API tools faq
paste
Advertisement
paladin316

Exes_117493f7c493ed91c5c6d38a8d4869f9_exe_json.json

paladin316
Jun 17th, 2019
1,419
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.71 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Androm"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe"
  7. [*] File Size: 1520392
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "5c4fa4eeac85fa15c0037c7d8d91257d26e1048535b2943e68519278abf02472"
  10. [*] MD5: "117493f7c493ed91c5c6d38a8d4869f9"
  11. [*] SHA1: "7a0ee7ddaa954731aaac2bca2015e71163d1766d"
  12. [*] SHA512: "e48ea6019d6c05b300000434489707fdb6633cc13491bafa741839f2437e7e6aac9084588c91a1174873e446a4bf9e51b725fd362658cb929be4b915c619a41b"
  13. [*] CRC32: "3B2BEF8A"
  14. [*] SSDEEP: "6144:MMyOMNGbntdQ45lHXRX4bCfCy1S8JZCnipYzvKuDqNx:MM0SdQ4b3ZHxY8JZCnipgi"
  15.  
  16. [*] Process Execution: [
  17. "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. },
  25. {
  26. "Description": "Performs some HTTP requests",
  27. "Details": [
  28. {
  29. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  30. },
  31. {
  32. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  33. },
  34. {
  35. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  36. }
  37. ]
  38. },
  39. {
  40. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  41. "Details": [
  42. {
  43. "Spam": "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe (2620) called API CreateProcessInternalW 41249 times"
  44. },
  45. {
  46. "Spam": "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe (2620) called API GetLocalTime 86884 times"
  47. }
  48. ]
  49. },
  50. {
  51. "Description": "File has been identified by 47 Antiviruses on VirusTotal as malicious",
  52. "Details": [
  53. {
  54. "MicroWorld-eScan": "Trojan.GenericKD.32049838"
  55. },
  56. {
  57. "FireEye": "Trojan.GenericKD.32049838"
  58. },
  59. {
  60. "ALYac": "Trojan.GenericKD.32049838"
  61. },
  62. {
  63. "Cylance": "Unsafe"
  64. },
  65. {
  66. "BitDefender": "Trojan.GenericKD.32049838"
  67. },
  68. {
  69. "K7GW": "Trojan ( 0054fe4d1 )"
  70. },
  71. {
  72. "K7AntiVirus": "Trojan ( 0054fe4d1 )"
  73. },
  74. {
  75. "TrendMicro": "TROJ_GEN.R002C0RFB19"
  76. },
  77. {
  78. "Cyren": "W32/Trojan.ENLV-3738"
  79. },
  80. {
  81. "Symantec": "Trojan.Gen.MBT"
  82. },
  83. {
  84. "ClamAV": "Win.Trojan.Gamarue-6990922-0"
  85. },
  86. {
  87. "Kaspersky": "Backdoor.Win32.Androm.snjk"
  88. },
  89. {
  90. "Alibaba": "Trojan:Win32/GenKryptik.978db827"
  91. },
  92. {
  93. "NANO-Antivirus": "Trojan.Win32.Androm.fremrk"
  94. },
  95. {
  96. "ViRobot": "Backdoor.Win32.Androm.1520392"
  97. },
  98. {
  99. "AegisLab": "Trojan.Win32.Androm.4!c"
  100. },
  101. {
  102. "Rising": "Backdoor.Androm!8.113 (CLOUD)"
  103. },
  104. {
  105. "Ad-Aware": "Trojan.GenericKD.32049838"
  106. },
  107. {
  108. "Emsisoft": "Trojan.GenericKD.32049838 (B)"
  109. },
  110. {
  111. "Comodo": "Malware@#1ztfyalqgbe9r"
  112. },
  113. {
  114. "F-Secure": "Trojan.TR/AD.LokiBot.jfu"
  115. },
  116. {
  117. "DrWeb": "Trojan.PWS.Siggen2.17664"
  118. },
  119. {
  120. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.tz"
  121. },
  122. {
  123. "Fortinet": "W32/Injector.EFXI!tr"
  124. },
  125. {
  126. "Sophos": "Mal/FareitVB-N"
  127. },
  128. {
  129. "Ikarus": "Trojan.Win32.Injector"
  130. },
  131. {
  132. "Endgame": "malicious (high confidence)"
  133. },
  134. {
  135. "Avira": "TR/AD.LokiBot.jfu"
  136. },
  137. {
  138. "MAX": "malware (ai score=100)"
  139. },
  140. {
  141. "Arcabit": "Trojan.Generic.D1E90AAE"
  142. },
  143. {
  144. "AhnLab-V3": "Trojan/Win32.Androm.C3288402"
  145. },
  146. {
  147. "ZoneAlarm": "Backdoor.Win32.Androm.snjk"
  148. },
  149. {
  150. "Microsoft": "Program:Win32/Uwamson.A!ml"
  151. },
  152. {
  153. "ESET-NOD32": "a variant of Win32/Injector.EFXU"
  154. },
  155. {
  156. "McAfee": "Artemis!117493F7C493"
  157. },
  158. {
  159. "VBA32": "TScope.Trojan.VB"
  160. },
  161. {
  162. "Panda": "Trj/GdSda.A"
  163. },
  164. {
  165. "TrendMicro-HouseCall": "TROJ_GEN.R002C0RFB19"
  166. },
  167. {
  168. "Tencent": "Win32.Backdoor.Lokibot.Auto"
  169. },
  170. {
  171. "Yandex": "Backdoor.Androm!b88DcGt0x/w"
  172. },
  173. {
  174. "eGambit": "PE.Heur.InvalidSig"
  175. },
  176. {
  177. "GData": "Trojan.GenericKD.32049838"
  178. },
  179. {
  180. "AVG": "Win32:Malware-gen"
  181. },
  182. {
  183. "Cybereason": "malicious.7c493e"
  184. },
  185. {
  186. "Avast": "Win32:Malware-gen"
  187. },
  188. {
  189. "CrowdStrike": "win/malicious_confidence_70% (W)"
  190. },
  191. {
  192. "Qihoo-360": "Win32/Backdoor.25c"
  193. }
  194. ]
  195. }
  196. ]
  197.  
  198. [*] Started Service: []
  199.  
  200. [*] Executed Commands: [
  201. "\\x01C:\\Users\\user\\AppData\\Local\\Temp\\Exes_117493f7c493ed91c5c6d38a8d4869f9.exe\""
  202. ]
  203.  
  204. [*] Mutexes: [
  205. "CicLoadWinStaWinSta0",
  206. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
  207. ]
  208.  
  209. [*] Modified Files: [
  210. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF12E7CEE597FE2ADB.TMP"
  211. ]
  212.  
  213. [*] Deleted Files: []
  214.  
  215. [*] Modified Registry Keys: []
  216.  
  217. [*] Deleted Registry Keys: []
  218.  
  219. [*] DNS Communications: []
  220.  
  221. [*] Domains: []
  222.  
  223. [*] Network Communication - ICMP: []
  224.  
  225. [*] Network Communication - HTTP: [
  226. {
  227. "count": 1,
  228. "body": "",
  229. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  230. "user-agent": "Microsoft-CryptoAPI/6.1",
  231. "method": "GET",
  232. "host": "ocsp.digicert.com",
  233. "version": "1.1",
  234. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  235. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  236. "port": 80
  237. },
  238. {
  239. "count": 1,
  240. "body": "",
  241. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  242. "user-agent": "Microsoft-CryptoAPI/6.1",
  243. "method": "GET",
  244. "host": "ocsp.digicert.com",
  245. "version": "1.1",
  246. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  247. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  248. "port": 80
  249. },
  250. {
  251. "count": 1,
  252. "body": "",
  253. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  254. "user-agent": "Microsoft-CryptoAPI/6.1",
  255. "method": "GET",
  256. "host": "ocsp.digicert.com",
  257. "version": "1.1",
  258. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  259. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  260. "port": 80
  261. }
  262. ]
  263.  
  264. [*] Network Communication - SMTP: []
  265.  
  266. [*] Network Communication - Hosts: []
  267.  
  268. [*] Network Communication - IRC: []
  269.  
  270. [*] Static Analysis: {
  271. "pe": {
  272. "peid_signatures": null,
  273. "imports": [
  274. {
  275. "imports": [
  276. {
  277. "name": null,
  278. "address": "0x401000"
  279. },
  280. {
  281. "name": "_CIcos",
  282. "address": "0x401004"
  283. },
  284. {
  285. "name": "_adj_fptan",
  286. "address": "0x401008"
  287. },
  288. {
  289. "name": "__vbaVarMove",
  290. "address": "0x40100c"
  291. },
  292. {
  293. "name": "__vbaStrI4",
  294. "address": "0x401010"
  295. },
  296. {
  297. "name": null,
  298. "address": "0x401014"
  299. },
  300. {
  301. "name": "__vbaFreeVar",
  302. "address": "0x401018"
  303. },
  304. {
  305. "name": null,
  306. "address": "0x40101c"
  307. },
  308. {
  309. "name": "__vbaStrVarMove",
  310. "address": "0x401020"
  311. },
  312. {
  313. "name": "__vbaFreeVarList",
  314. "address": "0x401024"
  315. },
  316. {
  317. "name": "_adj_fdiv_m64",
  318. "address": "0x401028"
  319. },
  320. {
  321. "name": null,
  322. "address": "0x40102c"
  323. },
  324. {
  325. "name": "__vbaFpCDblR8",
  326. "address": "0x401030"
  327. },
  328. {
  329. "name": "__vbaStrErrVarCopy",
  330. "address": "0x401034"
  331. },
  332. {
  333. "name": "_adj_fprem1",
  334. "address": "0x401038"
  335. },
  336. {
  337. "name": null,
  338. "address": "0x40103c"
  339. },
  340. {
  341. "name": "__vbaStrCat",
  342. "address": "0x401040"
  343. },
  344. {
  345. "name": "__vbaSetSystemError",
  346. "address": "0x401044"
  347. },
  348. {
  349. "name": "__vbaHresultCheckObj",
  350. "address": "0x401048"
  351. },
  352. {
  353. "name": "_adj_fdiv_m32",
  354. "address": "0x40104c"
  355. },
  356. {
  357. "name": null,
  358. "address": "0x401050"
  359. },
  360. {
  361. "name": "__vbaAryDestruct",
  362. "address": "0x401054"
  363. },
  364. {
  365. "name": null,
  366. "address": "0x401058"
  367. },
  368. {
  369. "name": null,
  370. "address": "0x40105c"
  371. },
  372. {
  373. "name": "__vbaObjSet",
  374. "address": "0x401060"
  375. },
  376. {
  377. "name": "_adj_fdiv_m16i",
  378. "address": "0x401064"
  379. },
  380. {
  381. "name": "__vbaObjSetAddref",
  382. "address": "0x401068"
  383. },
  384. {
  385. "name": "_adj_fdivr_m16i",
  386. "address": "0x40106c"
  387. },
  388. {
  389. "name": null,
  390. "address": "0x401070"
  391. },
  392. {
  393. "name": "_CIsin",
  394. "address": "0x401074"
  395. },
  396. {
  397. "name": null,
  398. "address": "0x401078"
  399. },
  400. {
  401. "name": null,
  402. "address": "0x40107c"
  403. },
  404. {
  405. "name": "__vbaChkstk",
  406. "address": "0x401080"
  407. },
  408. {
  409. "name": "__vbaFileClose",
  410. "address": "0x401084"
  411. },
  412. {
  413. "name": null,
  414. "address": "0x401088"
  415. },
  416. {
  417. "name": "EVENT_SINK_AddRef",
  418. "address": "0x40108c"
  419. },
  420. {
  421. "name": null,
  422. "address": "0x401090"
  423. },
  424. {
  425. "name": "__vbaVarTstEq",
  426. "address": "0x401094"
  427. },
  428. {
  429. "name": null,
  430. "address": "0x401098"
  431. },
  432. {
  433. "name": "DllFunctionCall",
  434. "address": "0x40109c"
  435. },
  436. {
  437. "name": null,
  438. "address": "0x4010a0"
  439. },
  440. {
  441. "name": "_adj_fpatan",
  442. "address": "0x4010a4"
  443. },
  444. {
  445. "name": "__vbaLateIdCallLd",
  446. "address": "0x4010a8"
  447. },
  448. {
  449. "name": "__vbaRedim",
  450. "address": "0x4010ac"
  451. },
  452. {
  453. "name": null,
  454. "address": "0x4010b0"
  455. },
  456. {
  457. "name": "EVENT_SINK_Release",
  458. "address": "0x4010b4"
  459. },
  460. {
  461. "name": "_CIsqrt",
  462. "address": "0x4010b8"
  463. },
  464. {
  465. "name": "EVENT_SINK_QueryInterface",
  466. "address": "0x4010bc"
  467. },
  468. {
  469. "name": "__vbaUI1I4",
  470. "address": "0x4010c0"
  471. },
  472. {
  473. "name": "__vbaExceptHandler",
  474. "address": "0x4010c4"
  475. },
  476. {
  477. "name": "__vbaStrToUnicode",
  478. "address": "0x4010c8"
  479. },
  480. {
  481. "name": null,
  482. "address": "0x4010cc"
  483. },
  484. {
  485. "name": "_adj_fprem",
  486. "address": "0x4010d0"
  487. },
  488. {
  489. "name": "_adj_fdivr_m64",
  490. "address": "0x4010d4"
  491. },
  492. {
  493. "name": null,
  494. "address": "0x4010d8"
  495. },
  496. {
  497. "name": null,
  498. "address": "0x4010dc"
  499. },
  500. {
  501. "name": null,
  502. "address": "0x4010e0"
  503. },
  504. {
  505. "name": "__vbaFPException",
  506. "address": "0x4010e4"
  507. },
  508. {
  509. "name": "__vbaInStrVar",
  510. "address": "0x4010e8"
  511. },
  512. {
  513. "name": "__vbaStrVarVal",
  514. "address": "0x4010ec"
  515. },
  516. {
  517. "name": "__vbaVarCat",
  518. "address": "0x4010f0"
  519. },
  520. {
  521. "name": "__vbaI2Var",
  522. "address": "0x4010f4"
  523. },
  524. {
  525. "name": null,
  526. "address": "0x4010f8"
  527. },
  528. {
  529. "name": "_CIlog",
  530. "address": "0x4010fc"
  531. },
  532. {
  533. "name": null,
  534. "address": "0x401100"
  535. },
  536. {
  537. "name": "__vbaErrorOverflow",
  538. "address": "0x401104"
  539. },
  540. {
  541. "name": "__vbaFileOpen",
  542. "address": "0x401108"
  543. },
  544. {
  545. "name": null,
  546. "address": "0x40110c"
  547. },
  548. {
  549. "name": "__vbaNew2",
  550. "address": "0x401110"
  551. },
  552. {
  553. "name": "__vbaInStr",
  554. "address": "0x401114"
  555. },
  556. {
  557. "name": "_adj_fdiv_m32i",
  558. "address": "0x401118"
  559. },
  560. {
  561. "name": "_adj_fdivr_m32i",
  562. "address": "0x40111c"
  563. },
  564. {
  565. "name": "__vbaStrCopy",
  566. "address": "0x401120"
  567. },
  568. {
  569. "name": "__vbaFreeStrList",
  570. "address": "0x401124"
  571. },
  572. {
  573. "name": "__vbaDerefAry1",
  574. "address": "0x401128"
  575. },
  576. {
  577. "name": "_adj_fdivr_m32",
  578. "address": "0x40112c"
  579. },
  580. {
  581. "name": "_adj_fdiv_r",
  582. "address": "0x401130"
  583. },
  584. {
  585. "name": null,
  586. "address": "0x401134"
  587. },
  588. {
  589. "name": "__vbaI4Var",
  590. "address": "0x401138"
  591. },
  592. {
  593. "name": "__vbaInStrB",
  594. "address": "0x40113c"
  595. },
  596. {
  597. "name": "__vbaStrToAnsi",
  598. "address": "0x401140"
  599. },
  600. {
  601. "name": "__vbaStrComp",
  602. "address": "0x401144"
  603. },
  604. {
  605. "name": "__vbaVarDup",
  606. "address": "0x401148"
  607. },
  608. {
  609. "name": null,
  610. "address": "0x40114c"
  611. },
  612. {
  613. "name": "__vbaFpI4",
  614. "address": "0x401150"
  615. },
  616. {
  617. "name": "__vbaR8IntI2",
  618. "address": "0x401154"
  619. },
  620. {
  621. "name": null,
  622. "address": "0x401158"
  623. },
  624. {
  625. "name": "_CIatan",
  626. "address": "0x40115c"
  627. },
  628. {
  629. "name": "__vbaStrMove",
  630. "address": "0x401160"
  631. },
  632. {
  633. "name": "__vbaCastObj",
  634. "address": "0x401164"
  635. },
  636. {
  637. "name": null,
  638. "address": "0x401168"
  639. },
  640. {
  641. "name": "__vbaR8IntI4",
  642. "address": "0x40116c"
  643. },
  644. {
  645. "name": null,
  646. "address": "0x401170"
  647. },
  648. {
  649. "name": "_allmul",
  650. "address": "0x401174"
  651. },
  652. {
  653. "name": null,
  654. "address": "0x401178"
  655. },
  656. {
  657. "name": "_CItan",
  658. "address": "0x40117c"
  659. },
  660. {
  661. "name": null,
  662. "address": "0x401180"
  663. },
  664. {
  665. "name": "_CIexp",
  666. "address": "0x401184"
  667. },
  668. {
  669. "name": "__vbaFreeStr",
  670. "address": "0x401188"
  671. },
  672. {
  673. "name": "__vbaFreeObj",
  674. "address": "0x40118c"
  675. },
  676. {
  677. "name": null,
  678. "address": "0x401190"
  679. }
  680. ],
  681. "dll": "MSVBVM60.DLL"
  682. }
  683. ],
  684. "digital_signers": null,
  685. "exported_dll_name": null,
  686. "actual_checksum": "0x0017e089",
  687. "overlay": {
  688. "size": "0x00003308",
  689. "offset": "0x00170000"
  690. },
  691. "imagebase": "0x00400000",
  692. "reported_checksum": "0x0017e089",
  693. "icon_hash": null,
  694. "entrypoint": "0x004014a0",
  695. "timestamp": "2011-06-23 15:54:43",
  696. "osversion": "4.0",
  697. "sections": [
  698. {
  699. "name": ".text",
  700. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  701. "virtual_address": "0x00001000",
  702. "size_of_data": "0x00112000",
  703. "entropy": "2.18",
  704. "raw_address": "0x00001000",
  705. "virtual_size": "0x001113b4",
  706. "characteristics_raw": "0x60000020"
  707. },
  708. {
  709. "name": ".data",
  710. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  711. "virtual_address": "0x00113000",
  712. "size_of_data": "0x00001000",
  713. "entropy": "0.00",
  714. "raw_address": "0x00113000",
  715. "virtual_size": "0x00000af0",
  716. "characteristics_raw": "0xc0000040"
  717. },
  718. {
  719. "name": ".rsrc",
  720. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  721. "virtual_address": "0x00114000",
  722. "size_of_data": "0x0005c000",
  723. "entropy": "3.07",
  724. "raw_address": "0x00114000",
  725. "virtual_size": "0x0005b454",
  726. "characteristics_raw": "0x40000040"
  727. }
  728. ],
  729. "resources": [],
  730. "dirents": [
  731. {
  732. "virtual_address": "0x00000000",
  733. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  734. "size": "0x00000000"
  735. },
  736. {
  737. "virtual_address": "0x00111d74",
  738. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  739. "size": "0x00000028"
  740. },
  741. {
  742. "virtual_address": "0x00114000",
  743. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  744. "size": "0x0005b454"
  745. },
  746. {
  747. "virtual_address": "0x00000000",
  748. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  749. "size": "0x00000000"
  750. },
  751. {
  752. "virtual_address": "0x00170000",
  753. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  754. "size": "0x00003308"
  755. },
  756. {
  757. "virtual_address": "0x00000000",
  758. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  759. "size": "0x00000000"
  760. },
  761. {
  762. "virtual_address": "0x00000000",
  763. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  764. "size": "0x00000000"
  765. },
  766. {
  767. "virtual_address": "0x00000000",
  768. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  769. "size": "0x00000000"
  770. },
  771. {
  772. "virtual_address": "0x00000000",
  773. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  774. "size": "0x00000000"
  775. },
  776. {
  777. "virtual_address": "0x00000000",
  778. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  779. "size": "0x00000000"
  780. },
  781. {
  782. "virtual_address": "0x00000000",
  783. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  784. "size": "0x00000000"
  785. },
  786. {
  787. "virtual_address": "0x00000228",
  788. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  789. "size": "0x00000020"
  790. },
  791. {
  792. "virtual_address": "0x00001000",
  793. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  794. "size": "0x00000198"
  795. },
  796. {
  797. "virtual_address": "0x00000000",
  798. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  799. "size": "0x00000000"
  800. },
  801. {
  802. "virtual_address": "0x00000000",
  803. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  804. "size": "0x00000000"
  805. },
  806. {
  807. "virtual_address": "0x00000000",
  808. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  809. "size": "0x00000000"
  810. }
  811. ],
  812. "exports": [],
  813. "guest_signers": {},
  814. "imphash": "1acc01f76ba06591846488c6407d280b",
  815. "icon_fuzzy": null,
  816. "icon": null,
  817. "pdbpath": null,
  818. "imported_dll_count": 1,
  819. "versioninfo": []
  820. }
  821. }
  822.  
  823. [*] Resolved APIs: [
  824. "cryptbase.dll.SystemFunction036",
  825. "uxtheme.dll.ThemeInitApiHook",
  826. "user32.dll.IsProcessDPIAware",
  827. "oleaut32.dll.OleLoadPictureEx",
  828. "oleaut32.dll.DispCallFunc",
  829. "oleaut32.dll.LoadTypeLibEx",
  830. "oleaut32.dll.UnRegisterTypeLib",
  831. "oleaut32.dll.CreateTypeLib2",
  832. "oleaut32.dll.VarDateFromUdate",
  833. "oleaut32.dll.VarUdateFromDate",
  834. "oleaut32.dll.GetAltMonthNames",
  835. "oleaut32.dll.VarNumFromParseNum",
  836. "oleaut32.dll.VarParseNumFromStr",
  837. "oleaut32.dll.VarDecFromR4",
  838. "oleaut32.dll.VarDecFromR8",
  839. "oleaut32.dll.VarDecFromDate",
  840. "oleaut32.dll.VarDecFromI4",
  841. "oleaut32.dll.VarDecFromCy",
  842. "oleaut32.dll.VarR4FromDec",
  843. "oleaut32.dll.GetRecordInfoFromTypeInfo",
  844. "oleaut32.dll.GetRecordInfoFromGuids",
  845. "oleaut32.dll.SafeArrayGetRecordInfo",
  846. "oleaut32.dll.SafeArraySetRecordInfo",
  847. "oleaut32.dll.SafeArrayGetIID",
  848. "oleaut32.dll.SafeArraySetIID",
  849. "oleaut32.dll.SafeArrayCopyData",
  850. "oleaut32.dll.SafeArrayAllocDescriptorEx",
  851. "oleaut32.dll.SafeArrayCreateEx",
  852. "oleaut32.dll.VarFormat",
  853. "oleaut32.dll.VarFormatDateTime",
  854. "oleaut32.dll.VarFormatNumber",
  855. "oleaut32.dll.VarFormatPercent",
  856. "oleaut32.dll.VarFormatCurrency",
  857. "oleaut32.dll.VarWeekdayName",
  858. "oleaut32.dll.VarMonthName",
  859. "oleaut32.dll.VarAdd",
  860. "oleaut32.dll.VarAnd",
  861. "oleaut32.dll.VarCat",
  862. "oleaut32.dll.VarDiv",
  863. "oleaut32.dll.VarEqv",
  864. "oleaut32.dll.VarIdiv",
  865. "oleaut32.dll.VarImp",
  866. "oleaut32.dll.VarMod",
  867. "oleaut32.dll.VarMul",
  868. "oleaut32.dll.VarOr",
  869. "oleaut32.dll.VarPow",
  870. "oleaut32.dll.VarSub",
  871. "oleaut32.dll.VarXor",
  872. "oleaut32.dll.VarAbs",
  873. "oleaut32.dll.VarFix",
  874. "oleaut32.dll.VarInt",
  875. "oleaut32.dll.VarNeg",
  876. "oleaut32.dll.VarNot",
  877. "oleaut32.dll.VarRound",
  878. "oleaut32.dll.VarCmp",
  879. "oleaut32.dll.VarDecAdd",
  880. "oleaut32.dll.VarDecCmp",
  881. "oleaut32.dll.VarBstrCat",
  882. "oleaut32.dll.VarCyMulI4",
  883. "oleaut32.dll.VarBstrCmp",
  884. "ole32.dll.CoCreateInstanceEx",
  885. "ole32.dll.CLSIDFromProgIDEx",
  886. "sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary",
  887. "user32.dll.GetSystemMetrics",
  888. "user32.dll.MonitorFromWindow",
  889. "user32.dll.MonitorFromRect",
  890. "user32.dll.MonitorFromPoint",
  891. "user32.dll.EnumDisplayMonitors",
  892. "user32.dll.GetMonitorInfoA",
  893. "cryptsp.dll.CryptAcquireContextW",
  894. "cryptsp.dll.CryptGenRandom",
  895. "dwmapi.dll.DwmIsCompositionEnabled",
  896. "gdi32.dll.GetLayout",
  897. "gdi32.dll.GdiRealizationInfo",
  898. "gdi32.dll.FontIsLinked",
  899. "advapi32.dll.RegOpenKeyExW",
  900. "advapi32.dll.RegQueryInfoKeyW",
  901. "gdi32.dll.GetTextFaceAliasW",
  902. "advapi32.dll.RegEnumValueW",
  903. "advapi32.dll.RegCloseKey",
  904. "advapi32.dll.RegQueryValueExW",
  905. "gdi32.dll.GetFontAssocStatus",
  906. "advapi32.dll.RegQueryValueExA",
  907. "advapi32.dll.RegEnumKeyExW",
  908. "gdi32.dll.GdiIsMetaPrintDC",
  909. "ole32.dll.CoInitializeEx",
  910. "ole32.dll.CoUninitialize",
  911. "ole32.dll.CoRegisterInitializeSpy",
  912. "ole32.dll.CoRevokeInitializeSpy",
  913. "gdi32.dll.GetTextExtentExPointWPri",
  914. "kernel32.dll.NlsGetCacheUpdateCount",
  915. "kernel32.dll.GetCalendarInfoW",
  916. "kernel32.dll.RtlMoveMemory",
  917. "user32.dll.EnumDesktopsW",
  918. "kernel32.dll.GetTickCount",
  919. "kernel32.dll.Sleep",
  920. "user32.dll.GetCursorPos",
  921. "user32.dll.EnumWindows",
  922. "kernel32.dll.SetErrorMode",
  923. "kernel32.dll.SetLastError",
  924. "kernel32.dll.VirtualAllocEx",
  925. "kernel32.dll.CloseHandle",
  926. "shell32.dll.ShellExecuteW",
  927. "kernel32.dll.WriteFile",
  928. "kernel32.dll.UnmapViewOfFile",
  929. "kernel32.dll.CreateFileW",
  930. "kernel32.dll.TerminateProcess",
  931. "kernel32.dll.VirtualProtectEx",
  932. "kernel32.dll.CreateProcessInternalW",
  933. "kernel32.dll.GetTempPathW",
  934. "kernel32.dll.GetLongPathNameW",
  935. "kernel32.dll.GetFileSize",
  936. "kernel32.dll.ReadFile",
  937. "ntdll.dll.NtProtectVirtualMemory",
  938. "kernel32.dll.GetCommandLineW"
  939. ]
  940.  
  941. [*] Static Analysis: {
  942. "pe": {
  943. "peid_signatures": null,
  944. "imports": [
  945. {
  946. "imports": [
  947. {
  948. "name": null,
  949. "address": "0x401000"
  950. },
  951. {
  952. "name": "_CIcos",
  953. "address": "0x401004"
  954. },
  955. {
  956. "name": "_adj_fptan",
  957. "address": "0x401008"
  958. },
  959. {
  960. "name": "__vbaVarMove",
  961. "address": "0x40100c"
  962. },
  963. {
  964. "name": "__vbaStrI4",
  965. "address": "0x401010"
  966. },
  967. {
  968. "name": null,
  969. "address": "0x401014"
  970. },
  971. {
  972. "name": "__vbaFreeVar",
  973. "address": "0x401018"
  974. },
  975. {
  976. "name": null,
  977. "address": "0x40101c"
  978. },
  979. {
  980. "name": "__vbaStrVarMove",
  981. "address": "0x401020"
  982. },
  983. {
  984. "name": "__vbaFreeVarList",
  985. "address": "0x401024"
  986. },
  987. {
  988. "name": "_adj_fdiv_m64",
  989. "address": "0x401028"
  990. },
  991. {
  992. "name": null,
  993. "address": "0x40102c"
  994. },
  995. {
  996. "name": "__vbaFpCDblR8",
  997. "address": "0x401030"
  998. },
  999. {
  1000. "name": "__vbaStrErrVarCopy",
  1001. "address": "0x401034"
  1002. },
  1003. {
  1004. "name": "_adj_fprem1",
  1005. "address": "0x401038"
  1006. },
  1007. {
  1008. "name": null,
  1009. "address": "0x40103c"
  1010. },
  1011. {
  1012. "name": "__vbaStrCat",
  1013. "address": "0x401040"
  1014. },
  1015. {
  1016. "name": "__vbaSetSystemError",
  1017. "address": "0x401044"
  1018. },
  1019. {
  1020. "name": "__vbaHresultCheckObj",
  1021. "address": "0x401048"
  1022. },
  1023. {
  1024. "name": "_adj_fdiv_m32",
  1025. "address": "0x40104c"
  1026. },
  1027. {
  1028. "name": null,
  1029. "address": "0x401050"
  1030. },
  1031. {
  1032. "name": "__vbaAryDestruct",
  1033. "address": "0x401054"
  1034. },
  1035. {
  1036. "name": null,
  1037. "address": "0x401058"
  1038. },
  1039. {
  1040. "name": null,
  1041. "address": "0x40105c"
  1042. },
  1043. {
  1044. "name": "__vbaObjSet",
  1045. "address": "0x401060"
  1046. },
  1047. {
  1048. "name": "_adj_fdiv_m16i",
  1049. "address": "0x401064"
  1050. },
  1051. {
  1052. "name": "__vbaObjSetAddref",
  1053. "address": "0x401068"
  1054. },
  1055. {
  1056. "name": "_adj_fdivr_m16i",
  1057. "address": "0x40106c"
  1058. },
  1059. {
  1060. "name": null,
  1061. "address": "0x401070"
  1062. },
  1063. {
  1064. "name": "_CIsin",
  1065. "address": "0x401074"
  1066. },
  1067. {
  1068. "name": null,
  1069. "address": "0x401078"
  1070. },
  1071. {
  1072. "name": null,
  1073. "address": "0x40107c"
  1074. },
  1075. {
  1076. "name": "__vbaChkstk",
  1077. "address": "0x401080"
  1078. },
  1079. {
  1080. "name": "__vbaFileClose",
  1081. "address": "0x401084"
  1082. },
  1083. {
  1084. "name": null,
  1085. "address": "0x401088"
  1086. },
  1087. {
  1088. "name": "EVENT_SINK_AddRef",
  1089. "address": "0x40108c"
  1090. },
  1091. {
  1092. "name": null,
  1093. "address": "0x401090"
  1094. },
  1095. {
  1096. "name": "__vbaVarTstEq",
  1097. "address": "0x401094"
  1098. },
  1099. {
  1100. "name": null,
  1101. "address": "0x401098"
  1102. },
  1103. {
  1104. "name": "DllFunctionCall",
  1105. "address": "0x40109c"
  1106. },
  1107. {
  1108. "name": null,
  1109. "address": "0x4010a0"
  1110. },
  1111. {
  1112. "name": "_adj_fpatan",
  1113. "address": "0x4010a4"
  1114. },
  1115. {
  1116. "name": "__vbaLateIdCallLd",
  1117. "address": "0x4010a8"
  1118. },
  1119. {
  1120. "name": "__vbaRedim",
  1121. "address": "0x4010ac"
  1122. },
  1123. {
  1124. "name": null,
  1125. "address": "0x4010b0"
  1126. },
  1127. {
  1128. "name": "EVENT_SINK_Release",
  1129. "address": "0x4010b4"
  1130. },
  1131. {
  1132. "name": "_CIsqrt",
  1133. "address": "0x4010b8"
  1134. },
  1135. {
  1136. "name": "EVENT_SINK_QueryInterface",
  1137. "address": "0x4010bc"
  1138. },
  1139. {
  1140. "name": "__vbaUI1I4",
  1141. "address": "0x4010c0"
  1142. },
  1143. {
  1144. "name": "__vbaExceptHandler",
  1145. "address": "0x4010c4"
  1146. },
  1147. {
  1148. "name": "__vbaStrToUnicode",
  1149. "address": "0x4010c8"
  1150. },
  1151. {
  1152. "name": null,
  1153. "address": "0x4010cc"
  1154. },
  1155. {
  1156. "name": "_adj_fprem",
  1157. "address": "0x4010d0"
  1158. },
  1159. {
  1160. "name": "_adj_fdivr_m64",
  1161. "address": "0x4010d4"
  1162. },
  1163. {
  1164. "name": null,
  1165. "address": "0x4010d8"
  1166. },
  1167. {
  1168. "name": null,
  1169. "address": "0x4010dc"
  1170. },
  1171. {
  1172. "name": null,
  1173. "address": "0x4010e0"
  1174. },
  1175. {
  1176. "name": "__vbaFPException",
  1177. "address": "0x4010e4"
  1178. },
  1179. {
  1180. "name": "__vbaInStrVar",
  1181. "address": "0x4010e8"
  1182. },
  1183. {
  1184. "name": "__vbaStrVarVal",
  1185. "address": "0x4010ec"
  1186. },
  1187. {
  1188. "name": "__vbaVarCat",
  1189. "address": "0x4010f0"
  1190. },
  1191. {
  1192. "name": "__vbaI2Var",
  1193. "address": "0x4010f4"
  1194. },
  1195. {
  1196. "name": null,
  1197. "address": "0x4010f8"
  1198. },
  1199. {
  1200. "name": "_CIlog",
  1201. "address": "0x4010fc"
  1202. },
  1203. {
  1204. "name": null,
  1205. "address": "0x401100"
  1206. },
  1207. {
  1208. "name": "__vbaErrorOverflow",
  1209. "address": "0x401104"
  1210. },
  1211. {
  1212. "name": "__vbaFileOpen",
  1213. "address": "0x401108"
  1214. },
  1215. {
  1216. "name": null,
  1217. "address": "0x40110c"
  1218. },
  1219. {
  1220. "name": "__vbaNew2",
  1221. "address": "0x401110"
  1222. },
  1223. {
  1224. "name": "__vbaInStr",
  1225. "address": "0x401114"
  1226. },
  1227. {
  1228. "name": "_adj_fdiv_m32i",
  1229. "address": "0x401118"
  1230. },
  1231. {
  1232. "name": "_adj_fdivr_m32i",
  1233. "address": "0x40111c"
  1234. },
  1235. {
  1236. "name": "__vbaStrCopy",
  1237. "address": "0x401120"
  1238. },
  1239. {
  1240. "name": "__vbaFreeStrList",
  1241. "address": "0x401124"
  1242. },
  1243. {
  1244. "name": "__vbaDerefAry1",
  1245. "address": "0x401128"
  1246. },
  1247. {
  1248. "name": "_adj_fdivr_m32",
  1249. "address": "0x40112c"
  1250. },
  1251. {
  1252. "name": "_adj_fdiv_r",
  1253. "address": "0x401130"
  1254. },
  1255. {
  1256. "name": null,
  1257. "address": "0x401134"
  1258. },
  1259. {
  1260. "name": "__vbaI4Var",
  1261. "address": "0x401138"
  1262. },
  1263. {
  1264. "name": "__vbaInStrB",
  1265. "address": "0x40113c"
  1266. },
  1267. {
  1268. "name": "__vbaStrToAnsi",
  1269. "address": "0x401140"
  1270. },
  1271. {
  1272. "name": "__vbaStrComp",
  1273. "address": "0x401144"
  1274. },
  1275. {
  1276. "name": "__vbaVarDup",
  1277. "address": "0x401148"
  1278. },
  1279. {
  1280. "name": null,
  1281. "address": "0x40114c"
  1282. },
  1283. {
  1284. "name": "__vbaFpI4",
  1285. "address": "0x401150"
  1286. },
  1287. {
  1288. "name": "__vbaR8IntI2",
  1289. "address": "0x401154"
  1290. },
  1291. {
  1292. "name": null,
  1293. "address": "0x401158"
  1294. },
  1295. {
  1296. "name": "_CIatan",
  1297. "address": "0x40115c"
  1298. },
  1299. {
  1300. "name": "__vbaStrMove",
  1301. "address": "0x401160"
  1302. },
  1303. {
  1304. "name": "__vbaCastObj",
  1305. "address": "0x401164"
  1306. },
  1307. {
  1308. "name": null,
  1309. "address": "0x401168"
  1310. },
  1311. {
  1312. "name": "__vbaR8IntI4",
  1313. "address": "0x40116c"
  1314. },
  1315. {
  1316. "name": null,
  1317. "address": "0x401170"
  1318. },
  1319. {
  1320. "name": "_allmul",
  1321. "address": "0x401174"
  1322. },
  1323. {
  1324. "name": null,
  1325. "address": "0x401178"
  1326. },
  1327. {
  1328. "name": "_CItan",
  1329. "address": "0x40117c"
  1330. },
  1331. {
  1332. "name": null,
  1333. "address": "0x401180"
  1334. },
  1335. {
  1336. "name": "_CIexp",
  1337. "address": "0x401184"
  1338. },
  1339. {
  1340. "name": "__vbaFreeStr",
  1341. "address": "0x401188"
  1342. },
  1343. {
  1344. "name": "__vbaFreeObj",
  1345. "address": "0x40118c"
  1346. },
  1347. {
  1348. "name": null,
  1349. "address": "0x401190"
  1350. }
  1351. ],
  1352. "dll": "MSVBVM60.DLL"
  1353. }
  1354. ],
  1355. "digital_signers": null,
  1356. "exported_dll_name": null,
  1357. "actual_checksum": "0x0017e089",
  1358. "overlay": {
  1359. "size": "0x00003308",
  1360. "offset": "0x00170000"
  1361. },
  1362. "imagebase": "0x00400000",
  1363. "reported_checksum": "0x0017e089",
  1364. "icon_hash": null,
  1365. "entrypoint": "0x004014a0",
  1366. "timestamp": "2011-06-23 15:54:43",
  1367. "osversion": "4.0",
  1368. "sections": [
  1369. {
  1370. "name": ".text",
  1371. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1372. "virtual_address": "0x00001000",
  1373. "size_of_data": "0x00112000",
  1374. "entropy": "2.18",
  1375. "raw_address": "0x00001000",
  1376. "virtual_size": "0x001113b4",
  1377. "characteristics_raw": "0x60000020"
  1378. },
  1379. {
  1380. "name": ".data",
  1381. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1382. "virtual_address": "0x00113000",
  1383. "size_of_data": "0x00001000",
  1384. "entropy": "0.00",
  1385. "raw_address": "0x00113000",
  1386. "virtual_size": "0x00000af0",
  1387. "characteristics_raw": "0xc0000040"
  1388. },
  1389. {
  1390. "name": ".rsrc",
  1391. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1392. "virtual_address": "0x00114000",
  1393. "size_of_data": "0x0005c000",
  1394. "entropy": "3.07",
  1395. "raw_address": "0x00114000",
  1396. "virtual_size": "0x0005b454",
  1397. "characteristics_raw": "0x40000040"
  1398. }
  1399. ],
  1400. "resources": [],
  1401. "dirents": [
  1402. {
  1403. "virtual_address": "0x00000000",
  1404. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1405. "size": "0x00000000"
  1406. },
  1407. {
  1408. "virtual_address": "0x00111d74",
  1409. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1410. "size": "0x00000028"
  1411. },
  1412. {
  1413. "virtual_address": "0x00114000",
  1414. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1415. "size": "0x0005b454"
  1416. },
  1417. {
  1418. "virtual_address": "0x00000000",
  1419. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1420. "size": "0x00000000"
  1421. },
  1422. {
  1423. "virtual_address": "0x00170000",
  1424. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1425. "size": "0x00003308"
  1426. },
  1427. {
  1428. "virtual_address": "0x00000000",
  1429. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1430. "size": "0x00000000"
  1431. },
  1432. {
  1433. "virtual_address": "0x00000000",
  1434. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1435. "size": "0x00000000"
  1436. },
  1437. {
  1438. "virtual_address": "0x00000000",
  1439. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1440. "size": "0x00000000"
  1441. },
  1442. {
  1443. "virtual_address": "0x00000000",
  1444. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1445. "size": "0x00000000"
  1446. },
  1447. {
  1448. "virtual_address": "0x00000000",
  1449. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1450. "size": "0x00000000"
  1451. },
  1452. {
  1453. "virtual_address": "0x00000000",
  1454. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1455. "size": "0x00000000"
  1456. },
  1457. {
  1458. "virtual_address": "0x00000228",
  1459. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1460. "size": "0x00000020"
  1461. },
  1462. {
  1463. "virtual_address": "0x00001000",
  1464. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1465. "size": "0x00000198"
  1466. },
  1467. {
  1468. "virtual_address": "0x00000000",
  1469. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1470. "size": "0x00000000"
  1471. },
  1472. {
  1473. "virtual_address": "0x00000000",
  1474. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1475. "size": "0x00000000"
  1476. },
  1477. {
  1478. "virtual_address": "0x00000000",
  1479. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1480. "size": "0x00000000"
  1481. }
  1482. ],
  1483. "exports": [],
  1484. "guest_signers": {},
  1485. "imphash": "1acc01f76ba06591846488c6407d280b",
  1486. "icon_fuzzy": null,
  1487. "icon": null,
  1488. "pdbpath": null,
  1489. "imported_dll_count": 1,
  1490. "versioninfo": []
  1491. }
  1492. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!