
  604. "entropy": "4.51",
  605. "raw_address": "0x0006ae00",
  606. "virtual_size": "0x00000600",
  607. "characteristics_raw": "0x40000040"
  608. },
  609. {
  610. "name": ".reloc",
  611. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  612. "virtual_address": "0x00070000",
  613. "size_of_data": "0x00000200",
  614. "entropy": "0.10",
  615. "raw_address": "0x0006b400",
  616. "virtual_size": "0x0000000c",
  617. "characteristics_raw": "0x42000040"
  618. }
  619. ],
  620. "resources": [],
  621. "dirents": [
  622. {
  623. "virtual_address": "0x00000000",
  624. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  625. "size": "0x00000000"
  626. },
  627. {
  628. "virtual_address": "0x0006ca7c",
  629. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  630. "size": "0x0000004f"
  631. },
  632. {
  633. "virtual_address": "0x0006e000",
  634. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  635. "size": "0x00000600"
  636. },
  637. {
  638. "virtual_address": "0x00000000",
  639. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  640. "size": "0x00000000"
  641. },
  642. {
  643. "virtual_address": "0x00000000",
  644. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  645. "size": "0x00000000"
  646. },
  647. {
  648. "virtual_address": "0x00070000",
  649. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  650. "size": "0x0000000c"
  651. },
  652. {
  653. "virtual_address": "0x00000000",
  654. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  655. "size": "0x00000000"
  656. },
  657. {
  658. "virtual_address": "0x00000000",
  659. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  660. "size": "0x00000000"
  661. },
  662. {
  663. "virtual_address": "0x00000000",
  664. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  665. "size": "0x00000000"
  666. },
  667. {
  668. "virtual_address": "0x00000000",
  669. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  670. "size": "0x00000000"
  671. },
  672. {
  673. "virtual_address": "0x00000000",
  674. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  675. "size": "0x00000000"
  676. },
  677. {
  678. "virtual_address": "0x00000000",
  679. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  680. "size": "0x00000000"
  681. },
  682. {
  683. "virtual_address": "0x00002000",
  684. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  685. "size": "0x00000008"
  686. },
  687. {
  688. "virtual_address": "0x00000000",
  689. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  690. "size": "0x00000000"
  691. },
  692. {
  693. "virtual_address": "0x00002008",
  694. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  695. "size": "0x00000048"
  696. },
  697. {
  698. "virtual_address": "0x00000000",
  699. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  700. "size": "0x00000000"
  701. }
  702. ],
  703. "exports": [],
  704. "guest_signers": {},
  705. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  706. "icon_fuzzy": null,
  707. "icon": null,
  708. "pdbpath": null,
  709. "imported_dll_count": 1,
  710. "versioninfo": []
  711. }
  712. }
  713.  
  714. [*] Resolved APIs: [
  715. "advapi32.dll.RegOpenKeyExW",
  716. "advapi32.dll.RegQueryInfoKeyW",
  717. "advapi32.dll.RegEnumKeyExW",
  718. "advapi32.dll.RegEnumValueW",
  719. "advapi32.dll.RegCloseKey",
  720. "advapi32.dll.RegQueryValueExW",
  721. "kernel32.dll.QueryActCtxW",
  722. "shlwapi.dll.UrlIsW"
  723. ]
  724.  
  725. [*] Static Analysis: {
  726. "dotnet": {
  727. "customattrs": [
  728. {
  729. "type": "Assembly",
  730. "name": "[mscorlib]System.Reflection.AssemblyFileVersionAttribute",
  731. "value": "1.1.1"
  732. },
  733. {
  734. "type": "Assembly",
  735. "name": "[mscorlib]System.Runtime.InteropServices.GuidAttribute",
  736. "value": "2b166653-633b-427e-a3fa-65024403bf"
  737. },
  738. {
  739. "type": "Assembly",
  740. "name": "[mscorlib]System.Reflection.AssemblyTitleAttribute",
  741. "value": "iwotom"
  742. },
  743. {
  744. "type": "Assembly",
  745. "name": "[mscorlib]System.Reflection.AssemblyProductAttribute",
  746. "value": "iwotom"
  747. },
  748. {
  749. "type": "Assembly",
  750. "name": "[mscorlib]System.Reflection.AssemblyCopyrightAttribute",
  751. "value": "Copyright \\xc2\\xa9 20"
  752. },
  753. {
  754. "type": "Assembly",
  755. "name": "[mscorlib]System.Reflection.AssemblyCompanyAttribute",
  756. "value": "efogagutacebek"
  757. },
  758. {
  759. "type": "Assembly",
  760. "name": "[mscorlib]System.Reflection.AssemblyDescriptionAttribute",
  761. "value": "emufujucigiw"
  762. },
  763. {
  764. "type": "Property",
  765. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  766. "value": ""
  767. },
  768. {
  769. "type": "Property",
  770. "name": "[System]System.Configuration.DefaultSettingValueAttribute",
  771. "value": "10"
  772. }
  773. ],
  774. "assemblyinfo": {
  775. "version": "1.0.0.0",
  776. "name": "baLCkYOjvvQjtwbWalfXcfOtZJUg54wGC7fffZY85WWZacyHZPaQEQ=="
  777. },
  778. "assemblyrefs": [
  779. {
  780. "version": "4.0.0.0",
  781. "name": "mscorlib"
  782. },
  783. {
  784. "version": "4.0.0.0",
  785. "name": "System"
  786. },
  787. {
  788. "version": "1.0.0.1",
  789. "name": "gdi32"
  790. }
  791. ],
  792. "typerefs": [
  793. {
  794. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  795. "assembly": "System"
  796. },
  797. {
  798. "typename": "System.Collections.Specialized.StringDictionary",
  799. "assembly": "System"
  800. },
  801. {
  802. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  803. "assembly": "System"
  804. },
  805. {
  806. "typename": "System.ComponentModel.EditorBrowsableState",
  807. "assembly": "System"
  808. },
  809. {
  810. "typename": "System.Configuration.ApplicationSettingsBase",
  811. "assembly": "System"
  812. },
  813. {
  814. "typename": "System.Configuration.DefaultSettingValueAttribute",
  815. "assembly": "System"
  816. },
  817. {
  818. "typename": "System.Configuration.SettingsBase",
  819. "assembly": "System"
  820. },
  821. {
  822. "typename": "System.Configuration.UserScopedSettingAttribute",
  823. "assembly": "System"
  824. },
  825. {
  826. "typename": "gdi32.Program",
  827. "assembly": "gdi32"
  828. },
  829. {
  830. "typename": "System.AppDomain",
  831. "assembly": "mscorlib"
  832. },
  833. {
  834. "typename": "System.Array",
  835. "assembly": "mscorlib"
  836. },
  837. {
  838. "typename": "System.AsyncCallback",
  839. "assembly": "mscorlib"
  840. },
  841. {
  842. "typename": "System.Boolean",
  843. "assembly": "mscorlib"
  844. },
  845. {
  846. "typename": "System.Buffer",
  847. "assembly": "mscorlib"
  848. },
  849. {
  850. "typename": "System.Byte",
  851. "assembly": "mscorlib"
  852. },
  853. {
  854. "typename": "System.Char",
  855. "assembly": "mscorlib"
  856. },
  857. {
  858. "typename": "System.CharEnumerator",
  859. "assembly": "mscorlib"
  860. },
  861. {
  862. "typename": "System.Collections.Generic.IEnumerable`1",
  863. "assembly": "mscorlib"
  864. },
  865. {
  866. "typename": "System.Collections.ICollection",
  867. "assembly": "mscorlib"
  868. },
  869. {
  870. "typename": "System.Console",
  871. "assembly": "mscorlib"
  872. },
  873. {
  874. "typename": "System.DBNull",
  875. "assembly": "mscorlib"
  876. },
  877. {
  878. "typename": "System.DateTime",
  879. "assembly": "mscorlib"
  880. },
  881. {
  882. "typename": "System.Delegate",
  883. "assembly": "mscorlib"
  884. },
  885. {
  886. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  887. "assembly": "mscorlib"
  888. },
  889. {
  890. "typename": "System.Enum",
  891. "assembly": "mscorlib"
  892. },
  893. {
  894. "typename": "System.Exception",
  895. "assembly": "mscorlib"
  896. },
  897. {
  898. "typename": "System.Globalization.CompareOptions",
  899. "assembly": "mscorlib"
  900. },
  901. {
  902. "typename": "System.Globalization.CultureInfo",
  903. "assembly": "mscorlib"
  904. },
  905. {
  906. "typename": "System.Globalization.NumberStyles",
  907. "assembly": "mscorlib"
  908. },
  909. {
  910. "typename": "System.Globalization.UnicodeCategory",
  911. "assembly": "mscorlib"
  912. },
  913. {
  914. "typename": "System.IAsyncResult",
  915. "assembly": "mscorlib"
  916. },
  917. {
  918. "typename": "System.IComparable",
  919. "assembly": "mscorlib"
  920. },
  921. {
  922. "typename": "System.IComparable`1",
  923. "assembly": "mscorlib"
  924. },
  925. {
  926. "typename": "System.IConvertible",
  927. "assembly": "mscorlib"
  928. },
  929. {
  930. "typename": "System.IFormatProvider",
  931. "assembly": "mscorlib"
  932. },
  933. {
  934. "typename": "System.Int16",
  935. "assembly": "mscorlib"
  936. },
  937. {
  938. "typename": "System.Int32",
  939. "assembly": "mscorlib"
  940. },
  941. {
  942. "typename": "System.Int64",
  943. "assembly": "mscorlib"
  944. },
  945. {
  946. "typename": "System.MulticastDelegate",
  947. "assembly": "mscorlib"
  948. },
  949. {
  950. "typename": "System.NotSupportedException",
  951. "assembly": "mscorlib"
  952. },
  953. {
  954. "typename": "System.Object",
  955. "assembly": "mscorlib"
  956. },
  957. {
  958. "typename": "System.Reflection.Assembly",
  959. "assembly": "mscorlib"
  960. },
  961. {
  962. "typename": "System.Reflection.AssemblyCompanyAttribute",
  963. "assembly": "mscorlib"
  964. },
  965. {
  966. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  967. "assembly": "mscorlib"
  968. },
  969. {
  970. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  971. "assembly": "mscorlib"
  972. },
  973. {
  974. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  975. "assembly": "mscorlib"
  976. },
  977. {
  978. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  979. "assembly": "mscorlib"
  980. },
  981. {
  982. "typename": "System.Reflection.AssemblyProductAttribute",
  983. "assembly": "mscorlib"
  984. },
  985. {
  986. "typename": "System.Reflection.AssemblyTitleAttribute",
  987. "assembly": "mscorlib"
  988. },
  989. {
  990. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  991. "assembly": "mscorlib"
  992. },
  993. {
  994. "typename": "System.Reflection.BindingFlags",
  995. "assembly": "mscorlib"
  996. },
  997. {
  998. "typename": "System.Reflection.CallingConventions",
  999. "assembly": "mscorlib"
  1000. },
  1001. {
  1002. "typename": "System.Reflection.IReflect",
  1003. "assembly": "mscorlib"
  1004. },
  1005. {
  1006. "typename": "System.Reflection.MethodBase",
  1007. "assembly": "mscorlib"
  1008. },
  1009. {
  1010. "typename": "System.Reflection.MethodInfo",
  1011. "assembly": "mscorlib"
  1012. },
  1013. {
  1014. "typename": "System.Reflection.ParameterInfo",
  1015. "assembly": "mscorlib"
  1016. },
  1017. {
  1018. "typename": "System.Reflection.ParameterModifier",
  1019. "assembly": "mscorlib"
  1020. },
  1021. {
  1022. "typename": "System.Reflection.PropertyInfo",
  1023. "assembly": "mscorlib"
  1024. },
  1025. {
  1026. "typename": "System.ResolveEventArgs",
  1027. "assembly": "mscorlib"
  1028. },
  1029. {
  1030. "typename": "System.ResolveEventHandler",
  1031. "assembly": "mscorlib"
  1032. },
  1033. {
  1034. "typename": "System.Resources.ResourceManager",
  1035. "assembly": "mscorlib"
  1036. },
  1037. {
  1038. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1039. "assembly": "mscorlib"
  1040. },
  1041. {
  1042. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1043. "assembly": "mscorlib"
  1044. },
  1045. {
  1046. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1047. "assembly": "mscorlib"
  1048. },
  1049. {
  1050. "typename": "System.Runtime.CompilerServices.RuntimeHelpers",
  1051. "assembly": "mscorlib"
  1052. },
  1053. {
  1054. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1055. "assembly": "mscorlib"
  1056. },
  1057. {
  1058. "typename": "System.Runtime.InteropServices.GuidAttribute",
  1059. "assembly": "mscorlib"
  1060. },
  1061. {
  1062. "typename": "System.Runtime.InteropServices._Type",
  1063. "assembly": "mscorlib"
  1064. },
  1065. {
  1066. "typename": "System.Runtime.Remoting.ObjectHandle",
  1067. "assembly": "mscorlib"
  1068. },
  1069. {
  1070. "typename": "System.Runtime.Versioning.TargetFrameworkAttribute",
  1071. "assembly": "mscorlib"
  1072. },
  1073. {
  1074. "typename": "System.RuntimeFieldHandle",
  1075. "assembly": "mscorlib"
  1076. },
  1077. {
  1078. "typename": "System.RuntimeTypeHandle",
  1079. "assembly": "mscorlib"
  1080. },
  1081. {
  1082. "typename": "System.SByte",
  1083. "assembly": "mscorlib"
  1084. },
  1085. {
  1086. "typename": "System.STAThreadAttribute",
  1087. "assembly": "mscorlib"
  1088. },
  1089. {
  1090. "typename": "System.String",
  1091. "assembly": "mscorlib"
  1092. },
  1093. {
  1094. "typename": "System.StringComparison",
  1095. "assembly": "mscorlib"
  1096. },
  1097. {
  1098. "typename": "System.StringSplitOptions",
  1099. "assembly": "mscorlib"
  1100. },
  1101. {
  1102. "typename": "System.Text.StringBuilder",
  1103. "assembly": "mscorlib"
  1104. },
  1105. {
  1106. "typename": "System.Threading.Thread",
  1107. "assembly": "mscorlib"
  1108. },
  1109. {
  1110. "typename": "System.TimeSpan",
  1111. "assembly": "mscorlib"
  1112. },
  1113. {
  1114. "typename": "System.Type",
  1115. "assembly": "mscorlib"
  1116. },
  1117. {
  1118. "typename": "System.TypeCode",
  1119. "assembly": "mscorlib"
  1120. },
  1121. {
  1122. "typename": "System.UInt16",
  1123. "assembly": "mscorlib"
  1124. },
  1125. {
  1126. "typename": "System.UInt32",
  1127. "assembly": "mscorlib"
  1128. },
  1129. {
  1130. "typename": "System.UInt64",
  1131. "assembly": "mscorlib"
  1132. },
  1133. {
  1134. "typename": "System.ValueType",
  1135. "assembly": "mscorlib"
  1136. },
  1137. {
  1138. "typename": "System.Void",
  1139. "assembly": "mscorlib"
  1140. }
  1141. ]
  1142. },
  1143. "pe": {
  1144. "peid_signatures": null,
  1145. "imports": [
  1146. {
  1147. "imports": [
  1148. {
  1149. "name": "_CorExeMain",
  1150. "address": "0x402000"
  1151. }
  1152. ],
  1153. "dll": "mscoree.dll"
  1154. }
  1155. ],
  1156. "digital_signers": null,
  1157. "exported_dll_name": null,
  1158. "actual_checksum": "0x0007b3dc",
  1159. "overlay": null,
  1160. "imagebase": "0x00400000",
  1161. "reported_checksum": "0x00000000",
  1162. "icon_hash": null,
  1163. "entrypoint": "0x0046cace",
  1164. "timestamp": "1981-10-08 13:10:29",
  1165. "osversion": "4.0",
  1166. "sections": [
  1167. {
  1168. "name": ".text",
  1169. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1170. "virtual_address": "0x00002000",
  1171. "size_of_data": "0x0006ac00",
  1172. "entropy": "7.64",
  1173. "raw_address": "0x00000200",
  1174. "virtual_size": "0x0006aad4",
  1175. "characteristics_raw": "0x60000020"
  1176. },
  1177. {
  1178. "name": ".rsrc",
  1179. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1180. "virtual_address": "0x0006e000",
  1181. "size_of_data": "0x00000600",
  1182. "entropy": "4.51",
  1183. "raw_address": "0x0006ae00",
  1184. "virtual_size": "0x00000600",
  1185. "characteristics_raw": "0x40000040"
  1186. },
  1187. {
  1188. "name": ".reloc",
  1189. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1190. "virtual_address": "0x00070000",
  1191. "size_of_data": "0x00000200",
  1192. "entropy": "0.10",
  1193. "raw_address": "0x0006b400",
  1194. "virtual_size": "0x0000000c",
  1195. "characteristics_raw": "0x42000040"
  1196. }
  1197. ],
  1198. "resources": [],
  1199. "dirents": [
  1200. {
  1201. "virtual_address": "0x00000000",
  1202. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1203. "size": "0x00000000"
  1204. },
  1205. {
  1206. "virtual_address": "0x0006ca7c",
  1207. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1208. "size": "0x0000004f"
  1209. },
  1210. {
  1211. "virtual_address": "0x0006e000",
  1212. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1213. "size": "0x00000600"
  1214. },
  1215. {
  1216. "virtual_address": "0x00000000",
  1217. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1218. "size": "0x00000000"
  1219. },
  1220. {
  1221. "virtual_address": "0x00000000",
  1222. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1223. "size": "0x00000000"
  1224. },
  1225. {
  1226. "virtual_address": "0x00070000",
  1227. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1228. "size": "0x0000000c"
  1229. },
  1230. {
  1231. "virtual_address": "0x00000000",
  1232. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1233. "size": "0x00000000"
  1234. },
  1235. {
  1236. "virtual_address": "0x00000000",
  1237. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1238. "size": "0x00000000"
  1239. },
  1240. {
  1241. "virtual_address": "0x00000000",
  1242. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1243. "size": "0x00000000"
  1244. },
  1245. {
  1246. "virtual_address": "0x00000000",
  1247. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1248. "size": "0x00000000"
  1249. },
  1250. {
  1251. "virtual_address": "0x00000000",
  1252. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1253. "size": "0x00000000"
  1254. },
  1255. {
  1256. "virtual_address": "0x00000000",
  1257. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1258. "size": "0x00000000"
  1259. },
  1260. {
  1261. "virtual_address": "0x00002000",
  1262. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1263. "size": "0x00000008"
  1264. },
  1265. {
  1266. "virtual_address": "0x00000000",
  1267. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1268. "size": "0x00000000"
  1269. },
  1270. {
  1271. "virtual_address": "0x00002008",
  1272. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1273. "size": "0x00000048"
  1274. },
  1275. {
  1276. "virtual_address": "0x00000000",
  1277. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1278. "size": "0x00000000"
  1279. }
  1280. ],
  1281. "exports": [],
  1282. "guest_signers": {},
  1283. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1284. "icon_fuzzy": null,
  1285. "icon": null,
  1286. "pdbpath": null,
  1287. "imported_dll_count": 1,
  1288. "versioninfo": []
  1289. }
  1290. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!