API tools faq
paste
paladin316

meaykdxuvtfy_exe_2019-06-27_11_30.json

paladin316
Jun 27th, 2019
1,311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.71 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Casur"
  3.  
  4. [*] MalScore: 4.15
  5.  
  6. [*] File Name: "meaykdxuvtfy.exe"
  7. [*] File Size: 239104
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "9759f54e6d4f7911c9b70c100460a557d7df375a57bb92e0f1dca383b425a058"
  10. [*] MD5: "7d8ec036a309d476e70d73707e4926be"
  11. [*] SHA1: "4867d960df74a6bacceb5f445caf480ec657ef13"
  12. [*] SHA512: "abaa8a8ee57875a0a4374dd7ae985f4363aa735b41f76377eda2eaa3d3663e7a99443df8273590a622ac8a9a1875e40cf41c1e3af04bad08e02573e5978c96d3"
  13. [*] CRC32: "44F8CBF2"
  14. [*] SSDEEP: "3072:25CyuTOrKDZ+gfrPsr4GJi6AJxogqKZHi3ViUKiCLtCCojElkYSFtHQ5gX:0CyuSr8TIr4VFqKu9qrofYS7ZX"
  15.  
  16. [*] Process Execution: [
  17. "meaykdxuvtfy.exe",
  18. "cmd.exe",
  19. "powershell.exe"
  20. ]
  21.  
  22. [*] Signatures Detected: [
  23. {
  24. "Description": "Creates RWX memory",
  25. "Details": []
  26. },
  27. {
  28. "Description": "File has been identified by 5 Antiviruses on VirusTotal as malicious",
  29. "Details": [
  30. {
  31. "FireEye": "Generic.mg.7d8ec036a309d476"
  32. },
  33. {
  34. "Cylance": "Unsafe"
  35. },
  36. {
  37. "APEX": "Malicious"
  38. },
  39. {
  40. "Microsoft": "Trojan:Win32/Casur.A!cl"
  41. },
  42. {
  43. "VBA32": "BScope.Trojan.MereTam"
  44. }
  45. ]
  46. },
  47. {
  48. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  49. "Details": [
  50. {
  51. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
  52. },
  53. {
  54. "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
  55. },
  56. {
  57. "suspicious_request": "http://91.235.129.55/sin.png"
  58. }
  59. ]
  60. },
  61. {
  62. "Description": "Performs some HTTP requests",
  63. "Details": [
  64. {
  65. "url": "http://91.235.129.55/sin.png"
  66. }
  67. ]
  68. },
  69. {
  70. "Description": "Deletes its original binary from disk",
  71. "Details": []
  72. }
  73. ]
  74.  
  75. [*] Started Service: []
  76.  
  77. [*] Executed Commands: [
  78. "C:\\Windows\\system32\\cmd.exe /C PowerShell \"Start-Sleep 10; Remove-Item C:\\Users\\user\\AppData\\Local\\Temp\\meaykdxuvtfy.exe\"",
  79. "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe PowerShell \"Start-Sleep 10; Remove-Item C:\\Users\\user\\AppData\\Local\\Temp\\meaykdxuvtfy.exe\""
  80. ]
  81.  
  82. [*] Mutexes: [
  83. "Global\\CLR_CASOFF_MUTEX"
  84. ]
  85.  
  86. [*] Modified Files: [
  87. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-0000000000-0000000000-0000000000-1000\\00000000-0000-0000-0000-000000000000b_00000000-0000-0000-0000-000000000000",
  88. "\\Device\\LanmanDatagramReceiver",
  89. "\\??\\PIPE\\browser",
  90. "C:\\Windows\\SysWOW64\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
  91. "\\??\\PIPE\\srvsvc",
  92. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\KFJELMULJZK5TURD81T8.temp",
  93. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms"
  94. ]
  95.  
  96. [*] Deleted Files: [
  97. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\KFJELMULJZK5TURD81T8.temp",
  98. "C:\\Users\\user\\AppData\\Local\\Temp\\meaykdxuvtfy.exe",
  99. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.2100.29163328",
  100. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2100.29163328",
  101. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.2100.29163328"
  102. ]
  103.  
  104. [*] Modified Registry Keys: [
  105. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList"
  106. ]
  107.  
  108. [*] Deleted Registry Keys: []
  109.  
  110. [*] DNS Communications: []
  111.  
  112. [*] Domains: []
  113.  
  114. [*] Network Communication - ICMP: []
  115.  
  116. [*] Network Communication - HTTP: [
  117. {
  118. "count": 1,
  119. "body": "",
  120. "uri": "http://91.235.129.55/sin.png",
  121. "user-agent": "",
  122. "method": "GET",
  123. "host": "91.235.129.55",
  124. "version": "1.1",
  125. "path": "/sin.png",
  126. "data": "GET /sin.png HTTP/1.1\r\nConnection: Keep-Alive\r\nHost: 91.235.129.55\r\n\r\n",
  127. "port": 80
  128. }
  129. ]
  130.  
  131. [*] Network Communication - SMTP: []
  132.  
  133. [*] Network Communication - Hosts: []
  134.  
  135. [*] Network Communication - IRC: []
  136.  
  137. [*] Static Analysis: {
  138. "pe": {
  139. "peid_signatures": null,
  140. "imports": [
  141. {
  142. "imports": [
  143. {
  144. "name": "DirectDrawCreateEx",
  145. "address": "0x429008"
  146. }
  147. ],
  148. "dll": "DDRAW.dll"
  149. },
  150. {
  151. "imports": [
  152. {
  153. "name": "timeGetTime",
  154. "address": "0x429220"
  155. }
  156. ],
  157. "dll": "WINMM.dll"
  158. },
  159. {
  160. "imports": [
  161. {
  162. "name": "HeapSize",
  163. "address": "0x429050"
  164. },
  165. {
  166. "name": "IsValidLocale",
  167. "address": "0x429054"
  168. },
  169. {
  170. "name": "EnumSystemLocalesA",
  171. "address": "0x429058"
  172. },
  173. {
  174. "name": "GetLocaleInfoA",
  175. "address": "0x42905c"
  176. },
  177. {
  178. "name": "GetFullPathNameA",
  179. "address": "0x429060"
  180. },
  181. {
  182. "name": "GetLocaleInfoW",
  183. "address": "0x429064"
  184. },
  185. {
  186. "name": "GetTimeFormatA",
  187. "address": "0x429068"
  188. },
  189. {
  190. "name": "GetStringTypeW",
  191. "address": "0x42906c"
  192. },
  193. {
  194. "name": "GetStringTypeA",
  195. "address": "0x429070"
  196. },
  197. {
  198. "name": "LCMapStringW",
  199. "address": "0x429074"
  200. },
  201. {
  202. "name": "MultiByteToWideChar",
  203. "address": "0x429078"
  204. },
  205. {
  206. "name": "SetStdHandle",
  207. "address": "0x42907c"
  208. },
  209. {
  210. "name": "WriteConsoleA",
  211. "address": "0x429080"
  212. },
  213. {
  214. "name": "GetConsoleOutputCP",
  215. "address": "0x429084"
  216. },
  217. {
  218. "name": "WriteConsoleW",
  219. "address": "0x429088"
  220. },
  221. {
  222. "name": "GetTimeZoneInformation",
  223. "address": "0x42908c"
  224. },
  225. {
  226. "name": "CreateFileA",
  227. "address": "0x429090"
  228. },
  229. {
  230. "name": "CloseHandle",
  231. "address": "0x429094"
  232. },
  233. {
  234. "name": "FlushFileBuffers",
  235. "address": "0x429098"
  236. },
  237. {
  238. "name": "CompareStringA",
  239. "address": "0x42909c"
  240. },
  241. {
  242. "name": "CompareStringW",
  243. "address": "0x4290a0"
  244. },
  245. {
  246. "name": "SetEnvironmentVariableA",
  247. "address": "0x4290a4"
  248. },
  249. {
  250. "name": "GetDriveTypeA",
  251. "address": "0x4290a8"
  252. },
  253. {
  254. "name": "CreateFileMappingW",
  255. "address": "0x4290ac"
  256. },
  257. {
  258. "name": "GetDateFormatA",
  259. "address": "0x4290b0"
  260. },
  261. {
  262. "name": "MapViewOfFile",
  263. "address": "0x4290b4"
  264. },
  265. {
  266. "name": "GetCurrentDirectoryA",
  267. "address": "0x4290b8"
  268. },
  269. {
  270. "name": "GetUserDefaultLCID",
  271. "address": "0x4290bc"
  272. },
  273. {
  274. "name": "HeapAlloc",
  275. "address": "0x4290c0"
  276. },
  277. {
  278. "name": "GetLastError",
  279. "address": "0x4290c4"
  280. },
  281. {
  282. "name": "HeapFree",
  283. "address": "0x4290c8"
  284. },
  285. {
  286. "name": "HeapReAlloc",
  287. "address": "0x4290cc"
  288. },
  289. {
  290. "name": "RaiseException",
  291. "address": "0x4290d0"
  292. },
  293. {
  294. "name": "RtlUnwind",
  295. "address": "0x4290d4"
  296. },
  297. {
  298. "name": "GetCommandLineA",
  299. "address": "0x4290d8"
  300. },
  301. {
  302. "name": "GetStartupInfoA",
  303. "address": "0x4290dc"
  304. },
  305. {
  306. "name": "DeleteCriticalSection",
  307. "address": "0x4290e0"
  308. },
  309. {
  310. "name": "LeaveCriticalSection",
  311. "address": "0x4290e4"
  312. },
  313. {
  314. "name": "FatalAppExitA",
  315. "address": "0x4290e8"
  316. },
  317. {
  318. "name": "EnterCriticalSection",
  319. "address": "0x4290ec"
  320. },
  321. {
  322. "name": "VirtualFree",
  323. "address": "0x4290f0"
  324. },
  325. {
  326. "name": "VirtualAlloc",
  327. "address": "0x4290f4"
  328. },
  329. {
  330. "name": "HeapCreate",
  331. "address": "0x4290f8"
  332. },
  333. {
  334. "name": "HeapDestroy",
  335. "address": "0x4290fc"
  336. },
  337. {
  338. "name": "GetModuleHandleW",
  339. "address": "0x429100"
  340. },
  341. {
  342. "name": "Sleep",
  343. "address": "0x429104"
  344. },
  345. {
  346. "name": "GetProcAddress",
  347. "address": "0x429108"
  348. },
  349. {
  350. "name": "ExitProcess",
  351. "address": "0x42910c"
  352. },
  353. {
  354. "name": "WriteFile",
  355. "address": "0x429110"
  356. },
  357. {
  358. "name": "GetStdHandle",
  359. "address": "0x429114"
  360. },
  361. {
  362. "name": "GetModuleFileNameA",
  363. "address": "0x429118"
  364. },
  365. {
  366. "name": "TerminateProcess",
  367. "address": "0x42911c"
  368. },
  369. {
  370. "name": "GetCurrentProcess",
  371. "address": "0x429120"
  372. },
  373. {
  374. "name": "UnhandledExceptionFilter",
  375. "address": "0x429124"
  376. },
  377. {
  378. "name": "SetUnhandledExceptionFilter",
  379. "address": "0x429128"
  380. },
  381. {
  382. "name": "IsDebuggerPresent",
  383. "address": "0x42912c"
  384. },
  385. {
  386. "name": "GetModuleHandleA",
  387. "address": "0x429130"
  388. },
  389. {
  390. "name": "GetCPInfo",
  391. "address": "0x429134"
  392. },
  393. {
  394. "name": "InterlockedIncrement",
  395. "address": "0x429138"
  396. },
  397. {
  398. "name": "InterlockedDecrement",
  399. "address": "0x42913c"
  400. },
  401. {
  402. "name": "GetACP",
  403. "address": "0x429140"
  404. },
  405. {
  406. "name": "GetOEMCP",
  407. "address": "0x429144"
  408. },
  409. {
  410. "name": "IsValidCodePage",
  411. "address": "0x429148"
  412. },
  413. {
  414. "name": "TlsGetValue",
  415. "address": "0x42914c"
  416. },
  417. {
  418. "name": "TlsAlloc",
  419. "address": "0x429150"
  420. },
  421. {
  422. "name": "TlsSetValue",
  423. "address": "0x429154"
  424. },
  425. {
  426. "name": "TlsFree",
  427. "address": "0x429158"
  428. },
  429. {
  430. "name": "SetLastError",
  431. "address": "0x42915c"
  432. },
  433. {
  434. "name": "GetCurrentThreadId",
  435. "address": "0x429160"
  436. },
  437. {
  438. "name": "GetCurrentThread",
  439. "address": "0x429164"
  440. },
  441. {
  442. "name": "FreeEnvironmentStringsA",
  443. "address": "0x429168"
  444. },
  445. {
  446. "name": "GetEnvironmentStrings",
  447. "address": "0x42916c"
  448. },
  449. {
  450. "name": "FreeEnvironmentStringsW",
  451. "address": "0x429170"
  452. },
  453. {
  454. "name": "WideCharToMultiByte",
  455. "address": "0x429174"
  456. },
  457. {
  458. "name": "GetEnvironmentStringsW",
  459. "address": "0x429178"
  460. },
  461. {
  462. "name": "SetHandleCount",
  463. "address": "0x42917c"
  464. },
  465. {
  466. "name": "GetFileType",
  467. "address": "0x429180"
  468. },
  469. {
  470. "name": "QueryPerformanceCounter",
  471. "address": "0x429184"
  472. },
  473. {
  474. "name": "GetTickCount",
  475. "address": "0x429188"
  476. },
  477. {
  478. "name": "GetCurrentProcessId",
  479. "address": "0x42918c"
  480. },
  481. {
  482. "name": "GetSystemTimeAsFileTime",
  483. "address": "0x429190"
  484. },
  485. {
  486. "name": "InitializeCriticalSectionAndSpinCount",
  487. "address": "0x429194"
  488. },
  489. {
  490. "name": "SetConsoleCtrlHandler",
  491. "address": "0x429198"
  492. },
  493. {
  494. "name": "FreeLibrary",
  495. "address": "0x42919c"
  496. },
  497. {
  498. "name": "InterlockedExchange",
  499. "address": "0x4291a0"
  500. },
  501. {
  502. "name": "LoadLibraryA",
  503. "address": "0x4291a4"
  504. },
  505. {
  506. "name": "SetFilePointer",
  507. "address": "0x4291a8"
  508. },
  509. {
  510. "name": "GetConsoleCP",
  511. "address": "0x4291ac"
  512. },
  513. {
  514. "name": "GetConsoleMode",
  515. "address": "0x4291b0"
  516. },
  517. {
  518. "name": "LCMapStringA",
  519. "address": "0x4291b4"
  520. },
  521. {
  522. "name": "SetCurrentDirectoryA",
  523. "address": "0x4291b8"
  524. }
  525. ],
  526. "dll": "KERNEL32.dll"
  527. },
  528. {
  529. "imports": [
  530. {
  531. "name": "PeekMessageA",
  532. "address": "0x4291c0"
  533. },
  534. {
  535. "name": "PostQuitMessage",
  536. "address": "0x4291c4"
  537. },
  538. {
  539. "name": "DefWindowProcA",
  540. "address": "0x4291c8"
  541. },
  542. {
  543. "name": "IntersectRect",
  544. "address": "0x4291cc"
  545. },
  546. {
  547. "name": "ShowWindow",
  548. "address": "0x4291d0"
  549. },
  550. {
  551. "name": "UpdateWindow",
  552. "address": "0x4291d4"
  553. },
  554. {
  555. "name": "LoadIconA",
  556. "address": "0x4291d8"
  557. },
  558. {
  559. "name": "LoadCursorA",
  560. "address": "0x4291dc"
  561. },
  562. {
  563. "name": "RegisterClassA",
  564. "address": "0x4291e0"
  565. },
  566. {
  567. "name": "CreateWindowExA",
  568. "address": "0x4291e4"
  569. },
  570. {
  571. "name": "GetSystemMetrics",
  572. "address": "0x4291e8"
  573. },
  574. {
  575. "name": "GetWindowLongA",
  576. "address": "0x4291ec"
  577. },
  578. {
  579. "name": "SendMessageA",
  580. "address": "0x4291f0"
  581. },
  582. {
  583. "name": "GetMessageA",
  584. "address": "0x4291f4"
  585. },
  586. {
  587. "name": "TranslateMessage",
  588. "address": "0x4291f8"
  589. },
  590. {
  591. "name": "DispatchMessageA",
  592. "address": "0x4291fc"
  593. },
  594. {
  595. "name": "LoadImageA",
  596. "address": "0x429200"
  597. },
  598. {
  599. "name": "GetDC",
  600. "address": "0x429204"
  601. },
  602. {
  603. "name": "ReleaseDC",
  604. "address": "0x429208"
  605. },
  606. {
  607. "name": "GetClientRect",
  608. "address": "0x42920c"
  609. },
  610. {
  611. "name": "ClientToScreen",
  612. "address": "0x429210"
  613. },
  614. {
  615. "name": "DrawTextA",
  616. "address": "0x429214"
  617. },
  618. {
  619. "name": "FillRect",
  620. "address": "0x429218"
  621. }
  622. ],
  623. "dll": "USER32.dll"
  624. },
  625. {
  626. "imports": [
  627. {
  628. "name": "GetObjectA",
  629. "address": "0x429010"
  630. },
  631. {
  632. "name": "CreateCompatibleDC",
  633. "address": "0x429014"
  634. },
  635. {
  636. "name": "DeleteDC",
  637. "address": "0x429018"
  638. },
  639. {
  640. "name": "BitBlt",
  641. "address": "0x42901c"
  642. },
  643. {
  644. "name": "Polyline",
  645. "address": "0x429020"
  646. },
  647. {
  648. "name": "Ellipse",
  649. "address": "0x429024"
  650. },
  651. {
  652. "name": "CreateBrushIndirect",
  653. "address": "0x429028"
  654. },
  655. {
  656. "name": "CreatePen",
  657. "address": "0x42902c"
  658. },
  659. {
  660. "name": "SelectObject",
  661. "address": "0x429030"
  662. },
  663. {
  664. "name": "Rectangle",
  665. "address": "0x429034"
  666. },
  667. {
  668. "name": "SetBkMode",
  669. "address": "0x429038"
  670. },
  671. {
  672. "name": "SetTextColor",
  673. "address": "0x42903c"
  674. },
  675. {
  676. "name": "CreateSolidBrush",
  677. "address": "0x429040"
  678. },
  679. {
  680. "name": "DeleteObject",
  681. "address": "0x429044"
  682. },
  683. {
  684. "name": "GetStockObject",
  685. "address": "0x429048"
  686. }
  687. ],
  688. "dll": "GDI32.dll"
  689. },
  690. {
  691. "imports": [
  692. {
  693. "name": "CryptAcquireContextA",
  694. "address": "0x429000"
  695. }
  696. ],
  697. "dll": "ADVAPI32.dll"
  698. }
  699. ],
  700. "digital_signers": null,
  701. "exported_dll_name": null,
  702. "actual_checksum": "0x0003bbf7",
  703. "overlay": null,
  704. "imagebase": "0x00400000",
  705. "reported_checksum": "0x0003bbf7",
  706. "icon_hash": null,
  707. "entrypoint": "0x004063ab",
  708. "timestamp": "2019-06-26 13:58:51",
  709. "osversion": "5.0",
  710. "sections": [
  711. {
  712. "name": ".text",
  713. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  714. "virtual_address": "0x00001000",
  715. "size_of_data": "0x00027800",
  716. "entropy": "6.67",
  717. "raw_address": "0x00000400",
  718. "virtual_size": "0x0002763e",
  719. "characteristics_raw": "0x60000020"
  720. },
  721. {
  722. "name": ".rdata",
  723. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  724. "virtual_address": "0x00029000",
  725. "size_of_data": "0x00011200",
  726. "entropy": "6.63",
  727. "raw_address": "0x00027c00",
  728. "virtual_size": "0x0001103c",
  729. "characteristics_raw": "0x40000040"
  730. },
  731. {
  732. "name": ".data",
  733. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  734. "virtual_address": "0x0003b000",
  735. "size_of_data": "0x00001600",
  736. "entropy": "3.47",
  737. "raw_address": "0x00038e00",
  738. "virtual_size": "0x00003944",
  739. "characteristics_raw": "0xc0000040"
  740. },
  741. {
  742. "name": ".rsrc",
  743. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  744. "virtual_address": "0x0003f000",
  745. "size_of_data": "0x00000200",
  746. "entropy": "5.11",
  747. "raw_address": "0x0003a400",
  748. "virtual_size": "0x000001b4",
  749. "characteristics_raw": "0x40000040"
  750. }
  751. ],
  752. "resources": [],
  753. "dirents": [
  754. {
  755. "virtual_address": "0x00000000",
  756. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  757. "size": "0x00000000"
  758. },
  759. {
  760. "virtual_address": "0x0003941c",
  761. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  762. "size": "0x0000008c"
  763. },
  764. {
  765. "virtual_address": "0x0003f000",
  766. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  767. "size": "0x000001b4"
  768. },
  769. {
  770. "virtual_address": "0x00000000",
  771. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  772. "size": "0x00000000"
  773. },
  774. {
  775. "virtual_address": "0x00000000",
  776. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  777. "size": "0x00000000"
  778. },
  779. {
  780. "virtual_address": "0x00000000",
  781. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  782. "size": "0x00000000"
  783. },
  784. {
  785. "virtual_address": "0x00029270",
  786. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  787. "size": "0x0000001c"
  788. },
  789. {
  790. "virtual_address": "0x00000000",
  791. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  792. "size": "0x00000000"
  793. },
  794. {
  795. "virtual_address": "0x00000000",
  796. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  797. "size": "0x00000000"
  798. },
  799. {
  800. "virtual_address": "0x00000000",
  801. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  802. "size": "0x00000000"
  803. },
  804. {
  805. "virtual_address": "0x000383a8",
  806. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  807. "size": "0x00000040"
  808. },
  809. {
  810. "virtual_address": "0x00000000",
  811. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  812. "size": "0x00000000"
  813. },
  814. {
  815. "virtual_address": "0x00029000",
  816. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  817. "size": "0x00000228"
  818. },
  819. {
  820. "virtual_address": "0x00000000",
  821. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  822. "size": "0x00000000"
  823. },
  824. {
  825. "virtual_address": "0x00000000",
  826. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  827. "size": "0x00000000"
  828. },
  829. {
  830. "virtual_address": "0x00000000",
  831. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  832. "size": "0x00000000"
  833. }
  834. ],
  835. "exports": [],
  836. "guest_signers": {},
  837. "imphash": "346228c03ba22f2de11f5f9fccf1d8b0",
  838. "icon_fuzzy": null,
  839. "icon": null,
  840. "pdbpath": "c:\\Users\\User\\Desktop\\26.6.2019\\sw\\A_Real_Tim3461511112001\\Battle\\Release\\Battle.pdb",
  841. "imported_dll_count": 6,
  842. "versioninfo": []
  843. }
  844. }
  845.  
  846. [*] Resolved APIs: [
  847. "kernel32.dll.FlsAlloc",
  848. "kernel32.dll.FlsGetValue",
  849. "kernel32.dll.FlsSetValue",
  850. "kernel32.dll.FlsFree",
  851. "kernel32.dll.IsProcessorFeaturePresent",
  852. "cryptsp.dll.CryptAcquireContextA",
  853. "kernel32.dll.VirtualAlloc",
  854. "ntdll.dll.memcpy",
  855. "advapi32.dll.CryptAcquireContextA",
  856. "advapi32.dll.CryptImportKey",
  857. "advapi32.dll.CryptEncrypt",
  858. "cryptsp.dll.CryptImportKey",
  859. "cryptbase.dll.SystemFunction040",
  860. "cryptbase.dll.SystemFunction041",
  861. "cryptsp.dll.CryptEncrypt",
  862. "ws2_32.dll.#6",
  863. "ws2_32.dll.#5",
  864. "ws2_32.dll.WSARecv",
  865. "ws2_32.dll.WSASend",
  866. "rpcrt4.dll.RpcBindingFree",
  867. "cryptbase.dll.SystemFunction036",
  868. "uxtheme.dll.ThemeInitApiHook",
  869. "user32.dll.IsProcessDPIAware",
  870. "sechost.dll.OpenSCManagerW",
  871. "sechost.dll.OpenServiceW",
  872. "sechost.dll.QueryServiceStatus",
  873. "sechost.dll.CloseServiceHandle",
  874. "cscapi.dll.CscNetApiGetInterface",
  875. "netutils.dll.NetApiBufferAllocate",
  876. "netutils.dll.NetApiBufferFree",
  877. "ole32.dll.CLSIDFromProgID",
  878. "ole32.dll.CoCreateInstance",
  879. "oleaut32.dll.#9",
  880. "oleaut32.dll.#6",
  881. "oleaut32.dll.#15",
  882. "oleaut32.dll.#26",
  883. "oleaut32.dll.#19",
  884. "oleaut32.dll.#20",
  885. "netapi32.dll.DsGetDcNameW",
  886. "advapi32.dll.LsaOpenPolicy",
  887. "advapi32.dll.LsaQueryInformationPolicy",
  888. "advapi32.dll.LsaFreeMemory",
  889. "advapi32.dll.LsaClose",
  890. "oleaut32.dll.#16",
  891. "oleaut32.dll.#500",
  892. "kernel32.dll.SetThreadUILanguage",
  893. "kernel32.dll.CopyFileExW",
  894. "kernel32.dll.IsDebuggerPresent",
  895. "kernel32.dll.SetConsoleInputExeNameW",
  896. "kernel32.dll.SortGetHandle",
  897. "kernel32.dll.SortCloseHandle",
  898. "shell32.dll.#66",
  899. "ole32.dll.CoGetApartmentType",
  900. "ole32.dll.CoRegisterInitializeSpy",
  901. "ole32.dll.CoTaskMemFree",
  902. "comctl32.dll.#236",
  903. "ole32.dll.CoTaskMemAlloc",
  904. "ole32.dll.CoGetMalloc",
  905. "ole32.dll.CoInitializeEx",
  906. "ole32.dll.CreateBindCtx",
  907. "comctl32.dll.#320",
  908. "comctl32.dll.#324",
  909. "comctl32.dll.#323",
  910. "advapi32.dll.RegEnumKeyW",
  911. "oleaut32.dll.#2",
  912. "advapi32.dll.InitializeSecurityDescriptor",
  913. "advapi32.dll.SetEntriesInAclW",
  914. "ntmarta.dll.GetMartaExtensionInterface",
  915. "advapi32.dll.SetSecurityDescriptorDacl",
  916. "advapi32.dll.IsTextUnicode",
  917. "comctl32.dll.#332",
  918. "comctl32.dll.#338",
  919. "comctl32.dll.#339",
  920. "shell32.dll.#102",
  921. "ole32.dll.CoUninitialize",
  922. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
  923. "apphelp.dll.ApphelpCheckShellObject",
  924. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
  925. "comctl32.dll.#386",
  926. "sechost.dll.ConvertSidToStringSidW",
  927. "profapi.dll.#104",
  928. "comctl32.dll.#385",
  929. "comctl32.dll.#336",
  930. "comctl32.dll.#321",
  931. "comctl32.dll.#329",
  932. "comctl32.dll.#333",
  933. "ntdll.dll.RtlDllShutdownInProgress",
  934. "propsys.dll.PSCreateMemoryPropertyStore",
  935. "linkinfo.dll.CreateLinkInfoW",
  936. "user32.dll.IsCharAlphaW",
  937. "user32.dll.CharPrevW",
  938. "ntshrui.dll.GetNetResourceFromLocalPathW",
  939. "srvcli.dll.NetShareEnum",
  940. "slc.dll.SLGetWindowsInformationDWORD",
  941. "shlwapi.dll.PathRemoveFileSpecW",
  942. "linkinfo.dll.DestroyLinkInfo",
  943. "propsys.dll.PropVariantToBoolean",
  944. "ole32.dll.PropVariantClear",
  945. "cryptsp.dll.CryptAcquireContextW",
  946. "cryptsp.dll.CryptGenRandom",
  947. "cryptsp.dll.CryptReleaseContext",
  948. "ole32.dll.CoRevokeInitializeSpy",
  949. "comctl32.dll.#388",
  950. "advapi32.dll.RegOpenKeyExW",
  951. "advapi32.dll.RegQueryInfoKeyW",
  952. "advapi32.dll.RegEnumKeyExW",
  953. "advapi32.dll.RegEnumValueW",
  954. "advapi32.dll.RegCloseKey",
  955. "advapi32.dll.RegQueryValueExW",
  956. "kernel32.dll.QueryActCtxW",
  957. "shlwapi.dll.UrlIsW",
  958. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
  959. "msvcrt.dll._set_error_mode",
  960. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
  961. "kernel32.dll.FindActCtxSectionStringW",
  962. "kernel32.dll.GetSystemWindowsDirectoryW",
  963. "mscoree.dll.GetProcessExecutableHeap",
  964. "mscorwks.dll.DllGetClassObjectInternal",
  965. "mscorwks.dll.GetCLRFunction",
  966. "advapi32.dll.RegisterTraceGuidsW",
  967. "advapi32.dll.UnregisterTraceGuids",
  968. "advapi32.dll.GetTraceLoggerHandle",
  969. "advapi32.dll.GetTraceEnableLevel",
  970. "advapi32.dll.GetTraceEnableFlags",
  971. "advapi32.dll.TraceEvent",
  972. "mscoree.dll.IEE",
  973. "mscorwks.dll.IEE",
  974. "mscoree.dll.GetStartupFlags",
  975. "mscoree.dll.GetHostConfigurationFile",
  976. "mscoree.dll.GetCORSystemDirectory",
  977. "ntdll.dll.RtlUnwind",
  978. "kernel32.dll.IsWow64Process",
  979. "advapi32.dll.AllocateAndInitializeSid",
  980. "advapi32.dll.OpenProcessToken",
  981. "advapi32.dll.GetTokenInformation",
  982. "advapi32.dll.InitializeAcl",
  983. "advapi32.dll.AddAccessAllowedAce",
  984. "advapi32.dll.FreeSid",
  985. "kernel32.dll.SetThreadStackGuarantee",
  986. "kernel32.dll.AddVectoredContinueHandler",
  987. "kernel32.dll.RemoveVectoredContinueHandler",
  988. "advapi32.dll.ConvertSidToStringSidW",
  989. "shell32.dll.SHGetFolderPathW",
  990. "kernel32.dll.FlushProcessWriteBuffers",
  991. "kernel32.dll.GetWriteWatch",
  992. "kernel32.dll.ResetWriteWatch",
  993. "kernel32.dll.CreateMemoryResourceNotification",
  994. "kernel32.dll.QueryMemoryResourceNotification",
  995. "mscoree.dll._CorExeMain",
  996. "mscoree.dll._CorImageUnloading",
  997. "mscoree.dll._CorValidateImage",
  998. "ole32.dll.CoGetContextToken",
  999. "oleaut32.dll.#149",
  1000. "kernel32.dll.GetUserDefaultUILanguage",
  1001. "kernel32.dll.GetVersionExW",
  1002. "kernel32.dll.GetFullPathNameW",
  1003. "kernel32.dll.SetErrorMode",
  1004. "kernel32.dll.GetFileAttributesExW",
  1005. "version.dll.GetFileVersionInfoSizeW",
  1006. "version.dll.GetFileVersionInfoW",
  1007. "version.dll.VerQueryValueW",
  1008. "kernel32.dll.lstrlen",
  1009. "kernel32.dll.lstrlenW",
  1010. "mscoree.dll.ND_RI2",
  1011. "kernel32.dll.lstrcpy",
  1012. "kernel32.dll.lstrcpyW",
  1013. "version.dll.VerLanguageNameW",
  1014. "kernel32.dll.CloseHandle",
  1015. "kernel32.dll.GetCurrentProcessId",
  1016. "advapi32.dll.LookupPrivilegeValueW",
  1017. "kernel32.dll.GetCurrentProcess",
  1018. "advapi32.dll.AdjustTokenPrivileges",
  1019. "kernel32.dll.OpenProcess",
  1020. "psapi.dll.EnumProcessModules",
  1021. "psapi.dll.GetModuleInformation",
  1022. "psapi.dll.GetModuleBaseNameW",
  1023. "psapi.dll.GetModuleFileNameExW",
  1024. "kernel32.dll.GetExitCodeProcess",
  1025. "ntdll.dll.NtQuerySystemInformation",
  1026. "user32.dll.EnumWindows",
  1027. "user32.dll.GetWindowThreadProcessId",
  1028. "kernel32.dll.WerSetFlags",
  1029. "kernel32.dll.SetThreadPreferredUILanguages",
  1030. "kernel32.dll.GetThreadPreferredUILanguages",
  1031. "kernel32.dll.GetUserDefaultLocaleName",
  1032. "kernel32.dll.GetEnvironmentVariableW",
  1033. "advapi32.dll.CryptReleaseContext",
  1034. "advapi32.dll.CryptCreateHash",
  1035. "advapi32.dll.CryptDestroyHash",
  1036. "advapi32.dll.CryptHashData",
  1037. "advapi32.dll.CryptGetHashParam",
  1038. "advapi32.dll.CryptExportKey",
  1039. "advapi32.dll.CryptGenKey",
  1040. "advapi32.dll.CryptGetKeyParam",
  1041. "advapi32.dll.CryptDestroyKey",
  1042. "advapi32.dll.CryptVerifySignatureA",
  1043. "advapi32.dll.CryptSignHashA",
  1044. "advapi32.dll.CryptGetProvParam",
  1045. "advapi32.dll.CryptGetUserKey",
  1046. "advapi32.dll.CryptEnumProvidersA",
  1047. "cryptsp.dll.CryptExportKey",
  1048. "cryptsp.dll.CryptCreateHash",
  1049. "cryptsp.dll.CryptHashData",
  1050. "cryptsp.dll.CryptGetHashParam",
  1051. "cryptsp.dll.CryptDestroyHash",
  1052. "cryptsp.dll.CryptDestroyKey",
  1053. "mscoree.dll.GetTokenForVTableEntry",
  1054. "mscoree.dll.SetTargetForVTableEntry",
  1055. "mscoree.dll.GetTargetForVTableEntry",
  1056. "culture.dll.ConvertLangIdToCultureName",
  1057. "ole32.dll.CoCreateGuid",
  1058. "kernel32.dll.CreateFileW",
  1059. "kernel32.dll.GetConsoleScreenBufferInfo",
  1060. "kernel32.dll.LocalFree",
  1061. "kernel32.dll.LocalAlloc",
  1062. "mscoree.dll.ND_RI4",
  1063. "advapi32.dll.DuplicateTokenEx",
  1064. "advapi32.dll.CheckTokenMembership",
  1065. "kernel32.dll.GetConsoleTitleW",
  1066. "kernel32.dll.SetConsoleTitleW",
  1067. "kernel32.dll.SetConsoleCtrlHandler",
  1068. "kernel32.dll.CreateEventW",
  1069. "ntdll.dll.WinSqmIsOptedIn",
  1070. "kernel32.dll.ExpandEnvironmentStringsW",
  1071. "shfolder.dll.SHGetFolderPathW",
  1072. "kernel32.dll.SetEnvironmentVariableW",
  1073. "kernel32.dll.GetACP",
  1074. "kernel32.dll.UnmapViewOfFile",
  1075. "kernel32.dll.GetFileType",
  1076. "kernel32.dll.ReadFile",
  1077. "kernel32.dll.GetSystemInfo",
  1078. "kernel32.dll.VirtualQuery",
  1079. "kernel32.dll.SwitchToThread",
  1080. "kernel32.dll.GlobalMemoryStatusEx",
  1081. "secur32.dll.GetUserNameExW",
  1082. "advapi32.dll.GetUserNameW",
  1083. "kernel32.dll.ReleaseMutex",
  1084. "advapi32.dll.RegisterEventSourceW",
  1085. "advapi32.dll.DeregisterEventSource",
  1086. "advapi32.dll.ReportEventW",
  1087. "kernel32.dll.GetLogicalDrives",
  1088. "kernel32.dll.GetDriveTypeW",
  1089. "kernel32.dll.GetVolumeInformationW",
  1090. "kernel32.dll.GetCurrentDirectoryW",
  1091. "kernel32.dll.GetLastError",
  1092. "mscorjit.dll.getJit",
  1093. "kernel32.dll.GetStdHandle",
  1094. "kernel32.dll.GetConsoleMode",
  1095. "kernel32.dll.SetEvent",
  1096. "kernel32.dll.FindFirstFileW",
  1097. "kernel32.dll.FindClose",
  1098. "kernel32.dll.FormatMessageW",
  1099. "kernel32.dll.DeleteFileW",
  1100. "mscoree.dll.CorExitProcess",
  1101. "mscorwks.dll.CorExitProcess",
  1102. "mscorwks.dll._CorDllMain",
  1103. "kernel32.dll.CreateActCtxW",
  1104. "kernel32.dll.AddRefActCtx",
  1105. "kernel32.dll.ReleaseActCtx",
  1106. "kernel32.dll.ActivateActCtx",
  1107. "kernel32.dll.DeactivateActCtx",
  1108. "kernel32.dll.GetCurrentActCtx"
  1109. ]
  1110.  
  1111. [*] Static Analysis: {
  1112. "pe": {
  1113. "peid_signatures": null,
  1114. "imports": [
  1115. {
  1116. "imports": [
  1117. {
  1118. "name": "DirectDrawCreateEx",
  1119. "address": "0x429008"
  1120. }
  1121. ],
  1122. "dll": "DDRAW.dll"
  1123. },
  1124. {
  1125. "imports": [
  1126. {
  1127. "name": "timeGetTime",
  1128. "address": "0x429220"
  1129. }
  1130. ],
  1131. "dll": "WINMM.dll"
  1132. },
  1133. {
  1134. "imports": [
  1135. {
  1136. "name": "HeapSize",
  1137. "address": "0x429050"
  1138. },
  1139. {
  1140. "name": "IsValidLocale",
  1141. "address": "0x429054"
  1142. },
  1143. {
  1144. "name": "EnumSystemLocalesA",
  1145. "address": "0x429058"
  1146. },
  1147. {
  1148. "name": "GetLocaleInfoA",
  1149. "address": "0x42905c"
  1150. },
  1151. {
  1152. "name": "GetFullPathNameA",
  1153. "address": "0x429060"
  1154. },
  1155. {
  1156. "name": "GetLocaleInfoW",
  1157. "address": "0x429064"
  1158. },
  1159. {
  1160. "name": "GetTimeFormatA",
  1161. "address": "0x429068"
  1162. },
  1163. {
  1164. "name": "GetStringTypeW",
  1165. "address": "0x42906c"
  1166. },
  1167. {
  1168. "name": "GetStringTypeA",
  1169. "address": "0x429070"
  1170. },
  1171. {
  1172. "name": "LCMapStringW",
  1173. "address": "0x429074"
  1174. },
  1175. {
  1176. "name": "MultiByteToWideChar",
  1177. "address": "0x429078"
  1178. },
  1179. {
  1180. "name": "SetStdHandle",
  1181. "address": "0x42907c"
  1182. },
  1183. {
  1184. "name": "WriteConsoleA",
  1185. "address": "0x429080"
  1186. },
  1187. {
  1188. "name": "GetConsoleOutputCP",
  1189. "address": "0x429084"
  1190. },
  1191. {
  1192. "name": "WriteConsoleW",
  1193. "address": "0x429088"
  1194. },
  1195. {
  1196. "name": "GetTimeZoneInformation",
  1197. "address": "0x42908c"
  1198. },
  1199. {
  1200. "name": "CreateFileA",
  1201. "address": "0x429090"
  1202. },
  1203. {
  1204. "name": "CloseHandle",
  1205. "address": "0x429094"
  1206. },
  1207. {
  1208. "name": "FlushFileBuffers",
  1209. "address": "0x429098"
  1210. },
  1211. {
  1212. "name": "CompareStringA",
  1213. "address": "0x42909c"
  1214. },
  1215. {
  1216. "name": "CompareStringW",
  1217. "address": "0x4290a0"
  1218. },
  1219. {
  1220. "name": "SetEnvironmentVariableA",
  1221. "address": "0x4290a4"
  1222. },
  1223. {
  1224. "name": "GetDriveTypeA",
  1225. "address": "0x4290a8"
  1226. },
  1227. {
  1228. "name": "CreateFileMappingW",
  1229. "address": "0x4290ac"
  1230. },
  1231. {
  1232. "name": "GetDateFormatA",
  1233. "address": "0x4290b0"
  1234. },
  1235. {
  1236. "name": "MapViewOfFile",
  1237. "address": "0x4290b4"
  1238. },
  1239. {
  1240. "name": "GetCurrentDirectoryA",
  1241. "address": "0x4290b8"
  1242. },
  1243. {
  1244. "name": "GetUserDefaultLCID",
  1245. "address": "0x4290bc"
  1246. },
  1247. {
  1248. "name": "HeapAlloc",
  1249. "address": "0x4290c0"
  1250. },
  1251. {
  1252. "name": "GetLastError",
  1253. "address": "0x4290c4"
  1254. },
  1255. {
  1256. "name": "HeapFree",
  1257. "address": "0x4290c8"
  1258. },
  1259. {
  1260. "name": "HeapReAlloc",
  1261. "address": "0x4290cc"
  1262. },
  1263. {
  1264. "name": "RaiseException",
  1265. "address": "0x4290d0"
  1266. },
  1267. {
  1268. "name": "RtlUnwind",
  1269. "address": "0x4290d4"
  1270. },
  1271. {
  1272. "name": "GetCommandLineA",
  1273. "address": "0x4290d8"
  1274. },
  1275. {
  1276. "name": "GetStartupInfoA",
  1277. "address": "0x4290dc"
  1278. },
  1279. {
  1280. "name": "DeleteCriticalSection",
  1281. "address": "0x4290e0"
  1282. },
  1283. {
  1284. "name": "LeaveCriticalSection",
  1285. "address": "0x4290e4"
  1286. },
  1287. {
  1288. "name": "FatalAppExitA",
  1289. "address": "0x4290e8"
  1290. },
  1291. {
  1292. "name": "EnterCriticalSection",
  1293. "address": "0x4290ec"
  1294. },
  1295. {
  1296. "name": "VirtualFree",
  1297. "address": "0x4290f0"
  1298. },
  1299. {
  1300. "name": "VirtualAlloc",
  1301. "address": "0x4290f4"
  1302. },
  1303. {
  1304. "name": "HeapCreate",
  1305. "address": "0x4290f8"
  1306. },
  1307. {
  1308. "name": "HeapDestroy",
  1309. "address": "0x4290fc"
  1310. },
  1311. {
  1312. "name": "GetModuleHandleW",
  1313. "address": "0x429100"
  1314. },
  1315. {
  1316. "name": "Sleep",
  1317. "address": "0x429104"
  1318. },
  1319. {
  1320. "name": "GetProcAddress",
  1321. "address": "0x429108"
  1322. },
  1323. {
  1324. "name": "ExitProcess",
  1325. "address": "0x42910c"
  1326. },
  1327. {
  1328. "name": "WriteFile",
  1329. "address": "0x429110"
  1330. },
  1331. {
  1332. "name": "GetStdHandle",
  1333. "address": "0x429114"
  1334. },
  1335. {
  1336. "name": "GetModuleFileNameA",
  1337. "address": "0x429118"
  1338. },
  1339. {
  1340. "name": "TerminateProcess",
  1341. "address": "0x42911c"
  1342. },
  1343. {
  1344. "name": "GetCurrentProcess",
  1345. "address": "0x429120"
  1346. },
  1347. {
  1348. "name": "UnhandledExceptionFilter",
  1349. "address": "0x429124"
  1350. },
  1351. {
  1352. "name": "SetUnhandledExceptionFilter",
  1353. "address": "0x429128"
  1354. },
  1355. {
  1356. "name": "IsDebuggerPresent",
  1357. "address": "0x42912c"
  1358. },
  1359. {
  1360. "name": "GetModuleHandleA",
  1361. "address": "0x429130"
  1362. },
  1363. {
  1364. "name": "GetCPInfo",
  1365. "address": "0x429134"
  1366. },
  1367. {
  1368. "name": "InterlockedIncrement",
  1369. "address": "0x429138"
  1370. },
  1371. {
  1372. "name": "InterlockedDecrement",
  1373. "address": "0x42913c"
  1374. },
  1375. {
  1376. "name": "GetACP",
  1377. "address": "0x429140"
  1378. },
  1379. {
  1380. "name": "GetOEMCP",
  1381. "address": "0x429144"
  1382. },
  1383. {
  1384. "name": "IsValidCodePage",
  1385. "address": "0x429148"
  1386. },
  1387. {
  1388. "name": "TlsGetValue",
  1389. "address": "0x42914c"
  1390. },
  1391. {
  1392. "name": "TlsAlloc",
  1393. "address": "0x429150"
  1394. },
  1395. {
  1396. "name": "TlsSetValue",
  1397. "address": "0x429154"
  1398. },
  1399. {
  1400. "name": "TlsFree",
  1401. "address": "0x429158"
  1402. },
  1403. {
  1404. "name": "SetLastError",
  1405. "address": "0x42915c"
  1406. },
  1407. {
  1408. "name": "GetCurrentThreadId",
  1409. "address": "0x429160"
  1410. },
  1411. {
  1412. "name": "GetCurrentThread",
  1413. "address": "0x429164"
  1414. },
  1415. {
  1416. "name": "FreeEnvironmentStringsA",
  1417. "address": "0x429168"
  1418. },
  1419. {
  1420. "name": "GetEnvironmentStrings",
  1421. "address": "0x42916c"
  1422. },
  1423. {
  1424. "name": "FreeEnvironmentStringsW",
  1425. "address": "0x429170"
  1426. },
  1427. {
  1428. "name": "WideCharToMultiByte",
  1429. "address": "0x429174"
  1430. },
  1431. {
  1432. "name": "GetEnvironmentStringsW",
  1433. "address": "0x429178"
  1434. },
  1435. {
  1436. "name": "SetHandleCount",
  1437. "address": "0x42917c"
  1438. },
  1439. {
  1440. "name": "GetFileType",
  1441. "address": "0x429180"
  1442. },
  1443. {
  1444. "name": "QueryPerformanceCounter",
  1445. "address": "0x429184"
  1446. },
  1447. {
  1448. "name": "GetTickCount",
  1449. "address": "0x429188"
  1450. },
  1451. {
  1452. "name": "GetCurrentProcessId",
  1453. "address": "0x42918c"
  1454. },
  1455. {
  1456. "name": "GetSystemTimeAsFileTime",
  1457. "address": "0x429190"
  1458. },
  1459. {
  1460. "name": "InitializeCriticalSectionAndSpinCount",
  1461. "address": "0x429194"
  1462. },
  1463. {
  1464. "name": "SetConsoleCtrlHandler",
  1465. "address": "0x429198"
  1466. },
  1467. {
  1468. "name": "FreeLibrary",
  1469. "address": "0x42919c"
  1470. },
  1471. {
  1472. "name": "InterlockedExchange",
  1473. "address": "0x4291a0"
  1474. },
  1475. {
  1476. "name": "LoadLibraryA",
  1477. "address": "0x4291a4"
  1478. },
  1479. {
  1480. "name": "SetFilePointer",
  1481. "address": "0x4291a8"
  1482. },
  1483. {
  1484. "name": "GetConsoleCP",
  1485. "address": "0x4291ac"
  1486. },
  1487. {
  1488. "name": "GetConsoleMode",
  1489. "address": "0x4291b0"
  1490. },
  1491. {
  1492. "name": "LCMapStringA",
  1493. "address": "0x4291b4"
  1494. },
  1495. {
  1496. "name": "SetCurrentDirectoryA",
  1497. "address": "0x4291b8"
  1498. }
  1499. ],
  1500. "dll": "KERNEL32.dll"
  1501. },
  1502. {
  1503. "imports": [
  1504. {
  1505. "name": "PeekMessageA",
  1506. "address": "0x4291c0"
  1507. },
  1508. {
  1509. "name": "PostQuitMessage",
  1510. "address": "0x4291c4"
  1511. },
  1512. {
  1513. "name": "DefWindowProcA",
  1514. "address": "0x4291c8"
  1515. },
  1516. {
  1517. "name": "IntersectRect",
  1518. "address": "0x4291cc"
  1519. },
  1520. {
  1521. "name": "ShowWindow",
  1522. "address": "0x4291d0"
  1523. },
  1524. {
  1525. "name": "UpdateWindow",
  1526. "address": "0x4291d4"
  1527. },
  1528. {
  1529. "name": "LoadIconA",
  1530. "address": "0x4291d8"
  1531. },
  1532. {
  1533. "name": "LoadCursorA",
  1534. "address": "0x4291dc"
  1535. },
  1536. {
  1537. "name": "RegisterClassA",
  1538. "address": "0x4291e0"
  1539. },
  1540. {
  1541. "name": "CreateWindowExA",
  1542. "address": "0x4291e4"
  1543. },
  1544. {
  1545. "name": "GetSystemMetrics",
  1546. "address": "0x4291e8"
  1547. },
  1548. {
  1549. "name": "GetWindowLongA",
  1550. "address": "0x4291ec"
  1551. },
  1552. {
  1553. "name": "SendMessageA",
  1554. "address": "0x4291f0"
  1555. },
  1556. {
  1557. "name": "GetMessageA",
  1558. "address": "0x4291f4"
  1559. },
  1560. {
  1561. "name": "TranslateMessage",
  1562. "address": "0x4291f8"
  1563. },
  1564. {
  1565. "name": "DispatchMessageA",
  1566. "address": "0x4291fc"
  1567. },
  1568. {
  1569. "name": "LoadImageA",
  1570. "address": "0x429200"
  1571. },
  1572. {
  1573. "name": "GetDC",
  1574. "address": "0x429204"
  1575. },
  1576. {
  1577. "name": "ReleaseDC",
  1578. "address": "0x429208"
  1579. },
  1580. {
  1581. "name": "GetClientRect",
  1582. "address": "0x42920c"
  1583. },
  1584. {
  1585. "name": "ClientToScreen",
  1586. "address": "0x429210"
  1587. },
  1588. {
  1589. "name": "DrawTextA",
  1590. "address": "0x429214"
  1591. },
  1592. {
  1593. "name": "FillRect",
  1594. "address": "0x429218"
  1595. }
  1596. ],
  1597. "dll": "USER32.dll"
  1598. },
  1599. {
  1600. "imports": [
  1601. {
  1602. "name": "GetObjectA",
  1603. "address": "0x429010"
  1604. },
  1605. {
  1606. "name": "CreateCompatibleDC",
  1607. "address": "0x429014"
  1608. },
  1609. {
  1610. "name": "DeleteDC",
  1611. "address": "0x429018"
  1612. },
  1613. {
  1614. "name": "BitBlt",
  1615. "address": "0x42901c"
  1616. },
  1617. {
  1618. "name": "Polyline",
  1619. "address": "0x429020"
  1620. },
  1621. {
  1622. "name": "Ellipse",
  1623. "address": "0x429024"
  1624. },
  1625. {
  1626. "name": "CreateBrushIndirect",
  1627. "address": "0x429028"
  1628. },
  1629. {
  1630. "name": "CreatePen",
  1631. "address": "0x42902c"
  1632. },
  1633. {
  1634. "name": "SelectObject",
  1635. "address": "0x429030"
  1636. },
  1637. {
  1638. "name": "Rectangle",
  1639. "address": "0x429034"
  1640. },
  1641. {
  1642. "name": "SetBkMode",
  1643. "address": "0x429038"
  1644. },
  1645. {
  1646. "name": "SetTextColor",
  1647. "address": "0x42903c"
  1648. },
  1649. {
  1650. "name": "CreateSolidBrush",
  1651. "address": "0x429040"
  1652. },
  1653. {
  1654. "name": "DeleteObject",
  1655. "address": "0x429044"
  1656. },
  1657. {
  1658. "name": "GetStockObject",
  1659. "address": "0x429048"
  1660. }
  1661. ],
  1662. "dll": "GDI32.dll"
  1663. },
  1664. {
  1665. "imports": [
  1666. {
  1667. "name": "CryptAcquireContextA",
  1668. "address": "0x429000"
  1669. }
  1670. ],
  1671. "dll": "ADVAPI32.dll"
  1672. }
  1673. ],
  1674. "digital_signers": null,
  1675. "exported_dll_name": null,
  1676. "actual_checksum": "0x0003bbf7",
  1677. "overlay": null,
  1678. "imagebase": "0x00400000",
  1679. "reported_checksum": "0x0003bbf7",
  1680. "icon_hash": null,
  1681. "entrypoint": "0x004063ab",
  1682. "timestamp": "2019-06-26 13:58:51",
  1683. "osversion": "5.0",
  1684. "sections": [
  1685. {
  1686. "name": ".text",
  1687. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1688. "virtual_address": "0x00001000",
  1689. "size_of_data": "0x00027800",
  1690. "entropy": "6.67",
  1691. "raw_address": "0x00000400",
  1692. "virtual_size": "0x0002763e",
  1693. "characteristics_raw": "0x60000020"
  1694. },
  1695. {
  1696. "name": ".rdata",
  1697. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1698. "virtual_address": "0x00029000",
  1699. "size_of_data": "0x00011200",
  1700. "entropy": "6.63",
  1701. "raw_address": "0x00027c00",
  1702. "virtual_size": "0x0001103c",
  1703. "characteristics_raw": "0x40000040"
  1704. },
  1705. {
  1706. "name": ".data",
  1707. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1708. "virtual_address": "0x0003b000",
  1709. "size_of_data": "0x00001600",
  1710. "entropy": "3.47",
  1711. "raw_address": "0x00038e00",
  1712. "virtual_size": "0x00003944",
  1713. "characteristics_raw": "0xc0000040"
  1714. },
  1715. {
  1716. "name": ".rsrc",
  1717. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1718. "virtual_address": "0x0003f000",
  1719. "size_of_data": "0x00000200",
  1720. "entropy": "5.11",
  1721. "raw_address": "0x0003a400",
  1722. "virtual_size": "0x000001b4",
  1723. "characteristics_raw": "0x40000040"
  1724. }
  1725. ],
  1726. "resources": [],
  1727. "dirents": [
  1728. {
  1729. "virtual_address": "0x00000000",
  1730. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1731. "size": "0x00000000"
  1732. },
  1733. {
  1734. "virtual_address": "0x0003941c",
  1735. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1736. "size": "0x0000008c"
  1737. },
  1738. {
  1739. "virtual_address": "0x0003f000",
  1740. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1741. "size": "0x000001b4"
  1742. },
  1743. {
  1744. "virtual_address": "0x00000000",
  1745. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1746. "size": "0x00000000"
  1747. },
  1748. {
  1749. "virtual_address": "0x00000000",
  1750. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1751. "size": "0x00000000"
  1752. },
  1753. {
  1754. "virtual_address": "0x00000000",
  1755. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1756. "size": "0x00000000"
  1757. },
  1758. {
  1759. "virtual_address": "0x00029270",
  1760. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1761. "size": "0x0000001c"
  1762. },
  1763. {
  1764. "virtual_address": "0x00000000",
  1765. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1766. "size": "0x00000000"
  1767. },
  1768. {
  1769. "virtual_address": "0x00000000",
  1770. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1771. "size": "0x00000000"
  1772. },
  1773. {
  1774. "virtual_address": "0x00000000",
  1775. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1776. "size": "0x00000000"
  1777. },
  1778. {
  1779. "virtual_address": "0x000383a8",
  1780. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1781. "size": "0x00000040"
  1782. },
  1783. {
  1784. "virtual_address": "0x00000000",
  1785. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1786. "size": "0x00000000"
  1787. },
  1788. {
  1789. "virtual_address": "0x00029000",
  1790. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1791. "size": "0x00000228"
  1792. },
  1793. {
  1794. "virtual_address": "0x00000000",
  1795. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1796. "size": "0x00000000"
  1797. },
  1798. {
  1799. "virtual_address": "0x00000000",
  1800. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1801. "size": "0x00000000"
  1802. },
  1803. {
  1804. "virtual_address": "0x00000000",
  1805. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1806. "size": "0x00000000"
  1807. }
  1808. ],
  1809. "exports": [],
  1810. "guest_signers": {},
  1811. "imphash": "346228c03ba22f2de11f5f9fccf1d8b0",
  1812. "icon_fuzzy": null,
  1813. "icon": null,
  1814. "pdbpath": "c:\\Users\\User\\Desktop\\26.6.2019\\sw\\A_Real_Tim3461511112001\\Battle\\Release\\Battle.pdb",
  1815. "imported_dll_count": 6,
  1816. "versioninfo": []
  1817. }
  1818. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!